Not logged in. · Lost password · Register
Forum: MatriX and XmppDotNet RSS
Avatar
jhr #1
Member since Oct 2011 · 4 posts
Group memberships: Members
Show profile · Link to this post
Subject: Cannot connect to Openfire server with Sso
Hi,

As the title of my post says, I cannot to my openfire server with MatriX.NET SDK.

This is how I have configured my instance of XmppClient

  1. m_xmppClient.SetXmppDomain("vm-callisto-gis");
  2. m_xmppClient.Username = "jhr";
  3. //m_xmppClient.Password = "xx";
  4. m_xmppClient.UseSso = true;
  5. m_xmppClient.AnonymousLogin = false;
  6. m_xmppClient.StartTls = false;
  7.  
  8. m_xmppClient.AutoRoster = true;
  9. m_xmppClient.Compression = true;
  10. m_xmppClient.AutoReplyToPing = true;
  11.  
  12. m_xmppClient.Open();

The event OnBeforeSasl() is well raised but nothing happen after.

I can see an error on my Openfire server :

2011.10.13 11:02:21 Closing connection due to error while processing message: <auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">AAA=</auth>
java.util.NoSuchElementException
at java.util.StringTokenizer.nextToken(Unknown Source)
at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerPlainImpl.java:114)
at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:269)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:179)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:169)
[....]

What does it mean ? Do I forget something on the configuration of my instance of XmppClient ?

Regards
Jerome
Avatar
Alex #2
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Hi Jerome,

can you please post the complete log of your session?

Quote by jhr:
2011.10.13 11:02:21 Closing connection due to error while processing message: <auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">AAA=</auth>

According to this MatriX authenticated with SASL PLAIN, not SSO (GSSAPI).
Is your Openfire server configured correctly for SSO, which means GSSAPI and Kerberos?

see also:
http://community.igniterealtime.org/docs/DOC-1060

Alex
Avatar
jhr #3
Member since Oct 2011 · 4 posts
Group memberships: Members
Show profile · Link to this post
Thank Alex for your fast response. I have no problem to connect to my server with Spark using Sso. So I think my server is well configured.

This is what I get when I trace the communication with Wireshark

Request: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="vm-callisto-gis" version="1.0" >

Response: <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="vm-callisto-gis" id="d0f521e0" xml:lang="en" version="1.0">

Response: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

Request: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

Response: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

[Cyphered Request, Response...]

Hope it will help you.

Regards
Jerome
Avatar
Alex #4
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by jhr:
So I think my server is well configured.
I don't think so ;-)

Quote by jhr:
This is what I get when I trace the communication with Wireshark
follow the following link to see how to get the trace with MatriX.
http://www.ag-software.net/matrix-xmpp-sdk/matrix-develope…

I added comments to all the features your server advertises. It supports only username and password authentication. What your Spark client did is save the username and password you provided once in a encrypted password file. This means you don't have to enter this information again, but this is no SSO.
  1. <stream:features>
  2.    <!-- secure session with TLS -->
  3.    <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls>
  4.    
  5.    <!-- XMPP SASL authentication mechanism -->
  6.    <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
  7.       <!-- SASL PLAIN, username and password -->
  8.       <mechanism>PLAIN</mechanism>
  9.       <!-- Anonymous user login, this creates a temporary anonymous user for this session only -->
  10.       <mechanism>ANONYMOUS</mechanism>
  11.    </mechanisms>
  12.    
  13.    <!-- stream compression -->
  14.    <compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression>
  15.  
  16.    <!-- old jabber style authentication, also username and password -->
  17.    <auth xmlns="http://jabber.org/features/iq-auth"/>
  18.    
  19.    <!-- in band registration of new user accounts -->
  20.    <register xmlns="http://jabber.org/features/iq-register"/>
  21. </stream:features>

Alex
Avatar
jhr #5
Member since Oct 2011 · 4 posts
Group memberships: Members
Show profile · Link to this post
Ok Alex, I did what you expected. I have enabled the log and this is what I get ...

<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="vm-callisto-gis" version="1.0" >

<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="vm-callisto-gis" id="18916da0" xml:lang="en" version="1.0" >

<stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>PLAIN</mechanism>
    <mechanism>ANONYMOUS</mechanism>
  </mechanisms>
  <compression xmlns="http://jabber.org/features/compress">
    <method>zlib</method>
  </compression>
  <auth xmlns="http://jabber.org/features/iq-auth" />
  <register xmlns="http://jabber.org/features/iq-register" />
</stream:features>

<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />

<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="vm-callisto-gis" version="1.0" >

<stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="vm-callisto-gis" id="18916da0" lang="en" version="1.0" >

<stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>PLAIN</mechanism>
    <mechanism>ANONYMOUS</mechanism>
  </mechanisms>
  <compression xmlns="http://jabber.org/features/compress">
    <method>zlib</method>
  </compression>
  <auth xmlns="http://jabber.org/features/iq-auth" />
  <register xmlns="http://jabber.org/features/iq-register" />
</stream:features>

<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">AAA=</auth>

</stream:stream>

</stream:stream>
Avatar
Alex #6
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
your server is configured only for username and password login.
In your connection code you don't set the password

uncomment the following line and set a correct password.
  1. //m_xmppClient.Password = "xx";

remove the following line because your server supports no SSO
  1. m_xmppClient.UseSso = true;

Alex
Avatar
jhr #7
Member since Oct 2011 · 4 posts
Group memberships: Members
Show profile · Link to this post
Thank you, I will try to configure my OpenFire server following the tutorial here : http://community.igniterealtime.org/docs/DOC-1362
Avatar
Alex #8
Member since Feb 2003 · 4449 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
yes this is the correct tutorial. SSO and Kerberos is a very complex topic.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters: