Jigasi failed to work with jwt token

#1

Hi, I install jitsi-meet with below steps
1 wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
2 sudo sh -c “echo ‘deb https://download.jitsi.org stable/’ > /etc/apt/sources.list.d/jitsi-stable.list”
3 apt-get -y update
4 apt-get -y install jitsi-meet
5 lsb_release -a

5.1–> ./user/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
5.2–> add local and public IP for nat .

6 wget https://packages.prosody.im/debian/pool/main/p/prosody-trunk/prosody-trunk_1nightly747-1~xenial_amd64.deb
7 dpkg -i prosody-trunk_1nightly747-1~xenial_amd64.deb
8 apt-get install jitsi-meet-tokens

8.1 --> add include conf.avail/*.lua to prosody.cfg.lua

9 lsb_release -a
10 history

11 apt install jigasi < net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true>

after these ,I can join the conference with jwt , But I can’t join the conference from my SIP Phone side , I only can hear the ringing and then hangup .

12 prosodyctl adduser jigasi@auth.example.com

org.jitsi.jigasi.xmpp.acc.USER_ID= jigasi@auth.example.com
org.jitsi.jigasi.xmpp.acc.PASS=SOME_PASS
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false

after these , My SIP phone will hangup directly with no ringing.

So , How to config jigasi when I am using JWT mode.

#2

Is there any update here? I’m experiencing the same issue. The only way I can get Jigasi / Prosody to accept incoming calls is to use anonymous all and I don’t feel comfortable doing that.

#3

I have this in my todos but still haven’t come to the point to test it, sorry.

Can you upload the jigasi logs from such unsuccessful call?

#4

@damencho thanks so much for the quick reply. I have provided the logs below.

It appears as though Jigasi is choking on the not allowed response from prosody due to missing the required token. Would it be possible to provide a header, for example X-SIP-Token=xxx to support this?

Jigasi logs when the incoming call is received:

Jigasi 2019-02-15 17:32:35.013 INFO: [62] org.jitsi.jigasi.SipGateway.incomingCallReceived().188 Incoming call received...
Jigasi 2019-02-15 17:32:35.021 INFO: [63] org.jitsi.jigasi.SipGatewaySession.run().894 Wait thread cancelled
Jigasi 2019-02-15 17:32:35.034 INFO: [62] org.jitsi.jigasi.JvbConference.setXmppProvider().533 168f200a4c7@meet.jitsi will use ProtocolProviderServiceJabberImpl(168f200a4c7@meet.jitsi (Jabber))
Jigasi 2019-02-15 17:32:35.044 SEVERE: [19] impl.packetlogging.PacketLoggingServiceImpl.run().845 Error writing packet to file
java.lang.SecurityException: Insufficient rights to access this file in current user's home directory: /config/log/jitsi0.pcap
	at org.jitsi.impl.fileaccess.FileAccessServiceImpl.getPrivatePersistentFile(FileAccessServiceImpl.java:170)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.getFileNames(PacketLoggingServiceImpl.java:197)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.savePacket(PacketLoggingServiceImpl.java:582)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.access$100(PacketLoggingServiceImpl.java:35)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl$SaverThread.run(PacketLoggingServiceImpl.java:834)
Jigasi 2019-02-15 17:32:35.045 SEVERE: [19] impl.packetlogging.PacketLoggingServiceImpl.run().845 Error writing packet to file
java.lang.SecurityException: Insufficient rights to access this file in current user's home directory: /config/log/jitsi0.pcap
	at org.jitsi.impl.fileaccess.FileAccessServiceImpl.getPrivatePersistentFile(FileAccessServiceImpl.java:170)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.getFileNames(PacketLoggingServiceImpl.java:197)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.savePacket(PacketLoggingServiceImpl.java:582)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.access$100(PacketLoggingServiceImpl.java:35)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl$SaverThread.run(PacketLoggingServiceImpl.java:834)
Jigasi 2019-02-15 17:32:35.142 INFO: [64] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().125 Jingle : ON
Jigasi 2019-02-15 17:32:35.145 INFO: [64] org.jitsi.jigasi.JvbConference.registrationStateChanged().578 XMPP (168f200a4c7@meet.jitsi): RegistrationStateChangeEvent[ oldState=Registering; newState=RegistrationState=Registering; reasonCode=-1; reason=null]
Jigasi 2019-02-15 17:32:35.149 WARNING: [67] org.jivesoftware.smack.sasl.SASLError.fromString() Could not transform string 'not_allowed' to SASLError
java.lang.IllegalArgumentException: No enum constant org.jivesoftware.smack.sasl.SASLError.not_allowed
	at java.lang.Enum.valueOf(Enum.java:238)
	at org.jivesoftware.smack.sasl.SASLError.valueOf(SASLError.java:27)
	at org.jivesoftware.smack.sasl.SASLError.fromString(SASLError.java:51)
	at org.jivesoftware.smack.sasl.packet.SaslStreamElements$SASLFailure.<init>(SaslStreamElements.java:209)
	at org.jivesoftware.smack.util.PacketParserUtils.parseSASLFailure(PacketParserUtils.java:797)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1099)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.lang.Thread.run(Thread.java:748)
Jigasi 2019-02-15 17:32:35.149 SEVERE: [64] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1004 Failed to connect to XMPP service
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using ANONYMOUS: not-allowed
	at org.jivesoftware.smack.SASLAuthentication.authenticationFailed(SASLAuthentication.java:292)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1100)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:1000)
	at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1016)
	at java.lang.Thread.run(Thread.java:748)

