The problem was bits after the authentication throwing an exception, which was being misinterpreted as the authentication failing due to incorrect use of the try/catch block.
To solve this, check out the sources from subversion. In webchat/src/java/org/jivesoftware/webchat/actions/ChatStarter.java, apply the following patch:
After building and deploying the chat client with this patch, chat authentication works properly.
If the other bits fail, this will be logged (the actual cause), whereas an incorrect password will still yield "Authentication failed." as before.
committed as r13046, got somebody to verify it