powered by Jive Software

Openfire 4.5.1 with Spark 2.8.3 SSO dont work

Hello everybody!
Today I tried to upgrade openfire 4.4.4 to 4.5.1 and as a result SSO stopped working. I can only log in by entering the login and password.

The first thing I did was check the logs on the Openfire server.
There was an error that I use an unencrypted method of connecting to LDAP. I tried to expose both LDAPS and StarTLS but this does not help. Below I apply Openfire logs after updating and Spark logs.

Here are two of my servers with SSO configured, I tried updating both the production server and the test server.
On both, after the upgrade, SSO stops working.I left the test server on version 4.5.1.

This production server
Ubuntu 16.04 lts
Openfie 4.4.4
Java Version: 1.8.0_222 Private Build – OpenJDK 64-Bit Server VM
MySQL 5.7.29-0ubuntu0.16.04.1

this test server
Ubuntu 18.04 lts
Openfire 4.5.1
Java Version: 11.0.6 Ubuntu – OpenJDK 64-Bit Server VM
MySQL 8.0.17

spark log warn.txt (17.7 КБ) Openfire 4.5.1 all log.txt (99.1 КБ) Spark log errors.txt (16.4 КБ)

I can share the guide on which we configured SSO. Perhaps the problem is that we use the RC4 algorithm either in the Active Directory user settings.
But the guide is in Russian …
Openfire SSO — ColemanWiki.html (42.5 КБ)

@speedy please look at that :pray:

if nothing else changed, than it might be an issue with the version of java you are using. Could you verify your version…looking at the logs it looks like it might be JDK 11.0.6. If so, could you try downgrading to java 8

I tried upgrading my ubuntu production server from java 8 openfire to version 4.5.1 and the sso stops working.

unfortunaly, I don’t have much experience with linux. I only have worked with windows. My first step would likely to be recreating the keytab file. If you roll back from your backup, does sso work again?

Yes, I always do shapshoot before updating, and after detecting the problem i returned to Openfire 4.4.4.

Do you have SSO configured? Could you say your SSO is working?

I found a solution. The problem was in Java, it turns out it was updated to JDK version 8u241, I rolled back to version 8u221 and blocked the java update. Please look at the java changelog to find out what was changed.