SSO does not work with Openfire + Java 8


I've had some time to mess with openfire and java 8. It looks like it indeed breaks sso . I believe this is because openfire uses DES . DES is disabled by default in java 8. It can be enabled by adding allow_weak_crypto=true in the krb5.ini/krb5.conf. However, even after adding this, I'm still unable to get SSO back up and running. reverting back to java 7 on the server, and everything works like a champ.

I'll do some more testing to see if I can come up with a work around, but DES now being considered somewhat insecure, and Java 7 coming up on EOL, it might be a good time to see if a dev can look into this

speedy reports that latest Java 7 update (7u80) also breaks SSO:


Java 7u80+, Java 8


June 21, 2015, 5:23 PM

This can probably be closed now, because of being applied to

June 4, 2015, 5:47 PM

It has been reported that GSSAPI part of part makes SSO work with Openfire + Java 8.

Your pinned fields
Click on the next to a field label to start pinning.


Dave Cridland


Daryl Herzmann