SSO: "not authorized"?

Derrick_Brashear · January 6, 2011, 6:23am

I set up SSO on our OpenFire a while ago. It never worked correctly. Today, after upgrading to 3.7.0beta I took another poke. The client appears to be properly setting up, including getting a KRB5 credential for the XMPP server, the same one configured in the gss.conf and listed in the keytab, but the server returns “not authorized” and the client falls back to PLAIN.

The “debug” setting seems to not actually return much in the way of debugging; Is there another debug setting which will dump information about the negotiation?

Johan1 · January 17, 2011, 12:11pm

I have the same problem after upgrading to 3.7.0 beta and i have tried almost everything to revert back to a stable working 3.6.4 installation but it is impossible, I get so far that OpenFire uses the keytab file and the principal gets “Commit Succeeded” but clients are still unable to connect via SSO… No logs or more debug info can be provided as they dont exists, spark clients only reports its not authorized and server says nothing as it assumes nothing is wrong…