In recent versions of Tigase XMPP Server (starting with version 8.0) it is possible to create and use multiple username and password pairs to authorize connection to the single XMPP account.

With that in place, it is now possible to have multiple passwords for multiple clients accessing the same account that can be used to increase security of the account. Even if one of the passwords is compromised, you can still log in and block a lost or compromised device.

Adding application password

To add a new username-password pair, you need to execute Add user credentials ad-hoc command (command node auth-credentials-add at sess-man) while logged in the XMPP account for which you want to add a new application password.

During execution of a command, you will be provided with a form to fill in with following fields:

• The Jabber ID for the account (jid) - bare JID of your account
• Credential ID (credentialId) - username for the new application password
• Password (password) - a new password

<iq type='set' to='[email protected]' id='sasl-app-add-1'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-add' action='execute'/>
</iq>

<iq type='result' from='[email protected]' id='sasl-app-add-1' to='[email protected]/resource-1'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-add' session-id='uuid-xxxxxx' status='executing'>
		<x xmlns='jabber:x:data' type='form'>
			<title>Add user credentials"</title>
			<field var='jid' label='The Jabber ID for the account' type='jid-single'/>
			<field var='credentialId' label='Credential ID' type='jid-single'/>
			<field var='password' label='Password' type='text-single'/>
		</x>
	</command>
</iq>

After submitting this form a new credential will be added.

<iq type='set' to='[email protected]' id='sasl-app-add-2'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-add' action='execute'>
		<x xmlns='jabber:x:data' type='submit'>
			<title>Add user credentials"</title>
			<field var='jid' label='The Jabber ID for the account' type='jid-single'>
				<value>[email protected]</value>
			</field>
			<field var='credentialId' label='Credential ID' type='jid-single'>
				<value>my-new-app-1</value>
			</field>
			<field var='password' label='Password' type='text-single'>
				<value>39jfnwu053743</value>
			</field>
		</x>
	</command>
</iq>

<iq type='result' from='[email protected]' id='sasl-app-add-2' to='[email protected]/resource-1'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-add' session-id='uuid-xxxxxx' status='completed'>
		<x xmlns='jabber:x:data' type='result'>
			<field type='fixed'>
				<value>OK</value>
			</field>
		</x>
	</command>
</iq>

Login in with application password

To log in with new password the XMPP client can use any SASL mechanism, but it needs to provide (in the SASL message):

• authzid - account JID
• authcid - username for application password
• passwd - application password

With proper values, you application will be able to log in using application password.

In case of SASL PLAIN which has the following format (spaces should be ommited and [] means it is optional): [authzid] UTF8NUL authcid UTF8NUL passwd not encoded payload would look like this: [email protected] UTF8NUL my-new-app-1 UTF8NUL 39jfnwu053743

That after Base64 encoding would be presented as dXNlckBleGFtcGxlLmNvbQBteS1uZXctYXBwLTEDOWpmbnd1MDUzNzQz and this value can be used as a correct CData of <auth/> element:

<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>dXNlckBleGFtcGxlLmNvbQBteS1uZXctYXBwLTEDOWpmbnd1MDUzNzQz</auth>

Removing application password

If your device is compromised or lost and you want to remove the application password, you need to use a different device and log in on your XMPP account. Then you need to execute Delete user credentials ad-hoc command (command node auth-credentials-delete at sess-man).

During execution for a command you will be provided with a form to fill in with following fields:

• The Jabber ID for the account (jid) - bare JID of your account
• Credential ID (credentialId) - username for the application password which you want to remove

<iq type='set' to='[email protected]' id='sasl-app-delete-1'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-delete' action='execute'/>
</iq>

<iq type='result' from='[email protected]' id='sasl-app-delete-1' to='[email protected]/resource-1'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-delete' session-id='uuid-xxxxxx' status='executing'>
		<x xmlns='jabber:x:data' type='form'>
			<title>Add user credentials"</title>
			<field var='jid' label='The Jabber ID for the account' type='jid-single'/>
			<field var='credentialId' label='Credential ID' type='jid-single'/>
		</x>
	</command>
</iq>

After submitting this form a credential will be removed.

<iq type='set' to='[email protected]' id='sasl-app-delete-2'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-delete' action='execute'>
		<x xmlns='jabber:x:data' type='submit'>
			<title>Add user credentials"</title>
			<field var='jid' label='The Jabber ID for the account' type='jid-single'>
				<value>[email protected]</value>
			</field>
			<field var='credentialId' label='Credential ID' type='jid-single'>
				<value>my-new-app-1</value>
			</field>
		</x>
	</command>
</iq>

<iq type='result' from='[email protected]' id='sasl-app-delete-2' to='[email protected]/resource-1'>
	<command xmlns='http://jabber.org/protocol/commands' node='auth-credentials-delete' session-id='uuid-xxxxxx' status='completed'>
		<x xmlns='jabber:x:data' type='result'>
			<field type='fixed'>
				<value>OK</value>
			</field>
		</x>
	</command>
</iq>

Tigase XMPP Server 8.4.0

NOTE: This version requires JDK17!

