it looks like you have a connection time out issue. for testing, in spark, go into the advance menu and check “accept all certs” and “disable hostname verification”
also try to connect without SSO, and manually authenticate using the regular ad/ldap username and password.
not that you confirmed you can sign into spark/openfire using your ad account. you can add GSSAPI back as a ssl mech. after that, then you’ll want to make sure you made the windows registry edits, created your keytab correctly, etc…