Unable to login via SSO, (*CAUSE=JAVA BUG*)

So I have been over the community pages for days and not found what I have been looking for. And I feel like I am so close to getting this to work.

Here is what I am running:

Openfire 3.7.1 running on Ubuntu 11.10

Spark 2.6.3.12555 running on Windows XP

DC is Windows 2K3 SP2

Note that spark does connect without SSO.

I created the key tab on the DC, xfered it to the linux server and tested it: (no password prompt, no errors)

kinit xmpp/tac-sv-openfire.mydomain.local@MYDOMAIN.LOCAL -k -t xmpp.keytab

I added the registry values to the XP client. (Not the server, it’s not running spark.) After opening spark the account name appears to be correct: username@MYDOMAIN.LOCAL, the error I get when trying to login is as follows:

SASL authentication failed:

– caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]

Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))

Caused by: KrbException: Server not found in Kerberos database (7)

Caused by: KrbException: Identifier doesn’t match expected value (906)

I have attached the configuration files, the openfire.xml is missing the , and not becuase I didn’t add them but because it would appear that the server has removed them (Maybe new to the current version). In any event, they are present in the server properties.

Debug.log is empty and the Error.log just has a bunch of errors about ports already in use every time I try to restart the service.

(Provided that I am looking in the right directory, [new to linux]).

Any help that can be provided would be much appreciated.

Thanks
gss.conf.zip (345 Bytes)
krb5.conf.zip (325 Bytes)
properties.txt.zip (758 Bytes)

let me know if you get this figured out. I have never been able to get SSO to work with openfire on a linux box. Although linux could athenticate to AD using kerberos. I can however get SSO to work 100% when running openfire on a windows machine.

Ok, so I have made some changes and successfully setup a Windows 2K8 R2 hosted Openfire sever using SSO. I really would ranther run this on linux as I need the experience.

My error.log is now reporting

java.lang.SecurityException: Configuration Error:

Line 4: expected [option key], found [null] …

Caused by: java.io.IOException: Configuration Error:

Line 4: expected [option key], found [null]…

This would lead me to believe that either the path in my gss.conf file is wrong, which it’s not I have checked it 100 times. Or that the account running the openfire service does not have access to the key file. I am not Linux proficient and don’t know how to check either:

The account running the service or the permission on the keytab file.

Any help would be appreciated.

Thanks

Got it working!

So the version of Java 1.6.0_26 has a bug that kills SSO authentication.

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7077640

4 days of hell, and upgrading to Java 1.7.0_147 fixed my install.

I used this link to install the latest version of java.

Restarted the server and successfully connected.

1 Like

thanks for coming back and posting your findings!