NOTE: Complete list of changes available in tigase-server-8.4.0 milestone

Major Changes

• Add support for XEP-0227: Portable Import/Export Format for XMPP-IM Servers (tigase/_server/server-core#1456)
• Add support for showing accounts with push notifications enabled as away (tigase/_server/server-core#1527)
• Add support for banning users with support of xmppbl.org (tigase/_server/tigase-muc#156)
• Add support for XEP-0404: Mediated Information eXchange (MIX): JID Hidden Channels
• Add ad-hoc commands to manage MIX channel
• Initial rewrite of HTTP-API from Groovy to Java and switch to jte for templating for improve performance
• Add dashboard to easily manage users (tigase/_server/tigase-http-api#132)
• Added support for opt-in for ProtoXEP: PubSub Server Information
• Add support for authentication of APNS provider using P8 (tigase-push)
• Allow overriding default “networkaddress.cache.ttl” configuration (tigase/_server/tigase-utils#26)
• Deprecate MD5*CredentialsEntry (tigase/_server/server-core#1359)
• Add support for message retraction by admins/owners (tigase/_server/tigase-mix#34)
• Add support for XEP-0425: Message Moderation (tigase/_server/tigase-muc#152)

All Minor Features & Behavior Changes

• Fix issue where exception thrown within StoredProcedure that has transaction can cause a lock (tigase/_server/server-core#1347)
• Improve caching (tigase/_server/tigase-pubsub#92)
• Improve handling of database failovers (connecting to read-only instance due to DNS propagation being to slow on AWS part) (tigase/_server/server-core#1354)
• Update MongoDB driver (tigase/_server/tigase-mongodb#34)
• Implement support for XEP-0404: Mediated Information eXchange (MIX): JID Hidden Channels (tigase/_server/tigase-mix#37)
• Remove JaXMPP dependency in tigase-push-fcm (tigase/_server/tigase-push#50)
• Improved and refactor HTTP API implementation (tigase/_server/tigase-http-api#122)
• Expose account status value in endpoint to retrieve user details (tigase/_server/tigase-http-api#131)
• Setup not working (NPE because of missing JTE compiler) (tigase/_server/tigase-http-api#135)
• Add method to generate tokens/QR codes for authentication (tigase/_server/tigase-http-api#133)
• http-api should delay listening on port until server finished startup (tigase/_server/tigase-http-api#130)
• Add ad-hoc commands to manage MIX channel (tigase/_server/tigase-mix#36)
• Add support for exporting/importing MIX channel data (tigase/_server/tigase-mix#38)
• Add support for XEP-0227: Portable Import/Export Format (tigase/_server/tigase-message-archiving#81)
• XEP-0227: Portable Import/Export Format for XMPP-IM Servers (tigase/_server/tigase-pubsub#138)
• Fix disco#items of PubSub node ignores permission checking (tigase/_server/tigase-pubsub#137)
• NumberFormatException: For input string: “max” (tigase/_server/tigase-pubsub#134)
• RSM sends element in response (tigase/_server/tigase-utils#27)
• Unexpected <build/> element in XEP-0092: Software Version (tigase/_server/server-core#1522)
• Add support for exporting MUC rooms and history to XML (tigase/_server/tigase-muc#161)
• Registration captcha makes registration impossible (tigase/_server/server-core#1510)
• Return better SASL error for accounts pending confirmation (tigase/_server/server-core#1511)
• Missing escaping of some chars in encrypted Push Notifications (tigase/_server/server-core#1512)
• SCRAM *-PLUS mechanisms unavailable after StartTLS (tigase/_server/server-core#1508)
• Rename ‘captcha’ field to ‘qa’ (tigase/_server/server-core#1516)
• Added support for opt-in for ProtoXEP: PubSub Server Information (tigase/_server/server-core#1515)
• Adjust TLS ciphers and options values used by default (tigase/_server/server-core#1517)
• Add support for token/HMAC based authentication (tigase/_server/server-core#1520)
• Not XML-well-formed stanza being accepted by server and routed to recipient (tigase/_server/tigase-xmltools#16)
• Dockerize with Jib (tigase/_server/tigase-xmpp-server-docker#12)
• Fix issue where it’s not possible to configure seeOtherHost.defaultHost (tigase/_server/server-core#1364)
• Add support for testing S2S connectivity over IPv6 (tigase/_server/server-core#1363)
• Add support for setting user as admin using REST API (tigase/_server/tigase-http-api#127)
• Create pre-processor that would filter out error messages (tigase/_server/server-core#1344)
• Make it easier to disable BruteForceLocker (tigase/_server/server-core#1345)
• Cache usage statistics are not collected/computed correctly (tigase/_server/tigase-pubsub#135)
• Improve handling for MAM:1 queries with old IDs (tigase/_server/tigase-muc#153)
• Undelivered stanzas are processed before stream closure commands (tigase/_server/server-core#1343)
• [Setup] Add support for env-variables exposed in docker start.sh script (tigase/_server/tigase-http-api#142)
• Add API-KEY repo implementation that would be based on environment variables (tigase/_server/tigase-http-api#97)
• Add support for certificates private key using ecdsa (tigase/_server/tigase-utils#28)

Downloads

• Binaries (distribution packages):
  • tigase-server-8.4.0-b6793-dist-enterprise.tar.gz
  • tigase-server-8.4.0-b6793-dist-enterprise.zip
  • tigase-server-8.4.0-b6793-dist.tar.gz
  • tigase-server-8.4.0-b6793-dist.zip
• Docker
• Source Code
• Maven Artifacts

Test results

• Tigase TTS-NG

Docker is a very convenient abstraction layer that allows ease and consistency of deployment of software. However, it requires that the image platform matches the platform on which we want to run the software. Luckily, docker has multi-platform support which allows to both run images from different platform and, via buildx, create images for variety of platforms. There is a small downside to it - it uses QEMU to, as name may suggest, emulate other platforms, which entails one downside - performance penalty, both when running the image as well as when creating it.

