Unable to join jitsi meeting from SIP (Asterisk) with current Jigasi configuration?

We are attemtping to set up jitsi-meet and integrate it with Asterisk. Our Jitsi setup is working using prosody to enable a link to LDAP (so, secure domain setup). That is working.

We have configured jigasi per all the documentation we can find, however it is not working. We’ve iterated through lots of configurations but believe we are as close as we can get to a working solution and are not sure how to proceed. For the purpose of this post our actual domain is “activedirectory.domain.tld” and our jitsi setup is at “conf.domain.tld” and all IP’s have been changed to 10.1.257.257. Jigasi is registered in Asterisk.

First, here is the essential components of our /etc/jitsi/jigasi/sip-communicator.properties

org.jitsi.jigasi.DEFAULT_JVB_ROOM_NAME=siptest
net.java.sip.communicator.impl.protocol.SingleCallInProgressPolicy.enabled=false
net.java.sip.communicator.impl.neomedia.codec.audio.opus.encoder.COMPLEXITY=10
net.java.sip.communicator.packetlogging.PACKET_LOGGING_ENABLED=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647=acc1403273890647
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.ACCOUNT_UID=SIP\:jitsi@asterisk.activedirectory.domain.tld
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PASSWORD=:: Asterisk password is obfuscated ::
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.PROTOCOL_NAME=SIP
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SERVER_ADDRESS=asterisk-1.activedirectory.domain.tld
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.USER_ID=jitsi@asterisk-1.activedirectory.domain.tld
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_INTERVAL=25
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.KEEP_ALIVE_METHOD=OPTIONS
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.VOICEMAIL_ENABLED=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.AMR-WB/16000=750
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.G722/8000=700
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.GSM/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H263-1998/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.H264/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMA/8000=600
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.PCMU/8000=650
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/12000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/24000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.SILK/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.VP8/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.iLBC/8000=10
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.opus/48000=1000
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.red/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/16000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/32000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.speex/8000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.telephone-event/8000=1
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.Encodings.ulpfec/90000=0
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.OVERRIDE_ENCODINGS=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DEFAULT_ENCRYPTION=false
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.SKIP_REINVITE_ON_FOCUS_CHANGE_PROP=true
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.JITSI_MEET_ROOM_HEADER_NAME=X-Room-Name
net.java.sip.communicator.impl.protocol.sip.acc1403273890647.DOMAIN_BASE=conf.domain.tld
org.jitsi.jigasi.xmpp.acc.IS_SERVER_OVERRIDDEN=true
org.jitsi.jigasi.xmpp.acc.SERVER_ADDRESS=127.0.0.1
org.jitsi.jigasi.xmpp.acc.VIDEO_CALLING_DISABLED=true
org.jitsi.jigasi.xmpp.acc.JINGLE_NODES_ENABLED=false
org.jitsi.jigasi.xmpp.acc.AUTO_DISCOVER_STUN=false
org.jitsi.jigasi.xmpp.acc.IM_DISABLED=true
org.jitsi.jigasi.xmpp.acc.SERVER_STORED_INFO_DISABLED=true
org.jitsi.jigasi.xmpp.acc.IS_FILE_TRANSFER_DISABLED=true
org.jitsi.jigasi.xmpp.acc.MUC_SERVICE_ADDRESS=conference.conf.domain.tld
org.jitsi.jigasi.xmpp.acc.USER_ID=svcAccount@auth.conf.domain.tld
org.jitsi.jigasi.xmpp.acc.PASS=:: AD LDAP password is obfuscated ::
org.jitsi.jigasi.xmpp.acc.ANONYMOUS_AUTH=false
org.jitsi.jigasi.xmpp.acc.ALLOW_NON_SECURE=true
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true

Also, we ran the following code with prosodyctl to make sure the account is registered there, with a password we have securely generated:

prosodyctl adduser svcAccount@auth.conf.domain.tld

I am able to open jitsi-meet, start a meeting called “siptest”, authenticate as host with an AD LDAP account. When I attempt to use a sip client to dial into the meeting, the call times out and I get the following out of the logs (thiis is a multitail of 3 logs grouped together to get the full order of events as they happen):

multitail --mergeall /var/log/jitsi/jigasi.log /var/log/prosody/prosody.err /var/log/prosody/prosody.log

