Bosh + Openfire + Strophe + Plain SASL authentication

Himanshu_Khona · March 18, 2011, 5:42am

Here is the summary till now -

Hello -

Afterhaving researched all the forums, I have still not been able to getPlain SASL authentication to work with BOSH + Strophe + Openfire 3.7.

IfI enter a garbled username i.e. user name without the @domain, theclient quickly chooses anonymous auth and gives anonymous session. Butif I enter right username@domain, it stalls after receiving the sessionfrom the server and mechanism as PLAIN (disabled all other mechanism onthe server). If I enable all mechanism on the server, it uses MD5 andit again fails because passwords are plain text.

Here are the relevant client logs

Stropheis connecting.LOG: _throttledRequestHandler called with 1 requestsLOG:request id 1.0 postingLOG: request id 1.0 state changed to 1SEND:<body rid=‘310097613’ xmlns=‘http://jabber.org/protocol/httpbind’to='ec2-50-16-41-243.compute-1.amazonaws.com’ xml:lang=‘en’ wait='60’hold=‘1’ content=‘text/xml; charset=utf-8’ ver=‘1.6’ xmpp:version='1.0’xmlns:xmpp=‘urn:xmpp:xbosh’/>LOG: request id 1.1 state changed to2LOG: request id 1.1 state changed to 3LOG: request id 1.1 statechanged to 4LOG: removing requestLOG: _throttledRequestHandler calledwith 0 requestsLOG: request id 1 should now be removedLOG: request id1.1 got 200

LOG: _connect_cb was called

RECV:<body xmlns=‘http://jabber.org/protocol/httpbind’xmlns:stream='http://etherx.jabber.org/strea ms’ authid='d20af63d’sid=‘d20af63d’ secure=‘true’ requests=‘2’ inactivity=‘30’ polling='5’wait=‘60’ hold=‘1’ ack=‘310097613’ maxpause='300’ver=‘1.6’>stream:features<mechanismsxmlns=‘urn:ietf:params:xml: ns:xmpp-sasl’>PLAIN<compressionxmlns=‘http://jabber.org/features/compress’>zlib<bindxmlns=‘urn:ietf:params:xml:ns:xmpp-bin d’/><sessionxmlns=‘urn:ietf:params:xml:ns:xmpp-session’/></stream:features></bod y>

Server logs -

ThuMar 17 12:43:16 EDT 2011: HTTP RECV(d20af63d): <bodyxmlns:xmpp=“urn:xmpp:xbosh” rid="310097613"to=“ec2-50-16-41-243.compute-1.amazonaws.com” xml:lang=“en” wait="60"hold=“1” content=“text/xml; charset=utf-8” ver="1.6"xmpp:version=“1.0”>

Thu Mar 17 12:43:16 EDT 2011:HTTP SENT(d20af63d): <bodyxmlns="http://jabber.org/protocol/httpbind"xmlns:stream=“http://etherx.jabber.org/streams” authid="d20af63d"sid=“d20af63d” secure=“true” requests=“2” inactivity=“30” polling="5"wait=“60” hold=“1” ack=“310097613” maxpause="300"ver=“1.6”>stream:features<mechanismsxmlns=“urn:ietf:params:xml: ns:xmpp-sasl”>PLAIN<compressionxmlns=“http://jabber.org/features/compress”>zlib<bindxmlns=“urn:ietf:params:xml:ns:xmpp-bin d”/><sessionxmlns=“urn:ietf:params:xml:ns:xmpp-session”/></stream:features></bod y>

Itis very strange that if server advertises only Plain as auth mechanism,the client just halts and does not send the auth request on sessionprovided by the server.

Any ideas.

Thanks,

Himanshu

Himanshu_Khona · March 18, 2011, 6:07am

Further troubleshooting shows that after the client receives auth challenge or auth mechanism, it just throws error and disconnects -

Strophe is connecting.LOG: _throttledRequestHandler called with 1 requestsLOG: request id 1.0 postingLOG: request id 1.0 state changed to 1LOG: request id 1.0 state changed to 2SEND: LOG: request id 1.1 state changed to 2LOG: request id 1.1 state changed to 3LOG: request id 1.1 state changed to 4LOG: removing requestLOG: _throttledRequestHandler called with 0 requestsLOG: request id 1 should now be removedLOG: request id 1.1 got 200LOG: _connect_cb was calledRECV: stream:featuresDIGEST-MD5PLAINANONYMOUSCRAM-MD5</mech anism>zlib</stream:features>LOG: _throttledRequestHandler called with 0 requestsLOG: request id 2.0 postingLOG: request id 2.0 state changed to 1LOG: request id 2.0 state changed to 2SEND: LOG: request id 2.1 state changed to 3LOG: request id 2.1 state changed to 4LOG: removing requestLOG: _throttledRequestHandler called with 0 requestsLOG: request id 2 should now be removedLOG: request id 2.1 got 200RECV: cmVhbG09ImVjMi01MC0xNi00MS0yNDMuY29tcH V0ZS0xLmFtYXpvbmF3cy5jb20iLG5vbmNlPSJjZEJET1ByWUJEYlBHNWRXUmdPZzZRdHkrRi82NjhvVi s3Vm1QRU9tIixxb3A9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz</challeng e>LOG: error: function () { [native code] }Strophe failed to connect.LOG: _onDisconnectTimeout was calledLOG: _doDisconnect was calledStrophe is disconnected.

Himanshu_Khona · March 18, 2011, 6:48am

Further research shows that the strophe is stuck on authenticating after it receives mechanism to authenticate ofor MD5 challenge and just sits there and a disconnect is called. Any clues? -

Strophe is connecting.

LOG: _throttledRequestHandler called with 1 requests

LOG: request id 1.0 posting

LOG: request id 1.0 state changed to 1

LOG: request id 1.0 state changed to 2

SEND:

LOG: request id 1.1 state changed to 2

LOG: request id 1.1 state changed to 3

LOG: request id 1.1 state changed to 4

LOG: removing request

LOG: _throttledRequestHandler called with 0 requests

LOG: request id 1 should now be removed

LOG: request id 1.1 got 200

LOG: _connect_cb was called

RECV: stream:featuresPLAIN</mechanis ms>zlib</stream:features>

Strophe is Authenticating.

Strophe failed to connect.

LOG: _onDisconnectTimeout was called

LOG: _doDisconnect was called

Strophe is disconnected.