During recent preparation of Tigase XMPP Server 8.3 release I faced an issue where, due to introduction of jlink into our build pipeline to make the images smaller and more lean, additional processing made creation of multi-platform images virtually impossible.

Fortunately, buildx tool is very versatile an allows using multiple builders to create images and in addition, those builders can be remote so it’s possible to take advantage of computing instances from cloud providers to build images for platforms not native to the machine on which we run the build making the build speed native-like.

Preparing remote environment

There is nothing all that special when it comes to remote machine preparation - it has to have docker installed (follow Install on Linux guide or one dedicated to partiular distribution used). One caveat is to make sure that it’s possible to use docker without sudo which is easily accheved by adding user to docker group:

$sudo gpasswd -a $USER docker

(restart of the shell session required afterwards).

Machine has to be accessible via ssh. Another caveat - because it’s not possible to specify key used it has to either be one available via SSH Agent or one of the following files: id_rsa, id_ed25519, id_ecdsa, id_dsa or identity under ~/.ssh.

After everything is set up it’s possible to check if everything is correct byt executing info command:

docker -H ssh://<usernane>@<hostname> info

which should give output similar to the one below:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.9.1)
  compose: Docker Compose (Docker Inc., v2.12.2)
  dev: Docker Dev Environments (Docker Inc., v0.0.3)
  extension: Manages Docker extensions (Docker Inc., v0.2.13)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.21.0)

Server:
 Containers: 2
  Running: 1
  Paused: 0
  Stopped: 1
 Images: 2
 Server Version: 20.10.22
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 78f51771157abb6c9ed224c22013cdf09962315d
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
 Kernel Version: 5.11.0-1022-aws
 Operating System: Ubuntu 20.04.3 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 2
 Total Memory: 1.901GiB
 Name: ip-172-31-48-98
 ID: X6BF:XU3T:QUBB:M5NY:IGEV:UAQL:6PJ5:GTGO:EBDX:73AS:UD5X:IY5A
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Preparing local buildx

The catch here is to create a builder that has two nodes: one local for one architecture and then another one for another architecture.

Let’s add new local builder for arm64 platform (I’m running the build on MacBook with M1 chipset):

docker buildx create --node local --name local-remote-builder --driver docker-container --platform linux/arm64

Checking available builders with docker buildx ls should give following output

NAME/NODE            DRIVER/ENDPOINT             STATUS   BUILDKIT PLATFORMS
local-remote-builder docker-container
  local              unix:///var/run/docker.sock inactive          linux/arm64*

Let’s add remote machine to builds for x86 architecture. The caveat is to use --append parameter to add remote node to just created builder:

docker buildx create --append --name local-remote-builder --node remote --driver docker-container --platform linux/amd64 ssh://<usernane>@<hostname>

Available nodes at this time should include our remote builder:

$ docker buildx ls
NAME/NODE            DRIVER/ENDPOINT                                                 STATUS   BUILDKIT PLATFORMS
local-remote-builder docker-container
  local              unix:///var/run/docker.sock                                     inactive          linux/arm64*
  remote             ssh://<usernane>@<hostname>                                     inactive          linux/amd64*

Builders are still inactive so it’s essential to make sure they are properly booted before execution with

docker buildx inspect --bootstrap --builder local-remote-builder

command, yielding following ouput if everything went correctly

[+] Building 12.2s (2/2) FINISHED
 => [local internal] booting buildkit               2.9s
 => => pulling image moby/buildkit:buildx-stable-1  2.3s
 => => creating container buildx_buildkit_local     0.5s
 => [remote internal] booting buildkit              7.7s
 => => pulling image moby/buildkit:buildx-stable-1  1.1s
 => => creating container buildx_buildkit_remote    6.4s
Name:   local-remote-builder
Driver: docker-container

Nodes:
Name:      local
Endpoint:  unix:///var/run/docker.sock
Status:    running
Buildkit:  v0.10.5
Platforms: linux/arm64*, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6

Name:      remote
Endpoint:  ssh://<usernane>@<hostname>
Status:    running
Buildkit:  v0.10.5
Platforms: linux/amd64*, linux/amd64/v2, linux/amd64/v3, linux/386

The only remaining thing is to set newly created and configured builder to be used by default via

docker buildx use local-remote-builder

and with that our builder list should look like this (nodes listed as running and builder annotated with asterisk indicating it’s the default one):

$ docker buildx ls
NAME/NODE              DRIVER/ENDPOINT                                                 STATUS  BUILDKIT PLATFORMS
local-remote-builder * docker-container
  local                unix:///var/run/docker.sock                                     running v0.10.5  linux/arm64*, linux/amd64, linux/amd64/v2, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/mips64le, linux/mips64, linux/arm/v7, linux/arm/v6
  remote               ssh://<usernane>@<hostname>                                     running v0.10.5  linux/amd64*, linux/amd64/v2, linux/amd64/v3, linux/386

Building Tigase XMPP Server image

With everything in place, building latest version of Tigase XMPP Server 8.3 is a matter of executing buildx build command with desired target platforms:

docker buildx build --platform linux/amd64,linux/arm64  -t tigase/tigase-xmpp-server:${VERSION} -f ${VERSION}/Dockerfile  --no-cache ${VERSION}/

giving us image in less than a minute.

