AnsweredAssumed Answered

SSO not fuction totaly

Question asked by Francesco on Aug 2, 2017
Latest reply on Aug 2, 2017 by Francesco


i've got a problem with openfire 4.1.5 + Spark 2.8.3 and SSO.

so i describe infrastructure:

AD Windows 2012 r2 with ad level 2012 r2

Openfire installed on drive E of AD Server

Client Windows 10 + spark 2.8.3

I just configured openfire with AD and of read correctly my AD

Client have this situation:


With krb5.ini SSo

With DNS or setting:

in all 3 case the result not change



This is my gss conf { required










ServicePrincipalNames registrati per CN=xmpp-openfire,OU=Service,OU=dominio,DC=dominio,DC=local:






     default_realm = dominio.LOCAL

        kdc = dc1.dominio.local
        admin_server = dc1.dominio.local
        default_domain = dominio.local

    dominio.local= DOMINIO.LOCAL
    .dominio.local= DOMINIO.LOCAL


this is my openfire.xml


<?xml version="1.0" encoding="UTF-8"?>

<!-- This file stores bootstrap properties needed by Openfire. Property names must be in the format: "" That will be stored as: <prop> <name> <is> <blah>value</blah> </is> </name> </prop> Most properties are stored in the Openfire database. A property viewer and editor is included in the admin console. -->

<!-- root element, all properties must be under this element -->



<!-- Disable either port by setting the value to -1 -->





<!-- Network settings. By default, Openfire will bind to all network interfaces. Alternatively, you can specify a specific network interfaces that the server will listen on. For example, This setting is generally only useful on multi-homed servers. -->

<!-- <network> <interface></interface> </network> -->

<!-- sasl configuration -->




<!-- Specify the realm you used when you created the service principal and keytab.-->


<!-- Mechanism-specific configuration here -->


<!-- Use true to turn on debugging information. This adds a lot of noise to your log files, but it can help you spot problems sooner in the initial setup. -->


<!-- Specify the location of the GSSAPI configuration file you edited. -->

<!-- Sets the system property with the same name. You'll probably want "false" here (the default). For more details, see [] -->



<!-- SPDY Protocol is npn. (note: npn does not work with Java 8) add -Xbootclasspath/p:/OPENFIRE_HOME/lib/npn-boot.jar to .vmoptions file -->

<!-- <spdy> <protocol>npn</protocol> </spdy> -->

<!-- XEP-0198 properties -->



<!-- Whether stream management is offered to clients by server. -->


<!-- Number of stanzas sent to client before a stream management acknowledgement request is made. -->










Windows Firewall Disable

Client and Server same Network

on client java is not installed.


i read this guide:

How to Setup  SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2

SSO Issues (WinSrv2016/Win10Ent w/ Openfire 4.1.0 & Spark 2.8.2)

SSO Configuration