Unable to connect using Single Sign-On

jackynek · January 13, 2023, 6:45am

Hello,

after January Windows updates Spark (2.9.4) giving this errors during loging in:

org.jivesoftware.smack.SmackException$NoResponseException: No response received within reply timeout. Timeout was 10000ms (~10s). While waiting for stream compression feature
at org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:93)
at org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoint.java:317)
at org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(SynchronizationPoint.java:160)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginInternal(XMPPTCPConnection.java:408)
at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:546)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1128)
at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:370)
at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:910)
at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:139)
at java.lang.Thread.run(Unknown Source)

Does anybody have any idea how to fix this problem?

Thank you very much.

ilyaHlevnoy · January 14, 2023, 1:29pm

Hey!
It looks like Windows fixed this in the latest updates, unfortunately I can’t verify that.

What Java are you using in Openfire and in Spark?

Perhaps these topics will help you:

https://bugs.openjdk.org/browse/JDK-8139348

jackynek · January 19, 2023, 7:32am

Unfortunately Windows Updates looks like breaks this… I tried to rollback updates, but it didn´t help.

Strange is, that sometimes I can log in, but sometimes it giving mi this error. Before updates it worked normally without any issues.

javafx.runtime.version=8.0.202
javafx.runtime.build=b07

jackynek · January 19, 2023, 8:53am

Now the error is different (shorter), but the same scenario. Sometimes it pass through and I can normally login and sometimes it ending with this errror:

org.jivesoftware.smack.sasl.SASLErrorException: SASLError using GSSAPI: not-authorized
at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1200)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$1000(XMPPTCPConnection.java:1092)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1112)
at java.lang.Thread.run(Unknown Source)

jackynek · January 19, 2023, 12:50pm

OK, I solved my problem again by myself.

I needed to recreate a new keytab file with AES256-SHA1 encryption, after that it started working like a charm.

ilyaHlevnoy · January 19, 2023, 7:48pm

SHA1,3DES,RC4 very old.
I’m glad you found a solution

jackynek · January 20, 2023, 6:12am

Yes it is, but it is still a default microsoft option when you creating keytab.

Everybody who can have this problem after Windows Update (Especially Novemeber 2022 and later) recreate a new keytab file with this command:

ktpass /princ xmpp/openfireserver.domain.local@DOMAIN.LOCAL -mapUser xmpp-openfire@DOMAIN.LOCAL /pass * /crypto AES256-SHA1 /ptype KRB5_NT_PRINCIPAL /out c:\file.keytaab

arturo · February 2, 2023, 8:38am

and for those , who have a problem with SSO spark login - empty principal/username after updating windows 11 to 22H2 you need to add entries to the windows registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“LsaCfgFlags”=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard]
“LsaCfgFlags”=dword:00000000