Common changes

Changes

• Added support for blocking whole domains

Fixes

• Fixed memory leaks
• Fixed issue with MUC room creation

BeagleIM 5.3.2

Changes

• Improved performance of displaying conversation log

• Fixes

• Fixed issue with scrolling to newest entry in conversation log on macOS 13.0
• Fixed issue with copying of selected text in conversation log
• Fixed issue with revoking access to the MIX channel
• Fixed issue with receiving PM errors in MUC rooms with disabled PM

SiskinIM 7.3.1

Changes

• Improved reconnection reliability after client was in the background
• Improved StreamManagement implementation
• Adjusted to use Martin instead of TigaseSwift (library was renamed)

Fixes

• Fixed issue with resharing video files

Downloads

You can download both application from their respective app-stores: Beagle IM from macOS appstore and Siskin IM from iOS appstore and star them on GitHub: Siskin IM on GitHub and Beagle IM on GitHub

Join the discussion

You can discuss all-things-Tigase (including our client apps) on our groupchat: [email protected]

Tigase XMPP Server 8.3.0

Major Changes

• Initial version of Tigase Meet Protocol - our take at SFU (Selective Forwarding Unit) group video-calls
• This version requires at least JDK in version 17 to run
• Added support for mam2#extended [#mam-73]
• Rework certificate generation to utilise keygen tool instead of using sun.* API unavailable under JDK17
• Added support for XEP-0440 SASL Channel Binding Type Capability and fixed and re-enabled SCRAM-*-PLUS SASL mechanisms [#server-1335]
• Added initial, preview support for SASL2 and Bind2 (disabled by default) - to enable, activate beans 'urn:xmpp:bind:0' and 'urn:xmpp:sasl:2' in 'sess-man' [#server-1332]

All Minor Features & Behavior Changes

• Increased network socket buffer from 2K to 4K to improve performance when reading data from socket. It can increase somewhat memory usage proportionally to number of concurrent user connections. It’s possible to configure size of this buffer using socket-buffer-size property (please see socket-buffer-size documentation).
• Add configuration to log size generated by LoggerTask in Monitor and decrease default from 1M to 50K; Disable serialisation of monitor events; #servers-372
• Add DOAP file; update documentation with supported features; #server-1076
• Fix issue with NPE in JabberIqAuth plugin when no password was presented due to missing return statement; fixed similar issue where, after closing the connection, the execution of the code wasn’t terminated in JabberIqAuth and SaslAuth plugins, #server-1317
• Add support for XEP-0398 to feature list and updated list of supported features; #server-1316
• Change try-catch statement in database schema loader to better catch edge cases; #serverdist-10
• Remove wildcard certificate generation (as main DN) in certificate container to avoid issues that it entails (inability to override such self-signed certificate via ad-hoc commands!). Wildcards are now properly handled by CertificateGenerateor and are included correctly as SAN in addition to DN for main domain; Fix handling “default” certificates from repository; #server-1279
• Change default watchdog ping from (forbidden by RFC) whitespace to xmpp; add warning if someone configures it as whitespace either way; server-1318
• Improve XMPPDomBuilderHandler logging; #server-1323
• Improved Stream Management code responsible for generating <r/> requests, #server-1324 (#150)
• Added socket-buffer-size option to ConnectionManager to configure SO_RCVBUF separately from internal network buffers, #server-1325
• Increased socket-buffer-size for client-to-server and inter-cluster connections and added documentation, #server-1325
• Fix MAX_PAUSE property name; #server-1326
• Updated implementation of XEP-0377: Spam Reporting, #server-1327
• Fixed issue with errors being sent for unexpected stanzas, #server-1328
• Improved exceptions handling in StanzaProcessor, #server-1328
• Switch from jtds to MS own jdbc driver; #serverdist-12
• Prevent re-delivery of certain S2S packets (sasl, features, dialback, etc) as it doesn’t make sense; #server-1320
• Adjust log levels to avoid WARNINGS during startup for regular messages; #server-1115
• Add ‘active in last x’ statistic; #server-1281
• Include option to restart JVM on OOM (off by default)
• Correctly process packets from mobile queue instead of re-adding currently filtered packet; #server-1331
• Improvements to NativeMemoryTracking implementation with units; documentation; #server-1330
• Improve MAM logging; #servers-384
• Only count stanzas in StreamManagement; #server-1333
• Fixed advertisement stream features for unauthorized stream; #server-1334
• Fixed NPE during preparing stream features when connection is already closed, #server-1334
• Added initial support for SASL2 and Bind2 (preview feature, disabled by default) #server-1332
• Added support for XEP-0440 SASL Channel Binding Type Capability and fixed and reenabled SCRAM-*-PLUS SASL mechanisms; #server-1335
• Fixed NPE during enabling of stream resumption, #server-1332
• Fixed sending block/unblock presences from blocking command for domain, #server-1336
• Better default for lastXmppPacketReceivedTime member to avoid WatchDog closing connection before lastXmppPacketReceivedTime is set; #server-1337
• Add proper addressing validation in S2S connection and allow connections without 'from' set; #server-1338

