I have a new, functioning Openfire 3.8.2/Spark 2.6.3 + MySQL + LDAP installation for a client in a Win2k8R2 domain that's currently at the 2008 level.
To get SSO working, I've followed the documentation at http://community.igniterealtime.org/docs/DOC-2585 and supplemented with http://community.igniterealtime.org/docs/DOC-1060
Everything went smoothly until I got to testing with Spark. At first, it was unable to determine the account to use, and the SSO config tab reported not being able to find the primary server. I cleared this by running kinit <logged-in username> from the command prompt. Spark is now able to pull the proper account and server for SSO connection attempts.
Logging in with a default/testing account produces the familiar SSO login failure window.
I've re-verified the keytab, and kinit produces no errors/prompts.
The server error log has a worrysome entry that makes me think there's a communication/coding fault somewhere...
Suspecting the bundled-in JRE, I shut down openfire/spark and copied in the folders from the Java7u45 install, but the server error log is the same.
I've run out of ideas and could use some suggestions.
I've attached the server debug & error logs along with the Spark Smack debug window info; smaller somewhat-sanitized files for further inspection follows...
----------
krb5.ini
[libdefaults]
default_realm = DOMAIN.LOCAL
noaddresses=true
[realms]
DOMAIN.LOCAL = {
kdc = nmsdc2.domain.local
admin_server = nmsdc2.domain.local
default_domain = domain.local
}
[domain_realms]
domain.local = DOMAIN.LOCAL
.domain.local = DOMAIN.LOCAL
gss.conf
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule
required
storeKey=true
keyTab="C:/Openfire/resources/jabber.keytab"
doNotPrompt=true
useKeyTab=true
realm="DOMAIN.LOCAL"
principal="xmpp/nmut2.domain.local@DOMAIN.LOCAL"
debug=true;
};
I didn't touch the openfire.xml file, so here's the settings from the server console:
sasl.gssapi.config
C:\Openfire\conf\gss.conf
![Click to edit this property]()
![Click to delete this property]()
sasl.gssapi.debug
true
![Click to edit this property]()
![Click to delete this property]()
sasl.gssapi.useSubjectCredsOnly
false
![Click to edit this property]()
![Click to delete this property]()
sasl.mechs
GSSAPI
![Click to edit this property]()
![Click to delete this property]()
sasl.realm
DOMAIN.LOCAL
Spark error.log
java.lang.IllegalStateException: Not connected to server.
at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:445)
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:69)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 352)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)
at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)
Dec 19, 2013 3:24:37 PM org.jivesoftware.spark.util.log.Log warning
WARNING: Exception in Login:
java.lang.IllegalStateException: Not connected to server.
at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:445)
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:69)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 362)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)
at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)
Spark output.log
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Acquire TGT from Cache
Principal is default@DOMAIN.LOCAL
Commit Succeeded
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
Principal is default@DOMAIN.LOCAL
Commit Succeeded
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Acquire TGT from Cache
Principal is default@DOMAIN.LOCAL
Commit Succeeded
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Acquire TGT from Cache
Principal is default@DOMAIN.LOCAL
Commit Succeeded