Quantcast
Channel: Ignite Realtime : Discussion List - All Communities
Viewing all articles
Browse latest Browse all 10742

Openfire+Spark+SSO not worked

October 17, 2013, 11:49 pm
$
0
0

Win2003 Server SP2 -> dc.domain.com

Win2012 R2 Datacenter Preview -> srv.domain.com (Openfire)

Win7 Pro -> app.domain.com (Spark)

 

use this manual and other.

My steps:

1) create on DC xmpp-openfire user, set password qwerty with options "Unable to change password", "Password never expires" and "Does not require Kerberos Preauthentication"

2) for xmpp-openfire create Kerberos XMPP SPN on DC

setspn -A xmpp/srv.domain.com@DOMAIN.COM xmpp-openfire

3) for xmpp-openfire create map Kerberos XMPP SPN on DC, set password qwerty

ktpass -princ xmpp/srv.domain.com@DOMAIN.COM -mapuser xmpp-openfire@domain.com -pass * -ptype KRB5_NT_PRINCIPAL

4) create xmpp.keytab file on DC, set password qwerty

ktpass -princ xmpp/srv.domain.com@DOMAIN.COM -mapuser xmpp-openfire@domain.com -pass * -ptype KRB5_NT_PRINCIPAL -out xmpp.keytab

5) on srv.domain.com create folder \of_conf

6) xmpp.keytab copy to srv.domain.com in folder \of_conf

7) create file gss.conf in folder \of_conf

com.sun.security.jgss.accept {    com.sun.security.auth.module.Krb5LoginModule required    storeKey=true    keyTab="C:/of_conf/xmpp.keytab"    doNotPrompt=true    useKeyTab=true    realm="DOMAIN.COM"    principal="xmpp/srv.domain.com@DOMAIN.COM"    debug=true;
};

8. create file krb5.ini on app.domain.com, copy to root folder c:\, else krb5.ini not located

[libdefaults]    default_realm = DOMAIN.COM    default_tkt_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5    default_tgs_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5    permitted_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5

[realms]
    DOMAIN.COM = {        kdc = dc.domain.com        admin_server = dc.domain.com        default_domain = domain.com    }

[domain_realms]
    domain.com = DOMAIN.COM    .domain.com = DOMAIN.COM

9) change openfire.xml, inside tags <jive></jive>

<!-- sasl configuration -->    <sasl>     <mechs>GSSAPI</mechs>      <realm>DOMAIN.COM</realm>      <gssapi>       <debug>true</debug>        <config>C:/of_conf/gss.conf</config>        <useSubjectCredsOnly>false</useSubjectCredsOnly>     </gssapi>   </sasl>    <authorization>       <classList>org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy</classList>     </authorization>

10) go to web browser htpp://srv.domain.com:9090

- choose English

- internal base

- AD (LDAP)

- server type Active Directory, host = dc.domain.com, BaseDN = dc=domain, dc=com, AdminDN (interested!) notdc=adm, dc=domain, dc=com, in my case dc=Eugene Smith, dc=domain, dc=com

- add admin login adm

- go to User/Groups and now see AD users

- go to Server -> Server Manager -> System Properties add property xmpp.fqdn = srv.domain.com

11) set firewall rules srv.domain.com, add TPC and UDP with ports 5222, 5223, 5229, 7070, 7443, 9090, 9091

12) set regedit.exe parameter

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: AllowTGTSessionKey
Value Type: REG_DWORD
Value: 1

and restart PC

13) Run Spark, setup options and set Use Single Sign-On (SSO) GSSAPI, save, checking This will use the Desktop Account for “***” to login to the server, *** = adm@DOMAIN.COM

14) type adm, server srv.domain.com and try

 

not work SSO. In Spark logs:

java.lang.IllegalStateException: Not connected to server.    at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:445)    at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication.java:69)    at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:352)    at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)    at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)    at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)    at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)    at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)    at java.lang.Thread.run(Unknown Source)
18.10.2013 9:07:35 org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
java.lang.IllegalStateException: Not connected to server.    at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:445)    at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication.java:69)    at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:362)    at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)    at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)    at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)    at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)    at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)    at java.lang.Thread.run(Unknown Source)

on cmd Spark computer use

telnet srv.domain.com 5222

and server answer.

 

Spark Java

C:\Program Files (x86)\Spark\jre\bin>java -version
java version "1.6.0_18"
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) Client VM (build 16.0-b13, mixed mode, sharing)

DNS configured on dc.domain.com

 

C:\Program Files\Windows Resource Kits\Tools>klist.exe tgt

Cached TGT:

ServiceName: krbtgt
TargetName: krbtgt
FullServiceName: adm
DomainName: DOMAIN.LOCAL
TargetDomainName: DOMAIN.LOCAL
AltTargetDomainName: DOMAIN.LOCAL
TicketFlags: 0x40e00000
KeyExpirationTime: 1/1/1601 7:00:00
StartTime: 10/18/2013 9:22:58
EndTime: 10/18/2013 19:22:58
RenewUntil: 10/25/2013 9:22:58
TimeSkew: 1/1/1601 7:00:00

PS:

set Spark debug and now see

srv.dimain.com
5222
2013.10.18 12:39:15 PM
Active
<stream:stream to="srv" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><iq id="UCx4u-0" type="get"><query xmlns="jabber:iq:auth"><username>adm</username></query></iq><presence id="UCx4u-1" type="unavailable"></presence><stream:stream to="srv" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><stream:stream to="srv" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">

How fix???

Search
Viewing all articles
Browse latest Browse all 10742

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search