SIP & Transcription using PREVENT_AUTH_LOGIN with authenticated domain

I’m trying to set up what I would think would be a common scenario. I’m using a Jitsi domain configured to require authentication for the host. I want the transcription user to be hidden, but I want dial-in/dial-out SIP users to appear in the conference.

It looks like this setting should give me what I want:

# If an authenticated (hidden) domain is used to connect to a conference,
# PREVENT_AUTH_LOGIN will prevent the SIP participant from being seen as a
# hidden participant in the conference

However, if I enable this, I get this error when trying to add a SIP user:

impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin().1003 Failed to connect to XMPP service
org.jivesoftware.smack.SmackException: No supported and enabled SASL Mechanism provided by server. Server announced mechanisms: [SCRAM-SHA-1, PLAIN]. Registered SASL mechanisms with Smack: [SASL Mech: GSSAPI, Prio: 100, SASL Mech: SCRAM-SHA-1-PLUS, Prio: 100, SASL Mech: SCRAM-SHA-1, Prio: 110, SASL Mech: DIGEST-MD5, Prio: 200, SASL Mech: CRAM-MD5, Prio: 300, SASL Mech: PLAIN, Prio: 400, SASL Mech: X-OAUTH2, Prio: 410, SASL Mech: EXTERNAL, Prio: 500, SASL Mech: ANONYMOUS, Prio: 500]. Enabled SASL mechanisms for this connection: [ANONYMOUS]. Blacklisted SASL mechanisms: [SCRAM-SHA-1-PLUS].
    at org.jivesoftware.smack.SASLAuthentication.selectMechanism(

This makes sense because the domain requires authentication. I think jitsi-meet gets around this by using the VirtualHost in prosody, but it doesn’t seem like Jigasi utilizes this.

At the moment, the only way I’ve found to handle this is to run two Jigasi instances, one instance that handles transcription and logs in with a user that is using the hiddendomain, and another instance that handles SIP and authenticates with a different non-hidden domain.

Is there a way to configure a single Jigasi instance to handle this scenario?



Try this jigasi/ at 09b299931c6c0ee0f5645e1b9fce9db2b775b0d1 · jitsi/jigasi · GitHub

That’s exactly what I tried…

My understanding is, that setting only works if you don’t have secure domain implemented. Your setup (with 2 Jigasis) is the way to get around it. If you allowed guests, then the setting would work, otherwise, you’ll experience what you’re experiencing.

Can you try both:

Maybe that will do the trick, but only if there is someone already in the room, otherwise it will again fail as secure domain as @Freddie pointed, its not supported with all its features in jigasi.

That still results in the No supported and enabled SASL Mechanism provided by server error.

Have you enabled and this: jigasi/ at master · jitsi/jigasi · GitHub

Yes, that’s enabled.

However, I don’t believe it is using a BOSH connection… I think it is still authenticating with Prosody on port 5222. If that matters, how can I ensure that the BOSH pattern is being used?