Class SASLExternalMechanism

  • All Implemented Interfaces:
    Comparable<SASLMechanism>

    public class SASLExternalMechanism
    extends SASLJavaXMechanism
    Implementation of the SASL EXTERNAL mechanism. To effectively use this mechanism, Java must be configured to properly supply a client SSL certificate (of some sort) to the server. It is up to the implementer to determine how to do this. Here is one method: Create a java keystore with your SSL certificate in it: keytool -genkey -alias username -dname "cn=username,ou=organizationalUnit,o=organizationaName,l=locality,s=state,c=country" Next, set the System Properties:
    • javax.net.ssl.keyStore to the location of the keyStore
    • javax.net.ssl.keyStorePassword to the password of the keyStore
    • javax.net.ssl.trustStore to the location of the trustStore
    • javax.net.ssl.trustStorePassword to the the password of the trustStore
    Then, when the server requests or requires the client certificate, java will simply provide the one in the keyStore. Also worth noting is the EXTERNAL mechanism in Smack is not enabled by default. To enable it, the implementer will need to call SASLAuthentication.supportSASLMechamism("EXTERNAL");