Up to Discussions in Openfire Support
17 Replies Last post: Mar 31, 2008 4:23 PM by Jaco Joubert  
anthony Bronze
anthony
59 posts since
Mar 15, 2007
Currently Being Moderated

Mar 18, 2007 1:17 PM

SASLAuthentication Problems: Nonexistent realm?

I''m running 3.2.2, can connect fine from spark localhost, but when I try to connect my CF event gateway it wont connect.  The debug log says this (below) any idea where to start?

 

2007.03.17 14:11:32 SaslException

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Nonexistent realm:

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at org.jivesoftware.wildfire.net.SASLAuthentication.handle(SASLAuthentication.java :312)

at org.jivesoftware.wildfire.net.StanzaHandler.process(StanzaHandler.java:138)

at org.jivesoftware.wildfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:131)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:703)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:62)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:192)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :250)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:305)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

anthony Bronze
anthony
59 posts since
Mar 15, 2007
Currently Being Moderated
Mar 18, 2007 2:49 AM in response to: anthony
Re: SASLAuthentication Problems

Looks as if CF event gateways worked at some point with and older version of Jive Messenger.  Here is the link: http://www.adobe.com/devnet/coldfusion/articles/imgateway_03.html

Report Abuse
Gaston Dombiak Jiver
Gaston Dombiak
3,751 posts since
Sep 26, 2001
Currently Being Moderated
Mar 22, 2007 1:07 PM in response to: anthony
Re: SASLAuthentication Problems: Nonexistent realm?

Hey Anthony,

 

Which client are you using? It seems that your client sent an empty realm in the response to the SASL challenge. Below you will see the relevant code used by Java 6 when validating DIGEST-MD5 response:


     /* realm: exactly once if sent by server */
     negotiatedRealm = ((responseVal[REALM] != null) ?
         new String(responseVal[REALM], encoding) : "");
     logger.log(Level.FINE, "DIGEST83:Client negotiated realm: {0}", 
         negotiatedRealm);

     if (!serverRealms.contains(negotiatedRealm)) {
         // Server had sent at least one realm
         // Check that response is one of these
         throw new SaslException("DIGEST-MD5: digest response format " +
          "violation. Nonexistent realm: " + negotiatedRealm);
     }

 

I''ve been trying to enable the log in Java 6 to print supported realms and also see realm sent by client during the challenge (although we know that it is an empty string or null value) but couldn''t find a way to enable it.

 

Regards,

 

  -- Gato

 

Message was edited by: dombiak_gaston

Report Abuse
anthony Bronze
anthony
59 posts since
Mar 15, 2007
Currently Being Moderated
Mar 22, 2007 2:51 PM in response to: Gaston Dombiak
Re: SASLAuthentication Problems: Nonexistent realm?

Thanks for the reply Gato.  We are trying to log in using coldfusion event gateways. (see link above)

 

One note about this issue which has be baffled is that I can log into the openfire server using the spark client  localhost no problem.  Connecting using CF localhost gives the SASL authentication error. BUT I can log on using CF if I am logging in using a CF server that is outside the LAN.

 

If this is an issue with CF I can maybe get someone over at adobe to look into this, of course the more verbose the info the better.  But I am just puzzled that it would working using CF from outside the network, but inside it doesnt.

 

Can you maybe explain the process of  "sending realms", I''m not even sure what realms even are.

 

Thanks,

Anthony

Report Abuse
Gaston Dombiak Jiver
Gaston Dombiak
3,751 posts since
Sep 26, 2001
Currently Being Moderated
Mar 22, 2007 2:24 PM in response to: anthony
Re: SASLAuthentication Problems: Nonexistent realm?

Hey Anthony,

 

My current understanding of this situation is that this is a CF problem. DIGEST-MD5 requires the client to present certain data to the sever so the server can authenticate the identity of the client. During this process the server will issue a challenge to the client and the client should reply with a response. Below you will find a copy of the format of the response:


digest-response  = 1#( username | realm | nonce | cnonce |
             & nbsp;            nonce-count | qop | digest-uri | response |
             & nbsp;            maxbuf | charset | cipher | authzid |
             & nbsp;            auth-param )

       username         = "username" "=" <"> username-value <">
       username-value   = qdstr-val
       cnonce           = "cnonce" "=" <"> cnonce-value <">
       cnonce-value     = qdstr-val
       nonce-count      = "nc" "=" nc-value
       nc-value         = 8LHEX
       qop            &nbs p; = "qop" "=" qop-value
       digest-uri       = "digest-uri" "=" <"> digest-uri-value <">
       digest-uri-value  = serv-type "/" host [ "/" serv-name ]
       serv-type        = 1*ALPHA
       host             = 1*( ALPHA | DIGIT | "-" | "." )
       serv-name        = host
       response         = "response" "=" response-value
       response-value   = 32LHEX
       LHEX             = "0" | "1" | "2" | "3" |
             & nbsp;            "4" | "5" | "6" | "7" |
             & nbsp;            "8" | "9" | "a" | "b" |
             & nbsp;            "c" | "d" | "e" | "f"
       cipher           = "cipher" "=" cipher-value
       authzid          = "authzid" "=" <"> authzid-value <">
       authzid-value    = qdstr-val


   username
      The user''s name in the specified realm, encoded according to the
      value of the "charset" directive. This directive is required and
      MUST be present exactly once; otherwise, authentication fails.

