Failed SASL authentification: unknown challenge

Hi

Using python + xmpp and Openfire 4.5.1 (just upgraded) and the code below :

import xmpp

adresseSource="informations_service_test@xxxxx"
password="xxx"
ressource="xxxx"
jid = xmpp.protocol.JID(adresseSource)

client = xmpp.Client(jid.getDomain())

if(client.connect() == ""):
    print "Not Connected / Not responding"
            
else:
    print "Connexion au compte Jabber \033[31m"+ adresseSource+ "\033[32m OK \033[0m"

print jid.getNode(), password, ressource
if client.auth(jid.getNode(), password, ressource) == None :
    print "authentification failed / Bad password"
[karim@dev83b libPythonGliders]$ python ./conn.py 
Invalid debugflag given: always
Invalid debugflag given: nodebuilder
DEBUG: 
DEBUG: Debug created for /home/karim/django/services/GP/libPythonGliders/xmpp/client.py
DEBUG:  flags defined: always,nodebuilder
DEBUG: socket       start Plugging <xmpp.transports.TCPsocket instance at 0x7f25b9efba28> into <xmpp.client.Client instance at 0x7f25b9efb8c0>
DEBUG: socket       warn  Could not load one of the supported DNS libraries (dnspython or pydns). SRV records will not be queried and you may need to set custom hostname/port for some servers to be accessible.\n
DEBUG: socket       start Successfully connected to remote host ('jabberdsia.dt.insu.cnrs.fr', 5222)
DEBUG: dispatcher   start Plugging <xmpp.dispatcher.Dispatcher instance at 0x7f25b9efbcf8> into <xmpp.client.Client instance at 0x7f25b9efb8c0>
DEBUG: dispatcher   info  Registering namespace "unknown"
DEBUG: dispatcher   info  Registering protocol "unknown" as <class 'xmpp.protocol.Protocol'>(unknown)
DEBUG: dispatcher   info  Registering protocol "default" as <class 'xmpp.protocol.Protocol'>(unknown)
DEBUG: dispatcher   info  Registering namespace "http://etherx.jabber.org/streams"
DEBUG: dispatcher   info  Registering protocol "unknown" as <class 'xmpp.protocol.Protocol'>(http://etherx.jabber.org/streams)
DEBUG: dispatcher   info  Registering protocol "default" as <class 'xmpp.protocol.Protocol'>(http://etherx.jabber.org/streams)
DEBUG: dispatcher   info  Registering namespace "jabber:client"
DEBUG: dispatcher   info  Registering protocol "unknown" as <class 'xmpp.protocol.Protocol'>(jabber:client)
DEBUG: dispatcher   info  Registering protocol "default" as <class 'xmpp.protocol.Protocol'>(jabber:client)
DEBUG: dispatcher   info  Registering protocol "iq" as <class 'xmpp.protocol.Iq'>(jabber:client)
DEBUG: dispatcher   info  Registering protocol "presence" as <class 'xmpp.protocol.Presence'>(jabber:client)
DEBUG: dispatcher   info  Registering protocol "message" as <class 'xmpp.protocol.Message'>(jabber:client)
DEBUG: dispatcher   info  Registering handler <bound method Dispatcher.streamErrorHandler of <xmpp.dispatcher.Dispatcher instance at 0x7f25b9efbcf8>> for "error" type-> ns->(http://etherx.jabber.org/streams)
DEBUG: dispatcher   warn  Registering protocol "error" as <class 'xmpp.protocol.Protocol'>(http://etherx.jabber.org/streams)
DEBUG: socket       sent  <?xml version='1.0'?>
  <stream:stream xmlns="jabber:client" to="jabberdsia.dt.insu.cnrs.fr" version="1.0" xmlns:stream="http://etherx.jabber.org/streams" >
DEBUG: socket       got   <?xml version='1.0' encoding='UTF-8'?>
  <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="jabberdsia" id="ar8galkv8a" xml:lang="en" version="1.0">
DEBUG: socket       got   <stream:features>
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
  <mechanism>PLAIN</mechanism>
  <mechanism>SCRAM-SHA-1</mechanism>
  <mechanism>OFMEET</mechanism>
  <mechanism>CRAM-MD5</mechanism>
  <mechanism>DIGEST-MD5</mechanism>
  </mechanisms>
  <compression xmlns="http://jabber.org/features/compress">
  <method>zlib</method>
  </compression>
  <ver xmlns="urn:xmpp:features:rosterver"/>
  <auth xmlns="http://jabber.org/features/iq-auth"/>
  <register xmlns="http://jabber.org/features/iq-register"/>