Component Changes

Tigase MUC 3.3.0

• Rework permission checker (ACL) to add graceful fallback to hidden room if possible; add abstrac muc test class and tests based on it; #muc-151
• Fix memory leak in self-ping-monitor (#muc-150) and improve collections synchronisation in module
• Fix discovery module (Room items could be returned if available, but it’s advised to not return it by default and only return plain result without error)

Tigase PubSub 5.1.0

• Added support for mam2#extended; #mam-73
• Improving processing of presence and sending last published item; #pubsub-133
• Fix NPE in UnsubscribeNodeModule; #pubsub-130
• Fixed issue with MAM returning incorrect entries for MAM capable PubSub nodes; #pubsub-131

Tigase HTTP-API 2.3.0

• Switch from jtds to MS own jdbc driver; #serverdist-12
• Adjust log levels; #server-1115

Tigase Message Archiving 3.1.0

• Added support for mam2#extended; #mam-73
• Fixed issues with retrieval of archived messages stored in DerbyDB; #mam-73
• Adjust log levels; #server-1115
• Fixed issue with scheduling message retention cleanup; #mam-76
• Improve MAM logging; #servers-384
• Disabled storage of errors for sent PubSub notifications; #mam-77

Tigase MIX 1.1.0

• Added support for mam2#extended; #mam-73
• Fixed issue with joining MIX channel using MUC; #mam-74
• Fixed issue with rejecting incomplete data forms for channel configuration; #mix-31

Downloads

• Binaries (distribution packages):
  • tigase-server-8.3.0-b12193-dist-enterprise.tar.gz
  • tigase-server-8.3.0-b12193-dist-enterprise.zip
  • tigase-server-8.3.0-b12193-dist.tar.gz
  • tigase-server-8.3.0-b12193-dist.zip
• Docker
• Source Code
• Maven Artifacts

Test results

• Tigase TTS-NG

BeagleIM

The stable release of BeagleIM 4.1 contains a lot of changes and stability improvements.

New XEPs:

• Added support for XEP-0215: External Service Discovery

Major changes:

• Added shortcut for Last Message Correction with CMD+ARROW UP
• Added support for automatic scaling/recompression of images and videos to reduce size of shared files. (hold alt when sharing image file)

• Added support for sharing multiple files with drag & drop, copy & paste or selection.
• Improved onboarding process
• Simplified updating account password

• Added indication for corrected and retracted messages
• Added support for /me command
• Replaced Me with actual nickname user is using on the account on which chat was opened.

• Redesigned accounts list

• Added support for displaying jabber:iq:version

• Improved presentation of VCard data

• Rewrite of Markdown support to optimize it and fix the crash

Fixes

• Improved VCard support for MUC group chats
• Fixed issue with Reply option clearing clipboard
• Added dropping of errors received on message delivery confirmations not being delivered properly
• Fixed issue with VCard editing leading to disabled Edit button and improved UX
• Workaround for crash on BigSur (missing permission)
• Fixed issues with handling subscription requests
• Fixed issue with joining password protected MUC rooms
• Fixed another crash related to movie preview
• Fixed issue with right part of “new” button not being clickable
• Fixed issue with marking all MIX messages received while offline as read.
• Fixed support for domains ending with .local

SiskinIM

The stable release of SiskinIM 6.1 contains changes and stability improvements.

• Added support for XEP-0215: External Service Discovery
• Added support for automatic scaling/recompression of images and videos to reduce size of shared files.
• Added support for /me command
• Replaced Me with actual nickname user is using on the account on which chat was opened.
• Fixed issue with marking all MIX messages received while offline as read.
• Fixed support for domains ending with .local

Downloads

You can download both application from their respective app-stores: Beagle IM from macOS appstore and Siskin IM from iOS appstore and star them on GitHub: Siskin IM on GitHub and Beagle IM on GitHub

Join the discussion

You can discuss all-things-Tigase (including our client apps) on our groupchat: [email protected]

Communication with your family and friends is not only about instant chats. Audio and Video calls are quite important and sometimes, under unfavourable network configurations establishing a call may prove difficult. Luckily, with the help of STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays around NAT ) servers it’s no longer a problem

In the following guide we will show how to setup TURN and STUN servers with Tigase XMPP Server, so that compatible XMPP clients will be able to use them. Our xmpp.cloud installation supports not only them, but also XMPP MIX

Assumptions

We are assuming that you have installed your preferred TURN server and created an account on the TURN server for use by your XMPP server users and that you have installed and configured Tigase XMPP Server.

At the end of the article there is a short guide how to quickly setup CoTURN server.

Enabling external service discovery

NOTE: It is required only for Tigase XMPP Server 8.1.0 and earlier

First you need to edit etc/config.tdsl file and:

1. Add following line in the main section of the file:

   'ext-disco' () {}
   

2. Add following line in the sess-man section of the file:

   'urn:xmpp:extdisco:2' () {}
   

so that your config file would look like this:

'ext-disco' () {}
'sess-man' () {
    'urn:xmpp:extdisco:2' () {}
}

Start Tigase XMPP Server

After applying changes mentioned above, you need to start Tigase XMPP Server or, in case if it was running, restart it.

