Openfire 5.0.4 Clustered with Hybrid Auth - Exceptions

slmc_tech · April 23, 2026, 3:10pm

Have updated openfire to the last version 5.0.4 and we are running a cluster with hybrid auth (AD and Local Auth). The administration gui of the server has become unreachable and we are getting the following exception:

“java.lang.AbstractMethodError: Receiver class org.jivesoftware.openfire.plugin.util.cache.ClusteredCache does not define or inherit an implementation of the resolved method 'abstract java.util.concurrent.locks.Lock getLock(java.io.Serializable)' of interface org.jivesoftware.util.cache.Cache.
	at org.jivesoftware.util.cache.CacheWrapper.getLock(CacheWrapper.java:157)
	at org.jivesoftware.database.SequenceManager.nextUniqueID(SequenceManager.java:166)
	at org.jivesoftware.database.SequenceManager.nextID(SequenceManager.java:89)
	at org.jivesoftware.openfire.security.DefaultSecurityAuditProvider.logEvent(DefaultSecurityAuditProvider.java:68)
	at org.jivesoftware.openfire.security.SecurityAuditManager.logEvent(SecurityAuditManager.java:110)
	at org.jivesoftware.admin.LoginLimitManager.recordSuccessfulAttempt(LoginLimitManager.java:179)
	at org.jivesoftware.openfire.admin.login_jsp.\_jspService(login_jsp.java:276)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:64)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
	at org.eclipse.jetty.ee8.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1160)
	at org.eclipse.jetty.ee8.servlet.ServletHolder.handle(ServletHolder.java:649)
	at org.eclipse.jetty.ee8.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1374)
	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:72)
	at org.eclipse.jetty.ee8.servlet.FilterHolder.doFilter(FilterHolder.java:171)
	at org.eclipse.jetty.ee8.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1348)
	at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:73)
	at org.eclipse.jetty.ee8.servlet.FilterHolder.doFilter(FilterHolder.java:171)
	at org.eclipse.jetty.ee8.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1348)
	at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:38)
	at org.eclipse.jetty.ee8.servlet.FilterHolder.doFilter(FilterHolder.java:171)
	at org.eclipse.jetty.ee8.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1348)
	at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:170)
	at org.eclipse.jetty.ee8.servlet.FilterHolder.doFilter(FilterHolder.java:171)
	at org.eclipse.jetty.ee8.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1348)
	at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:290)
	at org.eclipse.jetty.ee8.servlet.FilterHolder.doFilter(FilterHolder.java:177)
	at org.eclipse.jetty.ee8.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1348)
	at org.jivesoftware.admin.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:53)
	at org.eclipse.jetty.ee8.servlet.FilterHolder.doFilter(FilterHolder.java:171)
	at org.eclipse.jetty.ee8.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1348)
	at org.eclipse.jetty.ee8.servlet.ServletHandler.doHandle(ServletHandler.java:454)
	at org.eclipse.jetty.ee8.nested.ScopedHandler.handle(ScopedHandler.java:119)
	at org.eclipse.jetty.ee8.security.SecurityHandler.handle(SecurityHandler.java:497)
	at org.eclipse.jetty.ee8.nested.HandlerWrapper.handle(HandlerWrapper.java:108)
	at org.eclipse.jetty.ee8.nested.ScopedHandler.nextHandle(ScopedHandler.java:183)
	at org.eclipse.jetty.ee8.nested.SessionHandler.doHandle(SessionHandler.java:519)
	at org.eclipse.jetty.ee8.nested.ScopedHandler.nextHandle(ScopedHandler.java:181)
	at org.eclipse.jetty.ee8.nested.ContextHandler.doHandle(ContextHandler.java:885)
	at org.eclipse.jetty.ee8.nested.ScopedHandler.nextScope(ScopedHandler.java:152)
	at org.eclipse.jetty.ee8.servlet.ServletHandler.doScope(ServletHandler.java:423)
	at org.eclipse.jetty.ee8.nested.ScopedHandler.nextScope(ScopedHandler.java:150)
	at org.eclipse.jetty.ee8.nested.SessionHandler.doScope(SessionHandler.java:503)
	at org.eclipse.jetty.ee8.nested.ScopedHandler.nextScope(ScopedHandler.java:150)
	at org.eclipse.jetty.ee8.nested.ContextHandler.doScope(ContextHandler.java:830)
	at org.eclipse.jetty.ee8.nested.ScopedHandler.handle(ScopedHandler.java:117)
	at org.eclipse.jetty.ee8.nested.ContextHandler.handle(ContextHandler.java:1443)
	at org.eclipse.jetty.ee8.nested.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1290)
	at org.eclipse.jetty.ee8.nested.HttpChannel.dispatch(HttpChannel.java:617)
	at org.eclipse.jetty.ee8.nested.HttpChannel.handle(HttpChannel.java:460)
	at org.eclipse.jetty.ee8.nested.ContextHandler$CoreContextHandler$CoreToNestedHandler.handle(ContextHandler.java:2512)
	at org.eclipse.jetty.server.handler.ContextHandler.handle(ContextHandler.java:1071)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:151)
	at org.eclipse.jetty.server.Handler$Sequence.handle(Handler.java:805)
	at org.eclipse.jetty.server.Server.handle(Server.java:182)
	at org.eclipse.jetty.server.internal.HttpChannelState$HandlerInvoker.run(HttpChannelState.java:677)
	at org.eclipse.jetty.server.internal.HttpConnection.onFillable(HttpConnection.java:416)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:322)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99)
	at org.eclipse.jetty.io.ssl.SslConnection$SslEndPoint.onFillable(SslConnection.java:612)
	at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:413)
	at org.eclipse.jetty.io.ssl.SslConnection$2.succeeded(SslConnection.java:155)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:99)
	at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:480)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:443)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:293)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:201)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:311)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:981)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1211)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1166)
	at java.base/java.lang.Thread.run(Thread.java:1583)“

