Custom Authentication(s)


I was able to authenticate against an Oracle database for my user base using SH1 (SHA1) for passwordType after reading the “Custom Database Integration Guide”*1. The issue is after the user logs in to our web site, they carry around a SH1 cookie that represents their valid user name and password authentication. If they visit a page that has a browser based Chat App (e.g. JWChat, SparkWeb, Jeti, etc), they would need to login again. In order to avoid this situation, can I add a second jdbcAuthProvider to the conf/openfire.xml that will authenticate against the plain text or SH1 cookie value? I had also considered constructing an elaborate SELECT that returns either the SH1 or plain text depending on what was provided if possible.

SELECT password FROM member WHERE login_name=? plain SELECT password FROM member WHERE login_name=? sha1



*1 ration-guide.html

I wonder if it would be possible to use HybridAuthProvider for this task. I have been searching for an example, but so far not found.


HybridAuthProvider was a bit too complicated for my needs. Instead I modified to attempt authentication verses the plain text version of the SHA-1 cookie, and it works.


I did get Hybrid Auth working, and that was very useful to have a local admin account enabled, aside from the actual second database. The way I got this to work is to look at my local distributions doc directory, and read the JavaDoc HybridAuthProvider class information, following what was said there, and basically it worked.

Are you using HybridUserProvider by any chance?

HybridUserProvider ? No, there is no such OPF class. But HybridAuthProvider, yes I am using it.

Hmm… I see this: org/jivesoftware/openfire/user/HybridUserProvider.html

In any case – are able to have both LDAP users and users from a databas login to your installation?

Out of the box, yes it does this. If you wanted further authentication customizations, making source level changes could also come in handy.