Focus issue on a JWT secured domain

I’ve got token authentication enabled but I seem to have a problem with Focus…can anyone tell me what might cause this error message or even where to look for more info?

Jicofo 2020-05-07 01:30:36.706 INFO: [53] org.jitsi.jicofo.xmpp.FocusComponent.processExtensions().381 Create room result: Result[c=1, msg=null]@17782230 for meta18@conference.mydomain.tld
Jicofo 2020-05-07 01:30:36.714 INFO: [53] org.jitsi.jicofo.FocusManager.log() Created new focus for meta18@conference.mydomain.tld@auth.mydomain.tld. Conference count 1,options:
Jicofo 2020-05-07 01:30:36.715 INFO: [53] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Joining the room: meta18@conference.mydomain.tld
Jicofo 2020-05-07 01:30:36.748 WARNING: [53] org.jitsi.xmpp.component.ComponentBase.log() PROCESSING TIME LIMIT EXCEEDED - it took 212ms to process: <iq type="set" to="focus.mydomain.tld" from="0e7e28fb-923c-430b-b0d1-0909adec28cc@mydomain.tld/QJzhQMIo" id="6925cd21-9fd2-411e-86ad-2dd8c155f36a:sendIQ"><conference xmlns="http://jitsi.org/protocol/focus" session-id="22e1ca94-9b0e-4375-8085-df148107db87" room="meta18@conference.mydomain.tld" machine-uid="01b5691bb599248c402937e89d84b2d0"><property name="channelLastN" value="-1"/><property name="disableRtx" value="false"/><property name="enableLipSync" value="false"/><property name="openSctp" value="true"/></conference></iq>
Jicofo 2020-05-07 01:30:36.809 INFO: [22] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Chat room event ChatRoomMemberPresenceChangeEvent[type=MemberJoined sourceRoom=org.jitsi.impl.protocol.xmpp.ChatRoomImpl@6435c45c member=ChatMember[meta18@conference.mydomain.tld/0e7e28fb, jid: null]@1264374815]
Jicofo 2020-05-07 01:30:36.813 SEVERE: [22] org.jitsi.jicofo.ChatRoomRoleAndPresence.log() Failed to grant owner status to 0e7e28fb-923c-430b-b0d1-0909adec28cc@mydomain.tld/QJzhQMIo
java.lang.RuntimeException: Failed to grant owner: <iq to='focus@auth.mydomain.tld/focus11084573280' from='meta18@conference.mydomain.tld' id='rwkSj-104' type='error'><error type='modify'><not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
        at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.grantOwnership(ChatRoomImpl.java:808)
        at org.jitsi.jicofo.ChatRoomRoleAndPresence.grantOwner(ChatRoomRoleAndPresence.java:332)
        at org.jitsi.jicofo.ChatRoomRoleAndPresence.electNewOwner(ChatRoomRoleAndPresence.java:247)
        at org.jitsi.jicofo.ChatRoomRoleAndPresence.memberPresenceChanged(ChatRoomRoleAndPresence.java:159)
        at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.lambda$notifyMemberJoined$1(ChatRoomImpl.java:917)
        at java.util.concurrent.CopyOnWriteArrayList.forEach(CopyOnWriteArrayList.java:891)
        at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.notifyMemberJoined(ChatRoomImpl.java:917)
        at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.processOtherPresence(ChatRoomImpl.java:1206)
        at org.jitsi.impl.protocol.xmpp.ChatRoomImpl.processPresence(ChatRoomImpl.java:1255)
        at org.jivesoftware.smackx.muc.MultiUserChat$3.processStanza(MultiUserChat.java:251)
        at org.jivesoftware.smack.AbstractXMPPConnection$6.run(AbstractXMPPConnection.java:1263)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Jicofo 2020-05-07 01:30:36.814 INFO: [22] org.jitsi.jicofo.JitsiMeetConferenceImpl.log() Member meta18@conference.mydomain.tld/0e7e28fb joined.

Probably your focus user is not admin https://github.com/jitsi/jitsi-meet/blob/bdd129b9a2c6d98d384e6e53eeb2e33ec8a183cf/doc/debian/jitsi-meet-prosody/prosody.cfg.lua-jvb.example#L52

Thanks for the reply. Focus was in admins, but I had been trying out the third-party token_moderation module…and it was causing this. I’ve commented it out and the focus errors went away, but now I seem to be getting odd auth errors on trying to place outgoing calls and receive incoming calls with jigasi (but transcribe works fine).

Both seem to be having hard-to-troubleshoot auth errors…trying to do anonymous auth…pretty sure I don’t understand why? Any help you can give me would be greatly appreciated!

The outbound calls look like this:

   00:49:13 RECV (0): <iq id='amlnYXNpQGF1dGguZWNtZWV0NS5lY2xkLmlvL2ppdHNpLTNic3Yya2kAbWtGUlktMjQzNAAliJqplTTnSLekEH0CwkTj' type='set' to='jigasi@auth.mydomain.tld/jitsi-3bsv2ki' from='jigasibrewery@internal.auth.ecmeet5.ecld.io/focus'><dial xmlns='urn:xmpp:rayo:1' to='14155551212' from='fromnumber'><header value='meta@conference.ecmeet5.ecld.io' name='JvbRoomName'/></dial></iq>
2020-05-08 00:49:13.775 WARNING: [167] org.jitsi.jigasi.xmpp.CallControl.checkAuthorized().287 Requests are not secured by JID filter!
2020-05-08 00:49:13.776 INFO: [167] org.jitsi.jigasi.xmpp.CallControl.handleDialIq().211 [ctx=158889895377454806411] Got dial request fromnumber -> 14155551212 room: meta@conference.mydomain.tld
2020-05-08 00:49:13.776 INFO: [167] org.jitsi.jigasi.JvbConference.start().422 [ctx=158889895377454806411] Starting JVB conference room: meta@conference.mydomain.tld
2020-05-08 00:49:13.780 INFO: [167] org.jitsi.jigasi.JvbConference.setXmppProvider().553 [ctx=158889895377454806411] Using ProtocolProviderServiceJabberImpl(Jabber:1078da6a@mydomain.tld/1078da6a)
00:49:13 SENT (2): <stream:stream xmlns='jabber:client' to='mydomain.tld' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
00:49:13 RECV (2): <?xml version='1.0'?><stream:stream id='822ad5a6-21e4-48dc-96a2-01c3ab34d80f' xmlns='jabber:client' xml:lang='en' version='1.0' xmlns:stream='http://etherx.jabber.org/streams' from='mydomain.tld'><stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>ANONYMOUS</mechanism></mechanisms></stream:features>
00:49:13 SENT (2): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>
00:49:13 RECV (2): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
00:49:13 SENT (2): <stream:stream xmlns='jabber:client' to='mydomain.tld' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
00:49:13 RECV (2): <?xml version='1.0'?><stream:stream id='65fcd659-2323-45bd-8f66-96fc1838938f' xmlns='jabber:client' xml:lang='en' version='1.0' xmlns:stream='http://etherx.jabber.org/streams' from='mydomain.tld'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>ANONYMOUS</mechanism></mechanisms></stream:features>
2020-05-08 00:49:13.860 INFO: [169] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().127 Jingle : ON
2020-05-08 00:49:13.860 INFO: [169] org.jitsi.jigasi.JvbConference.registrationStateChanged().606 [ctx=158889895377454806411] Registering XMPP.
00:49:13 SENT (2): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='ANONYMOUS'>=</auth>
00:49:13 RECV (2): <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-allowed/><text>token required</text></failure>
2020-05-08 00:49:13.862 WARNING: [172] org.jivesoftware.smack.sasl.SASLError.fromString() Could not transform string 'not_allowed' to SASLError
java.lang.IllegalArgumentException: No enum constant org.jivesoftware.smack.sasl.SASLError.not_allowed
        at java.lang.Enum.valueOf(Enum.java:238)
        at org.jivesoftware.smack.sasl.SASLError.valueOf(SASLError.java:27)
        at org.jivesoftware.smack.sasl.SASLError.fromString(SASLError.java:51)
        at org.jivesoftware.smack.sasl.packet.SaslStreamElements$SASLFailure.<init>(SaslStreamElements.java:209)
        at org.jivesoftware.smack.util.PacketParserUtils.parseSASLFailure(PacketParserUtils.java:797)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1099)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
        at java.lang.Thread.run(Thread.java:748)
2020-05-08 00:49:13.863 SEVERE: [169] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using ANONYMOUS: not-allowed
        at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
        at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
        at java.lang.Thread.run(Thread.java:748)
00:49:13 SENT (2): <presence id='1uX0H-135' type='unavailable'></presence>
00:49:13 SENT (2):
00:49:13 SENT (2): </stream:stream>
00:49:13 RECV (2): <presence id='1uX0H-135' type='error'><error type='cancel'><service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></presence>
00:49:13 RECV (2): </stream:stream>
2020-05-08 00:49:13.876 SEVERE: [169] org.jitsi.jigasi.JvbConference.registrationStateChanged().610 [ctx=158889895377454806411] XMPP Connection failed.
2020-05-08 00:49:13.876 WARNING: [169] org.jitsi.jigasi.JvbConference.leaveConferenceRoom().883 [ctx=158889895377454806411] MUC room is null
2020-05-08 00:49:18.782 SEVERE: [167] org.jitsi.jigasi.xmpp.CallControlMucActivator.processIQ().596 Error processing RayoIq
java.lang.Exception: Fail to join muc!
        at org.jitsi.jigasi.xmpp.CallControlMucActivator$WaitToJoinRoom.waitToJoinRoom(CallControlMucActivator.java:682)
        at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.setDialResponseAndRegisterHangUpHandler(CallControlMucActivator.java:628)
        at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.processIQ(CallControlMucActivator.java:585)
        at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.processIQ(CallControlMucActivator.java:563)
        at org.jitsi.jigasi.xmpp.CallControlMucActivator$RayoIqHandler.handleIQRequest(CallControlMucActivator.java:735)
        at org.jivesoftware.smack.AbstractXMPPConnection$4.run(AbstractXMPPConnection.java:1188)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
00:49:18 SENT (0): <iq to='jigasibrewery@internal.auth.mydomain.tld/focus' id='amlnYXNpQGF1dGguZWNtZWV0NS5lY2xkLmlvL2ppdHNpLTNic3Yya2kAbWtGUlktMjQzNAAliJqplTTnSLekEH0CwkTj' type='error'><error type='cancel'><internal-server-error xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/><text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas' xml:lang='en'>Fail to join muc!</text></error></iq>

