Sorry for the cross-post but I figured this was a more appropriate forum.
It would seem that Spark does not work with SSO when using SRV records to identify the XMPP Server.
What should happen is:
-
Spark looks up the SRV records to identify the server address
-
Spark does a reverse lookup on the server address and uses that as the security principal (xmpp/reverselookup@REALM)
What actually happens is:
- Spark does a reverse lookup on the domain name in which the SRV records exists and constructs the security principal from that (xmpp/reverselookupofdomain@REALM)
This breaks SSO in my environment (I configure my server to be the same as my internal AD domain).
Rather than identifying the correct server, it just does a lookup on the domain name, which actually returns a list of domain controllers for the domain. Obviously this isn’'t good, as the security principal name changes every time I do it!