I recently enabled SSO so that our users dont have to save their password locally.
But I found out that when the checkbox for automatic login is active that “save password” is automatically checked too.
So for testing purposes I deleted my spark.properties File and set it up all over. After setting Spark for SSO and automatic login my password is saved in the properties file.
When leaving automatic login unchecked I still am being logged in via SSO, but there is no saved password in the properties file, which I assume is the way to be.
Why would the password be saved (and probably extractet from tgt) for automatic login via SSO?
We just set up SSO for the reason, that no passwords are stored locally on a client machine…
I am using Spark 2.8.2 in a windows AD environment with SSO and OpenFire 3.9.3
SSO has been added to Spark as an add-on at some point without looking into such details probably. This is how Spark usually behaves when auto-login is checked. The one who was adding SSO login (no clue who that was, it was probably 10 years ago) haven’t thought about this. I will file it, but as Spark doesn’t have good active java developers, not sure when and whether this will be changed. [SPARK-1850] Shouldn’t save password when SSO is being used - IgniteRealtime JIRA
Hi guys, just came back from a long vacation. I have tested 2.8.2.955 and with “Automatic logon” there is no stored password anymore in my spark.properties file. Thank you!