[jdev] Question about XMPP authentication

Michal vorner Vaner michal.vaner at kdemail.net
Sun Jun 4 12:56:42 CDT 2006


On Mon, Jun 05, 2006 at 12:27:18AM +0700, Nguyen TV wrote:
>    Hi all, I'm a XMPP newbie. I have been wondering about this question for
>    days and if you can help me find the solution, that would be so great
>    (^-^).
> 
>    I was trying to develope a simple web conference software which provide
>    chat and whiteboard service to users.
>    My client connects to my server via TCP/IP. I used XMPP for
>    authentication, register and sending messages. For the whiteboard feature,
>    I used my own protocol.
>    My goal is :
>    -   Everyone who has the right JID/Password can login then use the
>    services.
>    -   Users at my server can still send messages to other users at any XMPP
>    servers while taking part in the conference.
> 
>    MY AUTHENTICATION USE CASE
> 
>               JID/password                       JID/password
>    myClient    ---->       [1]myserver.org        --->
>    [2]jabber.org
>                   <----                                   <---
>                 login result                          login result
> 
>    I was wondering if i can do this with my client:
> 
>    -  The user try to login by entering JID/Password.
> 
>    -  In case the JID belongs to my server, the authentication will be done
>    normally using SASL or Non-SASL.(2 ways to do XMPP authentication that I
>    know - If there's any else, pls give me some information. Thanks in
>    advance)
> 
>    -  In case the JID belongs to other server (ex: [3]jabber.org), my server
>    will act as a client with that JID/password to [4]jabber.org server. It
>    will try to do an authentication with [5]jabber.org on behalf of the user
>    (sending the JID/password to [6]jabber.org). In here, my server just want
>    to ask [7]jabber.org if that was the correct JID/Password set at
>    [8]jabber.org.
> 
>    -  [9]jabber.org will send the login result back.
> 
>    -  If that was the correct JID/Password set at [10]jabber.org. Yes, now my
>    server knows who the user is then let him in and use my services.
>       Else, sorry, you've not been authenticated. I can't let you in.
> 
>    Can I do that??

Yes, of course you can do that. You can either:
* Use sasl-plain login to know the password
* Just relay the chalengre from server and the response from user. Just
act like a proxy, not server and client.

>    SENDING MESSAGES SCENARIO
>    After the authentication has been done:
>    -  In case the JID belongs to my server, sending messages has no problems.
> 
>    -  In case the JID belongs to [11]jabber.org, my server now will act like
>    a forward server. It receives messages from myClient then sends to
>    [12]jabber.org on behalf of that user.
> 
>                  message                          message
>    myClient    ---->       [13]myserver.org        --->
>    [14]jabber.org
>                    <----                                  <---
>                  message                          message
> 
>    Is that possible??

Yes, of course. If the server acts like a client to it, it can just take
the <message> stanza and send it to the server. You have no work here,
since the client is client to you and you are client to the server. So
you have everything prepared.

>    Thanks for being patient, reading this such long mail :">. I'm looking
>    forward to any replies :)
> 
> References
> 
>    Visible links
>    1. http://myserver.org/
>    2. http://jabber.org/
>    3. http://jabber.org/
>    4. http://jabber.org/
>    5. http://jabber.org/
>    6. http://jabber.org/
>    7. http://jabber.org/
>    8. http://jabber.org/
>    9. http://jabber.org/
>   10. http://jabber.org/
>   11. http://jabber.org/
>   12. http://jabber.org/
>   13. http://myserver.org/
>   14. http://jabber.org/

-- 

There are two types of optimizations. The ones which make the program 
slower and the ones which make the user red by missing features.

Michal "vorner" Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060604/c520faec/attachment-0002.pgp>


More information about the JDev mailing list