[jitsi-users] Jwt tokens - which prosody version?


#1

Hello,
I'm trying to install jitsi-meet on Ubuntu 16.04.
Using standard packages (prosody 0.9.10) everything works fine including
dialing sip numbers.

As we need jwt auth I tried to install prosody-trunk and here are the
results:

From 1nightly635-1 to 1nightly835-1

- jwt authentication works
- on web client no dial# widget but jigasi authenticates to sip server

From 1nightly836-1 to 1nightly880-1

- connection error
Activating debug on prosody:
Apr 16 17:17:59 c2s1602380 info Client connected
Apr 16 17:17:59 c2s1602380 debug Client sent opening <stream:stream>
to auth.domain.removed
Apr 16 17:17:59 c2s1602380 debug Sent reply <stream:stream> to client
Apr 16 17:17:59 c2s1602380 debug Should be able to do TLS but no
context available
Apr 16 17:17:59 c2s1602380 debug Not offering authentication on
insecure connection
Apr 16 17:17:59 c2s1602380 warn No stream features to offer

Which prosody version should I stick with ?
Are there better/newer ways to control authentication and permissions ?

Thanks in advance,
Massimiliano Ravelli


#2

Hi,

Hello,
I'm trying to install jitsi-meet on Ubuntu 16.04.
Using standard packages (prosody 0.9.10) everything works fine including
dialing sip numbers.

As we need jwt auth I tried to install prosody-trunk and here are the
results:

From 1nightly635-1 to 1nightly835-1
- jwt authentication works
- on web client no dial# widget but jigasi authenticates to sip server

meet.jit.si currently uses prosody 747, I think with newer version I had
seen some problems, so I would say use that one and we will work on fixing
those so it will work with latest trunk.

From 1nightly836-1 to 1nightly880-1
- connection error
Activating debug on prosody:
Apr 16 17:17:59 c2s1602380 info Client connected
Apr 16 17:17:59 c2s1602380 debug Client sent opening <stream:stream>
to auth.domain.removed
Apr 16 17:17:59 c2s1602380 debug Sent reply <stream:stream> to client
Apr 16 17:17:59 c2s1602380 debug Should be able to do TLS but no
context available
Apr 16 17:17:59 c2s1602380 debug Not offering authentication on
insecure connection
Apr 16 17:17:59 c2s1602380 warn No stream features to offer

Have you checked jicofo/jigasi logs for errors?

Which prosody version should I stick with ?

747

Are there better/newer ways to control authentication and permissions ?

jwt is the most used and tested one.

Regards
damencho

···

On Mon, Apr 16, 2018 at 10:32 AM, Massimiliano Ravelli < m.ravelli@mastervoice.it> wrote:

Thanks in advance,
Massimiliano Ravelli

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Thanks very much Damencho.

Now I'm focusing on 2 versions without installing jitsi-meet-tokens and
prosody patch:
- 747 to understand why dial# widget is missing
- 880 to fix installation/configuration problem.

Version 747

···

2018-04-16 21:49 GMT+02:00 Damian Minkov <damencho@jitsi.org>:

meet.jit.si currently uses prosody 747, I think with newer version I had
seen some problems, so I would say use that one and we will work on fixing
those so it will work with latest trunk.

-----------

I hope I collected some relevant informations.

/var/log/prosody/prosody.log

Apr 17 17:08:07 socket debug server.lua: accepted new client connection
from 127.0.0.1:53902 to 5222
Apr 17 17:08:07 c2s303f3b0 info Client connected
Apr 17 17:08:07 c2s303f3b0 debug Client sent opening <stream:stream>
to auth.domain.removed
Apr 17 17:08:07 c2s303f3b0 debug Sent reply <stream:stream> to client
Apr 17 17:08:07 c2s303f3b0 debug Not offering authentication on
insecure connection
Apr 17 17:08:07 c2s303f3b0 debug Should be able to do TLS but no
context available