2020-07-17 16:26:44.027 INFO: [212] org.jitsi.jigasi.SipGateway.incomingCallReceived().216 [ctx=1595003204026507837635] Incoming call received...
2020-07-17 16:26:45.029 INFO: [213] org.jitsi.jigasi.SipGatewaySession.run().1504 [ctx=1595003204026507837635]Using default JVB room name property siptest
2020-07-17 16:26:45.030 INFO: [213] org.jitsi.jigasi.JvbConference.start().430 [ctx=1595003204026507837635] Starting JVB conference room: siptest
2020-07-17 16:26:45.039 INFO: [213] org.jitsi.jigasi.JvbConference.setXmppProvider().561 [ctx=1595003204026507837635] Using ProtocolProviderServiceJabberImpl(Jabber:371f8fc7@conf.domain.tld/371f8fc7)
Jul 17 16:26:45 conference.conf.domain.tld:muc_domain_mapper  warn    Session filters applied
Jul 17 16:26:45 c2s559957fa0c80 info    Client connected
Jul 17 16:26:45 c2s559957fa0c80 info    Stream encrypted (TLSv1.2 with ECDHE-RSA-AES256-GCM-SHA384)
2020-07-17 16:26:45.096 INFO: [216] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().127 Jingle : ON
2020-07-17 16:26:45.097 INFO: [216] org.jitsi.jigasi.JvbConference.registrationStateChanged().612 [ctx=1595003204026507837635] Registering XMPP.
Jul 17 16:26:45 c2s559957fa0c80 info    Authenticated as svcAccount@auth.conf.domain.tld
2020-07-17 16:26:45.132 INFO: [216] impl.protocol.jabber.ProtocolProviderServiceJabberImpl.authenticated().2535 Authenticated: false
2020-07-17 16:26:45.139 INFO: [216] org.jitsi.jigasi.JvbConference.joinConferenceRoom().700 [ctx=1595003204026507837635] Joining JVB conference room: siptest
2020-07-17 16:26:45.148 SEVERE: [216] org.jitsi.jigasi.JvbConference.inviteFocus().1441 [ctx=1595003204026507837635] Could not invite the focus to the conference
org.jivesoftware.smack.XMPPException$XMPPErrorException: XMPP error reply received from focus.conf.domain.tld: XMPPError: not-authorized - auth
        at org.jivesoftware.smack.XMPPException$XMPPErrorException.ifHasErrorThenThrow(XMPPException.java:132)
        at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:263)
        at org.jivesoftware.smack.StanzaCollector.nextResultOrThrow(StanzaCollector.java:214)
        at org.jitsi.jigasi.JvbConference.inviteFocus(JvbConference.java:1435)
        at org.jitsi.jigasi.JvbConference.joinConferenceRoom(JvbConference.java:773)
        at org.jitsi.jigasi.JvbConference.registrationStateChanged(JvbConference.java:591)
        at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:187)
        at net.java.sip.communicator.service.protocol.AbstractProtocolProviderService.fireRegistrationStateChanged(AbstractProtocolProviderService.java:141)
        at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:1389)
        at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.connectAndLogin(ProtocolProviderServiceJabberImpl.java:970)
        at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.initializeConnectAndLogin(ProtocolProviderServiceJabberImpl.java:795)
        at net.java.sip.communicator.impl.protocol.jabber.ProtocolProviderServiceJabberImpl.register(ProtocolProviderServiceJabberImpl.java:500)
        at org.jitsi.jigasi.util.RegisterThread.run(RegisterThread.java:59)
2020-07-17 16:26:45.164 INFO: [220] impl.protocol.jabber.ChatRoomJabberImpl.joined().1256 siptest@internal.auth.conf.domain.tld/371f8fc7 has joined the siptest@internal.auth.conf.domain.tld chat room.
2020-07-17 16:27:14.049 INFO: [234] org.jitsi.jigasi.SipGatewaySession.handleCallState().1391 [ctx=1595003204026507837635] SIP call ended: CallPeerChangeEvent: type=CallPeerStatusChange oldV=net.java.sip.comm
unicator.service.protocol.CallPeerState:Incoming Call newV=net.java.sip.communicator.service.protocol.CallPeerState:Disconnected for peer=1470 <1470@10.1.257.257>;status=Disconnected
2020-07-17 16:27:14.051 INFO: [234] org.jitsi.jigasi.SipGatewaySession.peerStateChanged().1457 [ctx=1595003204026507837635] SIP peer state: Disconnected
2020-07-17 16:27:15.155 SEVERE: [225] org.jitsi.jigasi.JvbConference.run().1563 [ctx=1595003204026507837635] Did not received session invite (30000 ms)
2020-07-17 16:27:15.156 INFO: [225] org.jitsi.jigasi.JvbConference.memberPresenceChanged().986 [ctx=1595003204026507837635] Member left : OWNER svcAccount@auth.conf.domain.tld
2020-07-17 16:27:15.156 INFO: [225] org.jitsi.jigasi.JvbConference.stop().521 [ctx=1595003204026507837635] Removing account Jabber:371f8fc7@conf.domain.tld/371f8fc7
Jul 17 16:27:15 c2s559957fa0c80 info    Client disconnected: connection closed
2020-07-17 16:27:15.161 INFO: [225] impl.protocol.jabber.OperationSetBasicTelephonyJabberImpl.registrationStateChanged().134 Jingle : OFF
2020-07-17 16:27:19.051 INFO: [236] org.jitsi.jigasi.SipGatewaySession.sipCallEnded().584 [ctx=1595003204026507837635] Sip call ended: Call: id=1595003204025347903923 peers=0
2020-07-17 16:27:19.052 INFO: [236] org.jitsi.jigasi.AbstractGateway.notifyCallEnded().128 [ctx=1595003204026507837635] Removed session for call. Sessions:0

In prosody.log we see that “Authenticated as svcAccount@auth.conf.domain.tld” but immediately afterwards jigasi indicates that XMPP is not authenticated or authorized. On asterisk, we can see that the jitsi account successully auhentiates.

So, if prosody is saying the service account is authorized, what is not authenticating against what here? What are we doing wrong? We have been down many forum threads about this but nothing seems to get us past this step.

This is an iq send to jicofo and I think jicofo is sending this unauthorized message.
Where you already connected to that meeting from the browser before trying to join with jigasi?

Yes, from the browser I initiate a meeting called “siptest” then join it and say I’m the host, authenticating with my AD credentials, then the meeting is just there on a laptop while I try to dial in from another computer with microsip.

Bumping this, what can I do to troubleshoot? I see nothing in the jicofo logs that indicates an issue or failure.