Authentication: stuck indefinitely with the message "Obtaining session-id…"

Hello,

thanks for the development of this great tool that is Jitsi :smiley:

I decided to take the plunge and install my own instance of Jitsi, but I can’t get the authentication to work :confused:

I followed the guide here: Secure Domain setup · Jitsi Meet Handbook

When I try to create a room, jitsi does ask me to authenticate, but gets stuck indefinitely with the message “Obtaining session-id…” :

image

I don’t see any errors in the prosody logs:

Jun 09 00:56:45 portmanager	info	Activated service 'https' on no ports
Jun 09 00:56:45 jitsi.elo.tf:muc_lobby_rooms	info	Lobby component loaded lobby.jitsi.elo.tf
Jun 09 00:56:45 conference.jitsi.elo.tf:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host jitsi.elo.tf!
Jun 09 00:56:45 conference.jitsi.elo.tf:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host auth.jitsi.elo.tf!
Jun 09 00:56:45 conference.jitsi.elo.tf:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host guest.jitsi.elo.tf!
Jun 09 00:56:46 c2s5578951f8570	info	Client connected
Jun 09 00:56:46 c2s5578951f8570	info	Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Jun 09 00:56:46 c2s5578951f8570	info	Authenticated as jvb@auth.jitsi.elo.tf
Jun 09 00:56:48 c2s5578953f38a0	info	Client connected
Jun 09 00:56:48 c2s5578953f38a0	info	Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Jun 09 00:56:48 c2s5578953f38a0	info	Authenticated as focus@auth.jitsi.elo.tf
Jun 09 00:56:50 c2s5578953f38a0	info	Client disconnected: closed
Jun 09 00:56:51 c2s557894fa0050	info	Client connected
Jun 09 00:56:52 c2s557894fa0050	info	Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Jun 09 00:56:52 c2s557894fa0050	info	Authenticated as focus@auth.jitsi.elo.tf
Jun 09 00:56:55 c2s5578951f8570	info	Client disconnected: closed
Jun 09 00:56:56 c2s557895052570	info	Client connected
Jun 09 00:56:57 c2s557895052570	info	Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Jun 09 00:56:57 c2s557895052570	info	Authenticated as jvb@auth.jitsi.elo.tf
Jun 09 01:09:24 mod_bosh	info	New BOSH session, assigned it sid 'df875bcb-7008-475a-91e1-f891f1e253fc'
Jun 09 01:09:24 boshdf875bcb-7008-475a-91e1-f891f1e253fc	info	Authenticated as stb-cwecf-lcwv1e@guest.jitsi.elo.tf
Jun 09 01:09:51 mod_bosh	info	New BOSH session, assigned it sid '7df868c9-993c-49a0-bd68-3ffd2e33c591'
Jun 09 01:09:52 bosh7df868c9-993c-49a0-bd68-3ffd2e33c591	info	Authenticated as elois@jitsi.elo.tf

I don’t know how to do, can you please help me? Thanks :slight_smile:

My jitsi version: 2.0.5870-1

Do you see any errors in your browser js console?
Also, share your jicofo log.

Hi @elois

Your problem is that you don’t have an admin user for Prosody/XMPP

My installation is in /opt/jitsi.

Adjust in file: /opt/jitsi/.env

ENABLE_AUTH=1
AUTH_TYPE=internal
ENABLE_GUESTS=1

Name of the XMPP domain

# cat /opt/jitsi/.env | grep "XMPP_DOMAIN="
XMPP_DOMAIN=meet.jitsi

meet.jitsi

Declare who is the admin user, must be in the domain found above

In the file: /opt/jitsi/.jitsi-meet-cfg/prosody/config/prosody.cfg.lua

...
admins = {"michelandre@meet.jitsi"}
...

