Finding when I’m creating or using upper case user names, that this information is set to lower case. It becomes an issue when authenticating against an external database, where case sensitivity is an issue*1. Is there a OPF setting that allows case distinction for this?
Thanks,
BEA
2008.11.13 11:47:35 SaslException
javax.security.sasl.SaslException: PLAIN authentication failed [Caused by javax.security.sasl.SaslException: PLAIN: user not authorized: SlicerTester]
at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:145)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :231)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:160)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:133)
at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:185)
at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)
at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)
at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)
at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)
at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.sasl.SaslException: PLAIN: user not authorized: SlicerTester
at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:128)
... 22 more
What tool are you using the create the accounts? I believe you can get different results if you use the UserService plugin versus creating them from the admin console tool.
Our accounts are created and managed via our web site, no specific tool was used. Authentication against that database then occurs as was described in the Custom Database Integration Guide*1. I just saw your post after (again) searching for ‘case’, but the odd thing about that is I did do a search on this term before posting to try and research what the solution was but no results found! The solution I implemented on my side was to modify JDBCAuthProvider.java to remove the lowercasing of the username before executing the SQL SELECT. I am not certain from reading the UserService plugin README that this would be a fix because it seems oriented around the web interface.
you may be interested in JM-13: “XMPP specifices that the “node” portion of a JID (username) must undergo the nameprep stringprep profile. Part of that process is performing case folding (lower-casing) on the node. Messenger doesn’t perform full nameprep yet, but it does at least convert usernames to lower-case. This probably is a Smack bug if usernames aren’t being lower-cased.”
Links to the mentioned RFCs:
http://www.ietf.org/rfc/rfc3920.txt “A node identifier MUST be formatted such that the Nodeprep profile of [STRINGPREP] can be applied to it without failing. Before comparing two node identifiers, a server MUST (and a client SHOULD) first apply the Nodeprep profile to each identifier.”
Do you want a switch for the external auth provider which allows to use the JID as is to authenticate? This should be possible but it may be much faster to create another database column within your database which contains the user names in lower case.
Yes I wanted a switch for the external auth provider which allows to use the JID as is to authenticate. To achieve this I modified JDBCAuthProvider.java:authenticate() as follows and it worked fine. Eventhough it doesn’t conform to the XMPP specs which seems problematic for our web site (e.g. two user names with the same account names, but different email accounts), it works great for our custom installation.