cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3242
Views
5
Helpful
8
Replies

CUPS 11.5 not allowing XMPP clients to authenticate

PWJPW
Level 1
Level 1

Hi All

We recently upgraded from UC 10.5.2 to 11.5.1 (CUCM,CUPS and CUC).

We use Jabber for Windows and MAC devices, all working well, but all 3rd party XMPP clients can no longer authenticate.

Looking at the debug logs of an XMPP client (such as Pidgin), it shows the problem:


(11:26:42) jabber: Sending (ssl) (me@mydomain.com): <stream:stream to='mydomain.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(11:26:42) jabber: Recv (ssl)(178): <stream:stream xmlns='jabber:client' xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams' from='mydomain.com' id='TJbNCkdwzZW7RT0o0SvDvA6628' version='1.0'>
(11:26:42) jabber: Recv (ssl)(139): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>CISCO-VTG-TOKEN</mechanism></mechanisms></stream:features>
(11:26:42) sasl: Mechs found: CISCO-VTG-TOKEN
(11:26:42) sasl: No worthy mechs found
(11:26:42) connection: Connection error on 06DF7CE8 (reason: 3 description: Server does not use any supported authentication method)


However, according to Cisco documentation, CUPS should support/allow both PLAIN AND CISCO-VTG-TOKEN mechanisms.

https://developer.cisco.com/fileMedia/download/a2ce9071-4c3b-4ad5-adaa-095153ea1b4c

In particular:

Cisco Unified CM IM and Presence provides two different SASL authentication mechanisms when connecting over the XMPP Interface: PLAIN and CISCO_VTG_TOKEN. When an XMPP Client connects to Cisco Unified CM IM and Presence, the server will return the supported SASL authentication mechanisms in in stream features:

<mechanisms>
<mechanism>PLAIN</mechanism>
<mechanism>CISCO_VTG_TOKEN</mechanism>
</mechanisms>

Seeing as CUPS is not sending the PLAIN mechanism option to the client, it cannot proceed.

Does anyone know a setting in CUPS where it may have been disabled, or how else to check/debug?

Thanks

James

8 Replies 8

PWJPW
Level 1
Level 1

Just hoping someone would be able to advise what the solution may be.

Thank you

James

PWJPW
Level 1
Level 1

Just hoping someone can work some magic on this for me?

HI!

 

Do you find solution of this issue?

jkhtkd5385
Level 1
Level 1

Did anyone ever get this to work? I have it working internally but not through Expressway.

Hi

 

how did you get to work internally?

 

Regards,
Peter

visitdemo11
Level 1
Level 1
How did you solve this issue?

M Reza Hadi
Level 1
Level 1

i have this problem too,

does anyone know how we can fix this issue?.. 

 

we installed cucm,cup 12.5 su6 + expressway core,edge 12.7.1

jabber lan login is ok

but jabber MRA internet login says: cannot connect to the server, Internal server error

and we also tested CollabEdgeValidator in cway.cisco, it says: CISCO-VTG-TOKEN not found in authentication mechanisms.

 

does anyone know how we can fix this issue?.. 


..if this (helps) or (answered your question), please click (Helpful) or (Accept as Solution)..

Hi, your question has nothing to do with the original post.

The original post tried to login directly to IMP (internally) with a 3rd party client.

You have problems logging in with Jabber via MRA. Maybe you should look up the forum about your problem or create a new post.
One issue could be, that there is no reverse pointer entry in the public DNS, for your Exp-E Public IP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: