I got some great help trying to figure out my SSO problems before. Thank you again! However, while my login works just fine with SSO now, it turns out other logins don’t! I don’t know why.
Rundown:
-
Windows Server / client (latest of each)
-
krb5.ini on server and client
-
kerbeos is working according to spark debugging.
-
had a problem previously with two <provider> tags in xml file, that has been fixed.
-
using looseAuthorizationProvider in xml for the authorization tag.
I’m getting this error in the debug screen:
2007.10.02 11:11:24 first.last@CMAOHIO.ORG not authorized to first.last
2007.10.02 11:11:24 SaslException
javax.security.sasl.SaslException: Problem with callback handler (Caused by javax.security.sasl.SaslException: first.last@CMAOHIO.ORG is not authorized to connect as first.last)
at com.sun.security.sasl.gsskerb.GssKrb5Server.doHandshake2(Unknown Source)
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(Unknown Source)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :281)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:144)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:176)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.sasl.SaslException: first.last@CMAOHIO.ORG is not authorized to connect as first.last
… 19 more