OF-1803: Ignore realm of SASL EXTERNAL provided username if it matche…

…s the XMPP domain
zfb7901 · Jun 21, 2019 · 14d8b4f · 14d8b4f
1 parent 8818ea9
commit 14d8b4f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/i18n/src/main/resources/openfire_i18n.properties b/i18n/src/main/resources/openfire_i18n.properties
@@ -1614,6 +1614,7 @@ system_property.provider.user.className=The class to use to provide the Openfire
 system_property.provider.vcard.className=The class to use to provide vCard handling
 system_property.usermanager.remote-disco-info-timeout-seconds=The maximum time the UserManager should wait, in seconds, for the a remote server to respond to a disco#info request to confirm the presence of a user
 system_property.provider.userproperty.className=The class to use to provide user properties
+system_property.xmpp.auth.sasl.external.client.suppress-matching-realmname=Ignore the realm of a SASL EXTERNAL provided username if it matches the XMPP domain name.
 
 # Server properties Page
 

diff --git a/xmppserver/src/main/java/org/jivesoftware/openfire/sasl/ExternalClientSaslServer.java b/xmppserver/src/main/java/org/jivesoftware/openfire/sasl/ExternalClientSaslServer.java
@@ -1,11 +1,13 @@
 package org.jivesoftware.openfire.sasl;
 
 import org.jivesoftware.openfire.Connection;
+import org.jivesoftware.openfire.XMPPServer;
 import org.jivesoftware.openfire.auth.AuthorizationManager;
 import org.jivesoftware.openfire.keystore.TrustStore;
 import org.jivesoftware.openfire.net.SASLAuthentication;
 import org.jivesoftware.openfire.session.LocalClientSession;
 import org.jivesoftware.util.CertificateManager;
+import org.jivesoftware.util.SystemProperty;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -26,6 +28,13 @@
  */
 public class ExternalClientSaslServer implements SaslServer
 {
+    public static final SystemProperty<Boolean> PROPERTY_SASL_EXTERNAL_CLIENT_SUPPRESS_MATCHING_REALMNAME = SystemProperty.Builder
+        .ofType( Boolean.class )
+        .setKey( "xmpp.auth.sasl.external.client.suppress-matching-realmname" )
+        .setDefaultValue( true )
+        .setDynamic( true )
+        .build();
+
     public static final Logger Log = LoggerFactory.getLogger( ExternalClientSaslServer.class );
 
     public static final String NAME = "EXTERNAL";
@@ -103,6 +112,13 @@ public byte[] evaluateResponse( byte[] response ) throws SaslException
         if ( response != null && response.length > 0 )
         {
             username = new String( response, StandardCharsets.UTF_8 );
+            if( PROPERTY_SASL_EXTERNAL_CLIENT_SUPPRESS_MATCHING_REALMNAME.getValue() && username.contains("@") ) {
+                String userUser = username.substring(0,username.lastIndexOf("@"));
+                String userRealm = username.substring((username.lastIndexOf("@")+1));
+                if ( XMPPServer.getInstance().getServerInfo().getXMPPDomain().equals( userRealm ) ) {
+                    username = userUser;
+                }
+            }
         }
         else
         {