AnsweredAssumed Answered

SSO setup problem using Hazelcast plugin.

Question asked by Johnny on Dec 23, 2016
Latest reply on Dec 29, 2016 by Johnny

Hi all,

 

I have setup 2 Openfire servers as a cluster using the Hazelcast plugin.

 

Active directory: ad.test.com

First Openfire server: app1.test.com

Second Openfire server: app2.test.com

Common database: db.test.com

Chat client vm: vm1.test.com

 

I tried the guide at 28 Steps to Single Sign On for Openfire XMPP Server on Windows Server 2012 R2 with Spark and it's working fine for the first Openfire server at app1.test.com. I can connect using the chat client at vm1.test.com. The debug console at app1.test.com shows that the keytab was used for the login.

 

The problem comes with trying to configure SSO for the secondary Openfire server at app2.test.com. I created another AD account called xmpp-openfire2 and also used the steps to create a SPN and a keytab for that account. The keytab generated was then copied to the secondary Openfire server resources folder. The gss.conf was also updated to use the principle xmpp/app2.test.com@TEST.COM. However, when trying to connect to app2.test.com using the chat client at vm1.test.com, I am getting warning logs at the chat client that the Kerberos mechanism was not found on the server. The debug console at app2.test.com was also not throwing debug messages even though debug mode was enabled. I am kind of lost on how to enable SSO for the secondary server. Could I get some assistance with this please? I am pretty sure many folks here would want to know as well.

 

Thanks in advance.

Outcomes