Negotiation settings for XMPP federated partners in Lync Server 2013
Topic Last Modified: 2012-10-21
The settings for the negotiation types in the configuration of an XMPP Partner have a wide variety of possible combinations. Not all of these combinations are valid. The table detailed in this topic will define the valid and not valid settings. Common configurations are presented in the first table, the second table detailing all possible combinations. Note that you cannot have Simple Authentication and Security Layer (SASL) unless Transport Layer Security (TLS) is also available. SASL is sent in an unencrypted (readable) format and should never be transmitted unless protected by another means, such as TLS.
Common XMPP Federation Negotiation Methods
| Transport Layer Security (TLS) | Simple Authentication and Security Layer (SASL) | Dialback Authentication | Expected Authentication Method(s) | Notes |
|---|---|---|---|---|
Required |
Required |
False |
SASL over TLS |
TLS and SASL required helps to ensure that the SASL message stream is secure. Dialback is not available and cannot be used for a fallback method if the XMPP federated partner has not set TLS to required or optional. |
Required |
Optional |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
By requiring TLS, if the XMPP federated partner has set SASL to optional or required SASL is used. If SASL is not available, Dialback over TLS will be used. |
Optional |
Optional |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
While very flexible in the negotiation methods offered, these settings rely on the XMPP federation partner’s settings. If the partner has TLS optional or required but SASL is not supported, TLS Dialback will be available. If the partner has TLS and SASL set to optional or required, the optimal selection of TLS over SASL is used. |
Not Supported |
Not Supported |
True |
TCP Dialback |
In many cases, TCP Dialback is the only possible solution. Less desirable than other options, it does provide some level of trust. |
XMPP Federation Negotiation Methods Matrix - Complete
| Transport Layer Security (TLS) | Simple Authentication and Security Layer (SASL) | Dialback Authentication | Expected Authentication Method | Notes, Warning or Error for Not Valid Configuration |
|---|---|---|---|---|
Required |
Required |
True |
SASL over TLS |
Warning Dialback will not operate if both SASL and TLS are required. |
Required |
Required |
False |
SASL over TLS |
|
Optional |
Required |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
Warning SASL requires TLS. Allowing TLS to be optional may result in failed session negotiations. |
Optional |
Required |
False |
SASL over TLS |
Warning SASL requires TLS. Allowing TLS to be optional may result in failed session negotiations. |
Not Supported |
Required |
True |
TCP Dialback |
Warning SASL requires TLS. Allowing TLS to be optional may result in failed session negotiations. |
Not Supported |
Required |
False |
Warning Not Valid Configuration |
Warning Because SASL requires TLS, and TLS is not available, SASL/TLS cannot succeed. TCP Dialback is set to false, and cannot be used. |
Required |
Optional |
True |
SASL over TLS, TLS Dialback |
|
Required |
Optional |
False |
SASL over TLS |
|
Optional |
Optional |
True |
SASL over TLS, TLS Dialback, TCP Dialback |
Warning SASL requires TLS. Allowing TLS to be optional may result in failed session negotiations. |
Optional |
Optional |
False |
SASL over TLS |
Warning SASL requires TLS. Allowing TLS to be optional may result in failed session negotiations. |
Not Supported |
Optional |
True |
TCP Dialback |
Warning SASL requires TLS. Allowing TLS to be optional may result in failed session negotiations. |
Not Supported |
Optional |
False |
Warning Not Valid Configuration |
Warning SASL requires TLS. Allowing TLS to be optional may result in failed session negotiations. |
Required |
Not Supported |
True |
TLS Dialback |
Configuration allows for TLS Dialback. |
Required |
Not Supported |
False |
Not Valid Configuration |
Warning SASL or Dialback must be enabled. |
Optional |
Not Supported |
True |
TLS Dialback, TCP Dialback |
Based on negotiation choices of the other end point, TCP or TLS Dialback will be accepted. |
Optional |
Not Supported |
False |
Not Valid Configuration |
Warning SASL or Dialback must be enabled. |
Not Supported |
Not Supported |
True |
TCP Dialback |
TCP Dialback is the only negotiation method available |
Not Supported |
Not Supported |
False |
Not Valid Configuration |
Warning SASL or Dialback must be enabled. |