22 Replies Latest reply on Sep 12, 2017 6:26 AM by speedy

    Login problem (LDAP/SSO)

    kuba

      Hello

      according to the description of the configuration sso from this page Openfire XMPP Server on Windows Server 2012 R2 with Spark SSO.pdf - Google Drive I did everything the way it is written. Unfortunately I have a problem with logging on in the program spark. No matter whether SSO is enabled or not. All the time I am getting information that I gave the incorrect login or password. I can log into the control panel without any problem. Openfire 4.1.5 and Spark 2.8.3. Do you have any idea?

      Error log in spark is empty ;(

       

      regards

      Kuba

        • Re: Login problem (LDAP/SSO)
          speedy

          your first step is to make sure you can login without sso using your AD/LDAP creds.

          • Re: Login problem (LDAP/SSO)
            kuba

            SSO still not working:( Can anyone tell me what might be the problem?

             

            sie 31, 2017 8:40:36 AM org.jivesoftware.spark.util.log.Log warning

            WARNING: Exception in Login:

            org.jivesoftware.smack.SmackException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

                at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASL JavaXMechanism.java:123)

                at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:196)

                at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:169)

                at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 236)

                at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginNonAnonymously(XMPPTCPConnect ion.java:373)

                at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java :457)

                at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1131)

                at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)

                at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)

                at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)

                at java.lang.Thread.run(Unknown Source)

            Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))]

                at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)

                at org.jivesoftware.smack.sasl.javax.SASLJavaXMechanism.getAuthenticationText(SASL JavaXMechanism.java:120)

                ... 10 more

            Caused by: GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new INITIATE credentials failed! (null))

                at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Unknown Source)

                at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Unknown Source)

                at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Unknown Source)

                at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Unknown Source)

                at sun.security.jgss.GSSManagerImpl.getMechanismContext(Unknown Source)

                at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

                at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)

                ... 12 more

            Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication

                at com.sun.security.auth.module.Krb5LoginModule.promptForName(Unknown Source)

                at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)

                at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at javax.security.auth.login.LoginContext.invoke(Unknown Source)

                at javax.security.auth.login.LoginContext.access$000(Unknown Source)

                at javax.security.auth.login.LoginContext$4.run(Unknown Source)

                at javax.security.auth.login.LoginContext$4.run(Unknown Source)

                at java.security.AccessController.doPrivileged(Native Method)

                at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)

                at javax.security.auth.login.LoginContext.login(Unknown Source)

                at sun.security.jgss.GSSUtil.login(Unknown Source)

                at sun.security.jgss.krb5.Krb5Util.getTicket(Unknown Source)

                at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

                at sun.security.jgss.krb5.Krb5InitCredential$1.run(Unknown Source)

                at java.security.AccessController.doPrivileged(Native Method)

                ... 19 more

              • Re: Login problem (LDAP/SSO)
                speedy

                Did you make the change to your windows registry to allow java to ready the ticket?

                Are you using DNS or krb5.ini file on the client?

                Do you have a ptr record in dns?

                Have you tried to recreate your keytab file?

                is your krb5.ini (on the openfire server), correct?

                 

                There are a lot of moving parts with SSO...and its not so easy to set up if you haven't done it before. 

                here is a quick how to I put together a while ago.  you may give it a try.

                 

                How to Setup  SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2

                  • Re: Login problem (LDAP/SSO)
                    kuba

                    I did as follows.

                     

                    ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /pass * /ptype KRB5_NT_PRINCIPAL /crypto all

                    C:\Windows\system32>ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /pass * /ptype KRB5_NT_PRINCIPAL /crypto all

                    Targeting domain controller: Europa.wodociagi.pl

                    Successfully mapped XMPP/europa.wodociagi.pl to xmpp-openfire.

                    Type the password for XMPP/europa.wodociagi.pl:

                    Type the password again to confirm:

                    Password successfully set!

                    Key created.

                    Key created.

                    Key created.

                    Key created.

                    Key created.

                     

                    C:\>ktpass /princ XMPP/europa.wodociagi.pl@WODOCIAGI.PL /mapuser xmpp-openfire@wodociagi.pl /crypto all -pass * /ptype KRB5_NT_PRINCIPAL /out xmpp.keytab

                    Targeting domain controller: Europa.wodociagi.pl

                    Successfully mapped XMPP/europa.wodociagi.pl to xmpp-openfire.

                    Type the password for XMPP/europa.wodociagi.pl:

                    Type the password again to confirm:

                    Password successfully set!

                    Key created.

                    Key created.

                    Key created.

                    Key created.

                    Key created.

