XMPP SASL authentication on Ejabberd with PHP

StackOverflow https://stackoverflow.com/questions/1216427

  •  06-07-2019
  •  | 
  •  

Question

I'm trying to authenticate with an XMPP server using SASL. 

/**
     * Send Authentication, SASL
     * @return Bool
     * @param $username String
     * @param $password String
     */
    function authenticate($username, $password) {
        $this->username = $username;
        $this->password = $password;

        var_dump($username, $password, $this->domain);

        $auth = base64_encode($username.'@'.$this->domain."\u0000".$username."\u0000".$password);
        $xml = '<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">'.$auth.'</auth>';
        if ($this->write($xml)) {
            if ($xml = $this->listen(1, true)) {
                if (preg_match("/<success/i", $xml)) {
                    $this->authenticated = $this->_sendStream();
                }
            }
        }
        $this->events->trigger('authenticate', $this->authenticated);
        return $this->authenticated;
    }

The XMPP server however responds with:

<failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><bad-protocol/></failure>

This is against an Ejabberd server. When I open the XMPP stream, it advertises:

<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>DIGEST-MD5</mechanism><mechanism>PLAIN</mechanism></mechanisms><register xmlns='http://jabber.org/features/iq-register'/></stream:features>

So it seams to me that SASL - PLAIN should work. I have a JavaScript version, that works perfectly on OpenFire server. (I can't test it on Ejabberd at the moment) 

sendAuthentication: function() {
        clearTimeout(XMPP.sendAuthentication_timer);
        var auth = Base64.encode(XMPP.username+'@'+XMPP.domain+'\u0000'+XMPP.username+'\u0000'+XMPP.password);
        mySocket.events.receive.observe(XMPP.receivedAuthSuccess, function() {
            mySocket.send('<auth mechanism="PLAIN" xmlns="urn:ietf:params:xml:ns:xmpp-sasl">' + auth + '</auth>');
        });
    }

So I can't get why the PHP version is not working.

Was it helpful?

Solution 2

Figured out what the problem was. EJabberd will advertise SASL PLAIN and DIGEST-MD5 but will actually only accept DIGEST-MD5.

OTHER TIPS

Try this in Python:

Username+"@xmpp.poppen.lab"+ chr(0) + Username + chr(0) + Password

And for PHP also use chr(0) instead of "\u0000"

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top