diff --git a/i18n/src/main/resources/openfire_i18n.properties b/i18n/src/main/resources/openfire_i18n.properties index 9d30263ae6..bfc1bb7895 100644 --- a/i18n/src/main/resources/openfire_i18n.properties +++ b/i18n/src/main/resources/openfire_i18n.properties @@ -1614,6 +1614,7 @@ system_property.provider.user.className=The class to use to provide the Openfire system_property.provider.vcard.className=The class to use to provide vCard handling system_property.usermanager.remote-disco-info-timeout-seconds=The maximum time the UserManager should wait, in seconds, for the a remote server to respond to a disco#info request to confirm the presence of a user system_property.provider.userproperty.className=The class to use to provide user properties +system_property.xmpp.auth.sasl.external.client.suppress-matching-realmname=Ignore the realm of a SASL EXTERNAL provided username if it matches the XMPP domain name. # Server properties Page diff --git a/xmppserver/src/main/java/org/jivesoftware/openfire/sasl/ExternalClientSaslServer.java b/xmppserver/src/main/java/org/jivesoftware/openfire/sasl/ExternalClientSaslServer.java index 7f9e404c10..0d01c60406 100644 --- a/xmppserver/src/main/java/org/jivesoftware/openfire/sasl/ExternalClientSaslServer.java +++ b/xmppserver/src/main/java/org/jivesoftware/openfire/sasl/ExternalClientSaslServer.java @@ -1,11 +1,13 @@ package org.jivesoftware.openfire.sasl; import org.jivesoftware.openfire.Connection; +import org.jivesoftware.openfire.XMPPServer; import org.jivesoftware.openfire.auth.AuthorizationManager; import org.jivesoftware.openfire.keystore.TrustStore; import org.jivesoftware.openfire.net.SASLAuthentication; import org.jivesoftware.openfire.session.LocalClientSession; import org.jivesoftware.util.CertificateManager; +import org.jivesoftware.util.SystemProperty; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -26,6 +28,13 @@ */ public class ExternalClientSaslServer implements SaslServer { + public static final SystemProperty PROPERTY_SASL_EXTERNAL_CLIENT_SUPPRESS_MATCHING_REALMNAME = SystemProperty.Builder + .ofType( Boolean.class ) + .setKey( "xmpp.auth.sasl.external.client.suppress-matching-realmname" ) + .setDefaultValue( true ) + .setDynamic( true ) + .build(); + public static final Logger Log = LoggerFactory.getLogger( ExternalClientSaslServer.class ); public static final String NAME = "EXTERNAL"; @@ -103,6 +112,13 @@ public byte[] evaluateResponse( byte[] response ) throws SaslException if ( response != null && response.length > 0 ) { username = new String( response, StandardCharsets.UTF_8 ); + if( PROPERTY_SASL_EXTERNAL_CLIENT_SUPPRESS_MATCHING_REALMNAME.getValue() && username.contains("@") ) { + String userUser = username.substring(0,username.lastIndexOf("@")); + String userRealm = username.substring((username.lastIndexOf("@")+1)); + if ( XMPPServer.getInstance().getServerInfo().getXMPPDomain().equals( userRealm ) ) { + username = userUser; + } + } } else {