powered by Jive Software

SASL authentication issue with Openfire built from sources


I have a Java client which connects to Openfire on my server. When I run Openfire 4.0.1 with the build provided by Igniterealtime, I can connect and log in from the client with no issue. However, I need some changes, so I edited the sources from Github (4.1.0 beta), which I compile correctly. When I run the exact same client with exact same login credentials, I can establish the connection to the server, but the authentication fails (not-authorized).

For the client, I use Smack library, with following Gradle settings:

compile group: ‘org.igniterealtime.smack’, name: ‘smack-core’, version: ‘4.1.7’

compile group: ‘org.igniterealtime.smack’, name: ‘smack-tcp’, version: ‘4.1.7’

compile group: ‘org.igniterealtime.smack’, name: ‘smack-extensions’, version: ‘4.1.7’

compile group: ‘org.igniterealtime.smack’, name: ‘smack-java7’, version: ‘4.1.7’

compile group: ‘org.igniterealtime.smack’, name: ‘smack-sasl-provided’, version: ‘4.1.7’

All properties on the server build from the sources or from package are the same.

What am I missing ?

Thank you in advance.

make sure your client is actually trying to using a sasl authentication method and not a non-sasl, like iq auth. Non sasl is now disabled by default with the 4.1 branch. If you need to restore non-sasl authentication, I think there is a plugin for it

I think it is SASL, but I am not sure, because I see also some iq-auth below (in bold) in what is shown in debug mode in the client:

11:12:11 PM SENT (0): <stream:stream xmlns=‘jabber:client’ to=‘myserver’ xmlns:stream=‘http://etherx.jabber.org/streams’ version=‘1.0’ from=‘me@myserver’ xml:lang=‘en’>

11:12:12 PM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream=“http://etherx.jabber.org/streams” xmlns=“jabber:client” from=“myserver” id=“aaw8zd98up” xml:lang=“en” version=“1.0”>

11:12:12 PM RECV (0): stream:featuresPLAINSCRAM-SHA-1CRAM-MD5DIGEST-MD5</me chanism>zlib<auth xmlns=“http://jabber.org/features/iq-auth”/></stream:features>

11:12:12 PM SENT (0): biwsbj1ndWlsbGF1bWUscj0kXklRMTItOChbcn4pQ3VtYHghVTRBPDV fLXx5XSdERg==

11:12:12 PM RECV (0):

On the server side, the following messages appear:

debug log:

2016.07.11 23:12:15 org.jivesoftware.openfire.nio.NIOConnection - Error delivering packet:

warn log:

2016.07.11 23:12:12 org.jivesoftware.openfire.net.SASLAuthentication - An unexpected exception occurred during SASL negotiation. Affected session: org.jivesoftware.openfire.session.LocalClientSession@2286d587 status: 1 address: /aaw8zd98up id: aaw8zd98up presence:

java.lang.ClassCastException: java.lang.Boolean cannot be cast to java.lang.String

Any help appreciated !

sorry…somehow I missed that that you’re using smack 4.1.x with your client. ( i really need to get some sleep and/or pay more attention!) I believe removed non-sasl authentication types, so that’s unlikely your issue.

I tried with the sources of Openfire 4.0.2 and it works just fine.

The problem lies with Openfire 4.1.0beta somehow.

This seems to be what kills Samsung Galaxy S8s from connecting