[Freeipa-users] xmpp/jabber SSO with freeipa
Simo Sorce
simo at redhat.com
Sun Jun 17 13:27:22 UTC 2012
On Sat, 2012-06-16 at 23:45 +0200, Natxo Asenjo wrote:
> hi,
>
> After some initial troubles (thanks rcrit on irc) I got this to work
> nicely. I have used the openfire
> http://www.igniterealtime.org/projects/openfire/index.jsp xmpp/jabber
> server.
>
> Instructions here:
>
> http://test.asenjo.nl/index.php/Openfire_ipa
Nice writeup Natxo,
I am curious about the SSO setup. Why did you need to restrict the
keytab to des3 ? Using the default settings (that include AES keys would
be normally better). If it is due to restrictions in the java security
library, you should be able to download a library with full support for
AES from Oracle (they have a separate build due to some export control
stuff that is available for download).
I am also curious about the need to set isInitiator to false. Service
keys in IPA can be used to init security contexts, what kind of failure
did you see setting it to true ? The 'isInitiator=false' may be
necessary in AD where servicePrincipals and userPrincipals are
considered distinct entities and AD forbids servicePrincipals to perform
AS Requests, but this is not limited in IPA, by default you should be
able to initiate just fine.
HTH,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list