AnsweredAssumed Answered

SSO not fuction totaly

Question asked by Francesco on Aug 2, 2017
Latest reply on Aug 2, 2017 by Francesco

Hi

i've got a problem with openfire 4.1.5 + Spark 2.8.3 and SSO.

so i describe infrastructure:

AD Windows 2012 r2 with ad level 2012 r2

Openfire installed on drive E of AD Server

Client Windows 10 + spark 2.8.3

I just configured openfire with AD and of read correctly my AD

Client have this situation:

 

With krb5.ini SSo

With DNS or setting:

in all 3 case the result not change

 

 

This is my gss conf

com.sun.security.jgss.accept {

    com.sun.security.auth.module.Krb5LoginModule required

    storeKey=true

    keyTab="E:/Openfire/resources/xmpp.keytab"

    doNotPrompt=true

    useKeyTab=true

isInitiator=false

    realm="domain.LOCAL"

    principal="xmpp/dc1.domain.local"

    debug=true;

};

ServicePrincipalNames registrati per CN=xmpp-openfire,OU=Service,OU=dominio,DC=dominio,DC=local:

        xmpp/dc1.dominio.local

        xmpp/dc1

        xmpp/dc1.dominio.local@dominio.LOCAL

 

KRB5.ini

libdefaults]
     default_realm = dominio.LOCAL

[realms]
    DOMINIO.LOCAL = {
        kdc = dc1.dominio.local
        admin_server = dc1.dominio.local
        default_domain = dominio.local
    }

[domain_realms]
    dominio.local= DOMINIO.LOCAL
    .dominio.local= DOMINIO.LOCAL

 

this is my openfire.xml

 

<?xml version="1.0" encoding="UTF-8"?>

<!-- This file stores bootstrap properties needed by Openfire. Property names must be in the format: "prop.name.is.blah=value" That will be stored as: <prop> <name> <is> <blah>value</blah> </is> </name> </prop> Most properties are stored in the Openfire database. A property viewer and editor is included in the admin console. -->

<!-- root element, all properties must be under this element -->

-<jive>

-<adminConsole>

<!-- Disable either port by setting the value to -1 -->

<port>9090</port>

<securePort>9091</securePort>

</adminConsole>

<locale>en</locale>

<!-- Network settings. By default, Openfire will bind to all network interfaces. Alternatively, you can specify a specific network interfaces that the server will listen on. For example, 127.0.0.1. This setting is generally only useful on multi-homed servers. -->

<!-- <network> <interface></interface> </network> -->

<!-- sasl configuration -->

-<sasl>

<mechs>GSSAPI</mechs>

<!-- <mechs>CRAM-MD5,DIGEST MD5,PLAIN,EXTERNAL,ANONYMOUS</mechs> -->

<!-- Specify the realm you used when you created the service principal and keytab.-->

<realm>dominio.LOCAL</realm>

<!-- Mechanism-specific configuration here -->

-<gssapi>

<!-- Use true to turn on debugging information. This adds a lot of noise to your log files, but it can help you spot problems sooner in the initial setup. -->

<debug>true</debug>

<!-- Specify the location of the GSSAPI configuration file you edited. -->

<!-- Sets the system property with the same name. You'll probably want "false" here (the default). For more details, see [http://java.sun.com/j2se/1.4.2/docs/api/org/ietf/jgss/package-summary.html] -->

</gssapi>

</sasl>

<!-- SPDY Protocol is npn. (note: npn does not work with Java 8) add -Xbootclasspath/p:/OPENFIRE_HOME/lib/npn-boot.jar to .vmoptions file -->

<!-- <spdy> <protocol>npn</protocol> </spdy> -->

<!-- XEP-0198 properties -->

-<stream>

-<management>

<!-- Whether stream management is offered to clients by server. -->

<active>true</active>

<!-- Number of stanzas sent to client before a stream management acknowledgement request is made. -->

<requestFrequency>5</requestFrequency>

</management>

</stream>

-<connectionProvider>

<className>org.jivesoftware.database.EmbeddedConnectionProvider</className>

</connectionProvider>

<setup>true</setup>

</jive>

 

Windows Firewall Disable

Client and Server same Network

on client java is not installed.

 

i read this guide:

How to Setup  SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2

SSO Issues (WinSrv2016/Win10Ent w/ Openfire 4.1.0 & Spark 2.8.2)

SSO Configuration

 

help?

Outcomes