powered by Jive Software

Openfire only offers PLAIN SASL Authentication

Hello, I am currently trying to create an Android Client to connect to an Openfire 4.2.1 server using the Smack 4.2.2 library.

Establishing an connection to the server works without any problems, but the authentication always fails with the exception: org.jivesoftware.smack.sasl.SASLErrorException: SASLError using PLAIN: not-authorized

So I tried switching to a different authentication mechanism by blacklisting “PLAIN” on my client. But when doing this I get the following exception:

org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: [PLAIN]. Registerd SASL mechanisms with Smack: [SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 210, SASL Mech: DIGEST-MD5, Prio: 210, SASL Mech: PLAIN, Prio: 410, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: ANONYMOUS, Prio: 500, SASL Mech: EXTERNAL, Prio: 510]. Enabled SASL mechansisms for this connection: null. Blacklisted SASL mechanisms: [PLAIN, SCRAM-SHA-1, SCRAM-SHA-1-PLUS].

As you can see, the Openfire server doesn’t seem to support any other mechanism than PLAIN. But according to my server configuration at least “SCRAM-SHA-1” should be supported.

When connecting to my local Openfire server (localhost) the mechanism used is SCRAM-SHA-1 and it works perfectly. But somehow the remote server doesn’t support it?

I am configuring my Connection on my client as following:

        XMPPTCPConnectionConfiguration.Builder config = XMPPTCPConnectionConfiguration
                .builder();
        config.setXmppDomain("myDomain");
        config.setHost("myHost");
        config.setPort(5222);
        config.setDebuggerEnabled(true);
        XMPPTCPConnection.setUseStreamManagementResumptionDefault(true);
        XMPPTCPConnection.setUseStreamManagementDefault(true);
        config.setSecurityMode(ConnectionConfiguration.SecurityMode.required);
        config.setSendPresence(true);

        try {
            TLSUtils.acceptAllCertificates(config);
            TLSUtils.disableHostnameVerificationForTlsCertificates(config);
        } catch (NoSuchAlgorithmException | KeyManagementException e) {
        }

        SASLMechanism mechanism = new SASLDigestMD5Mechanism();
        SASLAuthentication.registerSASLMechanism(mechanism);
        SASLAuthentication.unBlacklistSASLMechanism("SCRAM-SHA-1");
        SASLAuthentication.unBlacklistSASLMechanism("PLAIN");

        connection = new XMPPTCPConnection(config.build());
        XMPPConnectionListener connectionListener = new XMPPConnectionListener();
        connection.addConnectionListener(connectionListener);

Then I’m just calling connection.login(loginUser, passwordUser);

Why doesn’t Openfire allow any SASL mechanism other than ‘PLAIN’?