DIGEST-MD5: digest response format violation. Nonexistent realm

Openfire Openfire Support
1

Can anyone give an advice of what the problem may be? I have a mobile client called ‘BombusMod’ J2ME Instant Message application, logging into the ‘Openfire’ server on my PC. However it fails to login. The debug log data included below is generated by the server. Please note that creation of a new account from the mobile to the server was successful. The problem was for the mobile to login the account.

Thanks.

2008.05.21 16:52:03 SASLAuthentication: SaslException

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Nonexistent realm: mycomp.homedns.org

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :282)

at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:152)

at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:133)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:180)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.CompressionFilter.messageReceived(CompressionFilter.java :161)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

at java.lang.Thread.run(Unknown Source)

2

Is your openfire server configured with mycomp.homedns.org as it’s domain?

3

Hey Liam,

The problem happens during the SASL authentication. Accounts creation do not use authentication so that is working for you. In particular, this problem means that your client is trying to authenticate using SASL DIGEST-MD5 but the information being sent from the client is missing a piece of information that in this case is the realm. If you cannot modify the client to include the realm then you may want to try using other SASL mechanism to authenticate. You can configure the server to offer a certain list of SASL mechanisms and not all of them.

Regards,

– Gato

4

Hello Winter,

Yes, my server on my PC is configured as

mycomp.homedns.org, this dns was created via the http://www.dyndns.com/

web site. So I guess the mobile client I used will send the login in to

my PC server via this dyndns.

Thanks,

Liam

5

Gato,

Thanks for the info. If it is convenience for you,

can you inform me if there is instruction on how the Openfire server

can be configured to offer a certain list of SASL mechanisms and not

all of them. Any information on this will be much appreciated.

Thankyou,

Liam

6

Hi Gaston,

I’m having the same problem with BombusMod and Openfire 3.5.1 (and the problem happened with a previous version of Openfire).

It seems that the MD5 authentication failing is a bug in Openfire (or Smack).

As I can’t use SSL with BombusMod (since my mobile refuses the SSL certificate), I won’t use a PLAIN authentification.

Please, would it be possible to fix this bug (if considered so) because it seems to affect a lot of clients.

Cheers.

kael

7

I have the same problem . I m connected openfire and add new user but ı m not login …

what can ı do…