Recreate containers

# cd /opt/jitsi/ ; docker-compose up -d

Where is the mounted folder of Prosody/XMPP configuration file

# cat /opt/jitsi/docker-compose.yml | grep "XMPP server" -A 9
    # XMPP server
    prosody:
        image: jitsi/prosody:stable-5870
        restart: ${RESTART_POLICY}
        expose:
            - '5222'
            - '5347'
            - '5280'
        volumes:
            - ${CONFIG}/prosody/config:/config:Z

It is the last line:- ${CONFIG}/prosody/config:/config:Z

Find the short UUID of Prosody

# docker ps -a | grep prosody
4960b7fd1982   jitsi/prosody:stable-5870   "/init"                  24 hours ago   Up About an hour   5222/tcp, 5280/tcp, 5347/tcp

4960b7fd1982

Enter Prosody container

# docker exec -it 4960b7fd1982 bash

To make sure the config file is in /config

ls -ls /config/prosody.cfg.lua
8 -rw-r--r-- 1 root root 6645 Jun  5 19:50 /config/prosody.cfg.lua

Yes it is.

Create admin user

You have to use --config Path-From-Above and also the domain: meet.jitsi from above.

# prosodyctl  --config  /config/prosody.cfg.lua  adduser  michelandre@meet.jitsi
Enter new password: strong-password
Retype new password: strong-password

Exit container

# exit
exit

Now go to your Jitsi URL, and login as michelandre (or whatever name you used)

Voilà !

Michel-André

1 Like

@Michel-Andre Curious: How did you find out that @elois is using docker?

1 Like

Hi @Prashanth

My guess, because I’m using it with NethServer-7.9.2009 and there is no other way if not using Debian/Ubuntu.

With the above explanations, it should work.

Michel-André

1 Like

I only see warnings:

I have a NPE that keeps repeating in jicofo’s jog even when I’m not doing anything, I think it has nothing to do with my problem, especially since the session seems to be created well with my user.

Jicofo 2021-06-09 13:01:15.919 SEVERE: [69] JvbDoctor$HealthCheckTask.run#175: Error when doing health-check on: jvbbrewery@internal.auth.jitsi.elo.tf/665e8fd3-c2b8-45a7-847a-7731e9914392
java.lang.NullPointerException
	at java.base/java.util.Objects.requireNonNull(Objects.java:221)
	at org.jitsi.jicofo.bridge.JvbDoctor.getConnection(JvbDoctor.java:77)
	at org.jitsi.jicofo.bridge.JvbDoctor.access$300(JvbDoctor.java:42)
	at org.jitsi.jicofo.bridge.JvbDoctor$HealthCheckTask.doHealthCheck(JvbDoctor.java:208)
	at org.jitsi.jicofo.bridge.JvbDoctor$HealthCheckTask.run(JvbDoctor.java:171)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)
Jicofo 2021-06-09 13:01:19.602 INFO: [265] ConferenceIqHandler.handleConferenceIq#56: Focus request for room: test@conference.jitsi.elo.tf
Jicofo 2021-06-09 13:01:19.921 INFO: [265] ConferenceIqHandler.handleConferenceIq#56: Focus request for room: test@conference.jitsi.elo.tf
Jicofo 2021-06-09 13:01:24.877 INFO: [265] ConferenceIqHandler.handleConferenceIq#56: Focus request for room: test@conference.jitsi.elo.tf
Jicofo 2021-06-09 13:01:25.234 INFO: [265] ConferenceIqHandler.handleConferenceIq#56: Focus request for room: test@conference.jitsi.elo.tf
Jicofo 2021-06-09 13:01:25.234 INFO: [266] ConferenceIqHandler.handleConferenceIq#56: Focus request for room: test@conference.jitsi.elo.tf
Jicofo 2021-06-09 13:01:25.729 INFO: [266] ConferenceIqHandler.handleConferenceIq#56: Focus request for room: test@conference.jitsi.elo.tf
Jicofo 2021-06-09 13:01:25.729 INFO: [266] AbstractAuthAuthority.createNewSession#158: Authentication session created for elois@jitsi.elo.tf SID: f821bb33-d728-457e-a9f4-1d9c92b4fefa
Jicofo 2021-06-09 13:01:25.729 INFO: [266] AbstractAuthAuthority.authenticateJidWithSession#431: Authenticated jid: elois@jitsi.elo.tf/-pJ7ad7t with session: AuthSession[ID=elois@jitsi.elo.tf, JID=elois@jitsi.elo.tf/-pJ7ad7t, SID=f821bb33-d728-457e-a9f4-1d9c92b4fefa, MUID=ed2d18ee30ca4075cbc5fa0fddbf0ba0, LIFE_TM_SEC=0, R=test@conference.jitsi.elo.tf]@922683376
Jicofo 2021-06-09 13:01:25.729 INFO: [266] AbstractAuthAuthority.notifyUserAuthenticated#339: Jid elois@jitsi.elo.tf/-pJ7ad7t authenticated as: elois@jitsi.elo.tf
Jicofo 2021-06-09 13:01:25.918 SEVERE: [69] JvbDoctor$HealthCheckTask.run#175: Error when doing health-check on: jvbbrewery@internal.auth.jitsi.elo.tf/665e8fd3-c2b8-45a7-847a-7731e9914392
java.lang.NullPointerException