The inbound calls look like this:

2020-05-08 00:50:23.893 INFO: [178] org.jitsi.jigasi.SipGateway.incomingCallReceived().196 [ctx=15888990238932143091789] Incoming call received...
2020-05-08 00:50:23.898 INFO: [179] org.jitsi.jigasi.SipGatewaySession.run().1450 [ctx=15888990238932143091789] Wait thread cancelled
2020-05-08 00:50:23.899 INFO: [178] org.jitsi.jigasi.JvbConference.start().422 [ctx=15888990238932143091789] Starting JVB conference room: Meta
2020-05-08 00:50:23.903 INFO: [178] org.jitsi.jigasi.JvbConference.setXmppProvider().553 [ctx=15888990238932143091789] Using ProtocolProviderServiceJabberImpl(Jabber:5266501a@mydomain.tld/5266501a)
00:50:23 SENT (3): <stream:stream xmlns='jabber:client' to='mydomain.tld' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
00:50:23 RECV (3): <?xml version='1.0'?><stream:stream id='006d0eee-6ed4-45d5-afa5-dadf15501382' xmlns='jabber:client' xml:lang='en' version='1.0' xmlns:stream='http://etherx.jabber.org/streams' from='mydomain.tld'><stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>ANONYMOUS</mechanism></mechanisms></stream:features>
00:50:23 SENT (3): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>
00:50:23 RECV (3): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
00:50:23 SENT (3): <stream:stream xmlns='jabber:client' to='mydomain.tld' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
00:50:23 RECV (3): <?xml version='1.0'?><stream:stream id='d6b32870-ebcc-463d-aa9a-ff1a2a8ce826' xmlns='jabber:client' xml:lang='en' version='1.0' xmlns:stream='http://etherx.jabber.org/streams' from='mydomain.tld'><stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>ANONYMOUS</mechanism></mechanisms></stream:features>
2020-05-08 00:50:23.986 INFO: [181] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().127 Jingle : ON
2020-05-08 00:50:23.987 INFO: [181] org.jitsi.jigasi.JvbConference.registrationStateChanged().606 [ctx=15888990238932143091789] Registering XMPP.
00:50:23 SENT (3): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='ANONYMOUS'>=</auth>
00:50:23 RECV (3): <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-allowed/><text>token required</text></failure>
2020-05-08 00:50:23.988 WARNING: [184] org.jivesoftware.smack.sasl.SASLError.fromString() Could not transform string 'not_allowed' to SASLError
java.lang.IllegalArgumentException: No enum constant org.jivesoftware.smack.sasl.SASLError.not_allowed
    at java.lang.Enum.valueOf(Enum.java:238)
    at org.jivesoftware.smack.sasl.SASLError.valueOf(SASLError.java:27)
    at org.jivesoftware.smack.sasl.SASLError.fromString(SASLError.java:51)
    at org.jivesoftware.smack.sasl.packet.SaslStreamElements$SASLFailure.<init>(SaslStreamElements.java:209)
    at org.jivesoftware.smack.util.PacketParserUtils.parseSASLFailure(PacketParserUtils.java:797)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1099)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
    at java.lang.Thread.run(Thread.java:748)
2020-05-08 00:50:23.989 SEVERE: [181] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using ANONYMOUS: not-allowed
    at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
    at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
    at java.lang.Thread.run(Thread.java:748)
00:50:23 SENT (3): <presence id='1uX0H-157' type='unavailable'></presence>
00:50:23 SENT (3):
00:50:23 SENT (3): </stream:stream>
00:50:23 RECV (3): <presence id='1uX0H-157' type='error'><error type='cancel'><service-unavailable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></presence>
00:50:23 RECV (3): </stream:stream>
2020-05-08 00:50:23.995 SEVERE: [181] org.jitsi.jigasi.JvbConference.registrationStateChanged().610 [ctx=15888990238932143091789] XMPP Connection failed.
2020-05-08 00:50:23.996 WARNING: [181] org.jitsi.jigasi.JvbConference.leaveConferenceRoom().883 [ctx=15888990238932143091789] MUC room is null
2020-05-08 00:50:26.418 INFO: [189] org.jitsi.jigasi.SipGatewaySession.handleCallState().1318 [ctx=15888990238932143091789] SIP call ended: CallPeerChangeEvent: type=CallPeerStatusChange oldV=net.java.sip.communicator.service.protocol.CallPeerState:Incoming Call newV=net.java.sip.communicator.service.protocol.CallPeerState:Disconnected for peer=PRIVATE NAME <+14155551212@provider.tld>;status=Disconnected
2020-05-08 00:50:26.418 INFO: [189] org.jitsi.jigasi.SipGatewaySession.sipCallEnded().585 [ctx=15888990238932143091789] Sip call ended: Call: id=15888990238271770112366 peers=0
2020-05-08 00:50:26.421 WARNING: [189] org.jitsi.jigasi.JvbConference.leaveConferenceRoom().883 [ctx=15888990238932143091789] MUC room is null

