powered by Jive Software

Spark 2.5.3 Beta 1 BUG: SRV & SSO

Sorry for the cross-post but I figured this was a more appropriate forum.

It would seem that Spark does not work with SSO when using SRV records to identify the XMPP Server.

What should happen is:

  1. Spark looks up the SRV records to identify the server address

  2. Spark does a reverse lookup on the server address and uses that as the security principal (xmpp/reverselookup@REALM)

What actually happens is:

  1. Spark does a reverse lookup on the domain name in which the SRV records exists and constructs the security principal from that (xmpp/reverselookupofdomain@REALM)

This breaks SSO in my environment (I configure my server to be the same as my internal AD domain).

Rather than identifying the correct server, it just does a lookup on the domain name, which actually returns a list of domain controllers for the domain. Obviously this isn’'t good, as the security principal name changes every time I do it!