Hi. I’ve just upgraded from Spark 2.7.7 to 2.8 and logging onto the Openfire server doesn’t work. If I downgrade back to 2.7.7 it works again.
We have Openfire on a Windows Server with AD integration (no SSO though).
I found this in the warn.log on the client PC:
WARNING: Exception in Login:
org.jivesoftware.smack.SmackException: java.security.cert.CertificateException: Hostname verification of certificate failed. Certificate does not authenticate…
Any ideas?
Will wait for @speedy to take a look at this. Btw, in 2.8.0 in Advanced menu on the login screen, do you have Accept all certificates checked?
yes…if you are using a self-signed cert on your Openfire Server, you’ll need to check that setting.
I have the same problem and the same setup but different symptoms. There is no warn.log. There is nothing in the error or warn logs on the server. I am told invalid password, so I tried our old server name which has been shutdown, and also got invalid password message (though the server no longer exists). I’ve tried a few different combinations, such as turning on the debugger (saw no useful XMPP packet information), manually specifying the server and port, turning off compression, already accepting all certificates so I tried with that turned off, etc. Nothing works. Client is unusable.
A couple of more things. I am only using AD credentials not Single-Sign-On or anything like that. The client error.log is 0 bytes, so no helpful information there. I am able to use my same user AD login to login to the Spark Server (where I am an administrator). But I cannot login to our Spark server because I get the invalid password message, even on an non-existent spark server. Also, it fails instantly, if that helps. Like I said, this new 2.8.0 client is completely unusable for me.
I’m having the same issue, my understanding is that it has to do with SASL/Smack/etc… upgrades.
But I don’t know how to fix it.
I have the same issue. Running 2.8 on Linux. Both Deb and tar.gz. LDAP (AD) authentication.
Has to be with the SASL/Smack/etc upgrades. The invalid username/password error is bogus, especially when trying to connect to a non-existent server. FWIW, 2.7.7 works fine. Speaking of, good thing I still had a copy, because apparently you cannot download older releases? If so, I have no idea where they are on their website.
Try setting a property named ‘xmpp.fqdn’ to the full network name of the server that is running Openfire. For example: myhost.example.org.
I don’t know if the setting requires a restart of Openfire to take effect.
No such luck 
from the main login screen, make sure server is whatever you use for your xmpp domain
If you’re using a cname or ip address in this field, than you’ll need to hit the advanced button and set the connection host there.
Ah, that was it. Thank you.
I don’t think I have the same problem as they do, though I have similar symptoms. I didn’t know until now to look in AppData\Roaming\Spark and my warning log does have something about certificates not being valid or signed or whatever. Should I post a separate entry for my problem? I even cleared out my AppData\Roaming\Spark folder and re-entered the appropriate information, and tried setting server and port in advanced. No luck, and I am still stuck with the invalid username/password combination on Openfire 4.0.3 server using AD authentication (though I can log into the server just fine, and the 2.7.7 client works fine). I am at a loss to know what to try now.
Curt,
on your openfire server, check the system property sasl.mechs, and make sure it includes the value PLAIN
Curt, this might be the same issue still. Can you try what speedy suggested above? Older Smack was probably more lose on when certificate’s domain was not the same as the server name one is trying to login to. I don’ think you have to post a separate thread just yet. You can post your error here (from the log).
One can download any version by substituting version numbers in the download link.
I didn’t have that property in my server properties (Admin console) so I just added “sasl.mechs” with value “PLAIN”. It didn’t work, but maybe the Spark service needs a reboot. I can’t restart the service right now because over 80 people are logged in, but I can try a service restart after hours. Is that the way I do it? Just add “sasl.mechs” with value “PLAIN” ? I am also wondering why it told me invalid username/password when I tried to connect to a non-existing Spark server (our old one).
wroot,
I think this is a related to IQ:auth (depreciated) being removed in Smack4. IQ:auth will be removed in OF as well in 4.1. Anyway, by adding the sasl type, this should fix it…
I’ll try to verify this as soon as I can.
Grahame, 10th message here by speedy worked for Kyle. Any luck for you?
Ideal Life, have you tried that also? Btw, there is no min Openfire requirement for Spark.
speedy, Curt, i have branched out this issue into another thread Spark 2.8.0 can’t login to AD (not SASL related)