deleolajide
commented
4 years ago I have not used SSO in a while. Let me check just in case I broke it in a recent release
Closed bmccorkle closed 4 years ago
deleolajide
commented
4 years ago I have not used SSO in a while. Let me check just in case I broke it in a recent release
deleolajide
commented
4 years ago Looks like I have indeed broken it
If you hit F12 for the dev console in chrome, do you see this screen?
deleolajide
commented
4 years ago It was not me. It was Converse API changes going from 4.x to 5.x Thanks for reporting. I would need to spend a few hours on this
bmccorkle
commented
4 years ago Yes, I see the same thing. Good to know it's not me, lol. We had been using spark but I started looking for a new client this weekend due to everyone trying to work from home that would be easy to setup and pre-configure. That's when I stumbled across Pade. Just want to say awesome app!
deleolajide
commented
4 years ago Fixed it. You will have to wait for version 1.6.2 to be become available in the chrome web store or the Microsoft Edge add-ons store.
If you are in a hurry, you can build your own branded extension from source.
deleolajide
commented
4 years ago Just want to say awesome app!
Thank you. I take a bow :-)
bmccorkle
commented
4 years ago Thank you!
bmccorkle
commented
4 years ago I tried the plugin in developer mode. SSO works if I uncheck 'This is a trusted device" but says authentication failure if I leave it checked. I assume it's something to do with OMEMO encyrption? Is there something that needs setup on openfire?
I have a wildcard certificate in the identity store and have mutual authentication set to "Disabled - Peer certificates are not verified."
bmccorkle
commented
4 years ago I think I got that fixed by enabling pubsub? Now however, when I start it the pade icon is there but when I click on it to bring up converse it pops up and asks for my login credentials.
bmccorkle
commented
4 years ago Trying the plugin in developer mode and I see this...
Uncaught (in promise) Error: autoLogin: If you use auto_login and authentication='login' then you also need to provide a password.
deleolajide
commented
4 years ago I just tested the fix I made for version 1.6.2 and it works for me like this.
Settings window closed and app reloads and does auto-login using my windows desktop credentials
I am now logged in as windows domain administrator. I can now edit my display name and login manually using the login button in the settings page.
bmccorkle
commented
4 years ago Sorry, all this COVID-19 stuff has slowed me down. So if I do a fresh install of your plugin I still have issues.
The background Pade seems to connect, the icon doesn't say 'off' and the Converse window opens but it doesn't login and says "Authentication Failure". If I try to enter my credentials in the converse window, it still fails with an 'Authentication failure". If I uncheck SSO and restart it, I can login manually.
(Removed my domain):
bmccorkle
commented
4 years ago I don't know if this helps but this is what I get in the debug log on openfire when I try to enter my credentials in converse after it initially fails on SSO...