Open Admin UI

Open web browser and head to http://<your-xmpp-server-and-port>/admin/ (for example: https://localhost:8080). When promped, log in by providing admin user credentials: bare JID (i.e.: user@domain) as the user and related password. Afterwards you’ll see main Web AdminUI screen:

and on that screen open Configuration group on the left by clicking on it.

Add external TURN service

After opening Configuration group (1) click on Add New Item (2) position which has ext-disco@… in its subtitle.

In the opened form you need to provide following detail:

• Service - ID of the service which will be used for identification by Tigase XMPP Server (eg. [email protected])
• Service name - name of the service which may be presented to the user (eg. TURN server)
• Host - fully qualified domain name of the TURN server or its IP address (eg. turn.example.com)
• Port - port at which TURN server listens (eg. 3478)
• Type - type of the server, enter turn
• Transport - type of transport used for communication with the server udp or tcp (usually udp but item can be added for both)
• Requires username and password - for notifying XMPP client that this service requires its username and password for XMPP service (leave unchecked)
• Username - username required for authentication for TURN server (ie. turn-user)
• Password - password required for authentication for TURN server (ie. turn-password)

After filling out the form, press Submit button (3) to send form and add a TURN server to external services for your server. Admin UI will confirm that service was added with the following result

Add external STUN service

While adding a TURN server is usually all what you need, in some cases you may want to allow your users to use also STUN. Steps are quite similar like on TURN server - after opening Configuration group (1) click on Add New Item (2) position which has ext-disco@… in its subtitle and in the opened form you need to provide following detail:

• Service - ID of the service which will be used for identification by Tigase XMPP Server (ie. [email protected])
• Service name - name of the service which may be presented to the user (eg. STUN server)
• Host - fully qualified domain name of the STUN server or its IP address (eg. stun.example.com)
• Port - port at which TURN server listens (eg. 3478)
• Type - type of the server, enter stun
• Transport - type of transport used for communication with the server udp or tcp (usually udp but item can be added for both)
• Requires username and password - for notifying XMPP client that this service requires its username and password for XMPP service (leave unchecked)
• Username - username required for authentication for STUN server (if required)
• Password - password required for authentication for STUN server (if required)

Note

If you are using the same server for STUN and TURN (you usually will as TURN servers usually contain STUN functionality) you will fill the following form with almost the same details *(only use different Service field value, Type will be stun and most likely you will skip passing Username and Password - leaving them empty, the rest of the field values will be the same).

After filling out the form, press Submit button (3) to send form and add a STUN server to external services for your server. Admin UI will confirm that service was added with the following result

And now what?

Now you have fully configured your STUN/TURN server for usage with Tigase XMPP Server allowing XMPP clients connected to your server and compatible with XEP-0215: External Service Discovery to take full advantage of your STUN/TURN server ie. by providing better VoIP experience.

CoTURN installation

You can quickly setup CoTURN server using Docker. Please follow Docker installation on your operating system and then install CoTURN using Docker Hub (instrumentisto/coturn). The bare minimum required to run it looks like that (please update realm with your domain and external-ip with IP on which server should be accessible):

sudo docker run \
    --name coturn \
    -p 3478:3478 \
    -p 3478:3478/udp \
    -p 5349:5349 \
    -p 5349:5349/udp \
    -p 49160-49200:49160-49200 \
    coturn/coturn \
    --log-file=stdout \
    --min-port=49160 \
    --max-port=49200 \
    --realm localhost \
    --user tigase:tigase \
    --lt-cred-mech \
    --fingerprint \
    --external-ip=$$(detect-external-ip)

NOTE: It uses tigase as username/password and localhost as realm - please adjust if needed

Tigase XMPP Server and CoTURN in Docker Compose

Alternatively, you can use Docker Compose to quickly spin up complete Tigase XMPP Server with CoTURN configured - see our Docker Compose guide for details.

Common changes

New XEPs:

• Added support for XEP-0369: Mediated Information eXchange (MIX) - significant improvement over group chats offered by MUC - less traffic and better delivery
• Improved VoIP connectivity by adding XEP-0353: Jingle Message Initiation (now compatible with Jingle Message Initiation used by Conversations)
• Added support for XEP-0308: Last Message Correction - editing sent message (relies on client compatibility)
• Added support for XEP-0424: Message Retraction - deleting sent messages (relies on client compatibility)
• Added support for quick replies - quoting messages to improve conversation flow
• Added support for XEP-0158: CAPTCHA Forms: Extended In-Band Registration - some server may ask for additional information or verification during registration - with this feature it’s possible to sign up with those servers as well

Major changes

• Redesigned channel joining UI
• Optimized resource usage during the establishment of VoIP calls and improved quality of VoIP calls
• Improved Markdown support
• Improved message synchronization speed, reliability and add support for MAM version 2 (XEP-0313: Message Archive Management)
• Started using MAM for MUC history synchronization on rejoin (if possible)
• Improved support for CAPS (feature discovery)
• New chats list view with a single section for 1-1 chats and group chats
• Added a way to join hidden MUC rooms

