I’ve configured Openfire 4.3.0 on my Windows Server 2016 VM in one of my domains which has most of the users that I want to access Spark, and I’m able to get SSO working with this single domain scenario, however I have users in other domains within our forest that I would like to access the application as well, it I can’t get the SSO login to work when I have the LDAP query (Base DN) setup to search for user outside of the domain their user account exist in. It gives the “Unable to connect using SSO” error message. I’ve checked all of the existing forums, blogs out there, even watch the SSO video that’s been posted, but still can’t seem to get it to work. Is this a limitation with the Openfire 4.3.0 application itself. Any thoughts would be appreciated
I have not tried to do sso/kerberos with multiple domains in the same forest. It might be doable, but I simply do not know. you’re base dn will likely need to point to the root of the forest and use the global catalog port/server. You’ll likley need to google how to set up cross-domain kerberos authentication.