Not logged in. · Lost password · Register
Forum: agsXMPP RSS
Avatar
permafrost #1
Member since Nov 2008 · 6 posts
Group memberships: Members
Show profile · Link to this post
Subject: SSO with agsXMPP
Hi,
I am using an openfire server configured to use user accounts from windows active directory using LDAP. What I would like to do is to create a client with single sign-on functionality. The only other client I found that has it is Spark (SSO via GSSAPI) and it works quite fine. With this setting checked user doesn't need to enter password and his windows account is used to log on to server. Is it be possible to do this with agsXMPP? If it is, I realy am not sure where to start. So far after making some searches I tried to create XmppClientConnection.OnSaslStart handler:
        void xmppConn_OnSaslStart(object sender, SaslEventArgs args)
        {
            args.Auto = false;
            args.Mechanism = agsXMPP.protocol.sasl.Mechanism.GetMechanismName(agsXMPP.protocol.sasl.MechanismType.GSSAPI);
        }
But this code generates System.NullReferenceException on line 133 in SaslHandler.cs. That is the line with "m_Mechanism.Username = m_XmppClient.Username;":
    if (args.Mechanism != null)
    {
        m_Mechanism = Factory.SaslFactory.GetMechanism(args.Mechanism);
        // Set properties for the SASL mechanism
        m_Mechanism.Username = m_XmppClient.Username;
        m_Mechanism.Password = m_XmppClient.Password;
        m_Mechanism.Server = m_XmppClient.Server;
        // Call Init Method on the mechanism
        m_Mechanism.Init(m_XmppClient);
    }
Of course in the XmppClientConnection I set the username, server and even password, although I do not want to use it. I quickly ran out of ideas, any help would be greatly appreciated.

frosty
Avatar
Alex #2
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Hello,

GSSAPI (Kerberos) is not supported in agsXMPP.
To support SSO a Kerberos SASL Processor must be added to agsXMPP or your client.

We currently have no plans to add this in the near future because this is the first request for SSO. Based on our professional services we can of course add this feature for you.

Alex
Avatar
Alex #3
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Did you configure the Openfire server like described here?
http://www.igniterealtime.org/community/docs/DOC-1060


If you only do the ldap installation during the server setup in the wizard it does not support GSSAPI and Kerberos and is sending passwords in plain text over the wire and still requires the user to enter the credentials.

Alex
Avatar
permafrost #4
Member since Nov 2008 · 6 posts
Group memberships: Members
Show profile · Link to this post
Hi, thanks for putting this into my attention. I'm new to this whole Kerberos thing and did not configure it, because I didn't thought it was needed. When i tested it with Spark, it seemed to be working. Now I know that Spark somehow remembered my password from when I logged in without SSO and then used it. When I cleared the password I was unable to log in using SSO, so obviously i need to set up the server correctly.

frosty
Avatar
Alex #5
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
exactly, by default its using only the Active Directory or any other database as your user database only, but does not use "real" SSO.
I have no not tried to configure an Openfire server like described in this tutorial, but it looks very complex to me ;-)

Alex
Avatar
permafrost #6
Member since Nov 2008 · 6 posts
Group memberships: Members
Show profile · Link to this post
Well, it's never as simple as you'd want ;). I will look into it and try to configure openfire later because it would be cool to have it, but currently SSO is not a priority. Anyway, thank you for your help, I really appreciate it.

frosty
Avatar
Alex #7
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I added GSSAPI (Kerberos) SASL. SSO authentication should work now with servers which support it.
For a test version please contact me directly by email.
Avatar
robertgtaylor1 #8
Member since Dec 2009 · 1 post
Group memberships: Members
Show profile · Link to this post
I'm also interested in SSO & GSSAPI support. Is this code available?
Avatar
Alex #9
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
SSO and the source is not in the Open Source version of agsXMPP. Its only available with the commercial license. MatriX also supports SSO & GSSAPI.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: agsXMPP RSS