Fixes

• Fixed issue with avatars in group chats not being properly displayed.
• Added workaround for possible issue with message archive synchronization if server does not send <complete/> attribute
• Fixed issue with channel info refresh

BeagleIM 4.0

UI adjustments:

• MIX / group chat creation streamlined

  

• Better VoIP connectivity

  

• Message Correction, Retraction and quick replies

  

Major changes

• Adjusted font size in chat history (message text is slightly bigger)
• Improved support for XMPP URI
• Improved behaviour of service discovery window (indentation of items, scrolling)
• Improved handling of responses for <iq/> requests which should fix some OMEMO key publication issues.
• Improved message text selection
• Remembers size of chats/roster windows
• Improved auto-completion of nicknames.
• Stopped downloading link previews if message with that link was received from someone outside of roster.

Fixes

• Fixed issue with respecting global settings for Allow subscription and Request subscription
• Fixed Typo in Authorization menu
• Fixed issue with not showing notifications for incoming groupchat messages containing keywords
• Improved scrolling behavior (scrolling to found or first unread message, scrolling on the opening of a chat and concurrency issue)
• Fixed an issue with a chat message not being resized properly when window size was changed.
• Fixed issue with text color in chat history
• Fixed issue with invisible selection in the search dialog
• Added possible workaround for crashes when preview is for a movie
• Fixed crash when the server is not sending Content-Length for uploaded files.

Development

• Fixed issues with compilation on XCode 12
• Improved layout in chat logs (internal change)

SiskinIM 6.0

• Improved detection of server features and prompting to enable them in SiskinIM
• Added request for background fetch on push notification and fixed crashes when push notification is tapped just after it is displayed (#siskinim-205, #siskinim-206)
• Fixed issue with using wrong speaker during the VoIP call (#siskinim-211)
• Added warning when access to microphone or camera is not granted during initialization of a video call (#siskinim-213)
• Improved account removal mechanism (#siskinim-199)
• Improved look of the QR codes (#siskinim-195)
• Fixed an issue with not dismissing room creation view after room is created (#siskinim-230)

• Fixed an issue with encrypting files with AESGCM send to MUC rooms when default encryption is set to OMEMO (#siskinim-237)

  

Downloads

You can download both application from their respective app-stores: Beagle IM from macOS appstore and Siskin IM from iOS appstore and star them on GitHub: Siskin IM on GitHub and Beagle IM on GitHub

Join the discussion

You can discuss all-things-Tigase (including our client apps) on our groupchat: [email protected]

A look at Halcyon

Some time ago, we started developing multiplatform XMPP Library called Halcyon based on Kotlin Multiplatform by Jetbrains. Our plan is to allow using the same library in different target environments: JVM, Android, JavaScript and Native. Currently we are focused on JVM and JavaScript targets.

In this post we will try to show library design and example of usage.

Before you start

Because Halcyon isn’t published in any Maven repository (yet), you need to compile it yourself. We believe, it will not be a problem. The only two things you need to do is to clone repository and compile library:

```shell script git clone https://github.com/tigase/halcyon.git cd halcyon ./gradlew publishToMavenLocal

Thats all. Now Halcyon is in your local Maven repository.

## Let's do something

We recommend using Gradle to build everything (except for towers and bridges maybe). You can also use Maven, it doesn't matter. Just use one of them, to prevent problems with dependencies. 
Here is sample `build.gradle.kts` file, the most important this is to enable kotlin plugin and include Hayclon in the list of dependencies:

```kotlin
plugins {
    java
    kotlin("jvm") version "1.3.61"
}

repositories {
    mavenLocal()
    jcenter()
    mavenCentral()
}

dependencies {
    implementation(kotlin("stdlib-jdk8"))
    implementation("tigase.halcyon:halcyon-core-jvm:0.0.1")
    testCompile("junit", "junit", "4.12")
}

configure<JavaPluginConvention> {
    sourceCompatibility = JavaVersion.VERSION_1_8
}
tasks {
    compileKotlin {
        kotlinOptions.jvmTarget = "1.8"
    }
    compileTestKotlin {
        kotlinOptions.jvmTarget = "1.8"
    }
}

Let’s add some Kotlin code:

fun main(args: Array<String>) {
    val client = Halcyon()
    client.configure {
        userJID = "[email protected]".toBareJID()
        password = "secret"
    }
    client.connectAndWait()
    client.disconnect()
}

This simple code creates XMPP client, connects to XMPP server and then disconnects.

To show how to work with Halcyon library, we will by adding code to this small code base.

Events

Halcyon is events-driven library. It means, that each part of library may publish event to event bus and all registered listeners will receive it.

Lets add some code to see what is being send and received over XMPP stream:

client.eventBus.register<ReceivedXMLElementEvent>(ReceivedXMLElementEvent.TYPE) { event ->
    println(">> ${event.element.getAsString()}")
}
client.eventBus.register<SentXMLElementEvent>(SentXMLElementEvent.TYPE) { event ->
    println("<< ${event.element.getAsString()}")
}

To listen for all events since the connection is started, we have to add this code before client.connectAndWait().

All events extend class tigase.halcyon.core.eventbus.Event, so you can easily find them all in your favourite IDE.

Each module may have it’s own set of events, so please check documentation or source code of modules of interest.

