Openfire Authentication


I downloaded Openfire 3.7 and installed successfully in a MySQL Schema

I want to authenticate my users from another tables instead of “OFUSER” table.

Please Help in resolving this issue

1 Like

hi Michael

i tried all possible combinations …it was not successful

a) i kept both tables in different schemas, as well as in same schema

b) added configproperties in XML file as well as tried by adding properties in Admin Console

i am not able to authenticate user from chat client…

can u please provide the exact details

at present mysql, openfire are on same machine…authentication table is in diff schema and openfire is in diff schema

I am having same problem: I tried following the ‘Custom Database Integration Guide’ and found that any entries I put into the conf file were removed automatically and put into the ofProperties table. Also the JDBC doesn’t seem to relate to the latest version.

Tried various different options using defaultAuthProvider instead of jdbcAuthProvider which the docs says to use and that doesn’t pick up the property. Also then tried other way round - changing the AuthProvider to be JDBC which then appears to change BUT doesn’t find the properties and finds some weird defaults.

Stuck… like you…



I found the following error in my Openfire log

Exception in JDBCAuthProvider

java.sql.SQLException: Access denied for user ‘root’@‘localhost’ (using password: NO)

i have added

jdbcProvider.driver = com.mysql.jdbc.Driver



provider.auth.className= org.jivesoftware.openfire.auth.JDBCAuthProvider

and i have already set passwordSQL and passwordType also

from admin console

I Think mysql is not connecting to this schema

how to resolve this…

i think i have to pass the connectionString in a different way;

any help

Its working now

Same Schema or Other Schema it wont matter

OK, so what did you do to make it work?

I tied the extra things you did - put into ofProperty table rather than the conf file… but stuff in the conf file gets moved to the ofProperty table anyway… doesn’t it?

The only message I now get is

User Login Failed. PLAIN authentication failed for: xxxxxxxxxxxx

But I have authentication set for sha256…



It seems passwordType is PLAIN…

i suggest u to do not put anything in XML file inside conf directory…if possible revert back to the original openfire.xml file…

Then login through admin console as Admin user…

provider.auth.className is by default DefaultAuthProvider (for admin user)

u got to change this to JDBCAuthProvider

i directly edited values from MySQL command line…with UPDATE statements on ofProperty Table

when u edit directly from mysql command line … only remove the extra “amp;” from connection String

add jdbcAuthProvider.passwordSQL = “” (your sql)

add jdbcAuthProvider.passwordType=“sha256”

then try logging in …

Note: I hope u already know this…u have to login from a XMPP Client not from Admin Console

for test purpose u can use XIFF GUI DEMO app

I have the properties set as you say,

dbcAuthProvider.passwordSQL is SELECT shapw FROM users WHERE id=?

jdbcAuthProvider.passwordType is sha265

I get the error (in info.log, nothing in error.log)

User Login Failed. PLAIN authentication failed for: xxxxxxxxxxxxxx

If I change passwordType to SHA256

I get

No enum const class org.jivesoftware.openfire.auth.JDBCAuthProvider$PasswordType.SHA256

Which would imply that openfire is picking up the property jdbcAuthProvider.passwordType from the mySQL table and attempting to use it, but not correctly.

I’ve also tried putting single and double quotes around the property values and around the ? in the SQL. I’ve also tried backticks around the column and table names in the SQL. No difference. I also tried changing to md5, also no difference the result always the same.

I wish I could set on debugging to see more information…



Further attempts:

When I change passwordType to plain and then put a plain text password into the table it works, but as soon as I change it it to sha256 it then says plain text failed… weird. Maybe the info.log is reporting something wrongly.

OK… found the problem. How to pass the salt to openfire. If I do sha256 without any salt it works, but no way to pass the salt to openfire. I feel silly about it - should have thought, but this is a security problem for openfire.



There is a property “passwordKey” in Server Properties in ofproperty Table

they are using passwordKey to decrypt the encrypted password

Try adding “passwordKey” as salt…

also have look at “user.usePlainPassword” in the following link


refer this

I hope it helps

Thanks for that link - it is very helpful.

That wouldn’t help in our case as (is best practice in hash tables) we use a unique salt for each password. This salt is held in the table as a separate column, so the key/salt has to be passed as a SQL query not a value. The best solution would be for the SQL query for the sha256 hash to resturn two values - the hashed password and the salt.

I will try to get a Java programmer to look at the source and see how to fix it.

At least I now know the problem. I would actually like a way to implement dual factor authentication (which is our default)… any thoughts on that?

We do it through web services, but cannot see web service calls as available authentication method yet in openfire.

Actually i gone through the code of Openfire…they are using this passwordKey value for encrypting and decrypting…

They are also generating a random Long number to encrypt a password (Blowfish Algorithm)

they have a function called cipher.encryptString(password) in

that function inturn calls encStr(pasword, randomgeneratedlongvalue)

It is complex…i think the openfire guys should come up here for help…

1 Like