Could someone have a look at this and provide some guidance on how to make this work?

I thank you in advance for your time.

slmc_tech · April 24, 2026, 7:16am

@guus @akrherz Can anyone from the core development team look into this? We are practically stuck in 4.9.2 because the 5.0.x version seems to be defective. A few months back we had another go at updating and again the server was not working. This is the thread from then: Openfire 4.9.2 -> 5.01 unable to register clients I suspect that there are some serious issues with the changes made when transitioning to the new code. Currently we have no access to the administration console and no client can register. As discussed this is a hybrid-auth system. The server seems to be running though.

If there is no chance for someone to look into this anytime soon please let us know so that we roll back to the previous working version.

slmc_tech · April 24, 2026, 8:32am

We will keep on posting in an effort to assist here. The inverse plugin is not available in 5.0.4 also Pade is apparently throwing exceptions with this version. @Dele_Olajide I don’t know if there is another version of Pade that is compatible with this version of openfire. Also let’s note that hybrid auth is not working. No client coming from ldap can register with the service and no admin accounts of course. And again clustering is not working.

This is the error that Spark is giving to all users trying to register:

org.jivesoftware.smack.sasl.SASLErrorException: SASLError using SCRAM-SHA-1: not-authorized
at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:286)
at org.jivesoftware.smack.AbstractXMPPConnection.lambda$new$2(AbstractXMPPConnection.java:407)
at org.jivesoftware.smack.NonzaCallback$ClassAndConsumer.accept(NonzaCallback.java:177)
at org.jivesoftware.smack.NonzaCallback$ClassAndConsumer.access$200(NonzaCallback.java:166)
at org.jivesoftware.smack.NonzaCallback.onNonzaReceived(NonzaCallback.java:46)
at org.jivesoftware.smack.AbstractXMPPConnection.parseAndProcessNonza(AbstractXMPPConnection.java:1440)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1700(XMPPTCPConnection.java:131)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1010)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:916)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:939)
at java.lang.Thread.run(Unknown Source)

Dele_Olajide · April 24, 2026, 12:01pm

Unfortunately, I don’t use Pade anymore and unable to support the code any further. The GitHub project is archived. If you want to use Jitsi Meet with Openfire, then Openfire Meetings (ofmeet) plugin is what you need. I also don’t use Jitsi anymore, but I still support the ofmeet plugin in my very, very limited available time.

Inverse plugin should work with latest Openfire 5.0.4. Check your logs. It does not have an upper version limit and is specified to work with 5.0.0 and above.

slmc_tech · April 24, 2026, 12:47pm

Inverse won’t even install. It is simply flagged as not compatible. Dele have you moved to another solution for meetings? You don’t do any more Webrtc?

guus · April 24, 2026, 1:41pm

Hi Stathis,

I noticed that you’ve been @-mentioning individuals to draw their attention. I understand the intent, but we generally discourage this. It can come across as placing an expectation on specific people to respond, while in reality everyone here participates on a voluntary basis and contributes when they can.

If you’re dealing with something urgent and need guaranteed assistance, you might want to consider one of the commercial support options listed here:

Regarding the stack trace you shared earlier: it suggests that Openfire is running with a version of the Hazelcast (clustering) plugin that is not compatible with the server version you upgraded to. This kind of AbstractMethodError typically points to a mismatch between core and plugin APIs.

Could you confirm the exact versions of Openfire and the Hazelcast plugin that you’re using? That will help narrow down the issue.

slmc_tech · April 24, 2026, 3:14pm

Thanks for the feedback. I apologize if this created an issue. I think the key issue here is that hybrid authentication is not working. The installed hazelcast plugin is the latest available. But more importantly users cannot register. I understand that this is purely voluntary but it does not make a lot of sense to keep on developing a product (I mean coming up with new versions etc) when there appears to be a core issue with user registration. I think my comments would be beneficial to anyone spending time on this. I think it is important to test hybrid auth in a lab and see the issues that come up. There is really very little that i can do besides pointing out very obvious issues from users perspective.