2020.04.07 13:39:20 org.jivesoftware.openfire.spi.RoutingTableImpl - Removing client route DOMAIN.COM/atfflc4i3g 2020.04.07 13:39:20 org.jivesoftware.openfire.spi.RoutingTableImpl - Removing client route DOMAIN.COM/45w2d0uzhr 2020.04.07 13:39:21 org.quartz.core.QuartzSchedulerThread - batch acquisition of 0 triggers 2020.04.07 13:39:24 org.apache.mina.filter.ssl.SslFilter - Session Server123: Message received : HeapBuffer[pos=0 lim=98 cap=128: 17 03 03 00 5D 00 00 00 00 00 00 00 69 02 3B 8D...] 2020.04.07 13:39:24 org.apache.mina.filter.ssl.SslHandler - Session Server123 Processing the received message 2020.04.07 13:39:24 org.apache.mina.filter.ssl.SslFilter - Session Server123: Processing the SSL Data 2020.04.07 13:39:24 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_RECEIVED to session 123 Queue : [MESSAGE_RECEIVED, ]
2020.04.07 13:39:24 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_RECEIVED event for session 123 2020.04.07 13:39:24 org.apache.mina.filter.codec.ProtocolCodecFilter - Processing a MESSAGE_RECEIVED for session 123 2020.04.07 13:39:24 org.apache.mina.filter.ssl.SslFilter - Session Server123: Writing Message : WriteRequest: HeapBuffer[pos=0 lim=84 cap=4096: 3C 69 71 20 74 79 70 65 3D 22 72 65 73 75 6C 74...] 2020.04.07 13:39:24 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 123 2020.04.07 13:39:24 org.apache.mina.filter.executor.OrderedThreadPoolExecutor - Adding event MESSAGE_SENT to session 123 Queue : [MESSAGE_SENT, ]
2020.04.07 13:39:24 org.apache.mina.core.filterchain.IoFilterEvent - Firing a MESSAGE_SENT event for session 123
2020.04.07 13:39:24 org.apache.mina.core.filterchain.IoFilterEvent - Event MESSAGE_SENT has been fired for session 123
2020.04.07 13:39:25 org.jivesoftware.openfire.spi.RoutingTableImpl - Removing client route DOMAIN.COM/5klfkgudtt
2020.04.07 13:39:29 org.jitsi.videobridge.xmpp.ComponentImpl - (serving component 'JitsiVideobridge') Processing IQ (packetId a47sZ-356436):
Problem accessing /sso/password. Reason:
Server Error
problem accessing /sso/password. reason'. Field: 'sAMAccountName', Base DN: 'OU="ORGANIZATION",DC="DOMAIN",DC="COM"' ... 2020.04.07 13:39:36 org.jivesoftware.openfire.ldap.LdapManager - Creating a DirContext in LdapManager.getContext() for baseDN 'OU="ORGANIZATION",DC="DOMAIN",DC="COM"'... 2020.04.07 13:39:36 org.jivesoftware.openfire.ldap.LdapManager - Created hashtable with context values, attempting to create context... 2020.04.07 13:39:36 org.jivesoftware.openfire.ldap.LdapManager - ... context created successfully, returning. 2020.04.07 13:39:36 org.jivesoftware.openfire.ldap.LdapManager - Starting LDAP search for username '
problem accessing /sso/password. reason'... 2020.04.07 13:39:36 org.jivesoftware.openfire.ldap.LdapManager - ... search finished for username '
problem accessing /sso/password. reason'. 2020.04.07 13:39:36 org.jivesoftware.openfire.ldap.LdapManager - User DN based on username '
problem accessing /sso/password. reason' not found.
2020.04.07 13:39:36 org.jivesoftware.openfire.net.SASLAuthentication - SASL negotiation failed for session: HttpSession{address=DOMAIN.COM/aku6v7qasx, streamID=aku6v7qasx, status=1 (connected), isSecure=true, isDetached=false, serverName='DOMAIN.COM', isInitialized=false, hasAuthToken=false, peer address='10.10.9.15', presence='
deleolajide
commented
4 years ago I never tested this with LDAP. I suspect you are encountering server-side issues as te userProvider and groupProvider are read-only. I will take a look
bmccorkle
commented
4 years ago I think you are right. I seem to have got it working. Not sure exactly what it was but I switched it to LDAPS (636) and uploaded a new server certificate into the trust store then it started working. Thanks for all your help Dele.
I'm having some issues getting SSO to work.
Logging in manually with username/password works just fine.
I have the Chat API plugin installed (Openfire 4.5.1) and OFCHAT is selected as a SASL Mechism.
I'm able to go to https://myserver:7443/sso/password. It gives me a prompt. If I enter my credentials, I get what appears to be my token (username:token).
In Pade, I have: Server: myserver.domain.com:7443 Domain: domain.com "Use Windows Single Sign On" is checked. Websocket: wss://myserver.domain.com:7443/ws/
Chrome has the FQDN of the server whitelisted for auth
However, when I try to login Pade appears to connect (Icon looks okay) but Converse comes up and only shows a white display window and never loads on the machine I'm testing.