Request

Now we will look at one of the most interesting things in XMPP: requests and responses.

XMPP protocol allows sending request to another entity and receive response. Why is it so exciting? Because we can ping other clients, or ask for their local time! Ok, stop joking. Of course above examples are true, but with request-response we can do much more than simple sending messages: we can manage our contacts list, we can manage Multi User Chatrooms, we can execute remote methods on server or other clients.

As an example we will ping other XMPP entity (it may be server or other client). First we need to get PingModule to be able to use its request builder:

val pingModule = client.getModule<PingModule>(PingModule.TYPE)!!

Ping module has method ping() which creates a request builder (note, that it doesn’t send anything yet!) configured to understand response and return it as object. Method ping() has optional parameter jid. If is not provided, then ping will be send to the server to which the client is connected.

val request = pingModule.ping()
request.response { result ->
    when (result) {
        is IQResult.Success -> println("Pong in ${result.get()!!.time} ms")
        is IQResult.Error -> println("Oops! Error ${result.error}")
    }
}
request.send()

There is also a different way to add response handler to the request:

request.handle {
    success { request, iq, result -> println("Pong in ${result!!.time} ms") }
    error { request, iq, errorCondition, message -> println("Oops! Error $errorCondition") }
}

Use the one that you prefer.

One more example: we will check list of features of our server:

val discoveryModule = client.getModule<DiscoveryModule>(DiscoveryModule.TYPE)!!
discoveryModule.info("sampleserver.org".toJID()).handle {
    error { request, iq, errorCondition, message -> println("Oops! Error $errorCondition") }
    success { request, iq, result ->
        println("Server JID: ${result!!.jid}")
        println("Features:")
        result!!.features.forEach { println(" - $it") }
    }
}.send()

Messages

This chapter will be very hard, mostly because MessageModule isn’t finished yet. We haven’t made a design decision yet - how this module should work. It is good for you though, because we can create message stanza from scratch! And it’s cool!

This is how message stanza look like:

<message
      from='[email protected]/balcony'
      id='ktx72v49'
      to='[email protected]'>
    <body>Art thou not Romeo, and a Montague?</body>
</message>

Let’s try to create this stanza in Kotlin and send it.

var messageRequest = client.request.message {
    to = "[email protected]".toJID()
    body = "Art thou not Romeo, and a Montague?"
}
messageRequest.send()

The only thing currently implemented in MessageModule is MessageReceivedEvent, useful to handle all incoming message stanzas:

client.eventBus.register<MessageReceivedEvent>(MessageReceivedEvent.TYPE) { event ->
    println("Message from ${event.fromJID}: ${event.stanza.body}")
}

Roster and presence

Ok, we can send a message to anybody, but most of the time we want to send them to our friends. We need a list of our friends. Luckily such list is available out-of-box in XMPP protocol: it is called Roster.

It shouldn’t be a surprise, but to manage your roster you need RosterModule:

var rosterModule = client.getModule<RosterModule>(RosterModule.TYPE)!!

We can add (or update, with the same method) roster items, remove and list them.

val allRosterItems = rosterModule.store.getAllItems()

RosterItem contains JabberID of the contact, list of groups being assigned to, status of subscription (if contact is allowed to see our presence or not, and if we are allowed to see it’s presence).

Presence is “status of contact”. You can see if your contacts are online, offline or maybe you shouldn’t send any message to someone because he has “Do Not Disturb” status.

As an example, we will list all contacts from the roster and their presence:

rosterModule.store.getAllItems().forEach { rosterItem ->
    val presenceStanza = presenceModule.getBestPresenceOf(rosterItem.jid)
    println("${rosterItem.name} <${rosterItem.jid}> : ${presenceStanza?.show ?: "Offline"}")
}

Thanks…

…for being here up to this point. We hope you enjoyed reading about Halcyon library, and you liked it even though it is not finished yet.

Please share you thoughts and ideas at our group chat [email protected] or on library GitHub page.

Running Tigase XMPP Server was never easier - you can have a full-fledged XMPP server in a matter of minutes.

Benefits of Tigase XMPP Server docker image

Using containers offers various benefits - it helps bundle complete execution environment that’s consistent, isolates various services and orchestrates them with ease. This makes setting up new service a breeze. At the same time Docker is only a thin layer with very little performance overhead. In Tigase’s case, even though normally only JVM is required, having single bundle with recommended version of the JVM and configured environment helps achieve the most compatible and stable setup.

How to start

If you haven’t already, install Docker engine on your desired operating system. Once this is done, starting Tigase is just two commands away (for up-to-date list of tags check out our DockerHub, by default latest is used):

$ docker pull tigase/tigase-xmpp-server
$ docker run --name tigase-server -p 8080:8080 -p 5222:5222 tigase/tigase-xmpp-server

And after a short Tigase will start and you’ll be presented with option to setup the server by accessing http://localhost:8080 page. Once setup is completed, simply restart the container with $ docker restart tigase-server and connect your client.

More information

Of course above is the simplest deployment. There are many possibilities to adjust the container by mounting local volumes, exposing more ports or connecting to external database. It’s even possible to run local Tigase cluster! For details please check out Tigase in Docker guide

Java in Docker - will it work?

Our images are based on Java 11, which already supports Docker without any issues.