13 Replies Latest reply on May 12, 2017 4:56 AM by wroot

    authentication issu in openfire 4.1.4

    microsysteksun

      Hello jive community

       

      i hope you all are wale

       

      I am a new user in jive community. currently i have setup open fire 4.1.4 in Ubuntu 14.04 desktop 64 bit OS for internal chat server.

       

      I have download tar.gz file from official link and extract in /var/www/html/ folder. than i have access open fire by port 9090.

       

      Than i have follow steps and i have create database in MySQL and all steps finish.

       

      Than i have login in open fire and create two users its login success fully.

       

      But problem is when i send request one user to second user for authentication so second user do not get any request from one user.

       

      so any one can help me for solve this problem.

       

      Your reply is very help full for me

       

      also sorry for my bad english

       

      Thanks in advance.

        • Re: authentication issu in openfire 4.1.4
          wroot

          Do you login with clients on the same PC where server is installed? What clients do you use? What do you put into Domain field in the clients?

            • Re: authentication issu in openfire 4.1.4
              microsysteksun

              hello

               

              first thanks for reply

               

              Yes i have login in server system by client.

               

              I have use pidgin but when its not work than i have install spark 2_5_8 but it's not work.

               

              I have put in IP address of server in client in domain field.

               

              Thanks

                • Re: authentication issu in openfire 4.1.4
                  wroot

                  First of all, do not use such an ancient version of Spark. 2.8.3 is the latest version.

                   

                  IP address shouldn't be used to login to xmpp server. You should use the domain. Same domain as it is shown on the home page of the Admin Console (XMPP Domain Name).

                    • Re: authentication issu in openfire 4.1.4
                      microsysteksun

                      hello

                       

                      I have follow steps which you told me but now this error is come.

                       

                      Error : Unknown connection error.please review the logs for more information

                       

                      Also i have attache screen short.

                       

                      Screenshot from 2017-05-10 13^%18^%15.png

                       

                      Thanks,

                        • Re: authentication issu in openfire 4.1.4
                          wroot

                          Check Spark logs. Should be in $HOME/.Spark/logs

                            • Re: authentication issu in openfire 4.1.4
                              microsysteksun

                              hello

                               

                              May 10, 2017 1:20:03 PM org.jivesoftware.spark.util.log.Log warning

                              WARNING: Exception in Login:

                              org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

                                  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1029)

                                  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPCon nection.java:956)

                                  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnecti on.java:971)

                                  at java.lang.Thread.run(Thread.java:748)

                              Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

                                  at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

                                  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)

                                  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

                                  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)

                                  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)

                                  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

                                  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)

                                  at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)

                                  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)

                                  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)

                                  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)

                                  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)

                                  at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnecti on.java:768)

                                  at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1000(XMPPTCPConnection.java :139)

                                  at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPC onnection.java:1022)

                                  ... 3 more

                              Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

                                  at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352)

                                  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)

                                  at sun.security.validator.Validator.validate(Validator.java:260)

                                  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

                                  at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:22 9)

                                  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.j ava:124)

                                  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)

                                  ... 13 more

                              Caused by: java.security.cert.CertPathValidatorException: signature check failed

                                  at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterC ertPathValidator.java:135)

                                  at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValid ator.java:219)

                                  at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValid ator.java:140)

                                  at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPat hValidator.java:79)

                                  at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)

                                  at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347)

                                  ... 19 more

                              Caused by: java.security.SignatureException: Signature does not match.

                                  at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:424)

                                  at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:1 66)

                                  at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)

                                  at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterC ertPathValidator.java:125)

                                  ... 24 more

                               

                              Thats logs created

                               

                              I read this but i don't understand.

                               

                              Thanks.

                                • Re: authentication issu in openfire 4.1.4
                                  wroot

                                  What Java version do you have installed on the system? It is better to use Oracle's latest Java 8. But i'm not sure if you can have this on Debian. Debian is not very good for users. I only use Windows, so it is hard to suggest anything. Maybe you can install client on some Windows PC.

                                    • Re: authentication issu in openfire 4.1.4
                                      microsysteksun

                                      Hello

                                       

                                      In my server oracle java is installed.

                                       

                                      "ubuntu@ubuntu:~$ java -version

                                      java version "1.8.0_131"

                                      Java(TM) SE Runtime Environment (build 1.8.0_131-b11)

                                      Java HotSpot(TM) Client VM (build 25.131-b11, mixed mode)"

                                       

                                      I have check in windows spark give me same error but by pidgin users are login.

                                       

                                      But issue is users are send authentication request to other user that request not send.

                                       

                                      so what is a issue is there its a client issue or server issue

                                       

                                      Thanks,

                                        • Re: authentication issu in openfire 4.1.4
                                          wroot

                                          On Windows you install the full version of Spark (with JRE included)? Go to C:\Users\username\AppData\Roaming\Spark\logs\ zip all the logs and attach here. Use advanced editor in the corner of message window to attach files here.

                                           

                                          You are able to login when using IP address, but other things don't work as IP usage is not allowed in XMPP/Jabber. Once you will be able to login using your xmpp domain, then authorization requests will work. But domain that you have specified during Openfire installation has to be resolvable/routable in the network.

                                            • Re: authentication issu in openfire 4.1.4
                                              microsysteksun

                                              hello

                                               

                                              first sorry for late reply.

                                               

                                              I have install spark 2.8.3 in windows and than login in so i got error which i have attach here by name "capture.png".

                                               

                                              Also i have attach log file which you want.

                                               

                                              Thanks

                                                • Re: authentication issu in openfire 4.1.4
                                                  wroot

                                                  This error happens because domain in the SSL certificate is not matching the domain you are trying to login to. I see that you are trying to login to domain "ubuntu". But is this name added into your DNS in the network, can you ping "ubuntu"? Probably not. You can't just specify any name for a domain and expect it magically work without adding required network entries.

                                                   

                                                  In Admin Console go to TLS/SSL Certificates menu and press on the first Manage Store Contents link. What name do you see for the certificates there? Is it ubuntu (ubuntu_dsa), ubuntu (ubuntu_rsa)? If so, then you have to login using ubuntu as domain and then there won't be that error "Unable to verify certificate". Of course, you will probably receive another error as "Unknown connection error" because "ubuntu" is not known in your network. You can still put ubuntu as Domain in Spark, but on the Advanced menu uncheck Host and put your server's IP there. Also check the "Accept all certificates" option.

                                                   

                                                  Btw, next time zip all the logs in the logs folder and attach, not just one warn.log.0 file. Unless there was only this one file there.