SOAP-based authentication broken

[dissent@…]

A few days ago one of my two MSN accounts was unable to login on Bitlbee, and repeatedly got the following error message:

> account on 4
<root> msn(accountname@hotmail.co.uk) - Logging in: Connecting
<root> msn(accountname@hotmail.co.uk) - Logging in: Connected to server, waiting for reply
<root> msn(accountname@hotmail.co.uk) - Logging in: Transferring to other server
<root> msn(accountname@hotmail.co.uk) - Logging in: Connected to server, waiting for reply
<root> msn(accountname@hotmail.co.uk) - Couldn't log in: Error reported by MSN server: Authentication failed
<root> msn(accountname@hotmail.co.uk) - Logging in: Signing off..

My other account logged in successfully with bitlbee, and the problematic account could login successfully using the M$ client or gaim.

I tried out various things, including creating new accounts, and discovered that any account I created with the same password received this error, but that changing the password would allow any of the accounts to work again. I've changed my password now, so have no problem sharing the bugged one, it's Jdshntm3. To reproduce, create a new MSN account with this password.  https://accountservices.passport.net/reg.srf

I'm using the Debian modified version of 1.2.1.

[Chascon]

I can vouch for this problem too on OS X, running the 1.2.1 release. This release was working for me just yesterday, and it's been on the fritz since. I've seen this sort of behaviour before and I've had to delete the account and create it again. I don't know if the account preferences get corrupted, or what.

My OSCAR (AIM) account is also acting up, although I doubt it is related.

Chascon

[Chascon]

Rather than doing an account del on my msn IM account, I did an "account set <account id>/<password> <passsword>". Then, logging into my msn account, still fails. I'm beginning to think it's either MSN blocking my IP or a gateway problem.

Chascon

[Chascon]

Can't be my IP being blocked, 'cause Adium connects to my msn IM service. I just may try to delete my MSN account on Bitlbee and then add it again and see what happens.

[anonymous]

I had the same issue but after changing my password to [a-z]+ I was again able to sign in.

[irxc]

I also had this very issue, after I changed the msn-passwd to [a-z] it's working once again.

[Wilmer van der Gaast <wilmer@…>]

I also had this very issue, after I changed the msn-passwd to [a-z] it's
working once again.

That's pretty ridiculous. :-( Has anyone tried an older BitlBee version
yet? Something like 1.0.4, for example. In 1.2 I switched to a new
authentication mechanism, maybe I shouldn't have done that.

[irxc]

Replying to Wilmer van der Gaast <wilmer@gaast.net>:

That's pretty ridiculous. :-( Has anyone tried an older BitlBee version
yet? Something like 1.0.4, for example. In 1.2 I switched to a new
authentication mechanism, maybe I shouldn't have done that.

I just made a succesful connection using v0.92 (that's the only other version apart from 1.2 that I've got access to) using a password containing [0-9a-zA-Z]. The same password is a no-go using v1.2

[wilmer]

(Thanks for checking that out.)

[adam]

Same issue for me today. The fix sorted it - removing numbers from my password (so it became [a-z]+) lets me log on

[yastupin]

Same issue and fix there. Had the same problem few days ago for a few hours, and since tonight ~1h UTC+2 til now.

Tested versions: - 1.2.1: fails - 1.2: fails - 1.1.1dev: success

Wanted to search the commit but unfortunately the bzr server doesnt respond.

[wilmer]

What makes this even more interesting is that the failure comes from the notification server, not from the authentication server. When you give the wrong password on purpose, the error is slightly different:

:rootroot@localhost.localdomain PRIVMSG &bitlbee :msn - Couldn't log in: Error during Passport authentication: wsse:FailedAuthentication (Authentication Failure)

So the authentication seems okay, just that the MSN Messenger server somehow doesn't accept the token.

[Chascon]

It's not just numbers, but symbols that also seem to be throwing things off.

[wilmer]

 http://forums.miranda-im.org/showpost.php?s=154c97590b56528d31e7bd20fd2a3bdb&p=162186&postcount=70

Looks like it's not just BitlBee that is broken. Reverting to the non-SOAP authentication should fix this. I'm trying to avoid this since that code is horribly messy, but may do it anyway if no other solution comes up any time soon. The Miranda dev still blames the MS servers and thinks things will restore themselves, I'm not so optimistic about it.

[yastupin]

The error is now "Couldn't log in: Error during Passport authentication: wsse:FailedAuthentication (Authentication Failure)", which make more sense.

[linuturk@…]

I can confirm this is an issue on Ubuntu 8.04

Changing the password to all lower case something is the work around I used.

[acidflash]

I think all know it by now. But i can confirm too that lower case and numbers is working just fine. Did change my password just for connect.

[wilmer]

changeset:devel,411

Rolled back to the old mechanism. The only alternative seems to be "upgrading" to MSNP15 or something like that, which I'll leave up to someone who actually knows people on the MSN Messenger network. :-)