SIP & Transcription using PREVENT_AUTH_LOGIN with authenticated domain

I’m trying to set up what I would think would be a common scenario. I’m using a Jitsi domain configured to require authentication for the host. I want the transcription user to be hidden, but I want dial-in/dial-out SIP users to appear in the conference.

It looks like this setting should give me what I want:

# If an authenticated (hidden) domain is used to connect to a conference,
# PREVENT_AUTH_LOGIN will prevent the SIP participant from being seen as a
# hidden participant in the conference
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PREVENT_AUTH_LOGIN=true

However, if I enable this, I get this error when trying to add a SIP user:

impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: [SCRAM-SHA-1, PLAIN]. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].
    at org.jivesoftware.smack.SASLAuthentication.selectMechanism(SASLAuthentication.java:361)

This makes sense because the domain requires authentication. I think jitsi-meet gets around this by using the guest.mydomain.com VirtualHost in prosody, but it doesn’t seem like Jigasi utilizes this.

At the moment, the only way I’ve found to handle this is to run two Jigasi instances, one instance that handles transcription and logs in with a user that is using the hiddendomain, and another instance that handles SIP and authenticates with a different non-hidden domain.

Is there a way to configure a single Jigasi instance to handle this scenario?

Thanks,
-Brint

No.

Try this jigasi/sip-communicator.properties at 09b299931c6c0ee0f5645e1b9fce9db2b775b0d1 · jitsi/jigasi · GitHub

That’s exactly what I tried…

My understanding is, that setting only works if you don’t have secure domain implemented. Your setup (with 2 Jigasis) is the way to get around it. If you allowed guests, then the setting would work, otherwise, you’ll experience what you’re experiencing.

Can you try both:

net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PREVENT_AUTH_LOGIN=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DOMAIN_BASE=guest.yourdomain.com

Maybe that will do the trick, but only if there is someone already in the room, otherwise it will again fail as secure domain as @Freddie pointed, its not supported with all its features in jigasi.

That still results in the No supported and enabled SASL Mechanism provided by server error.

Have you enabled and this: jigasi/sip-communicator.properties at master · jitsi/jigasi · GitHub

Yes, that’s enabled.

However, I don’t believe it is using a BOSH connection… I think it is still authenticating with Prosody on port 5222. If that matters, how can I ensure that the BOSH pattern is being used?