powered by Jive Software

Spark windows 7 sso:

Does anyone have a work-around having to use “Run as Administrator” for Spark sso and Windows 7? I have it working for XP.

We have Spark signing in with SSO without running as ADMIN. What’s the issue?

we are using a custom Reg key to enable SSO, perhaps you have missed this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters]

“AllowTGTSessionKey”=dword:00000001

Yes I have the registry set. I can turn UAC off and it will work just fine. Somewhere out there on the Net I read that Windows 7 has a problem with GSSAPI authentication wiht UAC. I don’t know if this is true or not.

I am having this exact same problem with SSO. Spark 2.6.0 Openfire 3.7.0 and Windows 7 SP1 x86 workstations on which users are local administrators on do not work while UAC is turned on - they get “Unable to connect using Single Sign-On. Please check your principal and server settings” (99% of our users are regular users, not admins, so it is just affecting about half a dozen users). Regular users have no problems. And the local admins CAN make it work if they right click the file and Run As Admin. However, I have Spark auto-launching via Task Scheduler script and relaunching Spark upon Spark shutdown (to force users to always have Spark running) and I cannot yet find a way to make the script mimic the “run as administrator” right click functionality, so basically I need a proper fix as I cannot find a workaround for this.

Turning off UAC is not an option either.

Problem was also reported with no resolution at http://community.igniterealtime.org/message/197982#197982

Any other ideas would be appreciated.

P.S. I have UAC setup in the following manner for all users via group policy in Comp Config --> Windows Settings --> Security Settings --> Local Policies --> Security Options:

“User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode”: “Elevate without prompting”

“User Account Control: Behavior of the elevation prompt for standard users”: “Prompt for credentials”

Turns out I found a workaround. You can set the following registry keys via a script or Group Policy, etc, to set Spark to run as an admin when Spark.exe is launched from an account that has local admin privledges:

To make ALL users of the computer run Spark.exe as admin:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

REG_SZ: “C:\Program Files\Spark\Spark.exe” with value of “RUNASADMIN”

Or to make just the one user run Spark.exe as admin (this is the one I used, it gets added via the Task Scheduler script that I have running at logon to keep Spark always running - I use ‘ifmember.exe’ to check to see if the user who is logging in is a member of “BUILTIN\Administrators”):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

REG_SZ: “C:\Program Files\Spark\Spark.exe” with value of “RUNASADMIN”

Of course it would be better if there was a simpler way around it, but from what I have read about GSSAPI and UAC there simply is not.

Created issue in Jira http://issues.igniterealtime.org/browse/SPARK-1327 to evaluate a fix in 2.6.1

any new thoughts??? right now we got 2.6.3 Spark version and still nothing. SSO works on XP but it doesn’t on windows 7 even if i try to run it with admin privileges… pls help

Well, there is a report on this http://community.igniterealtime.org/message/213826#213826 that indicates a working setup. Hence we did not change any code as it looks like non-simple setup, but not like a software bug.

Hello, new User here

Has anyone managed to get the “non-simple setup” working yet?

I still find it hard (even with all the information gathered in this forum and other articles on the website) to setup SSO flawlessly. It works with Spark 2.5.8 (Win7 and XP admin or non-admin) and it does work with Spark 2.6.3 in WinXP (admin or non-admin) and it does work with Win7 if you are not an admin.

Win7 and being an admin does not work. I really hope to get this problem solved, we want to deploy Spark for every user in our company and are already compiling our own “style” of Spark where we can disable menus and presences via config-file.

It would be disappointing if we had to use some kind of workaround to use it for admin-users.

I would be willing to post config-data etc to help in solving the problem.

I was able to finally get Windows 7 SSO using Registry Key @Neil McIntyre provided and running as Admin. Our users have local admin. Why is this necessary? Miranda-IM seems to have the most seamless SSO integration, it just works, no regkey or runas admin or external MIT Kerberos like pidgin. Unfortunately, Miranda lacks in other areas.