[Pidgin] #16965: XMPP failure due to SASL not recognizing WEBEX-TOKEN

Pidgin trac at pidgin.im
Mon Feb 22 16:33:19 EST 2016

#16965: XMPP failure due to SASL not recognizing WEBEX-TOKEN
 Reporter:  ppwaskie  |      Owner:  deryni
     Type:  defect    |     Status:  new
Milestone:            |  Component:  XMPP
  Version:  2.10.11   |   Keywords:  jabber xmpp webex
 I'm trying to get Pidgin to connect with my company's Jabber deployment.
 Unfortunately, the way it's deployed is as a hosted service, so we are
 required to use a SSO (single-sign-on) after the initial Jabber handshake.
 It appears to be because the authentication mechanism returned, of type
 WEBEX-TOKEN, is unknown to the SASL libraries.  So the authentication
 immediately fails.

 I have no plugins running when attempting this.  My workstation is running
 Gentoo Linux, Pidgin version 2.10.11, USE flags are: "dbus eds gstreamer
 gtk ncurses networkmanager nls sasl spell xscreensaver"

 Here's the snippet of the debug log, with accounts and company names
 changed to protect the innocent:

 (13:17:56) certificate/x509/tls_cached: Starting verify for
 (13:17:56) certificate/x509/tls_cached: Checking for cached cert...
 (13:17:56) certificate/x509/tls_cached: ...Found cached cert
 (13:17:56) nss/x509: Loading certificate from
 (13:17:56) certificate/x509/tls_cached: Peer cert matched cached
 (13:17:56) nss/x509: Exporting certificate to
 (13:17:56) util: Writing file
 (13:17:56) nss: Trusting CN=isj4cmx.webexconnect.com,O=Cisco Systems,L=San
 (13:17:56) certificate: Successfully verified certificate for
 (13:17:56) jabber: Sending (ssl) (user at company.com/Linux workstation):
 <stream:stream to='company.com' xmlns='jabber:client'
 xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
 (13:17:56) jabber: Recv (ssl)(175): <stream:stream xmlns='jabber:client'
 xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams'
 from='company.com'   id='8SVq1oeGUaFsqhET401Z2w11694' version='1.0'>
 (13:17:56) jabber: Recv (ssl)(163): <stream:features><mechanisms
 (13:17:56) sasl: Mechs found: WEBEX-TOKEN PLAIN
 (13:17:56) jabber: Sending (ssl) (user at company.com/Linux workstation):
 <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'
 xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-
 bind-result='true'>password removed</auth>
 (13:17:56) jabber: Recv (ssl)(77): <failure xmlns='urn:ietf:params:xml:ns
 (13:17:56) sasl: Mechs found: WEBEX-TOKEN
 (13:17:56) sasl: No worthy mechs found
 (13:17:56) connection: Connection error on 0x13b0c40 (reason: 2
 description: Not Authorized)
 (13:17:56) jabber: Recv (ssl)(16): </stream:stream>
 (13:17:56) account: Disconnecting account user at company.com/Linux
 workstation (0x8a7a30)
 (13:17:56) connection: Disconnecting connection 0x13b0c40
 (13:17:56) jabber: Sending (ssl) (user at company.com/Linux workstation):
 (13:17:56) connection: Destroying connection 0x13b0c40

Ticket URL: <https://developer.pidgin.im/ticket/16965>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list