I have scoured the internet and have read almost every post about getting spark's SSO feature to work and I must be close but I am not quite there. I am at the point where LDAP on the openfire server is working 100%, I can login with my windows user account credentials without SSO just fine. When I run spark as administrator, and only when I run it as administrator spark actually says it will attempt to connect using my windows credentials with SSO rather than "Spark is unable to find the principal to use for Single Sign-On. This will prevent SSO from working." It seems that openfire is configured to use GSSAPI just fine as when I run spark as admin and try to connect I get an error after my client tries to send some sort of long key for GSSAPI. Here is what is in my smack debug window for Raw Sent Packets:
<stream:stream to="myOpenfireServer" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0">
<auth mechanism="GSSAPI" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">YIIE4AYJKoZIhvcSAQICAQBuggTPMIIEy6ADAg EFoQMCAQ6iBwMFAAAAAACjggP0YYID8DCCA+ygAwIBBaEOGwxCQVlORVQuTE9DQUyiKjAooAMCAQChIT AfGwR4bXBwGxdiYXlzaG9yZTA5LmJheW5ldC5sb2NhbKOCA6cwggOjoAMCARehAwIBBKKCA5UEggORUs +XvYAmzk+3BFKz/ftBRjuvk0m/PFSM/YN8VxObyCkj+7jRyZlJgOQaDduA1qvSwrZSJmb89ASrrbsh8W qintO2syFAOHPvWXUgleYFdYaWVNgC5JD9AJIzkb9X+NFP0JUZtcDNwF2fJK1StwdWES5wbwDTy9aB+U wtKiZkWbjPuiD4ylLMZaF+ng8vzMPTADvl/LjEiv/zkX5bW6pwXc6fuBdvQmEulIOl1JgLeJk/gxL/RZ /Su9L6NMSypE+EvVXnaxWovFWwK8dyEfioeR0FM4uGEwEeCjz02Ix+/zgbww35tOgPaztsV2WfDC/fZo jTb3VTYibcFa8wMzHAR+04gPnyVworLaXHJTx2VulYcez4JDMmUKkJNh4sfUMXtaOVpGbdeQyH2USChc ma+yKEPk1DWAyyZKeiEixenbfv7TkuUhwX63RSdfEBVc6l/0+zmOAvnaVXmOsYEjcjtF6rXdARgJ1T5n qbbZkaI2VT7u91i1rZf8xQ38sYudc6j/XKUan0yqLnmN79jHUJfRR6X3I9H8ERkWUPR37tCkVrNumyKI 4i5jekfBrbZv+ZMMhF/54DOB4nxY++XBSyE5JaFwZz0xAV/RX6evUZZRN915+oxnqU1TmSBOLHKpk/ru pZ0bpcQ8Y1rT935MOOMtyUlGMQDd0wh31LWykUDnIFrAwdJB/74TMFqfNhAg8bGMoeWdt+/AhNCDzyy5 ZRA814P6Q7fzhh9FTNSj7AfHZ7H+qawtQzBUhwSnMcd4yiNI+RawCgOUdX5+MafSulcckJEyHj8WtlWM fix6GidbAQu7BsSL23HyKhqHkeex1FcPbLZMAhgZvNPZ5jruHBXYkNityXnD9ZYNKzd27TcgEhbeTQiZ 6LsAE3q3igzaVXtk638As1e6omSb1otCSGU+hKy01BCfbeoag/pIM4ZyGERmWBVkwo2j7Ju7tA1QwBYG W9kFMBtG8u3sFqSXPfZLOWIeJRO4HFE6EgwDR6rrXU1HlK4GDI207mkByQoaqL4MFDDgpgmt/B4B4yeA BACbncY78e7tO9hs2QbXygXJiXwxwy9/CNJz0n6QNLmVmH2sy562itHzg0EymW/XaL1iAaurEX8aEjiV v9Gi/vLiKFY7PmlpNkAlJGI6yCzmXgZP++pd7p9g5DBFyXH9Br6BmJ9XtintAF+dsclxytdfOimzN77S zPqpoIGmhU7JRcm6SBvTCBuqADAgEXooGyBIGvlBT30U46rZcQwPW6jMM6N27R7JC/bDlbQFr3qe9vN9 rittWa8bDOjS91w47jcYs2sl2HAb29YNY5edgUEgj68I4avOwZQhLSGYwIl8Prk8L7/IkzvQja2Me3DZ ykL4DbHhPSA8dg+OViw2H3vUb+dXCSHkMj3zFhGXD6PnwcYRuGFuPQ4PghMj8S1Jfn9uD2bPp+EIU0Ct egEBhZEzsd5f4QbI+fawuhD9oCVu3fAg==</auth>
However I get this back after a failed connection attempt:
<?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="myOpenfireServer" id="993fd3a1" xml:lang="en" version="1.0">
<stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</mechanism></mechani sms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features>
<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
So apparently I am "not authorized", not sure why this would be. It may also be worth pointing out that I am trying to log on with an account that is an admin on the server. In the openfire logs I get this error in Info: org.jivesoftware.openfire.net.SASLAuthentication - User Login Failed. Failure to initialize security context
I'm not sure if anything else in the logs is relevant as nothing mentions anything of any errors or login failures. For reference I have provided the layout of what my krb5 file looks like:
[libdefaults]
default_realm = REALM.COM
dns_lookup_kdc = true
dns_lookup_realm = true
[realms]
DOMAIN = {
kdc = "fqdn of machine that openfire is being run on"
default_domain = domain.com
}
[domian_realm]
.domain = REALM.COM
Obviously, this is located in C:\Windows and I have made the changes to the registry on both the client machine and server. Please let me know if I was unclear about anything above, I will do my best to get you the information you require to help me in debugging this. Thanks in advance.