Hello, People,
Do you fine?
I need to perform Spark setup to automatically log into Windows AD SSO. I followed this tutorial:
How to Setup SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2
But so far failed to success in the log spark am with this error:
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
In another version of Spark I tested was the following:
WARNING: Exception in Login: org.jivesoftware.smack.sasl.SASLErrorException: SASLError using GSSAPI: not-authorized
The registration of the windows has been changed to:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
allowtgtsessionkey REG_DWord 1
To generate the settings in AD User:
setspn -A xmpp/ServerOpenfire.dominio.com.br@DOMINIO.COM.BR openfireconnect
ktpass -princ xmpp/ServerOpenfire.dominio.com.br@DOMINIO.COM.BR -mapuser openfireconnect@dominio.com.br -crypto all -pass * -ptype KRB5_NT_PRINCIPAL -out xmpp.openfireconnect
The krb5.ini file is in c:\windows\krb5.ini with the following script:
[libdefaults]
default_realm = DOMINIO.COM.BR
[realms]
DOMINIO.COM.BR = {
kdc = dc1.dominio.com.br
kdc = dc2.dominio.com.br
admin_server = dc1.dominio.com.br
default_domain = dominio.com.br
}
[domain_realms]
dominio.com.br = DOMINIO.COM.BR
.dominio.com.br = DOMINIO.COM.BR
Using the "MIT Kerberos Ticket Manager" tool presents the following ticket line kerberos:
xmpp/ServerOpenfire.dominio.com.br@DOMINIO.COM.BR
I am running Spark on the Openfire server itself.
Connecting directly by username and password is working normally.
Utilized versions
Openfire 4.0.2.
Spark 2.7.7.862 (Nightly Builds) , But I've tried with the stable version and also was not.
Smack: 4.1.8 (4.1.7-7-ga87007f 2016-07-30)
I hope to count on your help to solve the problem of not being able to connect via SSO with Openfire via AD.