Ignite Realtime Blog
18 Posts tagged with the openfire tag 1 2 Previous Next
New open source plugins with enterprise features are now available
Posted by dombiak_gaston May 13, 2008
As you may have already seen, Openfire 3.5.0 was released today alongside it's good friend Clearspace 2.0! We are excited to put out this release as it strolls alongside a number of new announcements, new features, and is sporting a brand new outfit in the form of a new look and feel for the admin interface.
Now, in light of the announcements regarding the Enterprise plugin becoming open source, you may be wondering why you can see an updated Enterprise plugin available. We are providing this plugin for our existing enterprise customers until the separate split-up plugins are released. Those of you waiting for the open source releases, please stay tuned!
For our Clearspace customers, this new version of Openfire integrates at a much more intense level than before. Instead of simply providing presence to Clearspace, and requiring you to point both Clearspace and Openfire at something like LDAP to have the same login setup, you can now have Openfire speak directly to Clearspace. It will pull it's users and groups, as well as pass authentication through Clearspace. Setup is a breeze, as you have one screen of setup in Clearspace and one screen of setup in Openfire and you are done. And we're not stopping there. Future releases will include even more integrations between the two!
Is Clearspace integration the only new thing in Openfire 3.5.0? Of course not! We've now got the ability to disable accounts, security audit logs for admin events, easy to take advantage of invisibility, and did I mention the pretty new admin interface? We went over a lot of these new features in a previous blog post, so I won't bore you with a complete rehash of all of them. 
One word of warning, due to the nature of CSS not wanting to easily refresh itself, you may need to shift-reload in your browser for the new admin console to look correct. And don't forget to update your plugins after upgrading to 3.5.0! Some of them are affected by API changes! (specifically: User Search, IM Gateway, MOTD, and SIP)
This has been a very exciting day for us here at Jive and we hope exciting for you as well!
You can download Openfire 3.5.0 here.
You can see the entire changelog here.
You can view the documentation for 3.5.0 here.
Plugins can be downloaded from the admin console or here.
We are very pleased to announce that Openfire has breeched one million downloads (not including downloads not from our site)!
We couldn't have done it without you all, the Ignite Realtime community! (well of course not, we needed -someone- to download it ) It's always fun to watch a milestone come and go, and take a moment to reflect, so I thought I would take a little bit to talk about Openfire's history, and even a little about my own personal history with it.
When I first found what is now called Openfire, it was somewhere in early 2006. At the time it was called Jive Messenger and I was the lead developer of PyAIMt and PyICQt and was told that my transports didn't work well with Jive Messenger. It wasn't long before I 'fell in love with' Jive Messenger and around the middle of 2006, I began work on the IM Gateway plugin.
Not long after, I watched Jive Messenger turn into Wildfire, run into a naming conflict, and then turn into Openfire. As it turned out, Openfire became probably the most appropriate name, as it better reflected the open nature of the product, and was really catchy!
So approximately two years after I first became aware of Openfire, we've hit one million downloads! That's pretty impressive for a server product! Over those two years we've witnessed so many milestones in the world of XMPP. One might even call it a "boom time" for XMPP at this point. So lets all have a drink to Openfire's one millionth download, and to XMPP everywhere! And also, we at Jive will be having a virtual toast to the Ignite Realtime community, and thank you for all of your involvement! Happy road to two million!
The next major release of Openfire is going to be 3.5.0 and it will be released on March 6th. Daniel and I are very happy with this new release since it has lots of new features and improvements. Today I will explain how you can be connected but invisible to all or some users. This has been a very popular request in Openfire and in XMPP in general.
A few XMPP extensions were created for invisibility using different strategies (and may be goals). Some of them focused only in blocking your presence to other users while others were blocking incoming/outgoing presences, messages and IQ stanzas. But they have something in common that jeopardized their success. In a nutshell, they not only required server side changes but also client side changes thus making it hard for a user to find a server and a client that supports them.
As of Openfire 3.5.0 there is a very easy way to be invisible and at the same time be able to maintain a one-to-one chat, a group chat or appear visible to the users of your choice or gateways of your choice. The best part of it is that we are not relying on any XMPP extension but just using the XMPP RFC core.
Usually XMPP clients follow these steps while logging in:
- Connect to the XMPP server
- Secure the connection with TLS
- Authenticate with the server using SASL
- Send available presence to the server indicating that the client is now publicly available (e.g. <presence><priority>1</priority></presence>)
- Request their roster
The forth step is actually optional so if clients do not send an available presence then they will be connected to the server but will not appear available/online to other users. Unavailable users cannot get messages from other users unless they made available to them.
When the user decides to appear as online to someone in particular he can send an available presence to that user (e.g. <presence to='joe@myserver.com/Spark><priority>1</priority></presence>). Being available to a user means that the user will see you online and you can now chat with that user.
Users that are publicly unavailable can also join a room and have a groupchat. However, if the room is not anonymous (i.e. real JIDs are sent to room occupants) then the other users will know that you are connected and chatting. But probably you won't care about that unless you wanted to chat without anyone knowing that you are you.
Currently our Spark and Sparkweb clients are not able to join in invisible mode but implementing invisibility this way should be a lot less work for clients than implementing some XMPP extension.
