Sparkweb - Not authorized. Please try again

Openfire Openfire Support
1

Hi,

I have installed SparkWeb onto my Openfire server (Openfire 3.6.4 Centos 5 authentication via Active Directory)

I have installed Apache 2 and configured it to use HTTPS:

DocumentRoot /var/www/html/sparkweb ServerName aaaaa.bbb.ccc.ddd ErrorLog logs/aaaaa-error_log CustomLog logs/aaaaa_log common SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/openfire.crt
SSLCertificateKeyFile /etc/pki/tls/private/openfire.key

<Directory /sparkweb*>

HTTP binding is configured.

/var/www/html/sparkwe/SparkWeb.html

I can get the SparkWeb logon screen when I point my browser to https://aaaaa.bbb.ccc.ddd/sparkweb/SparkWeb.html

I enter my login credentials (that work with Spark) and get Not authorized. Please try again.

In the error.log I see:

2011.02.03 08:17:24 [org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroupNames(LdapGroupProvid er.java:187)] Could not find user in LDAP c55fc62f

In Sessions I see:

1

Anonymous
c55fc62f
Authenticated
User is connected via SSL
Online
Online
0
127.0.0.1

Anyone have any ideas why I am unable to login?

Cheers,

Doug

2

Looks like Sparkweb puts up the “Not authorized. Please try again” response when it can’t find a server to talk to. If I put anything into the server field and click login I eventually get the Not authorized message coming back.

Looks like I can connect via https if I use a browser within my network. This is with Client Connection Security set to required.

In ‘Sessions’ I see sparkweb as a Resource and my PC’s Ip as Client IP

If I try from an external address, I see Anonymous as the Name, an eight digit hex code as Resource and 127.0.0.1 as the Client IP.

Any pointers or information where to look would be great.

Regards,

Doug

3

Did some more investigation today with our networks team.

Conversations over 5222 look encrypted - used wireshark to look at packets

For secure conversations from the web using HTTPS you also need 5222 and 5223 open.

Initially opens conversation over 433 then 5222 and finally builds the conversation over 5223 leaving 433 and 5222 open.

Cheers,

Doug