powered by Jive Software

Login problem (LDAP/SSO)

Hello

according to the description of the configuration sso from this page Openfire XMPP Server on Windows Server 2012 R2 with Spark SSO.pdf - Google Drive I did everything the way it is written. Unfortunately I have a problem with logging on in the program spark. No matter whether SSO is enabled or not. All the time I am getting information that I gave the incorrect login or password. I can log into the control panel without any problem. Openfire 4.1.5 and Spark 2.8.3. Do you have any idea?

Error log in spark is empty ;(

regards

Kuba

your first step is to make sure you can login without sso using your AD/LDAP creds.

I can’t log in without sso too. How to force Spark to generate logs? On server side I can’t see anything interesting in log.

Are you checking the logs at C:\Users\User\AppData\Roaming\Spark\logs? Also check all the files. Usually logs are scattered among the files.

there is no point in trying to get SSO to work, if you can’t sign in using plain ldap/ad credentials. First set that part up correctly, then you can move on to SSO.

SSO still not working:( Can anyone tell me what might be the problem?

sie 31, 2017 8:40:36 AM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

org.jivesoftware.smack.SmackException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASL JavaXMechanism.java:123)

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:196)

at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:169)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 236)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginNonAnonymously(XMPPTCPConnect ion.java:373)

at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java :457)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1131)

at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)

at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)

at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)

at java.lang.Thread.run(Unknown Source)

Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASL JavaXMechanism.java:120)

… 10 more

Caused by: GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))

at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown Source)

at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

… 12 more

Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication

at com.sun.security.auth.module.Krb5LoginModule.promptForName(Unknown Source)

at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)

at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at javax.security.auth.login.LoginContext.invoke(Unknown Source)

at javax.security.auth.login.LoginContext.access$000(Unknown Source)

at javax.security.auth.login.LoginContext$4.run(Unknown Source)

at javax.security.auth.login.LoginContext$4.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)

at javax.security.auth.login.LoginContext.login(Unknown Source)

at sun.security.jgss.GSSUtil.login(Unknown Source)

at sun.security.jgss.krb5.Krb5Util.getTicket(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

… 19 more

Did you make the change to your windows registry to allow java to ready the ticket?

Are you using DNS or krb5.ini file on the client?

Do you have a ptr record in dns?

Have you tried to recreate your keytab file?

is your krb5.ini (on the openfire server), correct?

There are a lot of moving parts with SSO…and its not so easy to set up if you haven’t done it before.

here is a quick how to I put together a while ago. you may give it a try.

How to Setup SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2

I did as follows.

ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /pass * /ptype KRB5_NT_PRINCIPAL /crypto all

C:\Windows\system32>ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /pass * /ptype KRB5_NT_PRINCIPAL /crypto all

Targeting domain controller: Europa.wodociagi.pl

Successfully mapped XMPP/europa.wodociagi.pl to xmpp-openfire.

Type the password for XMPP/europa.wodociagi.pl:

Type the password again to confirm:

Password successfully set!

Key created.

Key created.

Key created.

Key created.

Key created.

C:>ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /crypto all -pass * /ptype KRB5_NT_PRINCIPAL /out xmpp.keytab

Targeting domain controller: Europa.wodociagi.pl

Successfully mapped XMPP/europa.wodociagi.pl to xmpp-openfire.

Type the password for XMPP/europa.wodociagi.pl:

Type the password again to confirm:

Password successfully set!

Key created.

Key created.

Key created.

Key created.

Key created.

Output keytab to xmpp.keytab:

Keytab version: 0x502

keysize 64 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x1 (DES-CBC-CRC) keylength 8 (0x2a2fc4e0374a80b3)

keysize 64 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x3 (DES-CBC-MD5) keylength 8 (0x2a2fc4e0374a80b3)

keysize 72 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x17 (RC4-HMAC) keylength 16 (0x99855ef86fb67e661da2f3bba8b9cf49)

keysize 88 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x12 (AES256-SHA1) keylength 32 (0xda0520af7c616b46eeb3d2d0854aceb3e39

4d1c3d3a0f4cf42b7b57383676630)

keysize 72 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

18 etype 0x11 (AES128-SHA1) keylength 16 (0x31650ad6de5d8e5112f4badff3077efd)

file gss.conf

com.sun.security.jgss.krb5.accept {

com.sun.security.auth.module.Krb5LoginModule required

storeKey=true

keyTab=“C:/Program Files (x86)/openfire/resources/xmpp.keytab”

doNotPrompt=true

useKeyTab=true

isInitiator=false

debug=true

realm=“WODOCIAGI.PL”

principal="XMPP/europa.wodociagi.pl@WODOCIAGI.PL";

};

file krb5.ini on a client and server side

[libdefaults]

default_realm = WODOCIAGI.PL

[realms]

DOMAIN.LOCAL = {

kdc = europa.wodociagi.pl

admin_server = europa.wodociagi.pl

default_domain = wodociagi.pl

}

[domain_realms]

domain.local = WODOCIAGI.PL

.domain.local = WODOCIAGI.PL

and I still have the same errors ;( Why is duplicated “Key created.” in ktpass utility output?