Prosody logs when incoming call is received:

|c2s562ed87290b0                           info|Client connected|
|---|---|
|c2s562ed87290b0                           debug|Client sent opening <stream:stream> to meet.jitsi|
|c2s562ed87290b0                           debug|Sent reply <stream:stream> to client|
|c2s562ed87290b0                           debug|Offering mechanism ANONYMOUS|
|c2s562ed87290b0                           debug|Received[c2s_unauthed]: <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'>|
|socket                                    debug|server.lua: we need to do tls, but delaying until send buffer empty|
|c2s562ed87290b0                           debug|TLS negotiation started for c2s_unauthed...|
|socket                                    debug|server.lua: attempting to start tls on tcp{client}: 0x562ed87d4128|
|socket                                    debug|server.lua: ssl handshake done|
|c2s562ed89a1ba0                           debug|Client sent opening <stream:stream> to meet.jitsi|
|c2s562ed89a1ba0                           debug|Sent reply <stream:stream> to client|
|c2s562ed89a1ba0                           info|Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)|
|c2s562ed89a1ba0                           debug|Offering mechanism ANONYMOUS|
|c2s562ed89a1ba0                           debug|Received[c2s_unauthed]: <auth mechanism='ANONYMOUS' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>|
|general                                   warn|Error verifying token err:not-allowed, reason:token required|
|meet.jitsi:saslauth                       debug|sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-allowed/><text>token required</text></failure>|
|c2s562ed89a1ba0                           debug|Received[c2s_unauthed]: <presence id='MARE5-3012' type='unavailable'>|
|stanzarouter                              debug|Unhandled c2s_unauthed stanza: presence; xmlns=jabber:client|
|c2s562ed89a1ba0                           debug|Received </stream:stream>|
|c2s562ed89a1ba0                           debug|c2s stream for 104.248.228.255 closed: session closed|
|c2s562ed89a1ba0                           debug|Destroying session for (unknown) ((unknown)@meet.jitsi)|
|c2s562ed89a1ba0                           info|Client disconnected: connection closed|
|c2s562ed89a1ba0                           debug|Destroying session for (unknown) ((unknown)@(unknown))|
|socket                                    debug|server.lua: closed client handler and removed socket from list|
|socket                                    debug|server.lua: ssl handshake done|
|c2s562ed87290b0                           debug|Client sent opening <stream:stream> to meet.jitsi|
|c2s562ed87290b0                           debug|Sent reply <stream:stream> to client|
|c2s562ed87290b0                           info|Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)|
|c2s562ed87290b0                           debug|Offering mechanism ANONYMOUS|
|c2s562ed87290b0                           debug|Received[c2s_unauthed]: <auth mechanism='ANONYMOUS' xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>|
|general                                   warn|Error verifying token err:not-allowed, reason:token required|
|meet.jitsi:saslauth                       debug|sasl reply: <failure xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-allowed/><text>token required</text></failure>|
|c2s562ed87290b0                           debug|Received[c2s_unauthed]: <presence id='7h9Ka-90' type='unavailable'>|
|stanzarouter                              debug|Unhandled c2s_unauthed stanza: presence; xmlns=jabber:client|
|c2s562ed87290b0                           debug|Received </stream:stream>|
|c2s562ed87290b0                           debug|c2s stream for 172.18.0.6 closed: session closed|
|c2s562ed87290b0                           debug|Destroying session for (unknown) ((unknown)@meet.jitsi)|
|c2s562ed87290b0                           info|Client disconnected: connection closed|
|c2s562ed87290b0                           debug|Destroying session for (unknown) ((unknown)@(unknown))|
#5

Hum, this is strange SASLError using ANONYMOUS: not-allowed. It is supposed to connect to a domain that requires authentication, are you sure your configs are taken into account? There should be no token validation on auth… account.
Can you also try adding and org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true, does it change anything?

Everything is possible, but someone needs to implement it. Currently, you are connecting using tcp connection to port 5222, not bosh, tokens are supported only when using bosh connection, and if you configure that you can hardcode a token in jigasi config.

