powered by Jive Software

New to Openfire: Admin working in browser, users not

I’ve searched for some hours now… RTFM attempted!

If there are documents that explain these questions, I’m willing to read them. I have successfully set up and used FTP servers. New to this type of app. Hopefully there is enough information here to get started.

Requirements:

  • < 10 trusted users

  • chat function

  • stored message server (like facebook Inbox)

  • Simplest secure solution possible

Environment:Here’s the skinny so far.

  • local network client/server traffic for testing. Will open my router/firewall to remote family after prototyping is done

  • Installed Openfire 3.6.4 on Windows XP, (sp3, current with microsoft updates)

  • Openfire uses the Internal database

  • Openfire admin account is accessible both from localhost and remote with IE and Firefox browsers on 9090, and 9091

with a locally generated SSL certificate

  • users created with Openfire admin account

  • Firewall allows Openfire and Spark fully

  • second computer is on the local network (no NAT or router issues)

  • Server addressing is to IP addresses:port# specifically, rather than domain names

  • I’ve used http/https with 5222/5223 and 7070/7443 in the address lines. Same results

Question 1: Can I let my computer challenged family use simply IE or Firefox as the chat/IM client, or must I use Spark, or something like it?

Question 2: If browsers will work as a client, can I use https / 7443? or must I use 5223 instead?

Question 2: If I must use Spark (I installed it) I don’t see a stored message function in it. Is there another app to install?

Question 3: I don’t understand the interaction between the Openfire users and the Spark users.

Problem 1: Openfire: Can’t login as users on either IE8 or Firefox 3.0.13, or 3.5.2

Error HTTP 404

NOT_FOUND

RequestURI=/

Powered by Jetty://

  • I’ve looked at many of these in this forum but none seem to be appropriate to my setup.

Problem 2: Spark: Can’t log into Spark as a user (chat account) from another computer on the same network

Error: "Unable to connect to “server-name”

This morning’s Openfire server log:

line
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
2009.08.21 09:44:09 [org.jivesoftware.util.log.util.CommonsLogFactory$1.error(CommonsLogFactory.jav a:88)
] Line=19 The content of element type “dwr” must match “(init?,allow?,signatures?)”.
2009.08.21 09:45:00 [org.jivesoftware.phone.PhonePlugin.destroy(PhonePlugin.java:144)
] Error unregistering component
java.lang.NullPointerException
at org.jivesoftware.openfire.component.InternalComponentManager.removeComponent(In ternalComponentManager.java:190)
at org.jivesoftware.phone.PhonePlugin.destroy(PhonePlugin.java:141)
at org.jivesoftware.phone.PhonePlugin.destroyPlugin(PhonePlugin.java:131)
at org.jivesoftware.openfire.container.PluginManager.unloadPlugin(PluginManager.ja va:587)
at org.jivesoftware.openfire.admin.plugin_002dadmin_jsp._jspService(plugin_002dadm in_jsp.java:129)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:11 8)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:66)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:42)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:70)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:146)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:206)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:829)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
2009.08.21 10:29:55 [org.jivesoftware.util.log.util.CommonsLogFactory$1.error(CommonsLogFactory.jav a:88)
] Line=19 The content of element type “dwr” must match “(init?,allow?,signatures?)”.
2009.08.21 10:37:20 [org.jivesoftware.util.log.util.CommonsLogFactory$1.error(CommonsLogFactory.jav a:88)
] Line=19 The content of element type “dwr” must match “(init?,allow?,signatures?)”.
2009.08.21 12:00:09 [org.jivesoftware.util.log.util.CommonsLogFactory$1.error(CommonsLogFactory.jav a:88)
] Line=19 The content of element type “dwr” must match “(init?,allow?,signatures?)”.
2009.08.21 13:54:41 [org.jivesoftware.util.log.util.CommonsLogFactory$1.error(CommonsLogFactory.jav a:88)
] Line=19 The content of element type “dwr” must match “(init?,allow?,signatures?)”.

Thanks in advance!

A lot of questions. I will quote your questions manually.

  • < 10 trusted users

What do you mean by ‘trusted’? If you mean users who should be able to administrate Openfire, then you can add as many as you like into Openfire config file. But there is no role based system, all of them will have full admin rights.

  • chat function

There are both one-to-one and conference chat support (both Openfire and Spark).

  • stored message server (like facebook Inbox)

Dont quite understand, i dont use facebook. If you mean offline message storing, then yes. Openfire supports offline message storing and you can customize such settings.

  • Simplest secure solution possible

You have already discovered that Openfire automatically generates self-signed SSL certificates. So, using them is probably the simplest security option. You have to customize security options to force clients to use it.