@Michel-Andre I installed jitsi via the debian package following this page.

Where should I declare this in the conf file? I have several VirtualHost, some of which already have an admin field pre-filled. Here is my conf:

# cat /etc/prosody/conf.avail/jitsi.elo.tf.cfg.lua
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "jitsi.elo.tf";

external_service_secret = "2r1kuTgjZa46LJP0";
external_services = {
     { type = "stun", host = "jitsi.elo.tf", port = 3478 },
     { type = "turn", host = "jitsi.elo.tf", port = 3478, transport = "udp", secret = true, ttl = 86400, algorithm = "turn" },
     { type = "turns", host = "jitsi.elo.tf", port = 5349, transport = "tcp", secret = true, ttl = 86400, algorithm = "turn" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
-- https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
    protocol = "tlsv1_2+";
    ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

VirtualHost "jitsi.elo.tf"
    -- enabled = false -- Remove this line to enable this host
    authentication = "internal_hashed"
    -- Properties below are modified by jitsi-meet-tokens package config
    -- and authentication above is switched to "token"
    --app_id="example_app_id"
    --app_secret="example_app_secret"
    -- Assign this host a certificate for TLS, otherwise it would use the one
    -- set in the global section (if any).
    -- Note that old-style SSL on port 5223 only supports one certificate, and will always
    -- use the global one.
    ssl = {
        key = "/etc/prosody/certs/jitsi.elo.tf.key";
        certificate = "/etc/prosody/certs/jitsi.elo.tf.crt";
    }
    speakerstats_component = "speakerstats.jitsi.elo.tf"
    conference_duration_component = "conferenceduration.jitsi.elo.tf"
    -- we need bosh
    modules_enabled = {
        "bosh";
        "pubsub";
        "ping"; -- Enable mod_ping
        "speakerstats";
        "external_services";
        "conference_duration";
        "muc_lobby_rooms";
    }
    c2s_require_encryption = false
    lobby_muc = "lobby.jitsi.elo.tf"
    main_muc = "conference.jitsi.elo.tf"
    -- muc_lobby_whitelist = { "recorder.jitsi.elo.tf" } -- Here we can whitelist jibri to enter lobby enabled rooms

VirtualHost "guest.jitsi.elo.tf"
    authentication = "anonymous"
    c2s_require_encryption = false

