Ive modified (with some help from Gato) openfire to handle EXTERNAL auth for c2s connections (its in trunk if you want to see). The problem so far is clients- Smack dosnt handle EXTERNAL auth correctly, thus neither does Spark. That makes it a bit harder to test things. Ive found tkabber correctly handles sending client certificates on SSL/TLS connections, and was easy enough to modify to deal with EXTERNAL auth. The problem is, after a successful authentication, the connection gets dropped.
Gato: this is mostly for you, but anyone else might have some insight is welcome to chime in.
How do I go about tracking this problem down? There is nothing in the logs after the successful auth.