Openfire v4.8.0 and v4.9.1 EXTERNAL SASL not working

Hello there,

We have configured the EXTERNAL sasl mechanism on v4.7.5, running on jdk11 and it is working fine.

After a bump version to the latest version of Openfire (v4.9.1), our users cannot login anymore, and we don’t have any specific logs stating why they can’t connect.

We have a xmpp client microservice running with smack v4.3.4 and we have this error:

java.lang.IllegalStateException: EXTERNAL authentication already completed, maybe concurrent connection for the same jid/resource?

Is anyone facing this issue?

Thanks

This is the first time that I hear of it, but I don’t often get contacted by people using TLS-based authentication with clients.

I’ve looked through the source code of Smack. Version 4.3.4 (nor the latest version) seem to contain that specific error message. Could it be thrown by proprietary code?

Java offers a couple of options that let it generate pretty verbose TLS debug logs. Maybe using that helps you find the cause of your problem. See for example: Debugging SSL/TLS connections