Authentication: stuck indefinitely with the message "Obtaining session-id…"

Can you share your cfg.lua file?

Hi @elois

I do not know if it also applies to your installation but on mine with Docker it is just:
AUTH_TYPE=internal

I also have:
ENABLE_AUTH=1
But I think you have this one as yours displays the login screen.

For the creation ot the user, did you use: user@[XMPP_DOMAIN] or user@jitsi.elo.tf ?

Michel-André

Hello everyone,

@elois
Could you solve the problem?

I have the same issue after updating to version 1.0.5056-1 under ubuntu 20.04 lts.

The symptom is identical to what the thread opener described.
Like in this thread too: Stuck in "Obtaining Session-Id" after enabled Authentication

On the other hand the issue seems to describe a bug in the docker version, which is already fixed like here: Hangs on "obtaining session-id" when using authentication (stable-5765). But we have no docker working.

On github the issue were reported too (After moderator-auth hangs at "retrieve session-id" · Issue #9561 · jitsi/jitsi-meet · GitHub) but until now it seems to me the dev team only thinking about a configuration mistake.
But I’m not sure it is about a configuration problem, because my installation was running absolutely flawless until updating to current version. Or were there some changes for configuration with the update?

Maybe it is possible to think in direction of a bug?

I’m a little wondering about that this topic is not completed. Not here and not in the other threads I found.

Here is my cfg.lua

unlimited_jids = { "focus@auth.jitsi.example.com", "jvb@auth.jitsi.example.com" }
plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "jitsi.example.com";

turncredentials_secret = "31YQP97yzPOYFomt";

turncredentials = {
  { type = "stun", host = "jitsi.example.com", port = "3478" },
  { type = "turn", host = "jitsi.example.com", port = "3478", transport = "udp" },
  { type = "turns", host = "jitsi.example.com", port = "5349", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;
 https_ports = { }; -- Remove this line to prevent listening on port 5284

-- https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=intermediate&openssl=1.1.0g&guideline=5.4
ssl = {
  protocol = "tlsv1_2+";
  ciphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}

VirtualHost "jitsi.example.com"
        -- enabled = false -- Remove this line to enable this host
        authentication = "internal_hashed"
--        authentication = "anonymous"
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        --app_id="example_app_id"
        --app_secret="example_app_secret"
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
                key = "/etc/prosody/certs/jitsi.example.com.key";
                certificate = "/etc/prosody/certs/jitsi.example.com.crt";
        }
        speakerstats_component = "speakerstats.jitsi.example.com"
        conference_duration_component = "conferenceduration.jitsi.example.com"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
            "muc_lobby_rooms";
        }
	admins = { "admin@jitsi.example.com" }
	allow_registration = false

        c2s_require_encryption = false
        lobby_muc = "lobby.jitsi.example.com"
        main_muc = "conference.jitsi.example.com"
        -- muc_lobby_whitelist = { "recorder.jitsi.example.com" } -- Here we can whitelist jibri to enter lobby enabled rooms

Component "conference.jitsi.example.com" "muc"
    restrict_room_creation = true
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
--        "token_verification";
--        "persist_muc_passwords";
--        "muc_config_restrict";
    }
    admins = { "focus@auth.jitsi.example.com admin@jitsi.example.com" }
--    default_storage = "memory"
--    storage = {
--	persistent_muc_passwds = "internal";
--    }
--    muc_config_restricted = {
--	"muc#roomconfig_roomsecret";
--    }
    muc_room_locking = false
    muc_room_default_public_jids = true
--    muc_room_default_persistent = true
    
-- internal muc component
Component "internal.auth.jitsi.example.com" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.jitsi.example.com", "jvb@auth.jitsi.example.com" }
    muc_room_locking = false
    muc_room_default_public_jids = true

VirtualHost "auth.jitsi.example.com"
    modules_enabled = { "limits_exception"; }
    ssl = {
        key = "/etc/prosody/certs/auth.jitsi.example.com.key";
        certificate = "/etc/prosody/certs/auth.jitsi.example.com.crt";
    }
    authentication = "internal_plain"