#6

Adding this config has no change and the same SASLError happens. I’m fairly confident my config changes are being taken into account. However, I may not have the values configured correctly :slight_smile:

My prosody meet.jitsi virtual host is configured with token auth. My auth.meet.jitsi domain is configured using internal_plain. My jigasi user / password exists for the auth domain. I have sip DOMAIN_BASE set to meet.jitsi. Is this the correct config?

Currently, you are connecting using tcp connection to port 5222, not bosh, tokens are supported only when using bosh connection, and if you configure that you can hardcode a token in jigasi config.

How can I set this up?

#7

You need to add org.jitsi.jigasi.xmpp.acc.BOSH_URL_PATTERN=https://{host}/http-bind?room={roomName}

Replace {host} with your nginx ip-address if you need change and the port.
Then you can try adding &token=...... to the bosh connection patter with a valid token. Leave the rest of the config as it is. You will need org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true I think.

#8

Unfortunately this approach does not work and results in the following error:

Jigasi 2019-02-15 19:30:41.634 INFO: [59] org.jitsi.jigasi.SipGateway.incomingCallReceived().188 Incoming call received...
Jigasi 2019-02-15 19:30:41.648 INFO: [60] org.jitsi.jigasi.SipGatewaySession.run().894 Wait thread cancelled
Jigasi 2019-02-15 19:30:41.674 INFO: [59] org.jitsi.jigasi.JvbConference.setXmppProvider().533 168f26cc6e7@meet.jitsi will use ProtocolProviderServiceJabberImpl(168f26cc6e7@meet.jitsi (Jabber))
Jigasi 2019-02-15 19:30:41.703 SEVERE: [19] impl.packetlogging.PacketLoggingServiceImpl.run().845 Error writing packet to file
java.lang.SecurityException: Insufficient rights to access this file in current user's home directory: /config/log/jitsi0.pcap
	at org.jitsi.impl.fileaccess.FileAccessServiceImpl.getPrivatePersistentFile(FileAccessServiceImpl.java:170)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.getFileNames(PacketLoggingServiceImpl.java:197)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.savePacket(PacketLoggingServiceImpl.java:582)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.access$100(PacketLoggingServiceImpl.java:35)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl$SaverThread.run(PacketLoggingServiceImpl.java:834)
Jigasi 2019-02-15 19:30:41.708 SEVERE: [19] impl.packetlogging.PacketLoggingServiceImpl.run().845 Error writing packet to file
java.lang.SecurityException: Insufficient rights to access this file in current user's home directory: /config/log/jitsi0.pcap
	at org.jitsi.impl.fileaccess.FileAccessServiceImpl.getPrivatePersistentFile(FileAccessServiceImpl.java:170)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.getFileNames(PacketLoggingServiceImpl.java:197)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.savePacket(PacketLoggingServiceImpl.java:582)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl.access$100(PacketLoggingServiceImpl.java:35)
	at net.java.sip.communicator.impl.packetlogging.PacketLoggingServiceImpl$SaverThread.run(PacketLoggingServiceImpl.java:834)
Jigasi 2019-02-15 19:30:41.776 INFO: [61] org.igniterealtime.jbosh.BOSHClient.init() Starting with 1 request processors
Jigasi 2019-02-15 19:30:41.889 WARNING: [63] org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown() shutdown
java.lang.NullPointerException
	at org.igniterealtime.jbosh.BOSHClient.applySessionData(BOSHClient.java:916)
	at org.igniterealtime.jbosh.BOSHClient.send(BOSHClient.java:498)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:586)
	at org.igniterealtime.jbosh.BOSHClient.disconnect(BOSHClient.java:567)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.shutdown(XMPPBOSHConnection.java:266)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.notifyConnectionError(XMPPBOSHConnection.java:417)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection$BOSHConnectionListener.connectionEvent(XMPPBOSHConnection.java:464)
	at org.igniterealtime.jbosh.BOSHClient.fireConnectionClosedOnError(BOSHClient.java:1675)
	at org.igniterealtime.jbosh.BOSHClient.dispose(BOSHClient.java:705)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1129)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:990)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1719)
	at java.lang.Thread.run(Thread.java:748)
Jigasi 2019-02-15 19:30:41.889 WARNING: [63] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener() Connection XMPPBOSHConnection[not-authenticated] (1) closed with error
org.igniterealtime.jbosh.BOSHException: Could not obtain response
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:246)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.getBody(ApacheHTTPResponse.java:187)
	at org.igniterealtime.jbosh.BOSHClient.processExchange(BOSHClient.java:1114)
	at org.igniterealtime.jbosh.BOSHClient.processMessages(BOSHClient.java:990)
	at org.igniterealtime.jbosh.BOSHClient.access$300(BOSHClient.java:100)
	at org.igniterealtime.jbosh.BOSHClient$RequestProcessor.run(BOSHClient.java:1719)
	at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1633)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:479)
	at org.apache.http.conn.scheme.SchemeSocketFactoryAdaptor.connectSocket(SchemeSocketFactoryAdaptor.java:66)
	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
	at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:144)
	at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:131)
	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
	at org.igniterealtime.jbosh.ApacheHTTPResponse.awaitResponse(ApacheHTTPResponse.java:230)
	... 6 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
	at sun.security.validator.Validator.validate(Validator.java:262)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1615)
	... 26 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
	... 32 more
Jigasi 2019-02-15 19:30:41.911 INFO: [61] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().125 Jingle : ON
Jigasi 2019-02-15 19:30:41.914 INFO: [61] org.jitsi.jigasi.JvbConference.registrationStateChanged().578 XMPP (168f26cc6e7@meet.jitsi): RegistrationStateChangeEvent[ oldState=Registering; newState=RegistrationState=Registering; reasonCode=-1; reason=null]
Jigasi 2019-02-15 19:30:41.914 WARNING: [61] org.jivesoftware.smack.SASLAuthentication.selectMechanism() Server did not report any SASL mechanisms
Jigasi 2019-02-15 19:30:41.915 SEVERE: [61] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1004 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: []. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].
	at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:361)
	at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:192)
	at org.jivesoftware.smack.bosh.XMPPBOSHConnection.loginInternal(XMPPBOSHConnection.java:222)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:491)
	at org.jivesoftware.smack.AbstractXMPPConnection.login(AbstractXMPPConnection.java:448)
	at net.java.sip.communicator.impl.protocol.jabber.AnonymousLoginStrategy.login(AnonymousLoginStrategy.java:84)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1363)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:971)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:796)
	at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:501)
	at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)