  • Firewall allows Openfire and Spark fully

You mean Spark is allowed on the same computer where Openfire is installed? So, are you able to login with Spark on localhost? Make sure that 5222 port is accessible from a remote machine. You can temporary disable firewall to rule this problem out.

  • Server addressing is to IP addresses:port# specifically, rather than domain names

So, in Spark you put your username, say ‘john’ (without quotes), password and then local IP address in Server field? Are you able to login on localhost by using 127.0.0.1 or ‘localhost’? You can also try to put your server’s name (which you have specified during setup) in Server field and press Advanced button on Spark’s login screen, uncheck automatic host discovery and put IP address there. You should only use 5222 port, as 5223 is obsolete and you can’t login with other ports, unless you have changed this in Openfire setup.

Question 1: Can I let my computer challenged family use simply IE or Firefox as the chat/IM client, or must I use Spark, or something like it?

You can try using web clients like JWChat, Muckl. IgniteRealtime has its own web client - SparkWeb, though it is not actively developed anymore. Here’s a how-to http://www.igniterealtime.org/community/docs/DOC-1553

Question 2: If browsers will work as a client, can I use https / 7443? or must I use 5223 instead?

Depends on the client you use. With SparkWeb you have options to use different ports (read the how-to), and you will need more ports open as this is a Flash based client and need additional port for policy file retrieving, also one more port needed for http-bind use case.

Question 2: If I must use Spark (I installed it) I don’t see a stored message function in it. Is there another app to install?

Question 3: I don’t understand the interaction between the Openfire users and the Spark users.

As i said, i’m not sure what do you mean by ‘stored message’, but Openfire/Spark support offline messages and there is no options for that in Spark. Spark will get offline messages automatically after a login.

There is no distinction between Openfire and Spark user, it is the same. You create an account on Openfire server and then connect with that account using Spark or any other jabber/xmpp client (Pidgin, Miranda, Exodus, Psi, etc.). Spark is the client provided by the same developers as Openfire.

Problem 1: Openfire: Can’t login as users on either IE8 or Firefox 3.0.13, or 3.5.2

Not sure what are you trying to do. By default you can only login with ‘admin’ user to Openfire Admin Console.

Problem 2: Spark: Can’t log into Spark as a user (chat account) from another computer on the same network Error: "Unable to connect to “server-name”

As i said above you should rule out the firewall. “Unable to connect” probably means that Spark is refused to connect.

Thanks for the details. I have one more question after telling what I’ve done already.

Note: I was referring to offline messaging above and it does work, thanks for the syntax correction.

I read the SparkWeb How-To, installed SparkWeb and it works. I’ll probably use Spark or some other browser-based solution you have suggested later, but SparkWeb will do the job I need right now.

  • I am loggin in with server using: https://myserver:9091/sparkweb/SparkWeb.html

  • The Openfire server is configured to accept HTTP-Bind on 7070 and 7443

  • https uses SSL so that takes care of the Session layer, and I can see with netstat that ports 5222, 5229, and 9091 are used

The remaining question:

In the **SparkWeb **How-To, it appears that I have to run the **RED-5 **and set up an **HTTP-Bind on port 7443 **to get encryption on the transport layer. That said,

It seems to me that if I’m encrypted at the Session layer, and it’s higher than the Transport layer, that I’m automatically encrypted at the Transport layer anyway.

Is that correct? Are they mutually exclusive since I have to run a different instance of SparkWeb with Red-5?

Thanks again for the time and excellent support.

I cant say much about the Session/Transport stuff. As you can see in the how-to, there is another way to get SSL with the common SparkWeb (SSL support section). But i havent tested this setup, this section was added by another user. As well as the Caveats section. It says that https won’t automatically encrypt your traffic as SparkWeb is a client-side client. Your browser uses https only to download flash client to your computer and then communication is going unencrypted. You have to use http-bind with 7443 port or Red5 version. Red5 version has some additional bug fixes and features, but its development currently has been susprended too.

Thanks wroot, Your commitment to this effort is very cool. Do you sleep… ever?

I see you said either “http-bind” or Red-5.

**Questions: **

  1. Does this mean I can get encrypted traffic over port 7443 simply using the following lines in my SparkWeb.html file?

  2. Is there an advantage to using the Red-5 version that gives me something else?

  • I am not running Red-5 yet

  • I am using the bindpath variable as shown below

  • The Openfire server has http-bind turned on



As I’ve said, this is the current configuration, but with netstat, I only see ports 5222, 5229 on the client computer, and 5222,5229, and 9091 on the server. So it appears the Openfire server is ignoring the 7443 bind instruction.

