powered by Jive Software

Openfire SSO outside peremisis

As always I tried to google subject, and can’t find guide.

I’d like to reach the openfire server from WAN using SSO.

Spark and Openfire works in LAN with SSO and outside without SSO.

I have:

  1. Domain controller (windows server 2012)

  2. Openfire server (windows server 2012)

On router port 5222,5223 and 7777 is redirected to openfire server.

Do I need to redirect something else?

And of coure will it be secure solution?

It is a really bad idea to use SSO trough internet, since it would require for you to open a lot of ports trough your router to the world, and make your DC vulnerable. And hackers love vulnerable DCs.

If you still want to, you will need to open these ports in your firewall.


Also, you will probably need to buy your domain name from a registrar in order to get your clients to connect. Or modify every client host file.

What if I setup read only DC on spark server? Is this still a bad idea?

Your easiest solution would be to use a vpn. Another option would be to set a reverse proxy on your dmz for the kerberos protocol and for your IM ports. That may require a bit of work, but it should be doable.