Opened 3 years ago

Last modified 3 years ago

#16965 new defect

XMPP failure due to SASL not recognizing WEBEX-TOKEN

Reported by: ppwaskie Owned by: deryni
Milestone: Component: XMPP
Version: 2.10.11 Keywords: jabber xmpp webex
Cc: kainz

Description

I'm trying to get Pidgin to connect with my company's Jabber deployment. Unfortunately, the way it's deployed is as a hosted service, so we are required to use a SSO (single-sign-on) after the initial Jabber handshake. It appears to be because the authentication mechanism returned, of type WEBEX-TOKEN, is unknown to the SASL libraries. So the authentication immediately fails.

I have no plugins running when attempting this. My workstation is running Gentoo Linux, Pidgin version 2.10.11, USE flags are: "dbus eds gstreamer gtk ncurses networkmanager nls sasl spell xscreensaver"

Here's the snippet of the debug log, with accounts and company names changed to protect the innocent:

(13:17:56) certificate/x509/tls_cached: Starting verify for c2s.company.com.webexconnect.com
(13:17:56) certificate/x509/tls_cached: Checking for cached cert...
(13:17:56) certificate/x509/tls_cached: ...Found cached cert
(13:17:56) nss/x509: Loading certificate from /home/user/.purple/certificates/x509/tls_peers/c2s.company.com.webexconnect.com
(13:17:56) certificate/x509/tls_cached: Peer cert matched cached
(13:17:56) nss/x509: Exporting certificate to /home/user/.purple/certificates/x509/tls_peers/c2s.company.com.webexconnect.com
(13:17:56) util: Writing file /home/user/.purple/certificates/x509/tls_peers/c2s.company.com.webexconnect.com
(13:17:56) nss: Trusting CN=isj4cmx.webexconnect.com,O=Cisco Systems,L=San Jose,ST=California,C=US
(13:17:56) certificate: Successfully verified certificate for c2s.company.com.webexconnect.com
(13:17:56) jabber: Sending (ssl) (user@company.com/Linux workstation): <stream:stream to='company.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(13:17:56) jabber: Recv (ssl)(175): <stream:stream xmlns='jabber:client' xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams' from='company.com'   id='8SVq1oeGUaFsqhET401Z2w11694' version='1.0'>
(13:17:56) jabber: Recv (ssl)(163): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>WEBEX-TOKEN</mechanism><mechanism>PLAIN</mechanism></mechanisms></stream:features>
(13:17:56) sasl: Mechs found: WEBEX-TOKEN PLAIN
(13:17:56) jabber: Sending (ssl) (user@company.com/Linux workstation): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
(13:17:56) jabber: Recv (ssl)(77): <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/></failure>
(13:17:56) sasl: Mechs found: WEBEX-TOKEN
(13:17:56) sasl: No worthy mechs found
(13:17:56) connection: Connection error on 0x13b0c40 (reason: 2 description: Not Authorized)
(13:17:56) jabber: Recv (ssl)(16): </stream:stream>
(13:17:56) account: Disconnecting account user@company.com/Linux workstation (0x8a7a30)
(13:17:56) connection: Disconnecting connection 0x13b0c40
(13:17:56) jabber: Sending (ssl) (user@company.com/Linux workstation): </stream:stream>
(13:17:56) connection: Destroying connection 0x13b0c40

Change History (1)

comment:1 Changed 3 years ago by kainz

Potentially resolved by #17070

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!