non-SASL (obsolete XEP-0078)

Hi, the Soapbox Race community uses openfire server to run the game “Need for Speed World - EA Games”.

The game uses jabber:iq:auth protocol to login (XEP-0078).

We don’t know why (probably EA modfications tyring to avoid hackers inside their old jaber server), but the game only authenticate to Openfire server if the “mechanisms tag” is not present.

Even if all SASL mechs are disabled inside server configs, there’s the empty mechanisms tag, and the game doesn’t like it…

Today, our workaround (since Openfire 4.0.2) we modded the SASLAuthentication class, method getSASLMechanisms to return empty string.

Actual Openfire version we use Non-SASL Auth plugin, and that SASLAuthentication modded class. With all SASL methods disabled.

My suggestion today is something like this (check if there are available SASL mechs before)

public static String getSASLMechanisms( LocalSession session )
    {
        Set<String> supportedMechanisms = getSupportedMechanisms();
        if(supportedMechanisms.isEmpty()){
            return "";
        }
        if ( session instanceof ClientSession )
        {
            return getSASLMechanismsElement( (ClientSession) session ).asXML();
        }
        else if ( session instanceof LocalIncomingServerSession )
        {
            return getSASLMechanismsElement( (LocalIncomingServerSession) session ).asXML();
        }
        else
        {
            Log.debug( "Unable to determine SASL mechanisms that are applicable to session '{}'. Unrecognized session type.", session );
            return "";
        }
    }

I’m not sure if that will break the new specs, just a suggestion, another workaround can be some property like “sasl.hide.mechtag=true” (default false)

Thanks for reading this, we love your project.

That seems like an easy option to add. I like going with the property best. I’ve raised this issue in our tracker for this: https://issues.igniterealtime.org/browse/OF-2072

I’ve created a PR with changes for this feature in https://github.com/igniterealtime/Openfire/pull/1698

1 Like

AWESOME! thanks a lot, that will solve our problem.

Can you test it before we merge? That’d make sure that we don’t need any follow-up commits.

Sure, I’m preparing here to test

1 Like

Done, just added sasl.client.suppressEmpty=true and worked. Thanks

Great, thanks! This change will be part of Openfire 4.6.0! I hope this helps your community!

1 Like

After the move to Netty Non-SASL stopped working.
I filed an issue on the plugins github page along with some log output.

Thanks for reporting this. There indeed is a compatibility issue with the Non-SASL plugin and Openfire 4.8.0 (but I do not think it relates to Netty).

I’ve got a fix in the works: fixes #5: Compatibility with Openfire 4.8.0 by guusdk · Pull Request #6 · igniterealtime/openfire-nonSaslAuthentication-plugin · GitHub

Are you able to test that?

I can test it later today if a .jar is produced with your changes :slight_smile:

Try the latest snapshot release (from the table at the bottom-half of the page) from Ignite Realtime: Openfire Plugins

It’s working like it should. You can push it to release if you’d like.
Thanks a lot, @guus! You rock! :blush:

1 Like

Thanks for the quick test! The new release is now available: https://discourse.igniterealtime.org/t/non-sasl-authentication-openfire-plugin-1-1-0-released/