Question:

  1. Do I need to install Red-5 to get that, or is there a further config of the server or SparkWeb.html file?

Thanks again

New Information:

Installed red5 and now 7070 and 7443 both work. But only on the server Openfire is installed on.

I’ll start a new thread for this red-5, remote login issue as the first discussion is resolved successfully.

Thanks for the help

pcar916 wrote:

Thanks wroot, Your commitment to this effort is very cool. Do you sleep… ever?

Occasionally

I’m from Europe btw, so it was noon when i posted my last reply.

I see that you consider this topic closed, but i will add a bit. As i said, it was another user, who said it is possible with plain SparkWeb and http-bind. I cant test this myself right now, but you can sniff your traffic and check whether your messages go encrypted or as a plain text.

“I see” said the blind man.

I only considered this thread closed because the problem has changed considerably. If it’s useful to the others on this forum to keep my remote login failure with Red5 in this thread, I’m happy to do so. Just let me know and I’ll keep it here until you tell me otherwise.

I wanted to do a little more research to see if someone else has solved this particular Red-5 login issue before I started to post newbie questions that should have some RTFM time before posting them.


I tried the http-bind simply using the SparkWeb.html as shown above, but a sniff showed that ports 7070 or 7443 were never opened by either machine until after the Red5 pluggin was installed.

Then those ports did open. As stated, I can now login perfectly on the server machine but not from another computer. Ports 7070 and 7443 do open for the remote computer, but that’s all it will do. To put it another way…

The remote computer (same netid and physically next to the server) that has no problems with the standard SparkWeb logins (thank you for that) on ports 5222/5223, but will not go past the login screen on ports http:7070 or https:7443.

The status message at the bottom of Firefox reports "Read " or "Tranferring data from " and it just stays there and eventually times-out.

Notes:

  • I restart the Openfire server after every change… sometimes twice.

  • Firefox is configured to accept both SSL and TLS

  • I disabled the firewall from the client as a test and there is no difference.

Any ideas or diagnostics?

I think it is fine to continue in this thread, although it is marked as Answered. I’m already subscribed to it, but i can miss your other thread The only issue i had with Red5 version was a firewall, i didnt open everything it needed. And maybe also a restart of Openfire was needed, but you already did that. What about 5230 port? Though it wasnt timeouting for me, as far as i remember. It was just eating my credentials and doing nothing. Are you able to test Red5 installation on http://yourserver:7070/red5/red5.html ? And do you login via yourserver:7070 port, though you probably do. Currently i’m out of the ideas. Have to sleep

Eating credentials… very good description and close enough to a bit-bucket for me. I’ll install a soft-sniffer and track the traffic between these two machines during the exchange. Don’t know if I can do that today but if a few more tries can’t make it work, then that may be the only decent option unless the considerable number of smart folks following this thread can be of assistance.

The Red5 test page comes nicely on both machines, and since all ports opened as expected, I discounted a network connection problem. Should’a said that before.

Port 5230? Do you mean for the policyFileURL: "xmlsocket://127.0.0.1:5229 line in the SparkWeb.html file? I’ll try it immediately. Although I’ve checked for port conflicts and haven’t found any so far. I haven’t tried other port numbers either, but it couldn’t hurt to plug in a few random ones that I know are free.

Since this is XP, it’s not a suspect. But if Openfire was installed on a network server I would suspect user or application file / directory permissions, especially since both the login screen and test-page are displayed properly.

And yes, I have used both 7070 and 7443. Both work on the server machine and neither works on the remote machine.

First of all, i forgot to answer your other question about the red5 features. It has some bugs of SparkWeb fixed, also some small changes like “hide the roster” button, loading URL on startup. I dont remember them all.

It seems that red5 is not working for me either. Dele (the author of red5) mentioned recently that the last red5 version has broken the SparkWeb support. Red5 is a big plugin and SparkWeb is a small part of it. I think i have tested when i upgraded to 0.1.11. But now i cant make it working. Though i cant restart this server, so maybe this is missing. Also i have noticed that i have rewritten my index.html and in the new version it indeed has 5229 port. It was 5230. But i cant revert to older version now without the older red5.war file. Btw, red5 version’s index is in openfire\plugins\red5\sparkweb\sparkweb.html and is different/ Config part looks like:

return {

httpLabel: “Ignite”,
httpURL: “http://www.igniterealtime.org”,
username: username,
password: password,
server: window.location.hostname,
port: conn == “socket” ? 5222 : window.location.port,
red5url: “rtmp:/sip”,
xmppurl: “rtmpt::8000/xmpp”,
webapp: webapp,
connectionType: conn,
connectionTLS: tls,
policyFileURL: “xmlsocket://” + window.location.hostname + “:5229”,
webcamAvatar: “false”,
visualPresence: 120,
historyChats: 2,
autologin: autologin
};

You can try changing 5229 to 5230 (also open 5230 in the firewall) and restart the server. I will be able to test this with my PC and laptop on Friday or Saturday. It seems how-to needs fixing.

