SCRAM Exception with postgres

WoistdasNiveau · May 7, 2024, 5:44pm

Dear Community!

I have set up the openfire.xml the followign way. The logs also do not indicate any possible interference between the xml and the properties stored in the database. Everytime i log in, i get following exception. I tried adding a passwordType tag with the SHA version and stuff but nothing works. How can i fix this?

Exception:
java.lang.RuntimeException: org.postgresql.util.PSQLException: The server requested SCRAM-based authentication, but no password was provided.
	at org.jivesoftware.openfire.admin.JDBCAdminProvider.getAdmins(JDBCAdminProvider.java:147)
	at org.jivesoftware.openfire.admin.AdminManager.loadAdminList(AdminManager.java:121)
	at org.jivesoftware.openfire.admin.AdminManager.isUserAdmin(AdminManager.java:233)
	at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:257)
	at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
	at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1419)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
	at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1665)
	at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:65)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
	at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:73)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
	at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:49)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
	at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:174)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
	at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:292)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:210)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
	at org.jivesoftware.admin.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:53)
	at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:202)
	at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1635)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:527)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:598)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:149)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
	at org.eclipse.jetty.server.Server.handle(Server.java:563)
	at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
	at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
	at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.produce(AdaptiveExecutionStrategy.java:193)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: org.postgresql.util.PSQLException: The server requested SCRAM-based authentication, but no password was provided.
	at org.postgresql.core.v3.ConnectionFactoryImpl.lambda$doAuthentication$4(ConnectionFactoryImpl.java:843)
	at org.postgresql.core.v3.AuthenticationPluginManager.withPassword(AuthenticationPluginManager.java:82)
	at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:840)
	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:207)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:262)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:54)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:273)
	at org.postgresql.Driver.makeConnection(Driver.java:446)
	at org.postgresql.Driver.connect(Driver.java:298)
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:681)
	at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:252)
	at org.jivesoftware.openfire.admin.JDBCAdminProvider.getConnection(JDBCAdminProvider.java:198)
	at org.jivesoftware.openfire.admin.JDBCAdminProvider.getAdmins(JDBCAdminProvider.java:132)
	... 59 more

Edit: As the xml file wont show correctly, i have posted it in an aswer below.

WoistdasNiveau · May 7, 2024, 5:45pm

As the post is buggy somehow, i will psot the xml here:

<?xml version="1.0" encoding="UTF-8"?>

<!--
    This file stores bootstrap properties needed by Openfire.
    Property names must be in the format: "prop.name.is.blah=value"
    That will be stored as:
        <prop>
            <name>
                <is>
                    <blah>value</blah>
                </is>
            </name>
        </prop>

    Most properties are stored in the Openfire database. A
    property viewer and editor is included in the admin console.
-->
<!-- root element, all properties must be under this element -->
<jive> 
  <adminConsole> 
    <!-- Disable either port by setting the value to -1 -->  
    <port>9090</port>  
    <securePort>9091</securePort> 
  </adminConsole>  
  <locale>en</locale>  
  <!-- Network settings. By default, Openfire will bind to all network interfaces.
      Alternatively, you can specify a specific network interfaces that the server
      will listen on. For example, 127.0.0.1. This setting is generally only useful
       on multi-homed servers. -->  
  <!--
    <network>
        <interface></interface>
    </network>
    -->  
  <!--
        One time token to gain temporary access to the admin console.
    -->  
  <!--
    <oneTimeAccessToken>secretToken</oneTimeAccessToken>
    -->  
  <connectionProvider> 
    <className>org.jivesoftware.database.DefaultConnectionProvider</className> 
  </connectionProvider>  
  <database> 
    <defaultProvider> 
      <driver>org.postgresql.Driver</driver>  
      <serverURL>jdbc:postgresql://BackendPostgres:5432/app</serverURL>  
      <username encrypted="true">1ab47a1bd3eba04e2f4049885a23cb08b8e9e8f016fd0def3196bf4ba170915a</username>  
      <password encrypted="true">f5ab33efffa3271bd7db494b302a92cfaf469a1bd11bd11d96cf0d1dd4b71cac2cd1d23cdd99071b0a686ac49d775abc</password>
      <testSQL>select 1</testSQL>  
      <testBeforeUse>true</testBeforeUse>  
      <testAfterUse>false</testAfterUse>  
      <testTimeout>PT0.5S</testTimeout>  
      <timeBetweenEvictionRuns>PT30S</timeBetweenEvictionRuns>  
      <minIdleTime>PT15M</minIdleTime>  
      <maxWaitTime>PT0.5S</maxWaitTime>  
      <minConnections>5</minConnections>  
      <maxConnections>25</maxConnections>  
      <connectionTimeout>1.0</connectionTimeout> 
    </defaultProvider> 
  </database>  
  <setup>true</setup>  
  <fqdn>local</fqdn>  
  <provider/>  
  <provider> 
    <user> 
      <className>User_Entity</className> 
    </user> 
  </provider>  
  <JDBCProvider> 
    <driver>org.postgresql.Driver</driver>  
    <serverURL>jdbc:postgresql://BackendPostgres:5432/app</serverURL>  
    <username encrypted="true">1ab47a1bd3eba04e2f4049885a23cb08b8e9e8f016fd0def3196bf4ba170915a</username>  
    <password encrypted="true">f5ab33efffa3271bd7db494b302a92cfaf469a1bd11bd11d96cf0d1dd4b71cac2cd1d23cdd99071b0a686ac49d775abc</password>
    <testSQL>select 1</testSQL>  
    <testBeforeUse>true</testBeforeUse>  
    <testAfterUse>false</testAfterUse>  
    <testTimeout>PT0.5S</testTimeout>  
    <timeBetweenEvictionRuns>PT30S</timeBetweenEvictionRuns>  
    <minIdleTime>PT15M</minIdleTime>  
    <maxWaitTime>PT0.5S</maxWaitTime>  
    <minConnections>5</minConnections>  
    <maxConnections>25</maxConnections>  
    <connectionTimeout>1.0</connectionTimeout> 
  </JDBCProvider>  
  <Provider> 
    <admin> 
      <className>org.jivesoftware.openfire.admin.JDBCAdminProvider</className> 
    </admin>  
    <user> 
      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className> 
    </user>  
    <auth> 
      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className> 
    </auth> 
  </Provider>  
  <JDBCAdminProvider> 
    <getAdminsSQL>SELECT username FROM user_entity WHERE role_id=1</getAdminsSQL> 
  </JDBCAdminProvider> 
</jive>

WoistdasNiveau · May 11, 2024, 11:17am

In the logs there is this line:

2024.05.07 17:39:51.193 e[32mINFO e[m [main]: org.jivesoftware.openfire.net.SASLAuthentication - Support added for the 'SCRAM-SHA-1' SASL mechanism.

Could this cause the problem as Postgres wants scram-sha-256 authentication and this only provides -1 with a lower number of bits to encrypt the data?