I am attempting to configure a test bed server to use SSO with Spark client. My client uses SSO fine with an Openfire 3.3.1 server, but fails with the 3.3.2 server. Both the clients and the server are on windows machines.
Keytab generation log:
U:>ktpass /princ xmpp/mts-development@AD.MTSTRAVEL.COM /mapuser tasks@ad.mtstra
vel.com /pass * /out jabber.keytab
Targeting domain controller: mts1.ad.mtstravel.com
Successfully mapped xmpp/mts-development to tasks.
Type the password for xmpp/mts-development:
Type the password again to confirm:
Key created.
Output keytab to jabber.keytab:
Keytab version: 0x502
keysize 64 xmpp/mts-development@AD.MTSTRAVEL.COM ptype 1 (KRB5_NT_PRINCIPAL) vno
4 etype 0x3 (DES-CBC-MD5) keylength 8 (0x97a4fd3852372acd)
Account tasks has been set for DES-only encryption.
Here is my gss.conf:
com.sun.security.jgss.accept { com.sun.security.auth.module.Krb5LoginModule required storeKey=true keyTab=“C:/Program Files/Openfire/resources/jabber.keytab” doNotPrompt=true useKeyTab=true realm=“AD.MTSTRAVEL.COM” principal=“xmpp/mts-development.ad.mtstravel.com@AD.MTSTRAVEL.COM” debug=true; };
Here are my error logs:
Spark Errors:
javax.security.sasl.SaslException: GSS initiate failed Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:75)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 194)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:785)
at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:185)
at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:589)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129)
at java.lang.Thread.run(Unknown Source)
Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
… 9 more
Caused by: KrbException: Server not found in Kerberos database (7)
at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)
at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
… 12 more
Caused by: KrbException: Identifier doesn’'t match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.init(Unknown Source)
at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)
… 17 more
not-authorized(401)
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:94)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 227)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:785)
at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:185)
at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:589)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129)
at java.lang.Thread.run(Unknown Source)
Openfire error Logs:
There is nothing in the error logs of the server, which I find odd.