Component "conference.jitsi.elo.tf" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        --"token_verification";
    }
    admins = { "focus@auth.jitsi.elo.tf" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.jitsi.elo.tf" "muc"
    storage = "memory"
    modules_enabled = {
        "ping";
    }
    admins = { "focus@auth.jitsi.elo.tf", "jvb@auth.jitsi.elo.tf" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.jitsi.elo.tf"
    ssl = {
        key = "/etc/prosody/certs/auth.jitsi.elo.tf.key";
        certificate = "/etc/prosody/certs/auth.jitsi.elo.tf.crt";
    }
    authentication = "internal_hashed"

-- Proxy to jicofo's user JID, so that it doesn't have to register as a component.
Component "focus.jitsi.elo.tf" "client_proxy"
    target_address = "focus@auth.jitsi.elo.tf"

Component "speakerstats.jitsi.elo.tf" "speakerstats_component"
    muc_component = "conference.jitsi.elo.tf"

Component "conferenceduration.jitsi.elo.tf" "conference_duration_component"
    muc_component = "conference.jitsi.elo.tf"

Component "lobby.jitsi.elo.tf" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true

Assuming you have done changes only for secure domain(and no other changes), try moving the guest domain virtualhost block to just before the next virtualhost(after components)

Try with internal_plain authentication instead of hashed…

Verify if all firewall ports are properly opened…

Check if prosody is listening on port 5222…

If none of those work…verify all the steps from quick install guide…

Yes, it is :slight_smile:

After testing, it does not change anything.

With this change I get the error “Incorrect username or password”.

Even if I disable the firewall (all ports open), I have the same problem :confused:

I have already scrupulously rechecked all the steps of the guide one by one, I have applied them to the letter

Does anyone have a standalone jitsi server (debian package) and a basic authentication that works as shown here?

My case has no particular specificity and I applied the instructions to the letter, I do not understand why it does not work. I have the same problem on chrome and firefox. I’m starting to suspect a bug or an error in the documentation :thinking:

This, because you have to create new users, as auth mechanism has changed. Create a new user and check…restart prosody to be safe…Btw what’s your version of prosody?

Yes, I do have a running stand-alone jitsi server, installed with quick install guide…and works as expected…

1 Like

I do:

  • Replace authentication = "internal_hashed" by authentication = "internal_plain"
  • systemctl restart prosody
  • Delete and create again my user
  • systemctl restart prosody

And i got the same error: stuck indefinitely with the message “Obtaining session-id…”

0.11.2-1+deb10u2

Ok…One more suggestion from me…As it is taking time to find the issue with config…maybe try with this GitHub - pregalla/jitsi: Installer for Jitsi, Jigasi, and Jibri, (if you are willing to reinstall). Uninstall and install using that…Won’t take much time…should be done under 5 minutes…

I do:

apt remove --purge jitsi-*
apt remove --purge prosody
apt autoremove
git clone https://github.com/pregalla/jitsi.git
cd jitsi
chmod +x jitsi_setup.sh
export BEHIND_NAT="no"
export SERVER_FQDN="jitsi.elo.tf"
export HOST_NAME="jitsi.elo.tf"
./jitsi_setup.sh

Try to create a room from web client… and i get exactly the same error :confused:

The logs in the js console are the same as before:

I have the impression that the connection to the account succeeded, but that the Session ID returned is null, whereas it is indeed non-null in the prosody log!

Same error…stuck obtaining session-id? strange…works for me fine…

Prosody version changed to latest, yes?

yes

Indeed, 0.11.9-1~buster1

Try from a different browser, in incognito mode…!
Can you create a test user and share password. You may delete after 5 minutes…Will check if it works at my end…

Are all services running…? Check with option-3…

Out of ideas now…

I already try this

Ok, i create a user test / test :slight_smile:
My instance : https://jitsi.elo.tf

Hm same on my end too…stuck obtaining session-id…

@Prashanth did you notice anything in the js console when you tested?

Hm I didn’t look at js console logs…gave it a quick test…now the password has changed…

I had deleted the test account in the meantime, I just recreated it :slight_smile: