I was able to authenticate against an Oracle database for my user base using SH1 (SHA1) for passwordType after reading the “Custom Database Integration Guide”*1. The issue is after the user logs in to our web site, they carry around a SH1 cookie that represents their valid user name and password authentication. If they visit a page that has a browser based Chat App (e.g. JWChat, SparkWeb, Jeti, etc), they would need to login again. In order to avoid this situation, can I add a second jdbcAuthProvider to the conf/openfire.xml that will authenticate against the plain text or SH1 cookie value? I had also considered constructing an elaborate SELECT that returns either the SH1 or plain text depending on what was provided if possible.
SELECT password FROM member WHERE login_name=?
plain
SELECT password FROM member WHERE login_name=?
sha1
HybridAuthProvider was a bit too complicated for my needs. Instead I modified JDBCAuthProvider.java to attempt authentication verses the plain text version of the SHA-1 cookie, and it works.
I did get Hybrid Auth working, and that was very useful to have a local admin account enabled, aside from the actual second database. The way I got this to work is to look at my local distributions doc directory, and read the JavaDoc HybridAuthProvider class information, following what was said there, and basically it worked.