/var/log/jitsi/jicofo.log

Jicofo 2018-04-17 17:08:22.542 SEVERE: [115]
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.log() Failed to
connect/login: No response received within reply timeout. Timeout was
15000ms (~15s). While waiting for SASL mechanisms stream feature from server
org.jivesoftware.smack.SmackException$NoResponseException: No response
received within reply timeout. Timeout was 15000ms (~15s). While waiting
for SASL mechanisms stream feature from server
        at
org.jivesoftware.smack.SmackException$NoResponseException.newWith(SmackException.java:93)
        at
org.jivesoftware.smack.SynchronizationPoint.checkForResponse(SynchronizationPoint.java:270)
        at
org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWait(SynchronizationPoint.java:155)
        at
org.jivesoftware.smack.SynchronizationPoint.checkIfSuccessOrWaitOrThrow(SynchronizationPoint.java:126)
        at
org.jivesoftware.smack.AbstractXMPPConnection.connect(AbstractXMPPConnection.java:386)
        at
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.doConnect(XmppProtocolProvider.java:255)
        at
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider.access$000(XmppProtocolProvider.java:57)
        at
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider$1.call(XmppProtocolProvider.java:236)
        at
org.jitsi.impl.protocol.xmpp.XmppProtocolProvider$1.call(XmppProtocolProvider.java:231)
        at
org.jitsi.retry.RetryStrategy$TaskRunner.run(RetryStrategy.java:193)
        at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
        at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)

/var/log/jitsi/jigasi.log

2018-04-17 15:36:00.006 INFO: [53]
org.jitsi.jigasi.AbstractGateway.registrationStateChanged().120 REG STATE
CHANGE ProtocolProviderServiceSipImpl(741@domain.removed (SIP)) ->
RegistrationStateChangeEvent[ oldState=Registering;
newState=RegistrationState=Registered; reasonCode=-1; reason=null]
...
2018-04-17 17:08:06.777 INFO: [451]
impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack:
Setting SIPMessage peerPacketSource to: /ip.removed:5084
2018-04-17 17:08:06.778 SEVERE: [451]
impl.protocol.sip.SipStackSharing.findTargetFor().922 no listeners
2018-04-17 17:08:06.778 SEVERE: [451]
impl.protocol.sip.SipStackSharing.processRequest().709 couldn't find a
ProtocolProviderServiceSipImpl to dispatch to
2018-04-17 17:08:08.604 INFO: [452]
impl.protocol.sip.SipLogger.logInfo().196 Info from the JAIN-SIP stack:
Setting SIPMessage peerPacketSource to: /ip.removed:5100
2018-04-17 17:08:08.604 SEVERE: [452]
impl.protocol.sip.SipStackSharing.findTargetFor().922 no listeners
2018-04-17 17:08:08.604 SEVERE: [452]
impl.protocol.sip.SipStackSharing.processRequest().709 couldn't find a
ProtocolProviderServiceSipImpl to dispatch to

Version 880
-----------

From 1nightly836-1 to 1nightly880-1
- connection error
Activating debug on prosody:
Apr 16 17:17:59 c2s1602380 info Client connected
Apr 16 17:17:59 c2s1602380 debug Client sent opening
<stream:stream> to auth.domain.removed
Apr 16 17:17:59 c2s1602380 debug Sent reply <stream:stream> to
client
Apr 16 17:17:59 c2s1602380 debug Should be able to do TLS but no
context available
Apr 16 17:17:59 c2s1602380 debug Not offering authentication on
insecure connection
Apr 16 17:17:59 c2s1602380 warn No stream features to offer

Have you checked jicofo/jigasi logs for errors?

When I got this problem there was an /etc/prosody directory left from a
previous prosody 0.9.10 installation.
Reinstalling prosody-trunk 880 after removing /etc/prosody directory I get
the following installation error:

Setting up jitsi-meet-prosody (1.0.2579-1) ...
ln: failed to create symbolic link
'/etc/prosody/conf.d/domain.removed.cfg.lua': No such file or directory
dpkg: error processing package jitsi-meet-prosody (--configure):
subprocess installed post-installation script returned error exit status 1

Regards,
Massimiliano Ravelli


#4

My fault, I didn't check c2s_require_encryption as stated in the
documentation.
Now version 747 works with jwt tokens and jigasi.
Btw, version 801 works just as well. Installation problem seems to start
from version 804.

Sorry for bothering you.
Regards,
Massimiliano Ravelli

···

2018-04-17 17:24 GMT+02:00 Massimiliano Ravelli <m.ravelli@mastervoice.it>:

Now I'm focusing on 2 versions without installing jitsi-meet-tokens and
prosody patch:
- 747 to understand why dial# widget is missing