powered by Jive Software

SSO authorization for ad users with spaces in their names


I’m using Openfire 3.8.1 with Windows Server 2008 R2 and Spark 2.6.3 Clients on XP, Win 7 and 8.

I have recently switched to SSO using this tutorial: http://community.igniterealtime.org/docs/DOC-1362

Login for users with no blank spaces in their usernames works without any flaws.

But: Users with blank spaces in the username get following error message:
Single Side Logon Failed - Please check your preferences

The openfire debug shows the following for User “Test Test”:

2013.04.16 16:36:24 org.jivesoftware.openfire.auth.AuthorizationManager - AuthorizationManager: Trying Default Policy.authorize(test\20test , Test Test@EXAMPLE.LOCAL)

2013.04.16 16:36:24 org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy - DefaultAuthorizationPolicy: usernames don’t match (test\20test Test Test)

2013.04.16 16:36:24 org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: SaslException

javax.security.sasl.SaslException: Problem with callback handler [Caused by javax.security.sasl.SaslException: Test Test@EXAMPLE.LOCAL is not authorized to connect as test\20test]

Caused by: javax.security.sasl.SaslException: Test Test@EXAMPLE.LOCAL is not authorized to connect as test\20test

code snippet from DefaultAuthorizationPolicy.java:


if (Log.isDebugEnabled()) {

    Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")");


return false;


What am I doing wrong? It is possible to use with usernames with spaces?

can’t have usernames with spaces. I think this is an xmpp standard, but I’m not sure.

but i’m able to login using usernames with spaces, if i’m not using sso.

my bad…i guess im wrong about that…woudn’t be the first time!