SSO in Windows 2003 - ERROR 11897 [Jive-ERR] (): Error reading XML properties

Openfire Openfire Support
1

I’m running Openfire on Windows 2003 Server Std., I’ve setup openfire to Authenticate using LDAP and everything works fine. However I’ve decided I’d like to use SSO instead. Below are the steps I took to setup SSO, mainly taken from http://wiki.igniterealtime.org/display/WILDFIRE/Configuring*Openfire*for+Kerberos

First I created a Windows User in ADUC called xmpp-jabber

Next I created the keyfile on our Domain Controller

 C:\keytabs>Ktpass princ xmpp/jabber.ad.mcbrideandson.com@AD.MCBRIDEANDSON.COM ma
       puser MCBRIDE\xmpp-jabber -pass ****passwordhere**** out xmpp.keytab -ptype KRB5_NT_PR
       INCIPAL
       Targeting domain controller: dell-dc.AD.McBrideandSon.com
       Using legacy password setting method
       Successfully mapped xmpp/jabber.ad.mcbrideandson.com to xmpp-jabber.
       Key created.
       Output keytab to xmpp.keytab:
       Keytab version: 0x502
       keysize 88 xmpp/jabber.ad.mcbrideandson.com@AD.MCBRIDEANDSON.COM ptype 1 (KRB5_N
       T_PRINCIPAL) vno 14 etype 0x17 (RC4-HMAC) keylength 16 (0x38ce8e2ddcd3bd78889988
       713a7172fc)

I then Copied the keyfile to C:\Program Files\Openfire\resources\jabber.keytab on the Member Server hosting The OpenFire server.

Next I created the gss file C:\Program Files\Openfire\conf\gss.conf File on the OpenFire server

com.sun.security.jgss.accept {

com.sun.security.auth.module.Krb5LoginModule

required

storeKey=true

keyTab=“C:/Program Files/Openfire/resources/jabber.keytab”

doNotPrompt=true

useKeyTab=true

realm=“AD.MCBRIDEANDSON.COM

principal=“xmpp/jabber.ad.mcbrideandson.com@AD.MCBRIDEANDSON.COM”

debug=true;

};

Lastly I appended the text below to C:\Program Files\Openfire\conf\openfire.xml

<gssapi>

<debug>true</debug>

<config>C:\Program Files\Openfire\resources\conf\gss.conf</config>

<useSubjectCredsOnly>false</useSubjectCredsOnly>

</gssapi>

</sasl>

I stopped the OpenFire Service and opened the OpenFire Server via the Start Menu, and Clicked the Start Button within it’s window

The text below was shown in the output window of the OpenFire Server, this text is shown multiple times in the window but I posted only one instance of it to save room.

ERROR 11897 (): Error reading XML properties
org.dom4j.DocumentException: Error on line 135 of document : The markup in the document following the root element must be well-formed. Nested exception: The markup in the document following the root element must be well-formed.
at org.dom4j.io.SAXReader.read(SAXReader.java:482)
at org.dom4j.io.SAXReader.read(SAXReader.java:365)
at org.jivesoftware.util.XMLProperties.buildDoc(XMLProperties.java:464)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:112)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:61)
at org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:771)
at org.jivesoftware.util.JiveGlobals.getXMLProperty(JiveGlobals.java:274)
at org.jivesoftware.util.Log.initLog(Log.java:76)
at org.jivesoftware.util.Log.<clinit>(Log.java:64)
at org.jivesoftware.util.XMLProperties.buildDoc(XMLProperties.java:467)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:112)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:61)
at org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:771)
at org.jivesoftware.util.JiveGlobals.getXMLProperty(JiveGlobals.java:274)
at org.jivesoftware.util.JiveGlobals.isSetupMode(JiveGlobals.java:751)
at org.jivesoftware.util.JiveGlobals.getProperty(JiveGlobals.java:521)
at org.jivesoftware.openfire.XMPPServer.initialize(XMPPServer.java:286)
at org.jivesoftware.openfire.XMPPServer.start(XMPPServer.java:383)
at org.jivesoftware.openfire.XMPPServer.<init>(XMPPServer.java:148)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at org.jivesoftware.openfire.starter.ServerStarter.start(ServerStarter.java:93)
at org.jivesoftware.openfire.starter.ServerStarter.main(ServerStarter.java:49)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)
at com.exe4j.runtime.WinLauncher.main(Unknown Source)
Nested exception:
org.xml.sax.SAXParseException: The markup in the document following the root element must be well-formed.
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseExcep tion(Unknown Source)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl$TrailingMiscDriv er.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(Unknown Source)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocu ment(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unkno wn Source)
at org.dom4j.io.SAXReader.read(SAXReader.java:465)
at org.dom4j.io.SAXReader.read(SAXReader.java:365)
at org.jivesoftware.util.XMLProperties.buildDoc(XMLProperties.java:464)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:112)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:61)
at org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:771)
at org.jivesoftware.util.JiveGlobals.getXMLProperty(JiveGlobals.java:274)
at org.jivesoftware.util.Log.initLog(Log.java:76)
at org.jivesoftware.util.Log.<clinit>(Log.java:64)
at org.jivesoftware.util.XMLProperties.buildDoc(XMLProperties.java:467)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:112)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:61)
at org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:771)
at org.jivesoftware.util.JiveGlobals.getXMLProperty(JiveGlobals.java:274)
at org.jivesoftware.util.JiveGlobals.isSetupMode(JiveGlobals.java:751)
at org.jivesoftware.util.JiveGlobals.getProperty(JiveGlobals.java:521)
at org.jivesoftware.openfire.XMPPServer.initialize(XMPPServer.java:286)
at org.jivesoftware.openfire.XMPPServer.start(XMPPServer.java:383)
at org.jivesoftware.openfire.XMPPServer.<init>(XMPPServer.java:148)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at org.jivesoftware.openfire.starter.ServerStarter.start(ServerStarter.java:93)
at org.jivesoftware.openfire.starter.ServerStarter.main(ServerStarter.java:49)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)
at com.exe4j.runtime.WinLauncher.main(Unknown Source)
ERROR 11897 ():
java.io.IOException: Error on line 135 of document : The markup in the document following the root element must be well-formed. Nested exception: The markup in the document following the root element must be well-formed.
at org.jivesoftware.util.XMLProperties.buildDoc(XMLProperties.java:468)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:112)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:61)
at org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:771)
at org.jivesoftware.util.JiveGlobals.getXMLProperty(JiveGlobals.java:274)
at org.jivesoftware.util.Log.initLog(Log.java:76)
at org.jivesoftware.util.Log.<clinit>(Log.java:64)
at org.jivesoftware.util.XMLProperties.buildDoc(XMLProperties.java:467)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:112)
at org.jivesoftware.util.XMLProperties.<init>(XMLProperties.java:61)
at org.jivesoftware.util.JiveGlobals.loadSetupProperties(JiveGlobals.java:771)
at org.jivesoftware.util.JiveGlobals.getXMLProperty(JiveGlobals.java:274)
at org.jivesoftware.util.JiveGlobals.isSetupMode(JiveGlobals.java:751)
at org.jivesoftware.util.JiveGlobals.getProperty(JiveGlobals.java:521)
at org.jivesoftware.openfire.XMPPServer.initialize(XMPPServer.java:286)
at org.jivesoftware.openfire.XMPPServer.start(XMPPServer.java:383)
at org.jivesoftware.openfire.XMPPServer.<init>(XMPPServer.java:148)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at org.jivesoftware.openfire.starter.ServerStarter.start(ServerStarter.java:93)
at org.jivesoftware.openfire.starter.ServerStarter.main(ServerStarter.java:49)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)
at com.exe4j.runtime.WinLauncher.main(Unknown Source)

