Not logged in. · Lost password · Register
Forum: MatriX RSS
humba #1
Member since Feb 2020 · 21 posts
Group memberships: Members
Show profile · Link to this post
Subject: Troubleshooting authentication in Matrix.vNext
I'm trying to use Matrix.vNext to connect to Cisco IM & Presence.

Cisco says the login has to be done following this pattern

1) When an XMPP Client connects to Cisco Unified CM IM and Presence, the server will return
the supported SASL authentication mechanisms in in stream features:

<mechanisms>
<mechanism>PLAIN</mechanism>
<mechanism>CISCO_VTG_TOKEN</mechanism>
</mechanisms>

2) The Client will reply to these SASL offering by sending an auth element that contains the SASL
Plain mechanism and a Base64 encoding of the username and password. An example is
shown below where “AGp1bGlldABwYXNzd29yZA==” is Base64 (user: juliet, password:
password):

<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>
 AGp1bGlldABwYXNzd29yZA==
</auth>

3) The Cisco Unified CM IM and Presence Authentication Component will parse the Base 64
encoded Username and Password pair received from Client for the User Id and password to
search the database for a match. If there is no matching entry, Cisco Unified CM IM and
Presence will respond to Client with an Authentication Failure ERROR

4) The Cisco Unified CM IM and Presence Authentication Component will query the database for
the license status of the User. If the User is not enabled, Cisco Unified CM IM and Presence
will respond to the Client with an ERROR

5) If the Authentication Component is able to retrieve a match the Authentication Component will
reply with a SUCCESS message as follows:

<success xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>

I'm at the moment using the same code I'm using to connect to XMPP which works fine on Cisco Finesse

    xmppClient = new XmppClient()
            {
                Username = XmppLogin,
                Password = XmppPassword,
                XmppDomain = server,
                //Resource = "web_framework",
                HostnameResolver = new SrvNameResolver(),
            };
            if (notificationConfiguration.AcceptAllCertificates)
                xmppClient.CertificateValidator = new AlwaysAcceptCertificateValidator();

Is there a way I can dump the messages being sent in/out to see what is going on behind the scenes?

I'm seeing the connection state changing from
Connected, Securing, Secure, Authenticating
then I'm getting a Matrix.AuthenticationException with this stanza

<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
  <not-authorized />
</failure>

@edit: found an article about logging: https://matrix-xmpp.io/docs/logging/. It seems out-of-date though as XmppClient doesn't have a constructor using an Action<IChannelPipeline>
This post was edited on 2021-03-19, 18:45 by humba.
Avatar
Alex #2
Member since Feb 2003 · 4433 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
The console client example from here shows you how to log the Xml stream.
https://github.com/matrix-xmpp/matrix-vnext/tree/master/ex…
humba #3
Member since Feb 2020 · 21 posts
Group memberships: Members
Show profile · Link to this post
Okay, so it seems to be an issue with the uri. Cisco provided a tool that does things over BOSH.. and it works if I set my domain as XmPP domain. But they do SRV lookup. If I use my domain in Matrix.vNext, it resolves mydomain.com to my domain controller, not the XMPP Servers.

Even though I have set

xmppClient.HostnameResolver = new SrvNameResolver();

In Pidgin, I can set domain = mydomain.com and then configure a connect server (which is then the FQDN of my cisco server). Is there a way to do the same in matrix?

Also, how can I use BOSH as transport?
Avatar
Alex #4
Member since Feb 2003 · 4433 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
SRV resolving works fine. I assume you have no SRV records set, or have not set them correct in your DNS.
You can specify the host manual, see here in the docs howto use the StaticNameResolver
https://matrix-xmpp.io/docs/srv-records/

Quote by humba:
Also, how can I use BOSH as transport?

no, BOSH is not supported and not on the roadmap for vNext
humba #5
Member since Feb 2020 · 21 posts
Group memberships: Members
Show profile · Link to this post
using a StaticNameResolver did what I was looking for. Now I get past the authentication and am actually getting some IQs. I take it if the SRV Resolver defaults to using the xmppdomain when it cannot resolve anything? I'm assuming because things have worked fine with Cisco finesse, and I definitely have no srv records for the value I'm plugging into xmppConnector.XmppDomain.

I'm hoping the rest will work without BOSH. We'll see if I come back with more questions next week..
Avatar
Alex #6
Member since Feb 2003 · 4433 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
yes when no SRV records are set then it takes the Xmpp domain as hostname. This is the best guess we can make without additional information.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: MatriX RSS