Project

General

Profile

Tigase enable SASL authentication

Ganesh Krishnan
Added about 4 years ago

Smack 4.0 allows only SASL authentication. However it reports that the server does not support non-anonymous SASL authentication.

My server has custom SSL certificates installed and I followed the documentation to enable SASl however the logs always shows as

2014-12-06 06:34:41.698 [main] ConfigRepository.setProperties() CONFIG: Loaded config item: Domain: shambu, enabled: true, anonym: true, register: true, maxusers: 0, tls: false, s2sSecret: f16a8b12-950e-4071-8350-9531c82d19ca, domainFilter: ALL, c2sPortsAllowed: null, saslAllowedMechanisms: null

@

--comp-class-1 = tigase.muc.MUCComponent

--virt-hosts = shambu

--user-db-uri = jdbc:mysql://10.0.0.5/tigasedb?user=tigase&password=tigase12

--user-db = mysql

--admins = gvenez@shambu

--cluster-mode = false

--sm-plugins = -message-archive-xep-0136,+jabber:iq:auth,+urn:ietf:params:xml:ns:xmpp-sasl,+urn:ietf:params:xml:ns:xmpp-bind,+urn:ietf:params:xml:ns:xmpp-session,+jabber:iq:register,+jabber:iq:roster,+presence,+jabber:iq:privacy,+jabber:iq:version,+http://jabber.org/protocol/stats,+starttls,+msgoffline,+vcard-temp,+http://jabber.org/protocol/commands,+jabber:iq:private,+urn:xmpp:ping,-basic-filter,-domain-filter,+pep,+zlib,+jabber:iq:search

--ssl-certs-location=/home/developer/tigase/certs/

c2s/clientCertCA=/home/developer/tigase/certs/shambu.pem@

How do I enable Smack with allowing ONLY SASL connections to talk to my tigase server?

Cheers

G


Replies (3)

Added by Wojciech Kapcia TigaseTeam about 4 years ago

What SASL mechanisms does server advertise when client connects (from the XML log)? If there are no SASL mechanism configured on VHost then default one are advertised (and you have enabled +urn:ietf:params:xml:ns:xmpp-sasl plugin which should use defaults, allowing at least @PLAIN@)

Added by Ganesh Krishnan about 4 years ago

I got two different logs regarding SASL

First one (which shows null):

@2014-12-07 02:15:11.842 [main] ConfigRepository.setProperties() CONFIG: Loaded config item: Domain: im.getintouch.co, enabled: true, anonym: true, register: true, maxusers: 0, tls: false, s2sSecret: ea669c23-15cb-4be7-992a-b7af66b6f3a4, domainFilter: ALL, domainFilterDomains: null, c2sPortsAllowed: null, saslAllowedMechanisms: null

@

Second one which shows PLAIN & ANONYMOUS

2014-12-07 09:19:59.254 [in_7-message-router] MessageRouter.processPacket() FINEST: Processing packet: from=sess-man@localhost, to=c2s@localhost/10.0.0.4_5222_66.8.236.50_42767, DATA=<iq id="23d8a6e7-a349-41cb-bfba-fd5df8f5e41f" from="sess-man@localhost" type="result" to="c2s@localhost/10.0.0.4_5222_66.8.236.50_42767"><command xmlns="http://jabber.org/protocol/commands" node="GETFEATURES"><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms><ver xmlns="urn:xmpp:features:rosterver"/><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"/><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression></command></iq>, SIZE=643, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=result

Added by Wojciech Kapcia TigaseTeam about 4 years ago

<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism><mechanism>ANONYMOUS</mechanism></mechanisms>

As you can see server supports both anonymous as well as SASL-PLAIN.

    (1-3/3)