powered by Jive Software

Siteminder SSO & OpenFire


Is it possible for OpenFire to be integrated with a company wide implementation of SSO using thrid party tools like Siteminder ?



Ive only had minimal experience with Siteminder (normally under iPlanet) so its hard to say with precision. But- SSO in Openfire works with GSSAPI (specifically Kerberos 5). So if you are able to obtain a GSSAPI token on the client, and provide a Kerberos Keytab on the server, Spark and Openfire can use that to authenticate.

My guess is, that it wont. I think Siteminder’s idea of single sign-on is that when you log into one webpage, you dont have to log into other webpages. Since all this is restricted to webpage logins, its all handled via cookies, and not using GSSAPI at all.

Thanks for the reply. You are correct, the Siteminder uses cookies for authentication. But they do return a session id , will i be able to use this. I would like to add “support” or “sales” chat feature to a site and this site is SSO protected. The customer logs in to the portal and must be able to chat with a assigned support personnel, how can this be made to work with Openfire ?



There is no support for what you describe. Someone could write the support for a web-based client, though (sparkweb is not opensource, but Jive might be able to help). Support would require the client know how to obtain the credentials (the siteminder cookie) and the server know how to talk to siteminder to verify this information. Not impossible, but not trivial either.