I have a working Openfire 3.8.2 installation (Windows 2008 R2 server, SQLServer 2012 back end) with hundreds of users on Windows users auto logging on with Pandion and Norman Rasmussen's NTLM libraries. This I wanted to upgrade to 3.10
Unfortunately the SSO part does not work anymore. I can login without SSO with Spark and Pandion. I have tried replacing the files with the latest nightly, and with a patched openfire.jar (from this thread Openfire GSSAPI / Kerberos login no longer working with 3.10.0 ) but to no avail. Java is the one shipped with 3.10.2 (1.70_79). I also tried using the JRE from 3.8.2. LDAP works fine but its the SSO part that doesnt. In the console from Pandion I get the following from an unsuccessful SSO login:
EVNT: Connecting to openfire.internal.domain SENT: <?xml version="1.0"?> SENT: <stream:stream to="internal.domain" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"> RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="internal.domain" id="c0c030fd" xml:lang="en" version="1.0"> RECV: <stream:features xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>NTLM</mechanism><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features> SENT: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="NTLM"/> RECV: <challenge xmlns:stream="http://etherx.jabber.org/streams" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">TlRMTVNTUAACAAAAGAAYACAAAAAFAggA4Sc0LcvE0zx0AHIAaQBvAGQAbwBzAC4AYwBvAHIAcAA=</challenge> SENT: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">TlRMTVNTUAABAAAAl7II4gcABwAzAAAACwALACgAAAAGAbEdAAAAD05MMDEwV1MwODczVFJJ T0RPUw==</response> RECV: <failure xmlns:stream="http://etherx.jabber.org/streams" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><incorrect-encoding/></failure> SENT: </stream:stream> EVNT: Disconnected RECV: </stream:stream>
I also get the error: Pandion
Cannot sign in. This may have one of the following causes:
- You entered an incorrect password
- The account does not exist on the server
which is evidently not true, as I can login without SSO and get the following from the console:
EVNT: Connecting to openfire.internal.domain SENT: <?xml version="1.0"?> SENT: <stream:stream to="internal.domain" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"> RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="internal.domain" id="ac392fba" xml:lang="en" version="1.0"> RECV: <stream:features xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>NTLM</mechanism><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/></stream:features> SENT: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">AHNyaG9kZXMAM1Zlcnl0aGluZw==</auth> RECV: <success xmlns:stream="http://etherx.jabber.org/streams" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/> SENT: <stream:stream to="internal.domain" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"> RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="internal.domain" id="ac392fba" xml:lang="en" version="1.0"> RECV: <stream:features xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session></stream:features> SENT: <compress xmlns="http://jabber.org/protocol/compress"><method>zlib</method></compress> RECV: <compressed xmlns:stream="http://etherx.jabber.org/streams" xmlns="http://jabber.org/protocol/compress"/> SENT: <stream:stream to="internal.domain" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"> RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="internal.domain" id="ac392fba" xml:lang="en" version="1.0"> RECV: <stream:features xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>NTLM</mechanism><mechanism>PLAIN</mechanism></mechanisms><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session></stream:features> SENT: <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="PLAIN">AHNyaG9kZXMAM1Zlcnl0aGluZw==</auth> RECV: <success xmlns:stream="http://etherx.jabber.org/streams" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/> SENT: <stream:stream to="internal.domain" xml:lang="en" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"> RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="internal.domain" id="ac392fba" xml:lang="en" version="1.0"> RECV: <stream:features xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session></stream:features> SENT: <iq type="set" id="sd58"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><resource>Pandion</resource></bind></iq>
I'm not complicating things by using TLS or SSL.
Is there a solution on the way? Anyone else with these problems?