We have installed openfire 3.7.1 on Centos and spark 2.6.3 in our environment. Everything works like charm and we are quite satisfied with the performance of openfire and spark. We wanted to implement SSO in our environment, our desktops are windows 7 and our domain controllers are running Win2K8. We have done the setup for SSO as per what was suggested in the official document for SSO http://community.igniterealtime.org/docs/DOC-1060
However we are unabble to implement SSO successfully. when we observe the logs in teh spark client we get the following errors -
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: KDC has no support for encryption type (14))]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:117)
at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanis m.java:86)
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 319)
at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)
at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)
at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)
at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)
at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)
at java.lang.Thread.run(Unknown Source)
Caused by: GSSException: No valid credentials provided (Mechanism level: KDC has no support for encryption type (14))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
On our domain controllers we get the following errors -
Has anyone faced similar problems? Can anyone suggest possible solutions. We have done our best in terms of searching our these errors and trying out possible options …but we seem to have hit a road block here.
While processing a TGS request for the target server xmpp/ssochat.domain.com, the account xxxxx@domain.com did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 1 3. The accounts available etypes were 23 -133 -128 18 17