Opened 3 years ago

Closed 22 months ago

#17070 closed patch (fixed)

Implementation of WEBEX-TOKEN SASL support

Reported by: kainz Owned by:
Milestone: Component: libpurple
Version: 2.11.0 Keywords: webex jabber sasl
Cc: rcouto, marsjaninzmarsa


Resolves defect #16965

This patch provides a basic implementation of WEBEX-TOKEN SASL auth support. This is required if you with to authenticate to a Cisco WebEx? Jabber system that is using Federated SSO.

This works by installing a WEBEX-TOKEN mechanism handler with priority one higher than cyrus-sasl so that it has a chance to authenticate before cyrus takes over the whole SASL workflow. (otherwise, auth-cyrus.c stops the workflow with a SASL_FAIL because it ends up trying PLAIN first.)

To use after building: from a Cisco Jabber install, look for a SSOAuthInfoStore.xml file. This should contain a URL on (or the like) specifying a SSO login url. Once you go to this with a browser and complete whatever authentication workflow is needed (I've tested with federated auth to an AD domain, so kerberos), you will get an XML stanza back called FederatedSSO.

In that returned stanza, you will need to copy the <jabbertoken> element, and use that as your password. <screenname> should match your user and domain elements in your account configuration. Finally, you will want to use the server in the <xmppjabbercluster> element as your target server to connect to. I do not recommend using the supplied BOSH uri at this time, as I haven't gotten that to work. Using regular SSL on 5222 works for me.

Once you have all this, you should be able to login, add buddies, and chat. I doubt any video/audio/screenshare functions will work, but I haven't had an opportunity to test that. Last but not least, after the <timetolive> (in seconds) expires, you will need to repeat the above workflow to get a new password.

Future work could be taken to automate all of the above, of course, but I wanted to get eyes on this proof-of-concept.

Attachments (1)

add-webex-token-sasl.patch (2.2 KB) - added by kainz 3 years ago.

Download all attachments as: .zip

Change History (5)

Changed 3 years ago by kainz


comment:2 Changed 3 years ago by ppwaskie

It's possible, but it looks like that changeset hasn't been merged yet.

comment:3 Changed 3 years ago by rcouto

Any news on this one? Thanks!

comment:4 Changed 22 months ago by strangeways

  • Resolution set to fixed
  • Status changed from new to closed

Closing as fixed since this is now tracked in Bitbucket under the aforementioned PR.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!