You need a webserver to run simple zip/tar.gz SparkWeb release
You can use Apache or IIS (or even Openfire's own internal webserver). In the case of Apache, extract sparkweb catalog into htdocs directory of the Apache installation. Then you can access SparkWeb with http://localhost/sparkweb/SparkWeb.html ("localhost" is an example for a local installation, put your webserver's domain here). You can also rename SparkWeb.html to index.html or index.php (depends on the server's configuration), so the address will look like http://domain/sparkweb/. In the Openfire case you will have to put SparkWeb folder into /openfire/plugins/admin/webapp folder. SparkWeb will be accessible by the http://youropenfireserver:9090/sparkweb/ address then.
You should also download a newer version of the SparkWeb.swf from http://www.igniterealtime.org/sparkweb/SparkWeb.swf and replace it in your sparkweb folder
SparkWeb settings are in the SparkWeb.html
Edit it with a text editor, e.g. Notepad. The default settings for Openfire 3.6.0a (and later) and Adobe Flash Player 10.* (using default socket connection):
<script type="text/javascript">
function jive_sparkweb_getConfig()
{
return {
server: "youropenfireserver",
connectionType: "socket",
port: "5222",
autoLogin: "false",
policyFileURL: "xmlsocket://youropenfireserver:5229"
};
Those, using firewalls (e.g. iptables), probably should open 5229 port (in addition to 5222) to make it possible for flash client to retrieve crossdomain.xml file, which is required for flash application to connect. This is a flash application security feature.
Login Failures. Openfire 3.6.2 includes improvements for the Flash clients. So with this version there should be less login failures. Personally i dont have them anymore.
Also, you can find more settings (e.g. http-bind config) in a related document SparkWeb Programmatic Launch Configuration
TLS support with Red5 SparkWeb version
Standard SparkWeb version doesnt support SSL on socket connection. So you won't be able to login, if SSL is enabled on the server. Red5 version of SparkWeb supports TLS. You can download Red5 plugin, which is provided by Dele, from here red5-0.1.11 (war)
Inside you will find red5.war file. You should copy it to /openfire/plugins and it will be extracted automatically if Openfire is running. Then you will find new Red5 tab in Administration Console, but you won't need to configure here anything.
Red5 version uses Http-Bind. So you will have to enable it and specify a port. http://yourserver:9090/http-bind.jsp
Default is 7070 for http and 7443 for https. Installing the Red5 plugin requires stopping and restarting Openfire (the Red5 web service on the http-bind port requires a restart of the internal Jetty web server of Openfire).
To test Red5 installation go to http://yourserver:7070/red5/red5.html
To connect to Red5 SparkWeb go to http://yourserver:7070/red5/sparkweb/index.html
On the Openfire server you should go to Security Settings (http://yourserver:9090/ssl-settings.jsp) and change Client Connection settings to Required. Both Old SSL and TLS should be enabled. You won't be able to login to Red5 SparkWeb, if only TLS is enabled.
firewalls:
Red5 SparkWeb is using 5223 port for TLS. Also, by default PolicyFile is fetching from 5230 port (see /openfire/plugins/red5/sparkweb/index.html). In the latest red5 version port number is changed to 5229 in the index.html, but you have to change it to 5230, to be able to login. That is with red5 0.1.11 version. So one may need to open those additional ports in a firewall. 7070, 5230 and 5223 should be open for normal Red5 SparkWeb communication with TLS (presuming that 5222 is already opened). 7443 port should be open, when using https to connect to SparkWeb.
SSL support with standard SparkWeb via http-bind (by vargok)
Another option for supporting SSL is to use the 'http-bind' feature on the SSL-enabled (default) :7443 port with a configuration like:
<script type="text/javascript">
function jive_sparkweb_getConfig()
{
return {
server: "youropenfireserver",
connectionType: "https",
bindPath: "/http-bind/",
port: "7443",
autoLogin: "false",
policyFileURL: "xmlsocket://youropenfireserver:5229"
};
This allows the actual jabber connection to be secured for confidentiality (i.e., no eavesdropping). This also supports client-side X.509 Certificate (i.e., PKI) authentication, at least to the point of requiring a "valid" certificate from the user (as per client.truststore-listed CAs, and so forth).
For http-bind to be available, you must be sure to do all the normal things: enable HTTP Bind feature in the server configuration, and ensure that firewall access to your server is available on that port. An un-encrypted (plain HTTP) port is available on :7070, by default, as well.
Confidentiality
Note that the flash application (SparkWeb) is actually a client-side application, not a server-side application. Thus, once the application is downloaded, e.g., from an HTTP/S-enabled website, the client is the one making the connection to the server. Thus, if you have .../SparkWeb.html and ../SparkWeb.swf hosted inside an HTTPS-enabled website, that is not sufficient to protect the subsequent jabber communication, which, by default, will take place over a plain XMPP conversation on :5222. See the other sections (TLS, SSL) for more information on how to secure the actual XMPP conversation.
External Authentication
An undocumented configuration option for SparkWeb appears to be "useExternalAuth." This should map to the SASL "EXTERNAL" mechanism, and perhaps assist with SSL/TLS-based user authentication (e.g., PKI). However, this makes assumptions about the relationship between the certificate, the account, and attributes in the certificate (e.g., the certificate has a JID in subjectAltNames, or the 'CN' of the SubjectDN can map to the user's account).