Add Smack 3 fallback compatibility mode
Description
Environment
is related to
Activity
speedy August 22, 2016 at 3:38 AM
Tested: However, it doesn't override the hostname when the option is enabled.
Guus der Kinderen August 21, 2016 at 3:20 PM
Added such an option here: https://github.com/igniterealtime/Spark/pull/199/commits/ed4689d4fbde3a7f2a6b094f695b3d047159fbd5
Guus der Kinderen August 21, 2016 at 3:19 PM
SMACK 4 uses the fully qualified host name, when negotiating GSS-API via SASL. SMACK 3 used the XMPP domain name instead. Spark should have a configurable option that allows it to fall back to the old mechanism (which is likely needed to connect to servers that have already been configured to accept SSO from older versions of Spark).
wroot August 20, 2016 at 2:22 PM
Already fixed by another ticket. Some workarounds may be needed on the server side.
wroot August 20, 2016 at 2:22 PM
So, those who will be moving from spark3 to spark4 will need to change something (in some cases) in their AD/Openfire setup for SSO/GSSAPI to work? Can you send me via PM a notice text, which i should add to the release post to warn such users? Meanwhile closing this.
Details
Details
Priority
MajorAssignee
Guus der KinderenReporter
speedy
I'm unable to authenticate to openfire using ldap creds when GSSAPI is available. SSO also does not work using kerberos. while trouble shooting, it appears that with smack 4, spark is using the hostname/serverName. With smack 3, it looks like its uses the serviceName.
for example. I'm using SRV records for domain.com that point to xmpp.domain.com. with spark under smack3, the kerberos request uses domain.com
spark under smack4, the request used the cname/host record xmpp.domain.com and authentication fails.