My jigasi configuration looks like this:
org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME=siptest

net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false

net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10

net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=true

net.java.sip.communicator.impl.protocol.sip.acc1403273890647=acc1403273890647
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:conference@provider.tld
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD=[base64-secret]
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=provider.tld
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=conference@provider.tld
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_METHOD=OPTIONS
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.AMR-WB/16000=750
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=700
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.iLBC/8000=10
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.opus/48000=1000
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DEFAULT_ENCRYPTION=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1=acc-xmpp-1
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ACCOUNT_UID=Jabber:jigasi@auth.mydomain.tld@mydomain.tld
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.USER_ID=jigasi@auth.mydomain.tld
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_SERVER_OVERRIDDEN=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_ADDRESS=127.0.0.1
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_PORT=5222
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.ALLOW_NON_SECURE=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PASSWORD=[base64-secret]
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.RESOURCE_PRIORITY=30
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.KEEP_ALIVE_METHOD=XEP-0199
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.KEEP_ALIVE_INTERVAL=30
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.CALLING_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.JINGLE_NODES_ENABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_CARBON_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_USE_ICE=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_ACCOUNT_DISABLED=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_PREFERRED_PROTOCOL=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.AUTO_DISCOVER_JINGLE_NODES=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.PROTOCOL=Jabber
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_USE_UPNP=false
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IM_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.SERVER_STORED_INFO_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.IS_FILE_TRANSFER_DISABLED=true
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.DOMAIN_BASE=mydomain.tld
net.java.sip.communicator.impl.protocol.jabber.acc-xmpp-1.BREWERY=JigasiBrewery@internal.auth.mydomain.tld
org.jitsi.jigasi.BREWERY_ENABLED=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PREVENT_AUTH_LOGIN=true

net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DOMAIN_BASE=mydomain.tld

org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=127.0.0.1
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true

org.jitsi.jigasi.xmpp.acc.DOMAIN_BASE=mydomain.tld

org.jitsi.jigasi.xmpp.acc.USER_ID=transcribe@recorder.mydomain.tld
org.jitsi.jigasi.xmpp.acc.PASS=[cleartext-secret]
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
org.jitsi.jigasi.xmpp.acc.MUC_SERVICE_ADDRESS=conference.mydomain.tld
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true

net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true

org.jitsi.jigasi.ENABLE_TRANSCRIPTION=true
org.jitsi.jigasi.ENABLE_SIP=true
org.jitsi.jigasi.transcription.DIRECTORY=/var/lib/jigasi/transcripts
org.jitsi.jigasi.transcription.BASE_URL=http://localhost/
org.jitsi.jigasi.transcription.jetty.port=-1
org.jitsi.jigasi.transcription.ADVERTISE_URL=false
org.jitsi.jigasi.transcription.SAVE_JSON=false
org.jitsi.jigasi.transcription.SAVE_TXT=true
org.jitsi.jigasi.transcription.SEND_JSON=true
org.jitsi.jigasi.transcription.SEND_TXT=false
org.jitsi.jigasi.transcription.ENABLE_TRANSLATION=false

org.jitsi.impl.neomedia.transform.csrc.CsrcTransformEngine.DISCARD_CONTRIBUTING_SOURCES=true
net.java.sip.communicator.service.protocol.JITSI_MEET_ROOM_HEADER_NAME=X-Conference-Room
net.java.sip.communicator.service.protocol.JITSI_MEET_ROOM_PASS_HEADER_NAME=X-Conference-Password
net.java.sip.communicator.impl.protocol.sip.SKIP_REINVITE_ON_FOCUS_CHANGE_PROP=true

My prosody looks like this:

plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }

-- domain mapper options, must at least have domain base set to use the mapper
muc_mapper_domain_base = "mydomain.tld";

turncredentials_secret = "[cleartext-secret]";

turncredentials = {
  { type = "stun", host = "mydomain.tld", port = "4445" },
  { type = "turn", host = "mydomain.tld", port = "4445", transport = "udp" },
  { type = "turns", host = "mydomain.tld", port = "443", transport = "tcp" }
};

cross_domain_bosh = false;
consider_bosh_secure = true;

