Hi, all.
After a couple of days I have working setup of Win2008r2 + OpenFire 3.8.2 + AD + SSO + Spark 2.5.8(on Win7x64).
Regarding to the following topics, Spark 2.6.x has “TGS-REQ” problems with SSO:
I’ve tried to install all Spark versions from 2.6.0 to 2.6.3.12555.
The problem exists everywhere.
Mechanism level: Server not found in Kerberos database (7)
Any ideas about how to fix it, or when the developers will fix it?
I haven’t had any problems getting sso to work with 2.6.3. If its working with 2.5.8, then you should be good with 2.6.3. What version of java are using? Also, are you using DNS for kerberos lookup or a krb5.ini file?
I’ve tried different versions of Java - from 1.5 upto 1.7 with applying JCE policies.
I’ve also tried different versions of Spark installers - usual and online install(without integrated JRE).
Now the stable install is 2.5.8 with integrated JRE 1.6.01
2.5.8 also works perfectly with DNS and with krb5.ini
And now I have no ideas how to get 2.6.3 working.
I have all of this distribs installed on one PC(Win 7 x64) into different folders.
Now I’ve tried to force 2.6.3_online to use JRE integrated to working install of 2.5.8.
I’m getting error messages about old version of java(for spark plugins) and
**GSS Initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))] **for SSO.
So, SSO doesn’t work on 2.6.3, and I don’t have any ideas why.
Have you tried the latest SVN version build? Also, when you try latest builds, make sure Java 6 is not installed on your system, because Spark wil lstill use that, even if it has Java 7 bundled.
http://bamboo.igniterealtime.org/artifact/SPARK-INSTALL4J/JOB1/build-609/Install 4j/spark_2_6_3_12555.exe
Yep. If you’ll read the first post carefully - you’ll see that I’ve mentioned it
I’ve tried to install all Spark versions from 2.6.0 to 2.6.3.12555.
2.6.3.12555 is the latest version.
I also don’t think that it’s a Java problem. Read the previous paragraph in the previous post.
Now I’ve deleted JRE 1.6 from test PC. There’s only JRE 1.7(update 40) x64 installed.
2.5.8 with integrated JRE still works perfectly.
2.6.3_online doesn’t work.
2.6.3.12555 doesn’t work.
I’ve just downloaded and installed 2.5.8_online and… it also works. So, it’s definitely not a Java problem.
12555 is not an indication, all automatic builds starting from 2.6.3 Final are showing it, the number has to be changed manually in the source for the new final release (609 in my link is more of the indication, it’s the latest build). So, maybe it’s a minor possibility, but you can still try this build from my link, unless you already using it (609). It should use Java 7 as i think 2.6.3 final wasn’t able to use Java 7 correctly. Maybe it is not Java, but i wan’t to clear this out.
2.6.3.12555 from your link was the first distrib I’ve tried to get working.
After that, I was rolling back to previous versions untill I’ve found the working one.
are you sure SSO is working correctly with 2.5.8 and its not using saved creditials? To test, delete your spark.proporties file for 2.5.0 and launch spark trying to use SSO. If sso is working for 2.5.8, then it should be working…so I have a feeling that SSO may not really be working.
SSO is working correctly. For example I can login to the PC with AD user account wich have never logged in to this PC before.
2.5.8 SSO works.
2.6.x - don’t.
By the way, I’ve foundthis topic:
So, I think the real problem is in smack.jar
I don’t have enough skills in Java to check it directly.
It wold be great, if someone experienced checked up the difference between SASLAuthentication.java in smack.jar from Spark 2.6.3 and the same class in Spark 2.5.8
It’s some sort of magic, but I’m close to the solution.
Was playing with different plugins, settings and so on, and now I have one working install of 2.6.3 with working SSO.
If I just copy this folder to any another PC - SSO continues working.
If I Install new copy from any disrib(can be downloaded from this site) - it doesn’t work.
strange. Im not doing anything today, so if you want send me a PM, I’ll be happy to help you out.