                    Output keytab to xmpp.keytab:

                    Keytab version: 0x502

                    keysize 64 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

                    18 etype 0x1 (DES-CBC-CRC) keylength 8 (0x2a2fc4e0374a80b3)

                    keysize 64 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

                    18 etype 0x3 (DES-CBC-MD5) keylength 8 (0x2a2fc4e0374a80b3)

                    keysize 72 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

                    18 etype 0x17 (RC4-HMAC) keylength 16 (0x99855ef86fb67e661da2f3bba8b9cf49)

                    keysize 88 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

                    18 etype 0x12 (AES256-SHA1) keylength 32 (0xda0520af7c616b46eeb3d2d0854aceb3e39

                    4d1c3d3a0f4cf42b7b57383676630)

                    keysize 72 XMPP/europa.wodociagi.pl@WODOCIAGI.PL ptype 1 (KRB5_NT_PRINCIPAL) vno

                    18 etype 0x11 (AES128-SHA1) keylength 16 (0x31650ad6de5d8e5112f4badff3077efd)

                     

                    file gss.conf

                    com.sun.security.jgss.krb5.accept {

                        com.sun.security.auth.module.Krb5LoginModule required

                        storeKey=true

                        keyTab="C:/Program Files (x86)/openfire/resources/xmpp.keytab"

                        doNotPrompt=true

                        useKeyTab=true

                        isInitiator=false

                        debug=true

                        realm="WODOCIAGI.PL"

                        principal="XMPP/europa.wodociagi.pl@WODOCIAGI.PL";

                    };

                     

                     

                    file krb5.ini on a client and server side

                    [libdefaults]

                        default_realm = WODOCIAGI.PL

                     

                    [realms]

                        DOMAIN.LOCAL = {

                            kdc = europa.wodociagi.pl

                        admin_server = europa.wodociagi.pl

                            default_domain = wodociagi.pl

                        }

                     

                    [domain_realms]

                        domain.local = WODOCIAGI.PL

                        .domain.local = WODOCIAGI.PL

                     

                     

                    and I still have the same errors ;( Why is duplicated "Key created." in ktpass utility output?

                      • Re: Login problem (LDAP/SSO)
                        speedy

                        There appears to be an error in your krb5.ini

                        it should look like this

                        [libdefaults]

                            default_realm = WODOCIAGI.PL

                         

                        [realms]

                            WODOCIAGI.PL = {

                                kdc = europa.wodociagi.pl

                            admin_server = europa.wodociagi.pl

                                default_domain = wodociagi.pl

                            }

                         

                        [domain_realms]

                            wodociagi.pl = WODOCIAGI.PL

                            .wodociagi.pl = WODOCIAGI.PL

                          • Re: Login problem (LDAP/SSO)
                            kuba

                            Unfortunately, this did not bring any effect:(

                              • Re: Login problem (LDAP/SSO)
                                speedy

                                is europa.wodociagi.pl also your domain controller?

                                [realms]

                                    WODOCIAGI.PL = {

                                        kdc = europa.wodociagi.pl <----this should be your domain controller

                                    admin_server = europa.wodociagi.pl <---his should be your domain controller

                                        default_domain = wodociagi.pl

                                    }

                                  • Re: Login problem (LDAP/SSO)
                                    kuba

                                    Yes it is.

                                      • Re: Login problem (LDAP/SSO)
                                        speedy

                                        is that also your xmpp chat server?

                                          • Re: Login problem (LDAP/SSO)
                                            kuba

                                            yes. Is that a problem?

                                             

                                             

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 7

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 4

                                            2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 2

                                            Queue : [SESSION_CLOSED, ]

                                             

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 4

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 2

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 7

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-6]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 8

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-3]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 5

                                            2017.09.05 08:04:57 DEBUG [NioProcessor-1]: org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

                                            javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

                                                at sun.security.ssl.Alerts.getSSLException(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

                                                at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

                                                at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

                                                at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

                                                at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

                                                at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

                                                at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

                                                at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

                                                at java.lang.Thread.run(Unknown Source)

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-3]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 5

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-4]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 7

                                            2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event EXCEPTION_CAUGHT to session 6

                                            Queue : [EXCEPTION_CAUGHT, ]

                                             

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 2

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a EXCEPTION_CAUGHT event for session 6

                                            2017.09.05 08:04:57 DEBUG [NioProcessor-1]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 8

                                            Queue : [SESSION_CLOSED, ]

                                             

                                            2017.09.05 08:04:57 WARN  [socket_c2s-thread-7]: org.jivesoftware.openfire.nio.ConnectionHandler - Closing connection due to exception in session: (0x00000006: nio socket, server, /10.10.1.30:56267 => 0.0.0.0/0.0.0.0:5222)

                                            java.io.IOException: Istniejące połączenie zostało gwałtownie zamknięte przez zdalnego hosta

                                                at sun.nio.ch.SocketDispatcher.read0(Native Method)

                                                at sun.nio.ch.SocketDispatcher.read(Unknown Source)

                                                at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source)

                                                at sun.nio.ch.IOUtil.read(Unknown Source)

                                                at sun.nio.ch.SocketChannelImpl.read(Unknown Source)

                                                at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:273)

                                                at org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:44)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoP rocessor.java:690)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:664)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPolling IoProcessor.java:653)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPoll ingIoProcessor.java:67)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1124)

                                                at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

                                                at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

                                                at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

                                                at java.lang.Thread.run(Unknown Source)

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-5]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 2

                                            2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

                                            javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

                                                at sun.security.ssl.Alerts.getSSLException(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

                                                at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

                                                at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

                                                at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

                                                at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

                                                at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

                                                at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

                                                at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

                                                at java.lang.Thread.run(Unknown Source)

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 6

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 8

                                            2017.09.05 08:04:57 DEBUG [NioProcessor-3]: org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 6

                                            Queue : [SESSION_CLOSED, ]

                                             

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-2]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 8

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 6

                                            2017.09.05 08:04:57 DEBUG [socket_c2s-thread-7]: org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 6

                                             

                                            2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 6

                                            2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 8

                                            2017.09.05 08:04:57 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 6

                                            Queue : [SESSION_CLOSED, ]

                                             

                                            2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 8

                                            2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 6

                                            2017.09.05 08:04:57 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 6

                                            2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_OPENED to session 9

                                            Queue : [SESSION_OPENED, ]

                                             

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_OPENED event for session 9

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_OPENED has been fired for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

                                            Queue : [MESSAGE_RECEIVED, ]

                                             

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

                                            Queue : [MESSAGE_SENT, ]

                                             

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

                                            Queue : [MESSAGE_SENT, , MESSAGE_SENT, ]

                                             

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

                                            Queue : [MESSAGE_RECEIVED, ]

                                             

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

                                            2017.09.05 08:07:59 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true

                                            2017.09.05 08:07:59 org.jivesoftware.openfire.keystore.OpenfireX509TrustManager - Constructed trust manager. Number of trusted issuers: 173, accepts self-signed: false, checks validity: true

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Adding the SSL Filter tls to the chain

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](no sslEngine) Initializing the SSL Handler

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](no sslEngine) SSL Handler Initialization done.

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...) : Starting the first handshake

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_UNWRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=50 cap=64: 3C 70 72 6F 63 65 65 64 20 78 6D 6C 6E 73 3D 22...]

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Message received : HeapBuffer[pos=0 lim=187 cap=1024: 16 03 03 00 B6 01 00 00 B2 03 03 59 AE 3E CD 54...]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) Processing the received message

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_UNWRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_TASK state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_WRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=1249 cap=2115: 16 03 03 04 DC 02 00 00 4D 03 03 59 AE 3F 3F 0D...]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_UNWRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Processing the SSL Data

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Message received : HeapBuffer[pos=0 lim=75 cap=1024: 16 03 03 00 46 10 00 00 42 41 04 D6 C2 BA E7 C5...]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) Processing the received message

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_UNWRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_TASK state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_UNWRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Processing the SSL Data

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Message received : HeapBuffer[pos=0 lim=6 cap=512: 14 03 03 00 01 01]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) Processing the received message

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_UNWRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Processing the SSL Data

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Message received : HeapBuffer[pos=0 lim=85 cap=512: 16 03 03 00 50 8B 3E 66 3D D4 C0 49 4F EF 21 40...]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) Processing the received message

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_UNWRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_WRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=6 cap=8: 14 03 03 00 01 01]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the NEED_WRAP state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=85 cap=132: 16 03 03 00 50 4F 13 B6 12 51 E3 55 0E EB 34 E7...]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](ssl...) processing the FINISHED state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](SSL) is now secured

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](SSL) processing the FINISHED state

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](SSL) is now secured

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](SSL): Processing the SSL Data

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](SSL): Message received : HeapBuffer[pos=0 lim=213 cap=256: 17 03 03 00 D0 48 65 26 2D 54 E0 A0 1C 13 9C 36...]

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslHandler - Session Server[9](SSL) Processing the received message

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](SSL): Processing the SSL Data

                                            2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 9

                                            Queue : [MESSAGE_RECEIVED, ]

                                             

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.ssl.SslFilter - Session Server[9](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=474 cap=512: 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 27 31...]

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 9

                                            2017.09.05 08:07:59 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 9

                                            Queue : [MESSAGE_SENT, ]

                                             

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 9

                                            2017.09.05 08:07:59 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 9

                                            2017.09.05 08:08:04 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event EXCEPTION_CAUGHT to session 9

                                            Queue : [EXCEPTION_CAUGHT, ]

                                             

                                            2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Firing a EXCEPTION_CAUGHT event for session 9

                                            2017.09.05 08:08:04 org.apache.mina.filter.ssl.SslHandler - Unexpected exception from SSLEngine.closeInbound().

