powered by Jive Software

Consistent Not Authorized failures with Red5

Hi All,

We have an Openfire 3.6.4 installation pullling user info from AD for about 50 users. We installed Red5 0.1.11 a couple days back and found that secure logins over port 7443 failed well more often than not (say 90-95 percent of the time - simply stalling indefinitely once credentials had been submitted). In the process of troublshooting I b0rked the entire install and had to reinstall from scratch - although between using AD and an external MySQL database this only took two minutes to get back up and running

However, I have now found that red5 will consistently refuse any login attempt with a “Not Authorized. Please try again.” prompt. I suspect the original problem may have been identified by another forum posting, advising of a manual change to the var tls = getPageParameter(‘tls’, ‘true’); setting in the red5 sparkweb index.html file - I’ve tested this on a development server and it certainly seems to work (without the tweak I see the same behaviour as described at the top of this post). But I’m puzzled as to why a fresh install of Openfire and red5 would result in this authorization error, as everything else is working just fine and dandy, insofar that Openfire is behaving normally.

It seems like to me that some process passing credentials between red5 and Openfire has broken somewhere.

I’ve enabled debugging in Openfire; when a user first attempts to log in via red5 and is eventually presented with the “Not Authorized” prompt, nothing is logged. If a user then attempts a second time (by pressing the Login button) I see the following is logged:

avax.net.ssl.SSLHandshakeException: SSL handshake failed.
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:416)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived (AbstractIoFilterChain.java:499)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(Abstra ctIoFilterChain.java:293)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.j ava:228)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcesso r.java:198)
at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProce ssor.java:45)
at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProce ssor.java:485)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source)
at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658)
at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614)
at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493)
at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306)
at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392)
… 14 more

BTW HTTP Bind is enabled in the server.

Any clues from anyone as to what might have broken, and how to get back up and running again?



Ignore this - simple case of RTFM, or at least the one-liner in the 0.1.11 notes about changing the default flash crossdomain port