Fallback to diallback if SASL-EXTERNAL fails (#1112)

Fallback to diallback if SASL-EXTERNAL fails (#1112)

Closed

Activities

	wojciech.kapcia@tigase.net opened 5 years ago Contrary to what specification says, almost all ecosystem (ejabberd and prosody: https://issues.prosody.im/1006) fallback to diallback if SASL-EXTERNAL fails, and we should to (optionally) to the same: if sasl-external fails - try dialback add option to enable/disable it (default enable fallback) add PR to adjust XEP with status quo Followup to discussion in https://projects.tigase.net/issue/servers-294#focus=streamItem-4-24903.0-0
	wojciech.kapcia@tigase.net commented 4 years ago [2020-06-12 02:37:35:100] [FINEST ] [ pool-31-thread-8 ] SaslExternal.process() : CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Received failure response: from=null, to=null, DATA=<failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/><text xml:lang="en">self signed certificate</text></failure>, SIZE=127, XMLNS=urn:ietf:params:xml:ns:xmpp-sasl, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null [2020-06-12 02:37:35:100] [FINE ] [ pool-31-thread-8 ] AuthenticatorSelectorManager.authenticationFailed(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Authentication failed for: SASL-EXTERNAL, remaining methodsAvailable: [tigase.server.xmppserver.proc.Dialback@7c8874ef] [2020-06-12 02:37:35:100] [FINE ] [ pool-31-thread-8 ] AuthenticatorSelectorManager.authenticationFailed(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Restarting authentication with: DIALBACK [2020-06-12 02:37:35:104] [FINEST ] [ pool-31-thread-8 ] S2SConnection.sendAllControlPackets(): Sending on connection: CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false control packet: from=null, to=null, DATA=<db:result xmlns:db="jabber:server:dialback" to="rsocks.net" from="wojtek-local.tigase.eu">679ad1ee703bcc20e50880db8e65c70fa978f39b15828b71e908aae1b0e2eb97</db:result>, SIZE=167, XMLNS=null, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=null … [2020-06-12 02:37:37:573] [FINEST ] [ pool-31-thread-9 ] Dialback.processDialback() : CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, DIALBACK packet: from=null, to=null, DATA=<result to="wojtek-local.tigase.eu" from="rsocks.net" xmlns="jabber:server:dialback" type="valid"/>, SIZE=99, XMLNS=jabber:server:dialback, PRIORITY=NORMAL, PERMISSION=NONE, TYPE=valid, CID_packet: wojtek-local.tigase.eu@rsocks.net [2020-06-12 02:37:37:573] [FINE ] [ pool-31-thread-9 ] AuthenticatorSelectorManager.authenticateConnection(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, Authenticating connection [2020-06-12 02:37:37:573] [FINER ] [ pool-31-thread-9 ] CIDConnections.connectionAuthenticated(): CID: wojtek-local.tigase.eu@rsocks.net, null, type: connect, Socket: TLS: nullSocket[addr=/51.75.149.200,port=5269,localport=51662], jid: null, authenticated: false, connection is authenticated. Direction: BOTH
	wojciech.kapcia@tigase.net commented 4 years ago @andrzej.wojcik - could you review https://github.com/tigase/tigase-server/pull/34 ?
	wojciech.kapcia@tigase.net commented 4 years ago Changes made and tested. PR created: https://github.com/xsf/xeps/pull/963

Type	Task
Priority	Normal
Assignee	wojciech.kapcia@tigase.net
Version	tigase-server-8.1.0
Spent time	43h

Child Issue

Parent Issue

tigase-private/systems-maintenance/servers#294 You are not authorized to access this issue

Related

#1131 Open

Add support for XEP-0288: Bidirectional Server-to-Server Connections
#1047 Closed

Add SASL-EXTERNAL on s2s conections
tigase-private/systems-maintenance/servers#292 You are not authorized to access this issue
tigase-private/systems-maintenance/servers#293 You are not authorized to access this issue

Issue Votes (0)

Watchers (0)

Reference

tigase/_server/server-core#1112

Please wait...

Page is in error, reload to recover