   realm
      The realm containing the user''s account. This directive is
      required if the server provided any realms in the
      "digest-challenge", in which case it may appear exactly once and
      its value SHOULD be one of those realms. If the directive is
      missing, "realm-value" will set to the empty string when computing
      A1 (see below for details).

This text was copied from the DIGEST-MD5 spec. I think that having someone from CF that could help you see what is being included in the challenge from the server and the response made by CF would be the way to go. I tried to get that info from Openfire but failed to instruct Java to print that info.

 

Regards,

 

  -- Gato

Report Abuse
anthony Bronze
anthony
59 posts since
Mar 15, 2007
Currently Being Moderated
Mar 22, 2007 6:12 PM in response to: Gaston Dombiak
Re: SASLAuthentication Problems: Nonexistent realm?

Thanks gato, I have a request in at adobe to look at this issue.  In the meantime are you aware of any way to watch that traffic as it happens to see the requests and responses as they happen? The CF server and OpenFire install are on the same box.  I''m just curious what exactly CF is returning.

Report Abuse
Gaston Dombiak Jiver
Gaston Dombiak
3,751 posts since
Sep 26, 2001
Currently Being Moderated
Mar 22, 2007 6:18 PM in response to: anthony
Re: SASLAuthentication Problems: Nonexistent realm?

Hey Anthony,

 

Sniffing traffic won''t be that easy since content will be encrypted. Easiest thing would be to either see DIGEST-MD5 traffic in Openfire or in CF. SASL logic is done by Java on our end so in order to see what Java is receiving and sending we would need to enable the log. I tried to do it today but couldn''t find the correct setting to use. If CF devs can help you get that info then we should be fine. Otherwise, we can continue the hunt for the proper setting to use in Openfire to enable the log.

 

Regards,

 

  -- Gato

Report Abuse
anthony Bronze
anthony
59 posts since
Mar 15, 2007
Currently Being Moderated
Mar 26, 2007 5:33 PM in response to: Gaston Dombiak
Re: SASLAuthentication Problems: Nonexistent realm?

Gato,

 

You are my last hope man.  Not having much luck from the CF front.  Hopefully you can find that setting with will log what this volley looks like so we can know for once and for all who is to blame.

 

Any help you have would be perfect.

 

-Anthony

Report Abuse
Gaston Dombiak Jiver
Gaston Dombiak
3,751 posts since
Sep 26, 2001
Currently Being Moderated
Mar 27, 2007 12:42 PM in response to: anthony
Re: SASLAuthentication Problems: Nonexistent realm?

Hey Anthony,

 

No worries. I will later try to find a way to enable the log of Java so we can print that info. Anyway, I''m almost sure it will print the info we already mentioned (ie. no realm included in DIGEST-MD5 response) and if that is the case you will end up contacting CF devs again so they can study why response does not include that piece of info.

 

Regards,

 

  -- Gato

Report Abuse
Duncan Loxton  
Duncan Loxton
5 posts since
May 23, 2007
Currently Being Moderated
May 27, 2007 5:49 PM in response to: Gaston Dombiak
Re: SASLAuthentication Problems: Nonexistent realm?

I have been following this thread with Adobe too, and I have managed to get the following from the debug output in openFire 3.3.1 whilst trying to connect with ColdFusion.

 

2007.05.25 14:47:37 SaslException

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Nonexistent realm:

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :281)

at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:144)

at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:703)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:62)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:200)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :266)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:326)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Report Abuse
Duncan Loxton  
Duncan Loxton
5 posts since
May 23, 2007
Currently Being Moderated
May 31, 2007 8:00 PM in response to: Duncan Loxton
Re: SASLAuthentication Problems: Nonexistent realm?

I have upgraded to the release Candidate of ColdFusion 8 on labs.adobe.com and I now get the following errors:

 

I still get a SASL error from the OpenFire server:

 

2007.05.30 11:37:53 SaslException

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Nonexistent realm:

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :281)

at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:144)

at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:703)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:62)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:200)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :266)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:326)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

 

ColdFusion exception reporting this:

 

1  "Error","Thread-35","05/30/07","11:38:22",,"Not connected to server."

