powered by Jive Software

Cannot login into sparkweb

I have searched through the forums and it seems a few have some problems and other have found different solutions. I have tried all.

I am using


linux server, external database

openfire 3.6.2

sparkweb 0.9.0

in IE, flash 10

ports 5222 and 5229 open

in the sparkweb.html file, changed


server: “openfire.server.name”,
connectionType: “socket”,
port: “5222”,
autoLogin: "false"
policyFileURL: “xmlsocket://openfire.server.name:5229”

I downloaded SparkWeb.swf which is 1,758 size. the original is 616. This is not work. In one discussion it talked about in ssh to svn but I don’t know how to do this.

Please advice.

Have you tried to refresh the login page a few times and try to login again?

I got the login page for sparkweb up. when I try to login it says “Server requires TLS, which is unsupported. Sorry.” We are using a xmpp CA signed RSA certificate.

found the answer in openfire admin cp you for security settings, client connection security is optional. the problem was the TLS. I believe it is on sparkweb bug tracker.

Yeap. TLS support http://www.igniterealtime.org/issues/browse/SW-66

also Dele has just posted his red5 modified SparkWeb version with TLS support here (last comments) http://www.igniterealtime.org/community/docs/DOC-1553#comment-4791

It is broken with Flash Player 10. Openfire sends back policy-request response ONLY for port 5222

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia

.com/xml/dtds/cross-domain-policy.dtd"><allow-access-from d
omain="*" to-ports="5222" />

It should be to-ports="5222, 5223"

I think we need to raise a fault on openfire. The following changes need to be made to FlashCrossDomainHandler.java

        try {
            clientSocket = serverSocket.accept();

            // Validate that we have a license
            PrintWriter out = new PrintWriter(clientSocket.getOutputStream(), true);

            out.println(CROSS_DOMAIN_TEXT +
                    XMPPServer.getInstance().getConnectionManager().getClientListenerPort() + "," +

                    XMPPServer.getInstance().getConnectionManager().getClientSSLListenerPort() +

Dele, could you attach this code snippet as a patch file here, so i could attach it to a JIRA ticket http://www.igniterealtime.org/issues/browse/JM-1502

Unless you can do it youself. And i think you should.

The patching is not complete. I also need to locate where Openfire responds to


<?xml version="1.0"?>

Found it in org.jivesoftare.openfire.net.StanzaHandler

if (!initialStream) {
// Allow requests for flash socket policy files directly on the client listener port
if (stanza.startsWith("")) {
String crossDomainText = FlashCrossDomainHandler.CROSS_DOMAIN_TEXT +
XMPPServer.getInstance().getConnectionManager().getClientListenerPort() + “,” +

                        XMPPServer.getInstance().getConnectionManager().getClientSSLListenerPort() +
                        FlashCrossDomainHandler.CROSS_DOMAIN_END_TEXT + '\0';
            else {
                // Ignore <?xml version="1.0"?>

I don’t mind following through on this, but If someone else with all the permissions and spare time can help it will be very much appreciated

I can now confirm that patch works and Red5 Sparkweb 0.1.05 with TLS socket connection now works fine with Openfire and Flash Player 10. If you have can’t wait for the official release and have a compelling reason to use TLS as I do, pickup the patched openfire.jar file from here.


Hello Dele if I want to try out red51.0.5 where dos openfire.jar go would it go in openfire plugins

Have changed the openfire.jar and changed red51.0.4 to 1.0.5 and is working nice but had to change policyFileURL port to 5222 to get first time login without athorization denid please try again happening very nice am now logging sparkweb into ssl connection

thank you Dele and dev

From Bruce and lowballking.net

i was expecting this fix in 3.6.3

I am using openfire 3.6.3 and sparkweb 0.9.0 (not red5 openfire). Has this issue been fixed? I have the same issue “server requires TLS, which is unsupported. Sorry”.

I see issue at http://www.igniterealtime.org/issues/browse/JM-1502.

This is not the same issue. I mean original sparkweb is a whole different story. It doesnt has TLS support (and Openfire cant do anything about this) and we dont know when will it has. Dele has added TLS support in his version, maybe he can share his code, but there is no active developer of the original sparkweb. Armando should be, and he was promising to find a time for that, but it seems Jive is too busy with Clearspace project.

Hi Dele,

I’m willing to get this change commited, but am concerned that your perhaps change needs to include a bit more. Do you think it would be necessary to merge the logic found in org/jivesoftware/openfire/http/FlashCrossDomainServlet.java as well, so that the web ports are also included?