I went through the Wiki SSO doc on setting up Openfire/Spark SSO on a Windows 2k3 server. Everything went fine and it worked right off the back for about 20 minutes. Then boom, no more worky. Nothing showing in the logs and I still have the debug option enabled. When I enable debugging on the openfire server I am still not seeing any output pertaining to SSO. Nothing happened in between this time either. I was merely going around the office showing every then, of course, when I went to show my boss it crapped out.
First, lets dismiss the idea that nothing happened, since something obviously did (Im not saying its your fault, though) Lets try to figure out what is going on.
Make sure you check all the logs on the server. There is a start.out/start.err (or something like that) that can show SSO information.
If nothing is showing up in the logs on the server, check the logs on the client. Something to keep in mind with Kerberos is your tickets have designated lifetimes and can expire. Windows should renew the tickets when you unlock a locked workstation, but who knows. If you have the resource kit installed, check “klist.exe tgt” to see the expiration information.
Next, you might check if the client is able to contact the server at all. Try without SSO and make sure that still works (assuming you didnt disable all non-SSO login methods)
I really have no idea what changed because honestly I was just walking around showing people how it works and no one else has access to the server, oh well, maybe just a fluke that it was working anyway.
Found this thread that you had helped someone with earlier. I got as far as being able to get the server to start reporting stuff (the Spark client is just reporting the SASL auth error).
Now I am seemingly getting this from Openfire:
Key for the principal xmpp/jabber.xxx.com@xxx.COM not available in C:/Program Files/Openfire/resources/jabber.keytab
Can you check the keytab file? Make sure that it is still in C:\Program Files\Openfire\resources\jabber.keytab and is readable by the user running Openfire (and preferably no one else). Also, what command did you use to create the keytab file?
I just checked the Spark logs again and they have changed…(wth??) …now I am getting this:
javax.security.sasl.SaslException: GSS initiate failed Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
Okay I got past that. The problem was that I read somewhere that I was to enable “DES” encryption within the AD user settings. After disabling this I was able to get this out of the log:
Added server’'s keyKerberos Principal xmpp/ptldme-mngt.xxx.com@XXX.COMKey Version 2key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 6CBUNCH OF HEXXXXXXb#…?..
added Krb5Principal xmpp/ptldme-mngt.XXX.com@XXX.COM to Subject