AnsweredAssumed Answered

Smack 4.1.0 - HOWTO Register SASL External Mechanism for TLS Client Authentication

Question asked by Timothy K Taylor on Apr 23, 2015
Latest reply on Apr 26, 2015 by Timothy K Taylor

Hello,

 

I am having trouble figuring out how to generate auth stanza for SASL EXTERNAL mechanism.  Things have changed in this area from 3.1.0 so I am not finding anything like what I need to do so far.  Below is my debug output.  In summary,

  1. Stream init'ed between client and server
  2. Server is configured to require TLS and prefer EXTERNAL SASL mechanism via features advertising
  3. I found that SecurityMode.ifpossible generates the starttls negotiation
  4. The TLS handshake "apparently" happens just fine (I have a little more work to do with my keystore)
  5. Stream init'ed between client and server  (again, as it should)
  6. Features offered again that include SASL EXTERNAL and compression

 

This is where I am stuck.  I have registered the SASL External mechanism (I think).

 

02:20:45 PM SENT (0): <stream:stream xmlns='jabber:client' to='MYSERVER.EXAMPLE.COM' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>

02:20:45 PM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="MYSERVER.EXAMPLE.COM" id="3959de67" xml:lang="en" version="1.0"><stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"><required/></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mecha nisms></stream:features>

02:20:45 PM SENT (0): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>

02:20:45 PM RECV (0): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>

02:20:46 PM SENT (0): <stream:stream xmlns='jabber:client' to='MYSERVER.EXAMPLE.COM' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>

02:20:46 PM RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="MYSERVER.EXAMPLE.COM" id="3959de67" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>EXTERNAL</mechanism></mecha nisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><auth xmlns="http://jabber.org/features/iq-auth"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>

 

*************** Here is the where I need to send <auth.../> stanza **************

 

02:20:46 PM SENT (0): <presence id='B8s1X-3' type='unavailable'><c xmlns='http://jabber.org/protocol/caps' hash='sha-1' node='http://www.igniterealtime.org/projects/smack' ver='NfJ3flI83zSdUDzCEICtbypursw='/></presence>

02:20:46 PM SENT (0): </stream:stream>

 

My code snippet:

-----------------------

          XMPPTCPConnectionConfiguration.Builder connConfig = XMPPTCPConnectionConfiguration.builder()

              .setCompressionEnabled(false)   

              .setHost(serverName)

              .setServiceName(domainBareJid)

              .setPort(serverPort)

              .setSendPresence(true)

              .setDebuggerEnabled(true)

              .allowEmptyOrNullUsernames()

              .setSecurityMode(XMPPTCPConnectionConfiguration.SecurityMode.ifpossible);

 

          XMPPTCPConnectionConfiguration conf = connConfig.build();      

          try {

               conn = new XMPPTCPConnection(conf);

               SASLMechanism sm = new SASLExternalMechanism();

 

               conn.connect();

               SASLAuthentication.registerSASLMechanism(sm.instanceForAuthentication(conn));  (BTW, 4.1 API doc refers to v 3.1 supportSASLMechanism method)

 

          } catch(SmackException | IOException | XMPPException six) {

               System.out.println(six.toString());

               six.printStackTrace();

          }

          }

---------------------------

 

Thanks for any advice and guidance,

TT

Outcomes