I can't find a way to create an issue for smack, so i write here.
It seems that SCRAM auth is broken as I found with the help of Tigase server staff. Please see the original issue at https://projects.tigase.org/issues/4678. It contains also a link to the test code.
In particular it seems that smack sends the illegal 0x20 space character in the _nonce_ part. See https://tools.ietf.org/html/rfc5802#section-7 for legal characters.
When this happens the login with valid credentials fails.