There appears to be an error in your krb5.ini

it should look like this

[libdefaults]

default_realm = WODOCIAGI.PL

[realms]

WODOCIAGI.PL = {

kdc = europa.wodociagi.pl

admin_server = europa.wodociagi.pl

default_domain = wodociagi.pl

}

[domain_realms]

wodociagi.pl = WODOCIAGI.PL

.wodociagi.pl = WODOCIAGI.PL

Unfortunately, this did not bring any effect:(

is europa.wodociagi.pl also your domain controller?

[realms]

WODOCIAGI.PL = {

kdc = europa.wodociagi.pl <----this should be your domain controller

admin_server = europa.wodociagi.pl <—his should be your domain controller

default_domain = wodociagi.pl

}

Yes it is.

is that also your xmpp chat server?

yes. Is that a problem?

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 7

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 4

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 2

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 4

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 2

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 7

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-6]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 8

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-3]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 5

2017.09.05 08:04:57 DEBUG [NioProcessor-1]: org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-3]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 5

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 7

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event EXCEPTION_CAUGHT to session 6

Queue : [EXCEPTION_CAUGHT, ]

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 2

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a EXCEPTION_CAUGHT event for session 6

2017.09.05 08:04:57 DEBUG [NioProcessor-1]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 8

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 WARN [socket_c2s-thread-7]: org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000006: nio socket, server, /10.10.1.30:56267 => 0.0.0.0/0.0.0.0:5222)

java.io.IOException: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta

at sun.nio.ch.SocketDispatcher.read0(Native Method)

at sun.nio.ch.SocketDispatcher.read(Unknown Source)

at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

at sun.nio.ch.IOUtil.read(Unknown Source)

at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:273)

at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:44)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:690)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 2

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 6

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 8

2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 6

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 8

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 6

2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 6

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 6

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 8

2017.09.05 08:04:57 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 6

Queue : [SESSION_CLOSED, ]

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 8

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 6

2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 6

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_OPENED to session 9

Queue : [SESSION_OPENED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_OPENED event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_OPENED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

Queue : [MESSAGE_RECEIVED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

Queue : [MESSAGE_SENT, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

Queue : [MESSAGE_SENT, , MESSAGE_SENT, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

Queue : [MESSAGE_RECEIVED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

2017.09.05 08:07:59 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true

2017.09.05 08:07:59 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Adding the SSL Filter tls to the chain

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](no sslEngine) Initializing the SSL Handler

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](no sslEngine) SSL Handler Initialization done.

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9 : Starting the first handshake

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=50 cap=64: 3C 70 72 6F 63 65 65 64 20 78 6D 6C 6E 73 3D 22…]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=187 cap=1024: 16 03 03 00 B6 01 00 00 B2 03 03 59 AE 3E CD 54…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_TASK state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_WRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=1249 cap=2115: 16 03 03 04 DC 02 00 00 4D 03 03 59 AE 3F 3F 0D…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=75 cap=1024: 16 03 03 00 46 10 00 00 42 41 04 D6 C2 BA E7 C5…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_TASK state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=6 cap=512: 14 03 03 00 01 01]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=85 cap=512: 16 03 03 00 50 8B 3E 66 3D D4 C0 49 4F EF 21 40…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_UNWRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_WRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=6 cap=8: 14 03 03 00 01 01]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the NEED_WRAP state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=85 cap=132: 16 03 03 00 50 4F 13 B6 12 51 E3 55 0E EB 34 E7…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the FINISHED state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 is now secured

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 processing the FINISHED state

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 is now secured

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Message received : HeapBuffer[pos=0 lim=213 cap=256: 17 03 03 00 D0 48 65 26 2D 54 E0 A0 1C 13 9C 36…]

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server9 Processing the received message

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Processing the SSL Data

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

Queue : [MESSAGE_RECEIVED, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server9: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=474 cap=512: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 27 31…]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

Queue : [MESSAGE_SENT, ]

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

2017.09.05 08:08:04 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event EXCEPTION_CAUGHT to session 9

Queue : [EXCEPTION_CAUGHT, ]

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Firing a EXCEPTION_CAUGHT event for session 9

2017.09.05 08:08:04 org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

2017.09.05 08:08:04 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 9

Queue : [SESSION_CLOSED, ]

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 9

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 9

2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 9

2017.09.05 08:09:23 org.logicalcobwebs.proxool.openfire - Closing statement 1f27cc8 (belonging to connection 2) automatically

that error log does no look like it has anything to do with sso.

I have not tried to install openfire on a DC before with sso, so I’m unsure if that would work or not.

I will move openfire to another server, we will see then.

I have moved openfire to another server and I get error “DNS name not found” but in DNS this host is added.

wrz 11, 2017 9:26:09 AM org.jivesoftware.spark.util.log.Log warning

WARNING: Exception in Login:

org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: ‘_xmpp-client._tcp.ananke.wodociagi.pl:5222’ failed because javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name ‘_xmpp-client._tcp.ananke.wodociagi.pl’, ‘ananke.wodociagi.pl:5222’ failed because java.net.ConnectException: Connection timed out: connect

at org.jivesoftware.smack.SmackException$ConnectionException.from(SmackException.j ava:255)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPC onnection.java:612)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:850)

at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:364)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1107)

at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)

at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)

at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)

at java.lang.Thread.run(Unknown Source)

I would use the A Host entry.

I also have that A host entry.

Ananke is your XMPP Domain name which users use to login to in clients?