Outstanding, and successful login to Red5 with the port change to 5230!

I changed the port in the …/sparkweb/index.html file (rather than SparkWeb.html, which doesn’t exist) to

policyFileURL: “xmlsocket://” + window.location.hostname + “:5230”,

As well, I am coming into Red5 with https on port 7443 rather than http on prt 7070. If I understand correctly, this and TLS gives my users both login and traffic encryption.

Interestingly, I don’t see the 5230 port open in netstat. It must be momentary. A real sniff will capture it.I’ll get a remote user to come through the firewall later in the morning.

Is there one place, or a few places, where I find all of the bugs and docs on Red5? I’d like to implement a few of these features, like the SIP phone… wish I could do that without a SIP carrier, but I must learn about that technology.

Thanks again. I know you have more pressing things to work on than an “obsolete” package. But this is cetainly why open source is so important to the world community.

pcar916 wrote:

Outstanding, and successful login to Red5 with the port change to 5230!

Great. Now i’m the lone who cant make it working Glad for you.

Interestingly, I don’t see the 5230 port open in netstat. It must be momentary.

Yeap. It only serves a crossdomain.xml policy file in the beginning of the connection.

Is there one place, or a few places, where I find all of the bugs and docs on Red5? I’d like to implement a few of these features, like the SIP phone… wish I could do that without a SIP carrier, but I must learn about that technology.
Probably Red5 section of these forums:

Ignite Realtime > Plugins and Libraries > Red5

There is a tab “Documents” and you can find some info there also. Dele is looking through this forum section, so it’s a higher chance to get his attention while asking there.

Thanks again. I know you have more pressing things to work on than an “obsolete” package. But this is cetainly why open source is so important to the world community.
Well. At some point i was thinking we could use SparkWeb, so i was investigating and testing and then thought to share my experience. Now i feel responsible for this How-to and try to keep it up to date

Good luck to you on getting yours to work… wish I could help.

I’ve been looking at Dele’s posts everywhere I could find him on several threads.

I’ve got to make this installation do actual work now but as I add a few plugins, I may need a tip now and then and will open a new thread.

SparkWeb / Red-5 solved a problem for me, and so did you, thanks again. I’ll be following development from now on.

It appears from a fairly recent post that Dele’s been working on RedFire. Although in the future, that’s neat.

Thanks again, job well done.

Just for you information. I have done some testing at home. I have a PC with Openfire and a laptop connected to that PC via Internet Connection Sharing. I was sniffing the traffic on the second network adapter of that PC, which is sharing the Internet to that laptop (Wireshark tool). And i have setup the latest Red5 version on that Openfire server and was connecting from a laptop with SparkWeb. I’m not an expert in sniffing, but i cant see any difference between connection to http 7070 and https 7443. The same packets. If SSL is enabled on server, then in both cases messages are encrypted. Although it seems that you have to enable both Old SSL and TLS on Openfire. If i just require TLS and set Old SSL to not available, then i cant connect. The point to use https 7443 in that case would be if you have a certificate signed by some authority, so users would be more protected from domain spoofing. That is if your users are connecting from the Internet. In the local LAN i think 7070 and SSL enabled on server is enough. Too much hustle with adding self-signed cert to the exceptions

And yes, i had to change policy file port to 5230 in my config. Maybe this is some mistake Dele has made in the latest versions, or maybe Openfire is not doing what he is expecting (fetching the file on the 5229 port instead).

So, i have it working and i think at work i only need to restart my Openfire to fix it. But we currently dont need SparkWeb and it would be a pitty to break my 112 days uptime record because of that

Now i’ll edit my How-to a bit.

I’ll do some sniffing over the next few days and report back if there are any more interesting behaviors in my implementation. On the face of it…

It seems to me that there should be a difference between http and https packets, although that may only be during the login sequence if TLS isn’t turned on in Openfire. I’ll also try to get some reading done, perhaps in the RFP’s, to see what the packet fields are supposed to look like. I haven’t done that yet and I’m not sure I’ll know exactly what I’m looking at.

112 days of uptime… wow. I wouldn’t restart it either. Something else might break!