Authenticating against Openfire DB

Hello everyone,

I’m working on integrating Openfire with my custom project. I want to authenticate against Openfire user database, and possibly create new user accounts from my application. What is a better option: to dig for encryption algorithm Openfire uses to store passowrds, or develop my own auth provider for openfire? Please note that in the latter case I still need the ability to register new accounts from Openfire.

Thanks in advance.

Openfire does use Blowfish to encrypt passwords.

However, if you just want to authenticate and create new user accounts, it should be sufficient to read/write directly to your database. But be aware, that there are no “new user” (etc.) events are generated, which can confuse some of your plugins.

If you want more, e.g. create new shared groups or add users to groups, you need definitely to write a plugin that acts as interface to you application.

Just to clear out. Will there be ‘new user’ events etc. if I write auth provider, which will work with my own DB (rather than that of Openfire)?

You need to implement your own UserProvider along with AuthProvider. After these according to my view there will be ‘new user’ events.

I’m not sure what you want to do, but I would say the existing providers are sufficient.

Inside a plugin you can create new users using method UserManager.createUser. Inside this method all necessary events are fired. Also you can use class AuthFactory to retrieve users password.

Unfortunately, existing providers are not sufficent for me: DefaultAuthProvider uses either Blowfish-encrypted or plain-text passwords (my system uses md5 hashes).

One more thing is that my system is written in python, and I want to avoid writing extra java code.There’s no way of using AuthFactory from python code (AFAICS).

As @phearnot want to authenticate against Openfire user database. So he need to own AuthProvider implemenatation and creating and managing user from his database so he need to implement his own user provider sothat he can manage his own user data base

BTW, it appears that GroupProvider implementation is necessary to share groups among Openfire and my app. Is there any possibility to change Auth/User/Group provider at runtime (from a plugin, for instance), or such changes require server restart?

According to me these providers are loaded at bootstrap and only changes at runtime when we setup openfire server first time. but there is no option to specify to use our custom providers.

I am using my custom providers by manully editing the openfire.xml

like for to change custom Authprovider and UserProvider I made change asin openfire.xml :









and also make


otherwise you need to go the whole setup process and this setup process modify your openfire.xml again.

Hope this will help you.