powered by Jive Software

Why is password saved when using SSO with automatic login?

Hi community,

I recently enabled SSO so that our users dont have to save their password locally.

But I found out that when the checkbox for automatic login is active that “save password” is automatically checked too.

So for testing purposes I deleted my spark.properties File and set it up all over. After setting Spark for SSO and automatic login my password is saved in the properties file.

When leaving automatic login unchecked I still am being logged in via SSO, but there is no saved password in the properties file, which I assume is the way to be.

Why would the password be saved (and probably extractet from tgt) for automatic login via SSO?

We just set up SSO for the reason, that no passwords are stored locally on a client machine…

I am using Spark 2.8.2 in a windows AD environment with SSO and OpenFire 3.9.3

SSO has been added to Spark as an add-on at some point without looking into such details probably. This is how Spark usually behaves when auto-login is checked. The one who was adding SSO login (no clue who that was, it was probably 10 years ago) haven’t thought about this. I will file it, but as Spark doesn’t have good active java developers, not sure when and whether this will be changed. [SPARK-1850] Shouldn’t save password when SSO is being used - IgniteRealtime JIRA

1 Like

Thank you for your quick response.

IMHO it should be sufficient to entangle the dependency of automatic login with saving password when SSO is being used.

This way it could be very well implemented without diving in too deep into SSO

Please give the latest nightly build a try and report back any issues you have. Thanks

Ignite Realtime: Spark Nightly Builds

Hi guys, just came back from a long vacation. I have tested 2.8.2.955 and with “Automatic logon” there is no stored password anymore in my spark.properties file. Thank you!