2 java.lang.IllegalStateException: Not connected to server.

3 at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:663)

4 at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:54)

5 at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 219)

6 at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:384)

7 at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:349)

8 at com.zion.jbuddy.a.o.b(Unknown Source)

9 at com.zion.jbuddy.q.connect(Unknown Source)

10 at coldfusion.eventgateway.im.IMGateway.connect(IMGateway.java:766)

11 at coldfusion.eventgateway.im.XMPPGateway.start(XMPPGateway.java:84)

12 at coldfusion.eventgateway.EventServiceImpl$GatewayStarter.run(EventServiceImpl.ja va:1424)

 

and the coldfusion-out.log reads:

 

ava.lang.Exception: TLS negotiation has failed

at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:346)

at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:42)

at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:64)

java.lang.IllegalStateException: Not connected to server.

at org.jivesoftware.smack.XMPPConnection.sendPacket(XMPPConnection.java:663)

at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:54)

at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java: 212)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:384)

at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:349)

at com.zion.jbuddy.a.o.b(Unknown Source)

at com.zion.jbuddy.q.connect(Unknown Source)

at coldfusion.eventgateway.im.IMGateway.connect(IMGateway.java:766)

at coldfusion.eventgateway.im.XMPPGateway.start(XMPPGateway.java:84)

at coldfusion.eventgateway.EventServiceImpl$GatewayStarter.run(EventServiceImpl.ja va:1424)

 

I have tried updating the ColdFusion smack.jar and received these errors:

 

"Error","Thread-23","05/30/07","13:50:25",,"class ""org.jivesoftware.smack.SSLXMPPConnection""''s signer information does not match signer information of other classes in the same package"

java.lang.SecurityException: class "org.jivesoftware.smack.SSLXMPPConnection"''s signer information does not match signer information of other classes in the same package

at java.lang.ClassLoader.checkCerts(ClassLoader.java:775)

at java.lang.ClassLoader.preDefineClass(ClassLoader.java:487)

at java.lang.ClassLoader.defineClass(ClassLoader.java:614)

at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)

at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)

at java.net.URLClassLoader.access$000(URLClassLoader.java:56)

at java.net.URLClassLoader$1.run(URLClassLoader.java:195)

at java.security.AccessController.doPrivileged(Native Method)

at java.net.URLClassLoader.findClass(URLClassLoader.java:188)

at coldfusion.bootstrap.BootstrapClassLoader.loadClass(BootstrapClassLoader.java:2 21)

at java.lang.ClassLoader.loadClass(ClassLoader.java:251)

at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)

at com.zion.jbuddy.IClientFactory.factory(Unknown Source)

at coldfusion.eventgateway.im.XMPPGateway.start(XMPPGateway.java:58)

at coldfusion.eventgateway.EventServiceImpl$GatewayStarter.run(EventServiceImpl.ja va:1424)

 

Now the guys at Adobe are saying that :

 

"the latest version of smack.jar (3.0.2) has broken binary

compatibility with version 2.0, which is what we are shipping. Can''t go that

route.

 

At this point it sounds like OpenFire is the problem here as it seems you

can connect to other XMPP servers.  I would start working the problem at the

ignite realtime/Jive end.  I am talking to our technology provider as well."

 

Can you guys look into this? It will be a huuuge disability for me not to be able to upgrade to ColdFusion 8.

Report Abuse
slushpupie KeyContributor
slushpupie
705 posts since
Jan 27, 2006
Currently Being Moderated
Jun 1, 2007 1:35 PM in response to: Gaston Dombiak
Re: SASLAuthentication Problems: Nonexistent realm?

Gato: Ive gotten JavaSASL logging working before.  They describe how to do it here: http://java.sun.com/j2se/1.5.0/docs/guide/security/sasl/sasl-refguide.html#DEBUG

 

Hope that helps.

Report Abuse
NeoRye Bronze
NeoRye
7 posts since
Apr 28, 2006
Currently Being Moderated
Aug 30, 2007 2:19 PM in response to: anthony
Re: SASLAuthentication Problems: Nonexistent realm?

Has there been any progress on this?

 

I've also just upgraded to Coldfusion 8 and now get this error. It worked in Coldfusion 7.

 

 

Thoughts?

 

 

Here is my error log from OpenFire when trying to connect:

 

 

2007.08.30 12:15:12 SaslException

javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Nonexistent realm:

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :281)

at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:144)

at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:703)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:62)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:200)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:362)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:54)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:800)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :266)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:326)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Report Abuse
slushpupie KeyContributor
slushpupie
705 posts since
Jan 27, 2006
Currently Being Moderated
Aug 30, 2007 4:27 PM in response to: NeoRye
Re: SASLAuthentication Problems: Nonexistent realm?