One of the things you may have noticed that appeared in the 3.4.3 release of Openfire is a couple of new installers, and some improvements to existing installers. Oddly enough, building installers can be one of the more difficult tasks a developer has. Simply putting out a tarball or zip file is easy, but it's not exactly the most pleasant thing to deal with from an administrator perspective. In the process of creating installers, you often find yourself fighting with differing standards between OS distributions, or different architectures altogether. That said, typically once you have created the installer, there's not much to do with it after, so it's generally a one time cost, so to speak, and the benefits far outweigh the time spent!
In an effort to make Openfire as easy to install as possible, we added official Debian and Solaris packages. Yes, I am aware the Solaris package is listed under Linux right now, but please ignore that for now. Are we stopping there? Not really. I'm not yet sure what other OS's we might be providing packages for at this point. FreeBSD is about the only other one I've seen a request for and there's a well maintained port (net-im/openfire) of Openfire already.
What we are investigating now is providing hosted repositories for the packages. Specifically, I'm looking at a Yum and APT repository at the moment. This would allow system administrators to point their repository configs at our repositories and be able to easily keep up to date. We are still working out the logistics of this, so stay tuned!
We're also investigating getting Openfire into more distributions. In other words, instead of having to come to our site to get Openfire, perhaps you could install it from a central Debian repository, or an extras cd, or something of that nature. There are a couple of possibilities in the works on that front, and a couple more I'd like to pursue.
So hopefully in the near future, it will be as easy as ever to get rolling with Openfire!
Many years ago when I started adding certificates management to Openfire I couldn't stop thinking how complex the certificate management topic was. Moreover, I thought that the lack of information regarding certificates management was on purpose as a way to keep them "secure".
Even though I do not consider myself an expert in security and certificates in particular, I think I finally understood the different ways certificates can be created, signed by Certificate Authorities (CA) and finally be imported into your application. Basically there are two ways for this to be achieved and fortunately the XMPP Federation through its CA services supports both of them.
Create your certificate and ask a CA to sign it
In this case you will create a certificate from the admin console of Openfire and then ask Openfire to create a Certificate Signing Request (CSR) that is sent to the CA. The Certificate Authorities (CA) usually has a web site that you can use to paste the CSR. If you are using the XMPP Federation services, choose the menu option Server Certificate (Without CSR generation). After the CA verified the certificate data and the data of the certificate issuer you will get a signed certificate that you will need to import into Openfire from the admin console.
The CA creates a certificate for you and signs it
In this case almost the entire process happens in the CA web site and administrators will need to import the signed certificated into Openfire. If you are using the XMPP Federation services, choose the menu option Server Certificate (With CSR generation) and then provide a pass phrase to create the certificate and its private key. After the data was validated you will receive a signed certificate. The last step to import the new certificate into Openfire is to paste the pass phrase, private key and signed certificate in the import certificate page in Openfire and voila.
As of Openfire 3.4.2 you will be able to choose the certificate management option that best fits you and follow the entire process from the admin console. You will be able to say bye bye to the cumbersome command line tools. If you are using Openfire 3.4.1 or older then only the first option is supported.
You may or may not already be aware that I have been a full time member of the Jive family for a couple of weeks now! It's been quite interesting to see how different it is from my previous job in a university setting. It's been a lot of fun already and it's really exciting to have turned my favorite hobby into a career. =) My coworkers are great and I almost find myself wondering why I didn't do this earlier.
So what am I going to be doing? Well, the development of the IM Gateway plugin is part of my job now. We'll be setting solid goals and release dates instead of it being dependent entirely on my free time. That and Openfire are my main focuses. I'm really excited about playing a more direct role in Openfire development! One of my first tasks will be to improve the unix installers for Openfire. They have been lacking love for a while now and I have a strong unix background to bring to the table. In one of the next releases of Openfire we'll have improved packages, unix scripts, and better support for more operating system distributions. Overall, good things to come! =)
You may have heard that I have taken over as lead developer of Spark. It's been a long time since I have been involved in client development and I actually miss it. My very first XMPP related project was a client. Now, as you've heard from the Ignite Realtime post preceding this one, Spark is a low priority. My focus with it in terms of work with Jive is bug fixes, maintenance, and paying customer requirements. Beyond that, I'll likely be working on it on my own time when I need a change of pace. I am a Mac user primarily, so you may see more Mac focused fixes at first. If nothing else I'm going to make sure Spark is something I enjoy using, which coincides to a lot of things that the community has reported/requested anyway. I highly encourage folk who are interested to submit patches! The only caveat is that for patches of any size, I'll need you to sign contributor agreements, if you haven't already.
Now, since I'm involved in more than just the IM Gateway plugin now, I can't keep up with the forums as much as I did before. I try to spend some time each day looking over the forums, but with more than just the single forum, it's too much to keep up with entirely. Dawn is working hard on coming up with good ways to involve the community more and try to make sure things don't get missed! She has been speaking on this in the Jive Lounge, so please visit the lounge and contribute if you have some thoughts!
Anyway, I wanted to make sure folk understood that my role has changed and wave hi from within Jive! =) Any questions?
Ignite Realtime Blog
Ignite Realtime Blog- Contributors:
-
srt
-
svoisen
-
ryang
-
barata7
-
jadestorm
-
dele
-
AWenckus
-
DavidSmith
-
flashgrand
-
greg
-
dombiak_gaston
-
ddman
-
dawn
-
matt
-
admin