If I attempt to goto http://127.0.0.1:9090 it trys to go through the setup again, asking what language I would like and so forth, as if setup was never ran. Even though <setup>true</setup> is set in the xml.

If I remove the text I appended below and stop/start OpenFire, then goto the Web Interface everything works fine again, it does not attempt to run the setup.

It appears to me something is wrong in my XML file? Can anyone see what I’m doing wrong?

2

My guess would be you forgot the <provider> part in teh openfire.xml config file

Add a <provider> element to specify classes that

provide an authorization mapping between authenticated principals and

user names. A comma- or space-separated list is fine here. If you leave

this provider out the default will be used, which might be fine for

many installations.

Here’s an example:

&lt;provider&gt;
    &lt;authorization&gt;
        &lt;classList&gt;org.jivesoftware.openfire.sasl.LazyAuthorizationPolicy org.jivesoftware.openfire.sasl.DefaultAuthorizationProvider&lt;/classList&gt;
        &lt;!-- other options: <span class="code-keyword">null, LdapAuthorizationProvider, UnixK5LoginProvider, Strict and Lazy--&gt;
    &lt;/authorization&gt;
&lt;/provider&gt;

The Lazy provider has a different name in the different versions of Openfire, as the logic changes.

Openfire Versions

Provider Names

3.3.0 and prior

LazyAuthorizationProvider

3.3.1 and later

LooseAuthorizationProvider

3

I added your example which resulted in the same error 11897, so I modified it to use the LooseAuthorizationProvider since I’m using OpenFire Version 3.3.2 and also I added LdapAuthorizationProvider since I am using Ldap as our authentication method.

<provider>

<authorization>

<classList>org.jivesoftware.openfire.sasl.LooseAuthorizationProvider org.jivesoftware.openfire.sasl.DefaultAuthorizationProvider LdapAuthorizationProvider</classList>

<!-- other options: null, LdapAuthorizationProvider, UnixK5LoginProvider, Strict and Lazy–>

</authorization>

</provider

4

The error you posted is due to a syntax error in the openfire.xml file. Since openfire cant read that file at all if its corrupt, it goes into the initial setup mode. Since you didnt paste the hole openfire.xml I cant say for certain, but it looks like you forgot the opening tag.

The wiki document is deprecated, replaced with the new SSO Configuration document. Hopefully that will help you some.

5

Thanks for your quick replies guys, it looks like my problem was that I didn’t put the properties before the </jive> tag, but rather after it. After putting the <gssapi> and <provider> tags before </jive> I no longer get the Error 11897.

6

Please let me know if you get SSO working… we pretty much have the same setup and I am having trouble getting it working… I must be missing some small piece

7

Its not advertised well, but Jive does offer professional services for setting up SSO if you need additional assistance in getting it working.

8

I called them and asked and they said they only support enterprise customers and if you are a customer who spends less than $5000 then you will only have forum support but it will be “escalated”. Am I calling the wrong person, who can I contact for this service.

9

Any progress? Id love to see the whole thing written up in a windows centric document, where we could all benefit… Jive guys, any help you can give here???

10

The progress I made I posted here: http://www.igniterealtime.org/community/message/155966#155966 hoping someone will answer what I’ve done wrong. However SSO still is not working for me, the XML error is gone at least… it does appear I’m closer at least. If I make any progress I’ll let you know.