Timeout issue while using PLAIN SASL mechanism for http-bind call

shubham · January 30, 2026, 11:50am

Currently, I am upgrading openfire from 4.8.3 to 5.0.3. However, after upgrading, I am facing timeout issues in http-bind call.
On checking trace log for http-bind call, I see this issue:

2026-01-21T23:46:46.194+0000 e[30mTRACEe[m [Jetty-QTP-BOSH-68]: org.jivesoftware.openfire.http.HttpSession - Session 41b5tax4nb Request ID 1898424996, event timeout: org.eclipse.jetty.ee8.nested.AsyncContextEvent@77ac4ff6. Returning an empty response.
2026-01-21T23:46:46.194+0000 e[30mTRACEe[m [Jetty-QTP-BOSH-68]: org.jivesoftware.openfire.http.HttpSession - Delivering 1 deliverables to the client on session 41b5tax4nb, using connection with RID 1898424996
2026-01-21T23:46:46.194+0000 e[32mINFO e[m [Jetty-QTP-BOSH-68]: org.jivesoftware.openfire.http.HttpBindServlet - HTTP SENT(41b5tax4nb):
2026-01-21T23:46:46.195+0000 e[30mTRACEe[m [Jetty-QTP-BOSH-68]: org.jivesoftware.openfire.http.HttpSession - Session 41b5tax4nb Request ID 1898424996, event complete: org.eclipse.jetty.ee8.nested.AsyncContextEvent@77ac4ff6

Due to the timeout, I am receiving empty response like below:

<body xmlns='http://jabber.org/protocol/httpbind' ack='1967845331'></body>

instead of

<body xmlns='http://jabber.org/protocol/httpbind' ack='1967845331'><success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/></body>

Is there a way through which I can ensure that I get success tag everytime? Maybe some openfire configuration that can be set from Admin console.

Let me also share the details of http-bind calls:

URL : https://test-env-1.com/http-bind/?jid=test_user
Method : POST

Payload :
<body rid='2233311542' xmlns='http://jabber.org/protocol/httpbind' to='openfire' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>

Response :
<body xmlns="http://jabber.org/protocol/httpbind" xmlns:stream="http://etherx.jabber.org/streams" from="openfire" authid="6sql5c039b" sid="6sql5c039b" secure="true" requests="2" inactivity="30" polling="5" wait="60" hold="1" ack="2233311542" maxpause="300" ver="1.6">
	<stream:features>
		<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
			<mechanism>PLAIN</mechanism>
		</mechanisms>
		<register xmlns="http://jabber.org/features/iq-register" />
		<bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
		<session xmlns="urn:ietf:params:xml:ns:xmpp-session">
			<optional />
		</session>
	</stream:features>
</body>

URL : https://test-env-1.com/http-bind/?jid=test_user
Method : POST
 
Payload : 
<body rid='2233311543' xmlns='http://jabber.org/protocol/httpbind' sid='6sql5c039b'><auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>bKLubmFoXasd2FkbWluXzEwaAwMDAwMDAwMDAwMDAwMUBvcGVuZmlyZQBoYW5uYxAGU3OTI3Y2NhasdWRlZjEtNDVlVS05NEI0LTRhYThmZDI3NjkzWR==</auth></body>

Response : 
<body xmlns='http://jabber.org/protocol/httpbind' ack='2233311543'><success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/></body>

In above HTTP call, the text under tag is random one and not the exact one that is generated.

This below success message is not getting returned due to timeout. I want this to be returned as part of response.

 <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>

Let me know if any other details are needed.

guus · February 3, 2026, 4:27pm

Hi Shubham, I’m sorry to hear that you’re running into this. In the data that you provide, the response does contain a <success> element. I think you mean to show an example where that is not the case?

I suspect that you manually modified the examples to exclude certain sensitive data (such as passwords). In my experience, doing these manual modifications very frequently introduces unexpected changes that make a correct analysis completely impossible. Can you please resubmit the actual data? Perhaps you can use a test account with test credentials that you destroy immediately afterwards, so that no important secrets are shared.

Apart from the above:

why is there a jid query parameter in your request? I don’t think Openfire uses this at all
have you tried making a new HTTP request after receiving the timeout? I would be interested in finding out if the second request does get the expected response.

guus · February 3, 2026, 7:00pm

I’ve tried to reproduce the error with two sequential CURL commands issued against Openfire (latest development version) running the ‘demoboot’ configuration (which automatically provisions the server with the domain name example.org and a couple of users, amongst which john with password secret).

guus@octarine:/tmp$ curl -X POST http://example.org:7070/http-bind/ \
  --data "<body rid='2233311542' xmlns='http://jabber.org/protocol/httpbind' to='openfire' xml:lang='en' wait='60' hold='1' content='text/xml; charset=utf-8' ver='1.6' xmpp:version='1.0' xmlns:xmpp='urn:xmpp:xbosh'/>"
<body xmlns="http://jabber.org/protocol/httpbind" xmlns:stream="http://etherx.jabber.org/streams" from="example.org" authid="8vidc09d3c" sid="8vidc09d3c" secure="true" requests="2" inactivity="30" polling="5" wait="60" hold="1" ack="2233311542" maxpause="300" ver="1.6"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism><mechanism>SCRAM-SHA-1</mechanism></mechanisms><register xmlns="http://jabber.org/features/iq-register"/><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session></stream:features></body>

guus@octarine:/tmp$ curl -X POST http://example.org:7070/http-bind/ \
  --data "<body rid='2233311543' xmlns='http://jabber.org/protocol/httpbind' sid='8vidc09d3c'><auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>AGpvaG4Ac2VjcmV0</auth></body>"
<body xmlns='http://jabber.org/protocol/httpbind' ack='2233311543'><success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/></body>

This to me looks like the expected result: a successful authentication attempt.