We're updating the issue view to help you get more done. 

SSO does not work with Openfire + Java 8

Description

I've had some time to mess with openfire and java 8. It looks like it indeed breaks sso . I believe this is because openfire uses DES . DES is disabled by default in java 8. It can be enabled by adding allow_weak_crypto=true in the krb5.ini/krb5.conf. However, even after adding this, I'm still unable to get SSO back up and running. reverting back to java 7 on the server, and everything works like a champ.

I'll do some more testing to see if I can come up with a work around, but DES now being considered somewhat insecure, and Java 7 coming up on EOL, it might be a good time to see if a dev can look into this

speedy reports that latest Java 7 update (7u80) also breaks SSO: https://community.igniterealtime.org/thread/55310

Environment

Java 7u80+, Java 8

Acceptance Test - Entry

None

Activity

Show:
wroot
June 4, 2015, 5:47 PM

It has been reported that GSSAPI part of part makes SSO work with Openfire + Java 8.

speedy
June 21, 2015, 5:23 PM

This can probably be closed now, because of https://github.com/igniterealtime/Openfire/pull/230 being applied to

Assignee

Dave Cridland

Reporter

Daryl Herzmann

Labels

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Affects versions

Priority

Major
Configure