Openfire 4.1.3 SSO on Windows Server 2008 R2 with Spark 2.8.3

Bertram · March 14, 2017, 2:33pm

Hello,

i used the 28 Steps Guide to set up SSO with Openfire and Spark.

It all seemed to go well but as i tried to activate SSO at the Spark Client i get SSO Errors from the Spark Client.

I do not know what is causing the errors, as i am able to connect to the admin-console as the domain administrator.

In Addition i can’t see any blockings in the firewall, but maybe i miss something, because the manual for SSO just said: disable the firewall, which is not possible for me.

I appreciate any help.

Here is an error from the errors.log of spark:

Mär 14, 2017 3:22:50 PM org.jivesoftware.spark.util.log.Log error

SCHWERWIEGEND: connection error

org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: ‘_xmpp-client._tcp.domain.com:5222’ failed because javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name ‘_xmpp-client._tcp.domain.com’, ‘domain.com:5222’ failed because java.net.ConnectException: Connection refused: connect

at org.jivesoftware.smack.SmackException$ConnectionException.from(SmackException.j ava:255)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPC onnection.java:612)

at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:850)

at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:364)

at org.jivesoftware.LoginDialog$LoginPanel.lambda$login$1(LoginDialog.java:1099)

at java.awt.event.InvocationEvent.dispatch(Unknown Source)

at java.awt.EventQueue.dispatchEventImpl(Unknown Source)

at java.awt.EventQueue.access$500(Unknown Source)

at java.awt.EventQueue$3.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(U nknown Source)

at java.awt.EventQueue.dispatchEvent(Unknown Source)

at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)

at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

at java.awt.EventDispatchThread.run(Unknown Source)

and this is the warn.log entry:

Mär 14, 2017 3:22:50 PM org.jivesoftware.spark.util.log.Log warning

WARNUNG: Exception in Login:

org.jivesoftware.smack.SmackException$NotConnectedException: Client is not, or no longer, connected.

at org.jivesoftware.smack.tcp.XMPPTCPConnection.throwNotConnectedExceptionIfApprop riate(XMPPTCPConnection.java:342)

at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java :452)

at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1131)

at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)

at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)

at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)

at java.lang.Thread.run(Unknown Source)

Luis_Vazquez · March 14, 2017, 8:45pm

What is the Client OS?

Are they able to log in without SSO?

Bertram · March 15, 2017, 10:21am

Hello Luis,

at first thank you for answering.

I’m using windows 8.1.

Unfortunally the normal login fails too, which i never tested before. Sorry for that.

Do you have any idea why i have this issue?

i also tried the following client versions for SSO: 2.7.1; 2.7.7.; 2.90 nightly build from monday

In addition i tried it on 3 machines.

Kind Regards

Bertram

Luis_Vazquez · March 15, 2017, 2:40pm

Based on the error log it seems that the client cant find the server host name

I would try pinging the server from the client computer to see if they even see each other.

These are issues we found while setting up Open fire and spark with SSO.

 1. Make sure that all of the ports displayed in the page after logging in to the Admin console are able to go through the firewall.

 2. Make sure that the scripts have double "quotations" as copying from the PDF will cause a single quotation in one of the scripts (took us 2 days to find that one)

 3. We found out that the client has to run in admin mode in order for SSO to work correctly (specially if you are getting a red message saying that it cant find the principal)

 4. If you are using an AD LDAP server to configure the database, SSO using the KRB5 config file isn't necessary. We ended up using the DNS option in the SSO settings.

 5. The install Location of the OpenFire aplication (if using a virtual machine), We ended up installing it on a separate partition rather than the OS partition.

Bertram · March 16, 2017, 9:44am

Hi Luis,

thanks for the advices.

I’m able to ping the servers and i tried the openfire installation without LDAP and could login to spark with a test-account.

Even the nslookup for the openfire-server works on all machines and reverse for the clients which indicates that the DNS is working properly.

All Ports are opened now on the server and the scripts are checked without a failure. I couldn’t even find the quotation failure in the pdf which brings me to the idea that i used the wrong manual( https://drive.google.com/file/d/0BwG5UzfMZQHjTFpoWlpxbHg3YTA/view ).

Is there another installation guide then the one for Openfire 3.10.3 and Spark 2.8.3?

As it is neccessarry to have admin priviliges i won’t follow the SSO further and will be happy if the LDAP connection and logins are working.

Therefore i will install openfire on a seperate partition on my virtual machine.

Kind Regards

Bertram

Bertram · March 16, 2017, 12:31pm

Hi Luis,

i got it working with installing on a different partition.

Sounds a bit strange, but i’m happy that it is working now.

Thank you very much!

Kind Regards

Bertram

Luis_Vazquez · March 16, 2017, 12:37pm

No problem. Glad I could be of help.

For some reason when it is installed on the OS partition the built in Database for Openfire can easily get corrupted at random times.