AnsweredAssumed Answered

Openfire 4.0.1 SSO - again

Question asked by Ben on Jul 27, 2016
Latest reply on Aug 2, 2016 by speedy



Problem: In Pidgin (did a test install of Spark, isn't working either) debug I get the following error when I try to connect my user to Openfire Server.

(10:01:38) certificate: Successfully verified certificate for "openfire-server"

(10:01:38) jabber: Sending (ssl) (user@domain.local): <stream:stream to='domain.local' xmlns='jabber:client' xmlns:stream='' version='1.0'>

(10:01:38) jabber: Recv (ssl)(456): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="" xmlns="jabber:client" from="openfire-server" id="6e50wbz30s" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism></mechani sms><compression xmlns=""><method>zlib</method></compression><auth xmlns=""/></stream:features>

(10:01:38) sasl: Mechs found: GSSAPI

(10:02:05) sasl: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)

(10:02:05) sasl: sasl_state is -1, failing the mech and trying again

(10:02:05) sasl: Mechs found:


I got a Windows Server 2012 environment, a working openfire server (without sso ofc) on "openfire-server", and Windows/Mac clients.


What I already did:

First instruction: HOWTO: SSO Configuration for Windows (Server and Clients) and Mac Clients

Second instruction: How to Setup  SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2

Third instruction: 28 Steps to Single Sign On for Openfire XMPP Server on Windows Server 2012 R2 with Spark


The last one brought me from the error "not authorized" to the above mentioned.

On the client I did the registry entry, copied the krb5.ini, installed java 8 101 and MIT Kerberos for Windows 3.2.2, rebooted.


Thanks for any advice...