I built a custom authentication provider and configured the same as primary-hybrid-authentication-provider.
From client side, I am trying to connect to openfire over TLS connection. In the stream negotiation it is observed that openfire accepts only “PLAIN” and “ANONYMOUS” mechanisms. Both the mechnaisms are not suitable to my implementation.
I am looking at building a custom mechanism.
However I looked at openfire code and see that “supportsPasswordRetreival” always returns false, thos a custom authentication provider rerturns a true. Openfire always check for “supportsPasswordRetreival” value to publich DIGEST-MD5 and CRAM-MD5.
Please help me understand the rescrition on password retreival for HybridAuthenticationProvider.