VirtualHost "mydomain.tld"
        -- enabled = false -- Remove this line to enable this host
        authentication = "token"
        --authentication = "token";
        -- Properties below are modified by jitsi-meet-tokens package config
        -- and authentication above is switched to "token"
        app_id="myapp"
        app_secret="[cleartext-secret]"
        allow_empty_token = false;
        -- Assign this host a certificate for TLS, otherwise it would use the one
        -- set in the global section (if any).
        -- Note that old-style SSL on port 5223 only supports one certificate, and will always
        -- use the global one.
        ssl = {
               key = "/etc/prosody/certs/mydomain.tld.key";
               certificate = "/etc/prosody/certs/mydomain.tld.crt";
        }
        c2s_require_encryption = false
        speakerstats_component = "speakerstats.mydomain.tld"
        conference_duration_component = "conferenceduration.mydomain.tld"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
            "speakerstats";
            "turncredentials";
            "conference_duration";
            "presence_identity";
        }
        c2s_require_encryption = false

Component "conference.mydomain.tld" "muc"
    storage = "memory"
    modules_enabled = {
        "muc_meeting_id";
        "muc_domain_mapper";
        "token_verification";
        --"token_moderation";
    }
    admins = { "focus@auth.mydomain.tld" }
    muc_room_locking = false
    muc_room_default_public_jids = true

-- internal muc component
Component "internal.auth.mydomain.tld" "muc"
    storage = "memory"
    modules_enabled = {
      "ping";
    }
    admins = { "focus@auth.mydomain.tld", "jvb@auth.mydomain.tld" }
    muc_room_locking = false
    muc_room_default_public_jids = true
    muc_room_cache_size = 1000

VirtualHost "auth.mydomain.tld"
    ssl = {
        key = "/etc/prosody/certs/auth.mydomain.tld.key";
        certificate = "/etc/prosody/certs/auth.mydomain.tld.crt";
    }
    authentication = "internal_plain"

VirtualHost "recorder.mydomain.tld"
  ssl = {
          key = "/etc/prosody/certs/recorder.mydomain.tld.key";
          certificate = "/etc/prosody/certs/auth.mydomain.tld.crt";
  }
  modules_enabled = {
    "ping";
  }
  authentication = "internal_plain"

Component "focus.mydomain.tld"
    component_secret = "[cleartext-secret]"

Component "speakerstats.mydomain.tld" "speakerstats_component"
    muc_component = "conference.mydomain.tld"

Component "conferenceduration.mydomain.tld" "conference_duration_component"
    muc_component = "conference.mydomain.tld"

Component "callcontrol.mydomain.tld" component_secret = "[cleartext-secret]"

You can configure your jigasi to use bosh by adding a token in the configured bosh url.


Add there “?jwt=…” and add a valid token.

And same here https://github.com/jitsi/jigasi/blob/master/jigasi-home/sip-communicator.properties#L85

I really appreciate you being so responsive…thank you. I tried to implement what you’ve described (I created a token with a long expiration and wildcard for rooms, tested it in a browser (works), and added it to the BOSH_URL_PATTERN), but it has failed miserably.
Despite my BOSH seeming to respond correctly on https://mydomain.tld/http-bind, it doesn’t seem to want to validate any of my authentication requests (see logs below). I’ve double checked that the users exist and passwords are what I believe them to be, etc…but keep getting some kind of issue…the requests show up in the nginx logs but obviously something is not happy, The error message says “no response from mydomain.tld:443” …any suggestions on what I might be doing wrong or how to fix this?

Also, Jigasi seems to come up in some strange state and require one or more restarts to be “happy” (although “happy” is bit of a strange term considering the logs below…). Is there a bug or is this just another symptom of my issues? Any help you could provide on getting BOSH and Jigasi happier would be greatly appreciated.