Id be willing to take a peek at it.  Can you do some debugging output from the coldfusion side to output the xml being sent? Id like to see the full auth exchange

Report Abuse
NeoRye Bronze
NeoRye
7 posts since
Apr 28, 2006
Currently Being Moderated
Aug 31, 2007 12:15 AM in response to: slushpupie
Re: SASLAuthentication Problems: Nonexistent realm?

 

Here is my communication stream between Coldfusion and OpenFire:

 

 

&lt;stream:stream to="jabber.xxx.com" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" version="1.0"&gt;

 

 

&lt;?xml version='1.0' encoding='UTF-8'?&gt;

 

 

&lt;stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="jabber.xxx.com" id="10a52a9f" xml:lang="en" version="1.0"&gt;

 

 

&lt;stream:features&gt;

 

 

&lt;starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"&gt;&lt;/starttls&gt;

 

 

&lt;mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"&gt;

 

 

&lt;mechanism&gt;DIGEST-MD5&lt;/mechanism&gt;

 

 

&lt;mechanism&gt;PLAIN&lt;/mechanism&gt;

 

 

&lt;mechanism&gt;ANONYMOUS&lt;/mechanism&gt;

 

 

&lt;mechanism&gt;CRAM-MD5&lt;/mechanism&gt;

 

 

&lt;/mechanisms&gt;

 

 

&lt;compression xmlns="http://jabber.org/features/compress">

 

 

&lt;method&gt;zlib&lt;/method&gt;

 

 

&lt;/compression&gt;

 

 

&lt;auth xmlns="http://jabber.org/features/iq-auth"/>

 

 

&lt;/stream:features&gt;

 

 

&lt;auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl"&gt;&lt;/auth&gt;

 

 

&lt;challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl"&gt;cmVhbG09ImphYmJlci5kZWFsZXJkZWxpdmV yeS5jb20iLG5vbmNlPSJqTURtYXM4SEhObmJ0NDVpSmJQYUdpODJDNzRFQUxDZ1dnL2x6K2hCIixxb3A 9ImF1dGgiLGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz&lt;/challenge&gt;

 

 

&lt;response xmlns="urn:ietf:params:xml:ns:xmpp-sasl"&gt;dXNlcm5hbWU9Im5vdGlmaWVyIixub25jZT0 iak1EbWFzOEhITm5idDQ1aUpiUGFHaTgyQzc0RUFMQ2dXZy9seitoQiIsbmM9MDAwMDAwMDEsY25vbmN lPSJLWlkyWW5NOGpTOD0iLGRpZ2VzdC11cmk9ImF1dGgvamFiYmVyLmRlYWxlcmRlbGl2ZXJ5LmNvbSI scmVzcG9uc2U9ODkyNzk5YzFmYmE5NzMwYjk4ZjY0MGZjMTAxMjIyYjgscW9wPWF1dGg=&lt;/respon se&gt;

 

 

&lt;failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"&gt;

 

 

&lt;not-authorized/&gt;

 

 

&lt;/failure&gt;

 

 

&lt;presence id="bRMf6-21" type="unavailable"&gt;&lt;/presence&gt;

 

 

&lt;/stream:stream&gt;

 

 

Report Abuse
slushpupie KeyContributor
slushpupie
705 posts since
Jan 27, 2006
Currently Being Moderated
Aug 31, 2007 8:28 AM in response to: NeoRye
Re: SASLAuthentication Problems: Nonexistent realm?

Here is challenge decoded for you:

 


realm="jabber.dealerdelivery.com",nonce="jMDmas8HHNnbt45iJbPaGi82C74EALCgWg/lz+ hB",qop="auth",charset=utf-8,algorithm=md5-sess

 

and the response:


username="notifier",nonce="jMDmas8HHNnbt45iJbPaGi82C74EALCgWg/lz+hB",nc=0000000 1,cnonce="KZY2YnM8jS8=",digest-uri="auth/jabber.dealerdelivery.com",response=892 799c1fba9730b98f640fc101222b8,qop=auth

 

A few things to notice: The challenge specifies a realm, but the response does not. According to RFC 2831 the digest response must have the realm in it:

 

 

realm

      The realm containing the user''s account. This directive is

      required if the server provided any realms in the

      "digest-challenge", in which case it may appear exactly once and

      its value SHOULD be one of those realms. If the directive is

      missing, "realm-value" will set to the empty string when computing

      A1 (see below for details).

 

 

If its missing, you get the empty string by default.  Which is why your errors says "invalid realm: "    Looks like CF is broken.

Report Abuse