Need some clarification about xmpp.domain and xmpp.fqdn

I’m using Openfire for a long time now in a domain environment (Windows Active Directory), but i’m still confused about 2 settings: xmpp.domain and xmpp.fqdn.

This environment has only Windows systems. Windows 2008 R2 Domain Controllers/DNS servers (dc1.example.local, dc2.example.local), Windows 2008 R2 Certification Authority (ca.example.local) and Windows 2012 R2 Server as Openfire host currently running version 4.0.2 (chatsrv.example.local).

The domain name is example.local.

Currently i’m using these settings:

xmpp.domain = example.local

xmpp.fqdn = chatsrv.example.local

These settings do work, because clients can connect (SSO doesn’t work though). But these settings don’t feel “right” to me.

Problem 1:

If i open the Openfire Admin Console, i see Server Name: example.local. This looks odd (display error?), because the Server Name should say chatsrv.example.local.

Below that Host Name: chatsrv is ok.

Problem 2:

If i create server certificate for Openfire in Windows using the Web Server template, then i must add example.local as CN. If i use chatsrv.example.local as CN, then the Admin Console will put a yellow exclamation mark next to the Server Name, and in this case the clients connecting to Openfire will have certificate warnings.

Problem 3:

If i create Kerberos XMPP Service Prinical Names (SPN) for the xmpp-openfire account and use the commands

setspn -A xmpp/chatsrv.example.local@EXAMPLE.LOCAL xmpp-openfire

setspn -A xmpp/chatsrv.example.local xmpp-openfire

then SSO won’t work (the last time it worked was in version 3.10.2 anyway). I need to include xmpp/example.local in SPN.

Since version 4.0 SSO won’t work no matter how i setup the SPN, so i’m not sure about this one.

The main guide for me setting up Openfire was Openfire+Spark on Windows Server 2008 R2 with SSO . But some other guides and forum posts state (mostly with mixed Windows and Linux environments), that xmpp.domain and xmpp.fqdn should be the same (in my case both settings would be chatsrv.example.local).

So what should i use for xmpp.domain and xmpp.fqdn? Are these settings the same in Windows and Linux versions of Openfire?

Just out of curiosity have you managed to get this working? I’ve been trying to do the same thing for over two weeks and cannot get spark to work using SSO in to OpenFire. I’ve installed and reinstalled so many times. Lost count how many keytab files I’ve recreated and nothing works. Without SSO no problem at all. Unfortunately we need our users to be logged in automatically when they log in to windows. If they have to log in themselves they never will.I’m trying very hard not to bin this all and just go with Softros LAN Messenger.

I hate to see you wanting to go to another project. did you watch the video I created and referred you to in the other thread?

Hi speedy, I’ve replied to your above post in the original. Basically i’ve watched that video a number of times now