                                            javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

                                                at sun.security.ssl.Alerts.getSSLException(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)

                                                at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

                                                at org.apache.mina.filter.ssl.SslHandler.destroy(SslHandler.java:204)

                                                at org.apache.mina.filter.ssl.SslFilter.sessionClosed(SslFilter.java:439)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$900(DefaultIoFilte rChain.java:47)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.sessionClosed (DefaultIoFilterChain.java:750)

                                                at org.apache.mina.core.filterchain.IoFilterAdapter.sessionClosed(IoFilterAdapter. java:88)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextSessionClosed(Def aultIoFilterChain.java:382)

                                                at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireSessionClosed(Default IoFilterChain.java:375)

                                                at org.apache.mina.core.service.IoServiceListenerSupport.fireSessionDestroyed(IoSe rviceListenerSupport.java:244)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeNow(AbstractPolli ngIoProcessor.java:600)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.removeSessions(Abstract PollingIoProcessor.java:560)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$800(AbstractPoll ingIoProcessor.java:67)

                                                at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractP ollingIoProcessor.java:1132)

                                                at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)

                                                at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

                                                at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

                                                at java.lang.Thread.run(Unknown Source)

                                            2017.09.05 08:08:04 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event SESSION_CLOSED to session 9

                                            Queue : [SESSION_CLOSED, ]

                                             

                                            2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Event EXCEPTION_CAUGHT has been fired for session 9

                                            2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Firing a SESSION_CLOSED event for session 9

                                            2017.09.05 08:08:04 org.apache.mina.core.filterchain.IoFilterEvent - Event SESSION_CLOSED has been fired for session 9

                                            2017.09.05 08:09:23 org.logicalcobwebs.proxool.openfire - Closing statement 1f27cc8 (belonging to connection 2) automatically

                            • Re: Login problem (LDAP/SSO)
                              speedy

                              that error log does no look like it has anything to do with sso. 

                              I have not tried to install openfire on a DC before with sso, so I'm unsure if that would work or not. 

                              • Re: Login problem (LDAP/SSO)
                                kuba

                                I have moved openfire to another server and I get error "DNS name not found" but in DNS this host is added.

                                 

                                wrz 11, 2017 9:26:09 AM org.jivesoftware.spark.util.log.Log warning

                                WARNING: Exception in Login:

                                org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: '_xmpp-client._tcp.ananke.wodociagi.pl:5222' failed because javax.naming.NameNotFoundException: DNS name not found [response code 3]; remaining name '_xmpp-client._tcp.ananke.wodociagi.pl', 'ananke.wodociagi.pl:5222' failed because java.net.ConnectException: Connection timed out: connect

                                    at org.jivesoftware.smack.SmackException$ConnectionException.from(SmackException.j ava:255)

                                    at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectUsingConfiguration(XMPPTCPC onnection.java:612)

                                    at org.jivesoftware.smack.tcp.XMPPTCPConnection.connectInternal(XMPPTCPConnection. java:850)

                                    at org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.ja va:364)

                                    at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1107)

                                    at org.jivesoftware.LoginDialog$LoginPanel.access$900(LoginDialog.java:335)

                                    at org.jivesoftware.LoginDialog$LoginPanel$3.construct(LoginDialog.java:894)

                                    at org.jivesoftware.spark.util.SwingWorker.lambda$new$1(SwingWorker.java:138)

                                    at java.lang.Thread.run(Unknown Source)

                                  • Re: Login problem (LDAP/SSO)
                                    wroot

                                    I would use the A Host entry.

                                    • Re: Login problem (LDAP/SSO)
                                      speedy

                                      it looks like you have a connection time out issue.  for testing, in spark, go into the advance menu and check "accept all certs" and "disable hostname verification" 

                                      also try to connect without SSO, and manually authenticate using the regular ad/ldap username and password. 

                                        • Re: Login problem (LDAP/SSO)
                                          kuba

                                          Firewall has blocked incoming traffic. I've changed sasl.mechs to PLAIN and I can login using ad username, but with SSO enabled I can't.

                                          Why "SASLError using PLAIN: not-authorized" I've changed sasl.mechs to GSSAPI?

                                           

                                          wrz 12, 2017 2:56:55 PM org.jivesoftware.spark.util.log.Log warning

                                          WARNING: Exception in Login:

                                          org.jivesoftware.smack.sasl.SASLErrorException: SASLError using PLAIN: not-authorized

                                              at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthenticati on.java:365)

                                              at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1052)

                                              at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:956)

                                              at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:971)

                                              at java.lang.Thread.run(Unknown Source)

                                            • Re: Login problem (LDAP/SSO)
                                              speedy

                                              not that you confirmed you can sign into spark/openfire using your ad account.  you can add GSSAPI back as a ssl mech.  after that, then you'll want to make sure you made the windows registry edits, created your keytab correctly, etc...