  22:43:32 RECV (0): <iq to='jigasi@auth.mydomain.tld/jitsi-1pdtvqq' id='amlnYXNpQGF1dGguZWNtZWV0NS5lY2xkLmlvL2ppdHNpLTFwZHR2cXEAT3Rxa2stMTI0ACk0TZM8y9IujjaWTMlxQ8c=' from='jigasibrewery@internal.auth.mydomain.tld/focus' type='set'><dial to='14155551212' from='fromnumber' xmlns='urn:xmpp:rayo:1'><header name='JvbRoomName' value='meta1@conference.mydomain.tld'/></dial></iq>
2020-05-08 22:43:32.908 WARNING: [70] org.jitsi.jigasi.xmpp.CallControl.checkAuthorized().287 Requests are not secured by JID filter!
2020-05-08 22:43:32.909 INFO: [70] org.jitsi.jigasi.xmpp.CallControl.handleDialIq().211 [ctx=1588977812907882812095] Got dial request fromnumber -> 14155551212 room: meta1@conference.mydomain.tld
2020-05-08 22:43:32.921 INFO: [70] org.jitsi.jigasi.JvbConference.start().422 [ctx=1588977812907882812095] Starting JVB conference room: meta1@conference.mydomain.tld
2020-05-08 22:43:32.937 INFO: [70] org.jitsi.jigasi.JvbConference.setXmppProvider().553 [ctx=1588977812907882812095] Using ProtocolProviderServiceJabberImpl(Jabber:778b27a9@mydomain.tld/778b27a9)
2020-05-08 22:43:33.010 INFO: [80] org.igniterealtime.jbosh.BOSHClient.init() Starting with 1 request processors
2020-05-08 22:43:33.269 WARNING: [81] org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown() shutdown
java.lang.NullPointerException
	at org.igniterealtime.jbosh.BOSHClient.send(BOSHClient.java:494)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:586)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:567)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown(XMPPBOSHConnection.java:266)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.notifyConnectionError(XMPPBOSHConnection.java:417)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection$BOSHConnectionListener.connectionEvent(XMPPBOSHConnection.java:464)
	at org.igniterealtime.jbosh.BOSHClient.fireConnectionClosedOnError(BOSHClient.java:1684)
	at org.igniterealtime.jbosh.BOSHClient.dispose(BOSHClient.java:713)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1138)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
2020-05-08 22:43:33.270 WARNING: [81] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPBOSHConnection[not-authenticated] (1) closed with error
org.igniterealtime.jbosh.BOSHException: Could not obtain response
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:251)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:192)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1123)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.NoHttpResponseException: mydomain.tld:443 failed to respond
	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:143)
	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
	at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
	at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:283)
	at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:251)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:223)
	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:235)
	... 6 more
2020-05-08 22:43:33.277 INFO: [80] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().127 Jingle : ON
2020-05-08 22:43:33.278 INFO: [80] org.jitsi.jigasi.JvbConference.registrationStateChanged().606 [ctx=1588977812907882812095] Registering XMPP.
2020-05-08 22:43:33.279 WARNING: [80] org.jivesoftware.smack.SASLAuthentication.selectMechanism() Server did not report any SASL mechanisms
2020-05-08 22:43:33.279 SEVERE: [80] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: []. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].
	at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:361)
	at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:192)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.loginInternal(XMPPBOSHConnection.java:222)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:491)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:448)
	at net.java.sip.communicator.impl.protocol.jabber.AnonymousLoginStrategy.login(AnonymousLoginStrategy.java:84)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1371)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:970)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:795)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:500)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2020-05-08 22:43:33.283 INFO: [80] org.igniterealtime.jbosh.BOSHClient.init() Starting with 1 request processors
2020-05-08 22:43:33.347 WARNING: [83] org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown() shutdown
java.lang.NullPointerException