Component "focus.jitsi.example.com" "client_proxy"
    target_address = "focus@auth.jitsi.example.com"
    component_secret = "MVKo57c5"

Component "speakerstats.jitsi.example.com" "speakerstats_component"
    muc_component = "conference.jitsi.example.com"

Component "conferenceduration.jitsi.example.com" "conference_duration_component"
    muc_component = "conference.jitsi.example.com"

Component "lobby.jitsi.example.com" "muc"
    storage = "memory"
    restrict_room_creation = true
    muc_room_locking = false
    muc_room_default_public_jids = true


VirtualHost "guest.jitsi.example.com"	
    authentication = "anonymous"	
    c2s_require_encryption = false

jicofo.log

Jicofo 2021-07-20 23:17:13.907 INFO: [40] ConferenceIqHandler.handleConferenceIq#56: Focus request for room: madhaltsrankhighly@conference.jitsi.example.com
Jicofo 2021-07-20 23:17:13.910 INFO: [40] AbstractAuthAuthority.createNewSession#158: Authentication session created for admin@jitsi.example.com SID: 54ed472b-43b9-43a0-9705-58e11e765007
Jicofo 2021-07-20 23:17:13.912 INFO: [40] AbstractAuthAuthority.authenticateJidWithSession#431: Authenticated jid: admin@jitsi.example.com/6nEHPKop with session: AuthSession[ID=admin@jitsi.example.com, JID=admin@jitsi.example.com/6nEHPKop, SID=54ed472b-43b9-43a0-9705-58e11e765007, MUID=c8cb526ab393c3e4b27531bb734981b4, LIFE_TM_SEC=0, R=madhaltsrankhighly@conference.jitsi.example.com]@1169632741
Jicofo 2021-07-20 23:17:13.912 INFO: [40] AbstractAuthAuthority.notifyUserAuthenticated#339: Jid admin@jitsi.example.com/6nEHPKop authenticated as: admin@jitsi.example.com
Jicofo 2021-07-20 23:17:13.933 INFO: [40] [room=madhaltsrankhighly@conference.jitsi.example.com] JitsiMeetConferenceImpl.<init>#251: Created new conference, roomJid=madhaltsrankhighly@conference.jitsi.example.com
Jicofo 2021-07-20 23:17:13.935 INFO: [40] [room=madhaltsrankhighly@conference.jitsi.example.com] JitsiMeetConferenceImpl.joinTheRoom#433: Joining madhaltsrankhighly@conference.jitsi.example.com
Jicofo 2021-07-20 23:17:13.952 WARNING: [30] [room=] ChatRoomImpl.processPresence#839: Unable to handle packet: <presence to='focus@auth.jitsi.example.com/focus' from='madhaltsrankhighly@conference.jitsi.example.com/focus' id='7q9Xg-82' type='error'><error type='cancel'><not-allowed xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/><text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Room creation is restricted</text></error></presence>
Jicofo 2021-07-20 23:17:13.953 INFO: [40] [room=madhaltsrankhighly@conference.jitsi.example.com] JitsiMeetConferenceImpl.stop#410: Stopped.
Jicofo 2021-07-20 23:17:13.958 WARNING: [40] FocusManager.conferenceRequest#229: Exception while trying to start the conference
org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from madhaltsrankhighly@conference.jitsi.example.com/focus: XMPPError: not-allowed - cancel
	at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:132)
	at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:263)
	at org.jivesoftware.smackx.muc.MultiUserChat.enter(MultiUserChat.java:355)
	at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:498)
	at org.jivesoftware.smackx.muc.MultiUserChat.createOrJoin(MultiUserChat.java:444)
	at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.joinAs(ChatRoomImpl.java:248)
	at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.join(ChatRoomImpl.java:229)
	at org.jitsi.jicofo.JitsiMeetConferenceImpl.joinTheRoom(JitsiMeetConferenceImpl.java:448)
	at org.jitsi.jicofo.JitsiMeetConferenceImpl.start(JitsiMeetConferenceImpl.java:298)
	at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:224)
	at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:178)
	at org.jitsi.jicofo.FocusManager.conferenceRequest(FocusManager.java:157)
	at org.jitsi.jicofo.xmpp.ConferenceIqHandler.handleConferenceIq(ConferenceIqHandler.kt:65)
	at org.jitsi.jicofo.xmpp.ConferenceIqHandler.access$handleConferenceIq(ConferenceIqHandler.kt:36)
	at org.jitsi.jicofo.xmpp.ConferenceIqHandler$handleIQRequest$2.run(ConferenceIqHandler.kt:153)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
	at java.base/java.lang.Thread.run(Thread.java:832)

prosody.log

Jul 21 00:38:51 conference.jitsi.example.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host focus.jitsi.example.com!
Jul 21 00:38:51 conference.jitsi.example.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host conference.jitsi.example.com!
Jul 21 00:38:51 conferenceduration.jitsi.example.com:conference_duration_component	info	Hook to muc events on conference.jitsi.example.com
Jul 21 00:38:51 speakerstats.jitsi.example.com:speakerstats_component	info	Hook to muc events on conference.jitsi.example.com
Jul 21 00:38:51 conference.jitsi.example.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host guest.jitsi.example.com!
Jul 21 00:38:51 conference.jitsi.example.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host localhost!
Jul 21 00:38:51 jitsi.example.com:muc_lobby_rooms	info	Lobby component loaded lobby.jitsi.example.com
Jul 21 00:38:51 conference.jitsi.example.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host lobby.jitsi.example.com!
Jul 21 00:38:51 conference.jitsi.example.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host internal.auth.jitsi.example.com!
Jul 21 00:38:51 conference.jitsi.example.com:muc_domain_mapper	info	Loading mod_muc_domain_mapper for host auth.jitsi.example.com!
Jul 21 00:38:56 c2s5613d172e400	info	Client connected
Jul 21 00:38:56 c2s5613d172e400	info	Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Jul 21 00:38:56 c2s5613d172e400	info	Authenticated as jvb@auth.jitsi.example.com
Jul 21 00:38:59 c2s5613d1d8c230	info	Client connected
Jul 21 00:38:59 c2s5613d1d8c230	info	Stream encrypted (TLSv1.3 with TLS_AES_256_GCM_SHA384)
Jul 21 00:38:59 c2s5613d1d8c230	info	Authenticated as focus@auth.jitsi.example.com
Jul 21 00:39:41 mod_bosh	info	New BOSH session, assigned it sid '11dcc6ae-93a3-4eb8-ae92-f5b569e8902d'
Jul 21 00:39:42 bosh11dcc6ae-93a3-4eb8-ae92-f5b569e8902d	info	Authenticated as nftf12dmf0b_oqg-@guest.jitsi.example.com
Jul 21 00:40:09 mod_bosh	info	New BOSH session, assigned it sid '88c0a99f-ed43-47d5-8ddb-8d394bbe2587'
Jul 21 00:40:10 bosh88c0a99f-ed43-47d5-8ddb-8d394bbe2587	info	Authenticated as admin@jitsi.example.com

Thank you very much and best regards.

PS: Thank you for your great work! :slight_smile:

seeing exactly the same as @d0ntpanic

We’re using a slightly branded version of jitsi-meet and build it ourself. After updating jitsi-meet from 2.0.5870 to 2.0.5963 as well as updating the system packages coming from debian buster (prosody etc.), users are not longer able to authenticate because they are stuck at “Obtaining session-id”.

Both jicofo.log and prosody.log show exactly the same messages as posted by @d0ntpanic

experiencing the same issue.
Using
jitsi-meet
Version: 2.0.6173-1

jitsi-videobridge2
Version: 2.1-538-g062e9f56-1

prosody
Version: 0.11.4-1

jicofo
Version: 1.0-786-1

This might help:
Open the file /etc/jitsi/jicofo/sip-communicator.properties
And check if you have set the right FQDN (Fully Qualified Domain Name) in the line:
org.jitsi.jicofo.auth.URL=XMPP:YOUR_FQDN