Is the database shared? If so maybe when they authenticate add a secure token to the header that the second proxy can use for auth?
Just a suggestion not sure if its the answer your looking for or perhaps I didn't understand the scenario well enough. On Nov 19, 2012 7:53 AM, "Andreas Granig" agranig@sipwise.com wrote:
Hi,
There are lots of parameters controlling the creation of nonce values on a server, and I'm curious if there is a way to kind of "sync" them between servers.
The use case would be to have a UA send for example its registration to Proxy1. Proxy1 would challenge it, UA will send the registration again, this time with credentials. Proxy1 would look up the user based on $au/$ar in the subscriber table, and if it's not found, will look up the responsible proxy from another table (with key being $au@$ar), forward it to Proxy2, which then would be able authenticate the user.
The reason for this is that the auth credentials are unique across all servers and reliably identify a user, whereas for example From could be something else (e.g. in case of an IP-PBX sending a CLI in the From-userpart).
Challenging the user on the second proxy again would theoretically be possible, but if the UA gets a 401 twice (once from Proxy1, once from Proxy2), it'll most likely pop up a password form for soft-clients, so I want to avoid that.
Any ideas how to accomplish that?
Andreas
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users