Also, how would this approach allow for dynamic rooms if it is always hardcoded?

Again, thanks for your help!

#9

Try adding this net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true

You can create a token that is valid for 10 years and in the part for rooms add *, to match all rooms.

#10

Adding this results in the same error as above.

It’s worth noting that I’m using the docker-jitsi-meet setup with custom JWT auth.

When you say “and in the part for rooms add *” are saying the rooms part of the BOSH_URL_PATTERN or the jwt token?

#11

Jwt, I mean instead of room name in jwt you can put * and it will be valid for whatever room name.

#12

Thanks again for the reply. I totally understand how to handle the JWT token. The problem is with prosody / Jigasi accepting the incoming SIP call. Currently, Prosody will not accept the incoming call because there is no token. While it’s highly likely i’m misunderstanding soething, I thought the SIP call came in via prosody and was then forwarded to Jigasi so it could bridge the call. Is this not correct? How can I get the incoming SIP call to contain the token?

Incoming SIP call: sip:test@test.sip.us1.twilio.com?X-Room-Name=testing&amp;X-Domain-Base=meet.jitsi

Jigasi Config:

# SIP URI for incoming / outgoing calls.
JIGASI_SIP_URI=test@test.sip.us1.twilio.com

# Password for the specified SIP account as a clear text
JIGASI_SIP_PASSWORD=Testing123456

# SIP server (use the SIP account domain if in doubt).
JIGASI_SIP_SERVER=test.sip.us1.twilio.com

XMPP_DOMAIN=meet.jitsi

Prosody Virtual Host for meet.jitsi:

VirtualHost "meet.jitsi"
        ssl = {
                key = "/config/certs/meet.jitsi.key";
                certificate = "/config/certs/meet.jitsi.crt";
        }
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping";
        }
        authentication = "token";
        app_id = "hidden";
        app_secret = "hidden";
        allow_empty_token = false;
        c2s_require_encryption = false;

Is there any additional information I can provide to help debug this issue? I truly appreciate your help in this matter.

#13

Incoming sip call comes in, then jigasi uses an xmpp account to create a conference. By default that is an anonymous account. It is controlled by the org.jitsi.jigasi.xmpp.acc properties. As described in the template config file, you can add user and pass so, it is not anonymous. None of the accounts in jigasi do not use bosh by default, so cannot use the token.
I had shown you above how to add the bosh url and that account will use bosh, currently meet.jit.si uses that config.
It is on the first place strange, why the user and pass you put in there and jigasi will use a different domain …

#14

What you can do is in /etc/jitsi/jigasi/config(or its corresponding file in docker config) add
-Dsmack.debugEnabled=true -Dsmack.debuggerClass=org.jivesoftware.smack.debugger.ConsoleDebugger in JAVA_SYS_PROPS.
Remove the bosh_url, leaving the user and pass with all the rest config I pointed above (where the user is using auth. domain) and try doing a call and then send me the output of jigasi, if you want send it to me in a private message.