[Pidgin] #16965: XMPP failure due to SASL not recognizing WEBEX-TOKEN
Pidgin
trac at pidgin.im
Mon Feb 22 16:33:19 EST 2016
#16965: XMPP failure due to SASL not recognizing WEBEX-TOKEN
----------------------+-------------------------------
Reporter: ppwaskie | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.10.11 | Keywords: jabber xmpp webex
----------------------+-------------------------------
I'm trying to get Pidgin to connect with my company's Jabber deployment.
Unfortunately, the way it's deployed is as a hosted service, so we are
required to use a SSO (single-sign-on) after the initial Jabber handshake.
It appears to be because the authentication mechanism returned, of type
WEBEX-TOKEN, is unknown to the SASL libraries. So the authentication
immediately fails.
I have no plugins running when attempting this. My workstation is running
Gentoo Linux, Pidgin version 2.10.11, USE flags are: "dbus eds gstreamer
gtk ncurses networkmanager nls sasl spell xscreensaver"
Here's the snippet of the debug log, with accounts and company names
changed to protect the innocent:
{{{
(13:17:56) certificate/x509/tls_cached: Starting verify for
c2s.company.com.webexconnect.com
(13:17:56) certificate/x509/tls_cached: Checking for cached cert...
(13:17:56) certificate/x509/tls_cached: ...Found cached cert
(13:17:56) nss/x509: Loading certificate from
/home/user/.purple/certificates/x509/tls_peers/c2s.company.com.webexconnect.com
(13:17:56) certificate/x509/tls_cached: Peer cert matched cached
(13:17:56) nss/x509: Exporting certificate to
/home/user/.purple/certificates/x509/tls_peers/c2s.company.com.webexconnect.com
(13:17:56) util: Writing file
/home/user/.purple/certificates/x509/tls_peers/c2s.company.com.webexconnect.com
(13:17:56) nss: Trusting CN=isj4cmx.webexconnect.com,O=Cisco Systems,L=San
Jose,ST=California,C=US
(13:17:56) certificate: Successfully verified certificate for
c2s.company.com.webexconnect.com
(13:17:56) jabber: Sending (ssl) (user at company.com/Linux workstation):
<stream:stream to='company.com' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(13:17:56) jabber: Recv (ssl)(175): <stream:stream xmlns='jabber:client'
xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams'
from='company.com' id='8SVq1oeGUaFsqhET401Z2w11694' version='1.0'>
(13:17:56) jabber: Recv (ssl)(163): <stream:features><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>WEBEX-
TOKEN</mechanism><mechanism>PLAIN</mechanism></mechanisms></stream:features>
(13:17:56) sasl: Mechs found: WEBEX-TOKEN PLAIN
(13:17:56) jabber: Sending (ssl) (user at company.com/Linux workstation):
<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'
xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-
bind-result='true'>password removed</auth>
(13:17:56) jabber: Recv (ssl)(77): <failure xmlns='urn:ietf:params:xml:ns
:xmpp-sasl'><not-authorized/></failure>
(13:17:56) sasl: Mechs found: WEBEX-TOKEN
(13:17:56) sasl: No worthy mechs found
(13:17:56) connection: Connection error on 0x13b0c40 (reason: 2
description: Not Authorized)
(13:17:56) jabber: Recv (ssl)(16): </stream:stream>
(13:17:56) account: Disconnecting account user at company.com/Linux
workstation (0x8a7a30)
(13:17:56) connection: Disconnecting connection 0x13b0c40
(13:17:56) jabber: Sending (ssl) (user at company.com/Linux workstation):
</stream:stream>
(13:17:56) connection: Destroying connection 0x13b0c40
}}}
--
Ticket URL: <https://developer.pidgin.im/ticket/16965>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list