powered by Jive Software

After upgrading Smack SSO authorization (GSSAPI) is broke

Hi, today I noticed that after updating Smack from 4.3.4 to Smack 4.4.4 in Spark I cannot connect using SSO (GSSAPI).

@Flow @guus Please pay attention to this

https://igniterealtime.atlassian.net/browse/SPARK-2243

org.jivesoftware.smack.SmackException$SmackSaslException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: [PLAIN, NTLM, GSSAPI, JIVE-SHAREDSECRET]. Registered SASL mechanisms with Smack: [SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: EXTERNAL, Prio: 500]. Enabled SASL mechanisms for this connection: null. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS]. Skip reasons: [Skipping SASL Mech: GSSAPI, Prio: 100 because a password is required for it, but none was provided to the connection configuration, Skipping SASL Mech: PLAIN, Prio: 400 because a password is required for it, but none was provided to the connection configuration]
	at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:366)
	at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:188)
	at org.jivesoftware.smack.AbstractXMPPConnection.authenticate(AbstractXMPPConnection.java:904)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection.loginInternal(XMPPTCPConnection.java:381)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:641)
	at org.jivesoftware.gui.LoginUIPanel.login(LoginUIPanel.java:1229)
	at org.jivesoftware.gui.LoginUIPanel.access$1000(LoginUIPanel.java:135)
	at org.jivesoftware.gui.LoginUIPanel$6.construct(LoginUIPanel.java:1029)
	at org.jivesoftware.spark.util.SwingWorker.lambda$new$0(SwingWorker.java:139)
	at java.lang.Thread.run(Unknown Source)

So, the mechanism is available, but can’t be used by Smack “because a password is required for it, but none was provided to the connection configuration” :thinking:

I was also surprised why it requires a password.

Seems like a occurrence of

with just a different SASL mech. If so, then it should be trivially to fix.

I think the error appeared earlier.
Here is the result of my testing:
Smack 4.4.0 - SSO works
Smack 4.4.1 - SSO works
Smack 4.4.2 - SSO works
Smack 4.4.3 - SSO is broke
Smack 4.4.4 - SSO is broke

This commit is the fix for the issue (although for a different SASL mech), not the cause. :slight_smile:

2 Likes

Thanks!
I could test this fix if I had snapshoot.
https://oss.sonatype.org/content/repositories/snapshots/org/igniterealtime/smack/smack-core/

I’ve uploaded 4.4.5-SNAPSHOT to OSS Sonatype.

Now GSSAPI works, thanks!

1 Like