  <c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="RB0y5P7bwkSLaCvmpViCd/zz5a0="/>
  </stream:features>
DEBUG: dispatcher   warn  Unknown stanza: features
DEBUG: dispatcher   ok    Dispatching unknown stanza with type-> props->[u'urn:ietf:params:xml:ns:xmpp-sasl', u'http://jabber.org/features/compress', u'urn:xmpp:features:rosterver', u'http://jabber.org/features/iq-auth', u'http://jabber.org/features/iq-register', u'http://jabber.org/protocol/caps'] id->None
DEBUG: tls          start Plugging <xmpp.transports.TLS instance at 0x7f25b9f11c20> into <xmpp.client.Client instance at 0x7f25b9efb8c0>
DEBUG: tls          warn  TLS unsupported by remote server.
Connexion au compte Jabber informations_service_test@jabberdsia.dt.insu.cnrs.fr OK 
informations_service_test ist glider
DEBUG: sasl         start Plugging <xmpp.auth.SASL instance at 0x7f25b9f11cb0> into <xmpp.client.Client instance at 0x7f25b9efb8c0>
DEBUG: dispatcher   info  Registering handler <bound method SASL.SASLHandler of <xmpp.auth.SASL instance at 0x7f25b9f11cb0>> for "challenge" type-> ns->(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: dispatcher   warn  Registering namespace "urn:ietf:params:xml:ns:xmpp-sasl"
DEBUG: dispatcher   info  Registering protocol "unknown" as <class 'xmpp.protocol.Protocol'>(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: dispatcher   info  Registering protocol "default" as <class 'xmpp.protocol.Protocol'>(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: dispatcher   warn  Registering protocol "challenge" as <class 'xmpp.protocol.Protocol'>(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: dispatcher   info  Registering handler <bound method SASL.SASLHandler of <xmpp.auth.SASL instance at 0x7f25b9f11cb0>> for "failure" type-> ns->(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: dispatcher   warn  Registering protocol "failure" as <class 'xmpp.protocol.Protocol'>(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: dispatcher   info  Registering handler <bound method SASL.SASLHandler of <xmpp.auth.SASL instance at 0x7f25b9f11cb0>> for "success" type-> ns->(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: dispatcher   warn  Registering protocol "success" as <class 'xmpp.protocol.Protocol'>(urn:ietf:params:xml:ns:xmpp-sasl)
DEBUG: socket       sent  <auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl" mechanism="DIGEST-MD5" />
DEBUG: socket       got   <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09ImphYmJlcmRzaWEiLG5vbmNlPSIzUFJUMXJhaXhHbEorZC9WOG1mdmRlcGVQc25aRUxpelJXalppRnUxIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>
DEBUG: dispatcher   ok    Got urn:ietf:params:xml:ns:xmpp-sasl/challenge stanza
DEBUG: dispatcher   ok    Dispatching challenge stanza with type-> props->[] id->None
DEBUG: sasl         ok    Got challenge:realm="jabberdsia",nonce="3PRT1raixGlJ+d/V8mfvdepePsnZELizRWjZiFu1",charset=utf-8,algorithm=md5-sess
DEBUG: sasl         error Failed SASL authentification: unknown challenge
DEBUG: sasl         stop  Plugging <xmpp.auth.SASL instance at 0x7f25b9f11cb0> out of <xmpp.client.Client instance at 0x7f25b9efb8c0>.
authentification failed / Bad password

DEBUG: sasl         ok    Got challenge:realm="jabberdsia",nonce="3PRT1raixGlJ+d/V8mfvdepePsnZELizRWjZiFu1",charset=utf-8,algorithm=md5-sess

qop=“auth” seems missing in the Challenge line

Thanks for any hint

Karim

Hi Karim, did you get any solution to this issue?

I am seeing this issue and noticed that if I disable DIGEST-MD5 as an available SASL Mechanism within openfire (Server → Server Settings → SASL Mechanisms), then xmpppy is able to connect.

My guess is that the client implementation of DIGEST-MD5 conflicts with Openfire, as per [OF-477] SASL server in OF creates digest-uri based on xmpp.fqdn but it sends xmpp.domain to the client - Ignite Realtime Jira

1 Like