powered by Jive Software

SSO and Admin Console

I have all my users defined in LDAP and their passwords are in Kerberos.

I’'ve successfully setup OpenFire-3.2.2/Spark-2.5.4 with SSO, and added myself to the list of admin users for admin console.

Now the problem is that I can not login to admin console, since it does not supports SSO and just tries ldap_bind_simple against LDAP server with supplied username/password, which obviously fails.

Are there any plans for admin console to support SSO (SPNEGO) authentication?

Ive looked a little at supporting the Negotiate protocol, but Im not sure how to implement it in Jetty (the webserver used in Openfire). At the moment I have other things Im interested in, so unless a bunch of people start requesting it or someone else volunteers to do some programming, its not likely to happen soon. Being listed as an admin does give you some extra abilities, even if you cant log into the admin console, but I think you do want one user (at least) with a password that can get in.

Too bad

Thanks for the info.

Any update on this?

Or, does the admin console support “pre-authentication” with a front-end reverse-proxy which would perform the Kerberos/GSSAPI part and then forward the resulting username to the admin console in a HTTP header? The console would then treat the forwarded username as the authenticated user.