Quantcast
Channel: Ignite Realtime : Unanswered Discussions - Spark Support
Viewing all articles
Browse latest Browse all 1031

Problem in using the SSO with Windows 2012R2(AD) and Spark.

$
0
0

Hello, People,

 

Do you fine?

I need to perform Spark setup to automatically log into Windows AD SSO. I followed this tutorial:

How to Setup  SSO on Windows Server 2008r2/2012r2 with a Domain level of 2008r2/2012r2

 

 

But so far failed to success in the log spark am with this error:

javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))

 

In another version of Spark I tested was the following:

WARNING: Exception in Login: org.jivesoftware.smack.sasl.SASLErrorException: SASLError using GSSAPI: not-authorized

 

The registration of the windows has been changed to:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

allowtgtsessionkey REG_DWord 1

 

To generate the settings in AD User:

setspn -A xmpp/ServerOpenfire.dominio.com.br@DOMINIO.COM.BR openfireconnect

ktpass -princ xmpp/ServerOpenfire.dominio.com.br@DOMINIO.COM.BR -mapuser openfireconnect@dominio.com.br -crypto all -pass * -ptype KRB5_NT_PRINCIPAL -out xmpp.openfireconnect

 

The krb5.ini file is in c:\windows\krb5.ini with the following script:

 

[libdefaults]

    default_realm = DOMINIO.COM.BR

 

[realms]

    DOMINIO.COM.BR = {

        kdc = dc1.dominio.com.br

        kdc = dc2.dominio.com.br

        admin_server = dc1.dominio.com.br

        default_domain = dominio.com.br

    }

 

[domain_realms]

    dominio.com.br = DOMINIO.COM.BR

    .dominio.com.br = DOMINIO.COM.BR

 

 

Using the "MIT Kerberos Ticket Manager" tool presents the following ticket line kerberos:

xmpp/ServerOpenfire.dominio.com.br@DOMINIO.COM.BR

 

I am running Spark on the Openfire server itself.

 

Connecting directly by username and password is working normally.

 

Utilized versions

Openfire 4.0.2.

Spark 2.7.7.862 (Nightly Builds) , But I've tried with the stable version and also was not.

Smack: 4.1.8 (4.1.7-7-ga87007f 2016-07-30)

 

I hope to count on your help to solve the problem of not being able to connect via SSO with Openfire via AD.


Viewing all articles
Browse latest Browse all 1031

Trending Articles