DeeJay

Spark 2.5.3 Beta 1 BUG: SRV & SSO

Discussion created by DeeJay on May 21, 2007

Sorry for the cross-post but I figured this was a more appropriate forum.

 

 

It would seem that Spark does not work with SSO when using SRV records to identify the XMPP Server.

 

What should happen is:

 

1) Spark looks up the SRV records to identify the server address

2) Spark does a reverse lookup on the server address and uses that as the security principal (xmpp/reverselookup@REALM)

 

What actually happens is:

 

1) Spark does a reverse lookup on the domain name in which the SRV records exists and constructs the security principal from that (xmpp/reverselookupofdomain@REALM)

 

This breaks SSO in my environment (I configure my server to be the same as my internal AD domain).

Rather than identifying the correct server, it just does a lookup on the domain name, which actually returns a list of domain controllers for the domain. Obviously this isn''t good, as the security principal name changes every time I do it!

Outcomes