powered by Jive Software

Single Sign On (SSO) with Openfire 3.3.2 and Spark 2.5.5

I’ve tried to read thru a lot of the existing documentation for getting SSO to work properly, but I’m feeling kinda lost. Most of the documentation references making changes to ini and xml files in old versions of both Openfire and Spark.

I’m currently running Openfire 3.3.2 on a CentOS 5 server(joined to a Win2k3 AD domain with Samba and Winbind working.), and Spark 2.5.5 installed on Windows XP SP2 clients.

From what I understand, Spark 2.5.5 don’t need a krb5.ini file, and the referenced wildfire.xml file sounds quite ancient since the app is now renamed to Openfire, so what configuration steps do I need to perform, given the currently installed versions and my mixed environment.

Thanks in advance for the assistance.


I will be starting this process very soon. Unfortunately I run Openfire on windows. I will provide all info as I get it. I will verify that Spark 2.5.5 works great with SSO in a pure windows environment. Spark 2.5.4 broke the SSO I had working with Openfire 3.3.1 and Spark 2.5.3.

Have you generated your keytab yet from the AD server? That is critical. Look at some of my old posts if they still exist, to avoid the pitfalls with the process. Unfortunately the older posts seem very incomplete from the transfer to this new system.

I haven’t created my keytab yet, I think I might have seen that documented somewhere but I’ll have to track it down again. Funny thing is, I have had some limited success with a few users being able to login without any extra configuration at all. They just choose the SSO option under the Advanced tab on the Spark login screen and are able to login, but I can’t reliably reproduce it across the board.


This thread is the one that helped me get it working originally: http://www.igniterealtime.org/community/message/148325#148325

Here is the documentation you need to get things going. If you run into problems, just post your specific questions and Id be happy to help you out. There are also quite a few threads on the topic already (search for SSO)


SSO is a complex topic, so it make take a bit of effort to get it working unless you have a good understanding of Kerberos.

Closing question. This issue was dropped for this version in favor of waiting for 1.) Better implementation in later versions for our evaluation, or 2.) More time for me to figure this out.

Now that Openfire 3.4.1, and Spark 2.5.7 are in play, I’ve opened a separate ticket with better errors, and issue reporting. I also have more time to devote to this issue.

The new ticket can be viewed/responded to here: http://www.igniterealtime.org/community/thread/30151?tstart=0