I’m having issues with getting SSO to work. It looks like I’m authenticating but not authorizing. I’ve tried to follow the instructions for SSO configuration as best as I can, but I continue to get the generic Spark error: “Unable to connect using Single Sign-On. Please check your principal and server settings.”
Here’s the basics:
Openfire 3.4.1 running on a CentOS5 server
Spark 2.5.7 clients running on WinXP SP2
Active Directory running on Win2k3 servers, 2 Domain controllers(if that matters)
Windows Domain/Kerberos Realm = DOCMAGIC.COM
Openfire server name = openfire
user created for keytab creation = xmpp-openfire
command line for creation of the keytab =
ktpass -princ --xmpp/openfire.docmagic.com@DOCMAGIC.COM-- -pass password -mapuser xmpp-openfire -out jabber.keytab
keytab file placed on Openfire server in /opt/openfire/resources, chown’d to daemon:daemon and chmod’d to 640
attached gss.conf found in /opt/openfire/conf
error message found in Spark warn.log file:
Nov 14, 2007 6:23:57 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login: not-authorized(401) at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication.java:94) at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:227) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341) at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:828) at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:196) at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:594) at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129) at java.lang.Thread.run(Unknown Source)
Things I’ve already tried with no change to results:
Using Java 1.6 Update 3(Other tests were using 126.96.36.199)
Adding allowtgtsessionkey information as described elsewhere to the HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos key on the workstation.
Setting both the testing user, and the keytab user(xmpp-openfire) to use DES for encryption(changing the password after the setting was changed).
Restarting the openfire service/Rebooting Openfire server
Added ssoEnabled=True and ssoAdv=True to the spark.properties file(Spark does detect the correct user name from Windows just fine)
Any help you can provide would be much appreciated. Thanks.