[jitsi-dev] [jitsi] SSO for Jitsi (#208)


#1

Does Jitsi provide SSO? If yes could I have a link to some documentation how to set this up please?

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208


#2

Ok, thanks for the information. We are using Spark at the moment, which does has SSO implemented, but has other issues.
SSO is on our 'required features list' in the search for a replacement.

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#issuecomment-173231284


#3

The problem with SSO is that Java is not capable of using Windows' Kerberos correctly (it wants to access the TGT, which is not possible (except if you set a registry key (which is AFAIK gone in Windows 8) and disable UAC) for security reasons).

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#issuecomment-177380297


#4

If someone would ever consider giving this a try, this thread contains some useful information:
https://community.spiceworks.com/topic/379664-openfire-sso-on-windows

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#issuecomment-180349247


#5

Jitsi can use LDAP for contact source lookup, that includes authentication against LDAP already (i use it with AD). Why not use that component for authentication?

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#issuecomment-187103676


#6

Closed #208.

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#event-562526546


#7

@gradinaruvasile Authentication against LDAP is a server side thing, this issue about SSO (i.e. not entering a password again on the client). And this is currently not possible with Java on Windows (which is the only platform where I have a working Kerberos server).

I'm closing this issue. Once Java supports Windows' Kerberos or SSPI, please ask to reopen.

···

---
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#issuecomment-187945357


#8

Has this situation changed?

https://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/single-signon.html

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#issuecomment-239489262


#9

@mkaatman No, it hasn't. See:
- http://stackoverflow.com/questions/14556119/how-do-people-make-java-spnego-client-work-in-windows
- https://bugs.openjdk.java.net/browse/JDK-6722928

I might consider upgrading the apache-httpclient libraries though. This would at least help to get SSO for provisioning.

···

--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/jitsi/jitsi/issues/208#issuecomment-243564156