	at org.igniterealtime.jbosh.BOSHClient.send(BOSHClient.java:494)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:586)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:567)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown(XMPPBOSHConnection.java:266)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.notifyConnectionError(XMPPBOSHConnection.java:417)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection$BOSHConnectionListener.connectionEvent(XMPPBOSHConnection.java:464)
	at org.igniterealtime.jbosh.BOSHClient.fireConnectionClosedOnError(BOSHClient.java:1684)
	at org.igniterealtime.jbosh.BOSHClient.dispose(BOSHClient.java:713)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1138)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
2020-05-08 22:43:33.348 WARNING: [83] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPBOSHConnection[not-authenticated] (2) closed with error
org.igniterealtime.jbosh.BOSHException: Could not obtain response
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:251)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:192)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1123)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:999)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1728)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.http.NoHttpResponseException: mydomain.tld:443 failed to respond
	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:143)
	at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
	at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
	at org.apache.http.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:283)
	at org.apache.http.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:251)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:223)
	at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:235)
	... 6 more
2020-05-08 22:43:33.355 INFO: [80] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().127 Jingle : ON
2020-05-08 22:43:33.355 INFO: [80] org.jitsi.jigasi.JvbConference.registrationStateChanged().606 [ctx=1588977812907882812095] Registering XMPP.
2020-05-08 22:43:33.356 WARNING: [80] org.jivesoftware.smack.SASLAuthentication.selectMechanism() Server did not report any SASL mechanisms
2020-05-08 22:43:33.356 SEVERE: [80] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: []. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].
	at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:361)
	at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:192)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.loginInternal(XMPPBOSHConnection.java:222)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:491)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:448)
	at net.java.sip.communicator.impl.protocol.jabber.AnonymousLoginStrategy.login(AnonymousLoginStrategy.java:84)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1371)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:970)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:795)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:500)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2020-05-08 22:43:33.358 SEVERE: [80] org.jitsi.jigasi.JvbConference.registrationStateChanged().610 [ctx=1588977812907882812095] XMPP Connection failed.
2020-05-08 22:43:33.358 WARNING: [80] org.jitsi.jigasi.JvbConference.leaveConferenceRoom().883 [ctx=1588977812907882812095] MUC room is null
2020-05-08 22:43:37.939 SEVERE: [70] org.jitsi.jigasi.xmpp.CallControlMucActivator.processIQ().596 Error processing RayoIq
java.lang.Exception: Fail to join muc!
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$WaitToJoinRoom.waitToJoinRoom(CallControlMucActivator.java:682)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.setDialResponseAndRegisterHangUpHandler(CallControlMucActivator.java:628)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.processIQ(CallControlMucActivator.java:585)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$DialIqHandler.processIQ(CallControlMucActivator.java:563)
	at org.jitsi.jigasi.xmpp.CallControlMucActivator$RayoIqHandler.handleIQRequest(CallControlMucActivator.java:735)
	at org.jivesoftware.smack.AbstractXMPPConnection$4.run(AbstractXMPPConnection.java:1188)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
22:43:37 SENT (0): <iq to='jigasibrewery@internal.auth.mydomain.tld/focus' id='amlnYXNpQGF1dGguZWNtZWV0NS5lY2xkLmlvL2ppdHNpLTFwZHR2cXEAT3Rxa2stMTI0ACk0TZM8y9IujjaWTMlxQ8c=' type='error'><error type='cancel'><internal-server-error xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/><text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas' xml:lang='en'>Fail to join muc!</text></error></iq>

