Not logged in. · Lost password · Register
Forum: MatriX RSS
Avatar
selwakad #1
Member since Sep 2011 · 3 posts
Group memberships: Members
Show profile · Link to this post
Subject: Fail to Login.
Hello,

I have a problem connecting to the Cisco Jabber server using the Matrix Mobile SDK. What happens is once the Open method is called on the XmppClient, the “OnClose” handler is called and no error messages are generated.
I also downloaded and ran the mobile client sample from this website and it exhibits the same behavior.
Note that I can connect to the Jabber server using the desktop version of the sdk with no problems at all.
What could be the cause of the inability of the code in the Mobile sdk to connect?

This is the Debug output:  <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="myjabber.org" version="1.0" >

Thanks,
Salah
Avatar
Alex #2
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I see no reason why the mobile version should not connect. One difference is that the CF version supports no SRV lookups. This means when you are using SRV records for your xmpp server then the CF version cannot find your xmpp server. In this case you have to specify the hostname manual.
See also: http://www.ag-software.net/matrix-xmpp-sdk/matrix-develope…

Alex
Avatar
selwakad #3
Member since Sep 2011 · 3 posts
Group memberships: Members
Show profile · Link to this post
I am using the mobile SDK and thus this option is not available.
I am specifying the hostname and also the same settings with the specified hostname have no problems connecting in the desktop edition.


Thanks,
Salah.
Avatar
Alex #4
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Hi Salah,

please give us more info. We have seen no issues before where it does not connect at all.

Can you try to trace the sockets to see if it ever connects to your server and if the stream header gets sent?
Are you on raw sockets or BOSH?
Which Windows Mobile version are you using?
Is you emulator configured correctly for Internet connections and networking?

Alex
Avatar
selwakad #5
Member since Sep 2011 · 3 posts
Group memberships: Members
Show profile · Link to this post
Hi Alex,

1 - I don't have a sockets trace yet.
2 - I am on raw sockets.
3 - I am using windows mobile version 6.5 with the 6.5.3 emulator.
4 - The emulator is configured correctly, I can get to websites hosted on my local machine, but not to the external internet. Also, as a side note, for some reason I am unable to reach the jabber server admin site on my local machine using the internet explorer on the emulator. To access the jabber server admin site, i need to use https instead of http and I am not sure if https is what's causing the problem. Still conducting more tests on that. Also note that I am able connect using the Mobile SDK when using the Openfire Jabber server instead of the Cisco Jabber Server.

Thanks,
Salah
Avatar
Jro #6
Member since Feb 2010 · 27 posts
Group memberships: Members, Premium
Show profile · Link to this post
Looks like the library may not be going ahead with the connection stanzas after Cisco Jabber server feature negotiation  -

  1. SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="myjabber.org" version="1.0" >
  2. RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" lang="en" from="myjabber.org" id="1000005384" version="1.0" >
  3. RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
  4.  <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
  5. </stream:features>

---
Using the mobile DLL, I get a socket hostname exception before the above exchange occurs, but that should be a byproduct of the emulator.  I get the same output above using the desktop DLL, without the hostname exception.

As a second datapoint, if I connect with Pidgin, I see in Wireshark:

[Image: http://i.imgur.com/L2M1J.png]

Same pattern, but the client goes ahead with the connection before shifting to encrypted mode.  I am not yet sure why the Cisco Jabber's feature negotiation is not listing the available authentication methods.
This post was edited on 2011-09-15, 20:58 by Jro.
Avatar
Alex #7
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
It looks like there is a problem with TLS. The CF supports no TLS, we are using the bccrypto library for Tls on CF, but this library is not compatible to all Tls implementations.
Can you make Tls optional on the server?

Alex
Avatar
Jro #8
Member since Feb 2010 · 27 posts
Group memberships: Members, Premium
Show profile · Link to this post
It is marked as optional currently and I have starttls=false.  I get this problem on the desktop/.NET version of the Matrix SDK as well, with start-tls turned off.

I set StartTLS=true on the desktop and I get the below xml, which is what I'd expect.  Matrix doesn't progress to the expected authorization IQ afterwards (which I can see if i connect with something like Psi+ and monitor the console).

  1. SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="myjabber.org" version="1.0" >
  2. RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" xml:lang="en" from="myjabber.org" id="E0000250D" version="1.0" >
  3. RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
  4.  <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
  5. </stream:features>
  6. SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
  7. RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
  8. SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="myjabber.org" version="1.0" >
  9. RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" lang="en" from="myjabber.org" id="E0000250D" version="1.0" >
  10. RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams" />
Avatar
Alex #9
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Its not really optional, because StartTls is the only stream feature your servers offers. So MatriX has no other choice than to proceed with TLS. It would be optional when the server offers also the Sasl mechanisms for authentication.

Alex
Avatar
Alex #10
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
In your second log the stream features are empty after TLS negotiation, thats a server configuration issue.

Alex
Avatar
Jro #11
Member since Feb 2010 · 27 posts
Group memberships: Members, Premium
Show profile · Link to this post
In reply to post #9
I can believe that.

However, even if it weren't optional, shouldn't the desktop version of the SDK handle that scenario smoothly?  I've never ran into a TLS issue with the desktop SDK.
Avatar
Alex #12
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Quote by Jro:
However, even if it weren't optional, shouldn't the desktop version of the SDK handle that scenario smoothly?  I've never ran into a TLS issue with the desktop SDK.

no, the server drives the client through the login process with the stream features. The client has always choose one from a predefined order for the next step. Because there are no more features it stops. At this stage there should be the Sasl mechanisms where the client can select one for authentication.

Alex
Avatar
Jro #13
Member since Feb 2010 · 27 posts
Group memberships: Members, Premium
Show profile · Link to this post
So the lack of the authentication features is the main problem, as I suspected.  Do other clients typically blindly shoot off an auth attempt despite the lack of available Sasl auth mechanisms?  Mainly just curious why the other clients such as Psi and Pidgin are able to get through - standards violations?
Avatar
Alex #14
Member since Feb 2003 · 4297 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Maybe these clients do still old Jabber style auth then. According to the RFCs the server must advertise the Sasl mechanisms, so what MatriX does is absolutely correct.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: MatriX RSS