SSO - How Do I make it Work?

Can someone please tell me how to make SSO work? I’m pulling my hair out

I am fairly new to openfire / spark. I now have Openfire 3.6.4 integrated by LDAP to my AD. I see an option in spark for SSO. But it just will not work. I have not found a thread yet on this forum or on google that helps.

After enabling sso option in Spark it does auto fill the correct username, but when I click Login the little icon twirls around for a bit saying it’s attempting to connect, but then an error pops up… Login Error… Unable to connect using Single Sign-On. Please check your principal and server settings.

Is there an easy fix? What are “principal and server settings”??

Thanks for any help.

Details of my setup:

I’m running Active Directory in 2003 mode on Windows Server 2008 on vmware.

Openfire 3.6.4 running on Windows Server 2008 64bit on vmware

Clients running Windows XP and 7.

sso is tricky, and maybe more so with server 2008. have you created your keytab file, set your registry, and created your other config files yet?

No, I have not, and how would I know I needed to do all that? I thought it was a simple a checking the option in Spark. Can someone point me to documentation on the steps I must take to make this work?


Thanks, Speedy, for the links. However, I’ve gone through them twice very carefully and still get the following error in Spark…

Login error… Unable to connect using Single Sign-On. Please check your principal and server settings.

Not sure what to do now

verify your dns records are correct. you’ll need to make sure you have a ptr records. Also, first try getting this working with a windows xp workstation. Do you have a 2003 domain controller? if not, you’ll need to do enabled DES encryption types on the 2008 domain controller. you can do this in the group policies or the local policy.

Thanks again, Speedy, but Spark still won’t sign in and gives the same error even after creating a pointer record and adjusting the encryption in the group policy. I don’t know if SSO is worth all this voodooooo…

ok, with the account you used to create the keytab file, try reseting the password. be sure to use the same password as before when you created the account and keytab.

also, after you forces a group policy refresh and rebooted your server?

If that doesn’t work send me a PM

Just curious if you were able to get this working? …having the same issue - followed the same articles etc…