Now on a second thought … you can just add authentication of jigasi on different domain jigasi@myinternal.auth.domain.com which is using authentication = "internal_plain" and remove the bosh … What bothers me is the token_verification on the muc … maybe that will not let in jigasi … and needs changing … not sure.

I’ve kinda got it working but not ideally. I added an anonymous VirtualHost and that seems to allow inbound calls to work. I’m not able to get SIP or Jabber to authenticate against the token in any way (I’m suspecting there’s a character limit somewhere in bosh so the entire token doesn’t make it…at least that’s my guess), so I’m only getting things to work due to the jigasi.xmpp.acc login (and the anonymous domain, which combined with allow_empty_token = false, seems to not accept web-based users through an unmodified client but let SIP dial-in work)…yikes what a hack job! In this arrangement, I seem to need to chose between hiding the transcriber and seeing my SIP users (inbound and outbound)… There’s got to be a better way…any ideas?

Seems like there should be a way to bypass auth certain things…like transcribers, inbound and outbound sip users, etc…but I’m just not close enough to the code yet to figure that one out…do you have any suggestions?

I’ve decided the best way to make the transcriber hidden was to run a second jigasi, which seems to work. Although I’m not sure what the unintended side effects of creating the anonymous virtualhost are, all features appear to be functioning now. Thank you very much for your help!

Did you find a solution for the token moderation plugin? I have the same problem now :frowning:
Related issue: https://github.com/nvonahsen/jitsi-token-moderation-plugin/issues/7

Sorry for the delay. We still have the error appearing in logs, but the installation seems to function despite the error.