Admin Console login Failed, UnauthorizedException: null

Openfire
1

Dear Community!

After severy tries i finally was able to connect Openfire to my Database. I have configured all properties in the database table ofproperty where openfire stores its properties. When i try to login to the admin console, however, the login always failes and the logs tell me following:


2024.05.15 12:13:10.037 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-33]: org.jivesoftware.util.WebManager - Unable to get user: no session or no auth token on session.
2024.05.15 12:13:16.513 e[32mINFO e[m [Jetty-QTP-AdminConsole-32]: org.jivesoftware.util.cache.CacheFactory - Created cache [org.jivesoftware.util.cache.DefaultLocalCacheStrategy] for Locked Out Accounts
2024.05.15 12:13:16.542 e[36mDEBUGe[m [Jetty-QTP-AdminConsole-32]: login.jsp - Error occurred while trying to authenticate user 'WoistdasNiveau' on the admin console.
org.jivesoftware.openfire.auth.UnauthorizedException: null
	at org.jivesoftware.openfire.auth.JDBCAuthProvider.authenticate(JDBCAuthProvider.java:232) ~[xmppserver-4.8.1.jar:4.8.1]
	at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:184) ~[xmppserver-4.8.1.jar:4.8.1]
	at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:260) [xmppserver-4.8.1.jar:4.8.1]
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) [apache-jsp-9.0.52.jar:9.0.52]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590) [jetty-servlet-api-4.0.6.jar:?]
	at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1419) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665) [jetty-servlet-10.0.18.jar:10.0.18]
	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:65) [sitemesh-2.4.2.jar:?]
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:73) [xmppserver-4.8.1.jar:4.8.1]
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:49) [xmppserver-4.8.1.jar:4.8.1]
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:174) [xmppserver-4.8.1.jar:4.8.1]
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:292) [xmppserver-4.8.1.jar:4.8.1]
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.jivesoftware.admin.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:53) [xmppserver-4.8.1.jar:4.8.1]
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:598) [jetty-security-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484) [jetty-servlet-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:149) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.Server.handle(Server.java:563) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287) [jetty-server-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314) [jetty-io-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100) [jetty-io-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53) [jetty-io-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421) [jetty-util-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390) [jetty-util-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277) [jetty-util-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199) [jetty-util-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411) [jetty-util-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969) [jetty-util-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194) [jetty-util-10.0.18.jar:10.0.18]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149) [jetty-util-10.0.18.jar:10.0.18]
	at java.lang.Thread.run(Thread.java:833) [?:?]
2024.05.15 12:13:16.547 e[33mWARN e[m [Jetty-QTP-AdminConsole-32]: org.jivesoftware.admin.LoginLimitManager - Failed admin console login attempt by WoistdasNiveau from 172.17.0.1
2024.05.15 12:13:16.549 e[32mINFO e[m [Jetty-QTP-AdminConsole-32]: org.jivesoftware.util.cache.CacheFactory - Created cache [org.jivesoftware.util.cache.DefaultLocalCacheStrategy] for Sequences

I am very confused of this exception as it really does not tell me anything. I have tried to look up the source code of the JDBAuthProvider Openfire/xmppserver/src/main/java/org/jivesoftware/openfire/auth/JDBCAuthProvider.java at main · igniterealtime/Openfire · GitHub which confused me even more as on line 232 the exception would come from a method that wanted some domains as well what i do not have for the admin login. Apart from that entering a @ in the username entry of the admin console login does generally not work. What could be the problem? I have tried all SQL queries in PGAdmin and they all work as well.

The properties in the database: (I have left out the connectionString)

image
image1172×275 25.3 KB

image
image1171×251 24.1 KB

2

Could there be a problem with hashing the password and comparing it with the stored password?

3

UPDATE: I looked at the query logs of my postgres container it there i saw, that openfire sent the username in the query in lowercase. With the “=” sign the query was case sensitive so it did not find the user. Swapping the “=” to ILIKE solved the issue. Now i can log in to the admin console. However, there is still the jdbcUserProvider.searchSQL which ends with WHERE which sends the query with the LIKE keyword as shown in the logs. Is there a possibility to change this to ILIKE as well to make it case insenstive?

4

Well… I wonder if Openfire should be lower-casing your username in the first place. Also, I’m guessing that it will try to authenticate the JID-escaped version of your username (which in your case likely is going to make no difference), but still, (update: this seems to already have been addressed in OF-1837) there’s an argument that this simply should not occur in the JDBC auth provider.

I have raised a new ticket for this: [OF-2827] - Ignite Realtime Jira
Corresponding code change: OF-2827: JDBCAuthProvider should not lowercase/trim provided username by guusdk · Pull Request #2461 · igniterealtime/Openfire · GitHub

1 Like