23 Jan
2008
23 Jan
'08
5:06 a.m.
Padmaja schrieb:
Hi all,
Please see the call flow below:
GW1 Proxy GW2
|-----invite----------->| |
|<------407-----------| |
|-----invite w/cred--->| |
| |-----Invite------->|
|<------------200 Ok---------------------|
|----------------Ack--------------------->|
| |
| |<----ReInvite -----|
|
When the proxy receives the Reinvite below from GW 2, should it again
challenge it for proxy authentication or simply forward the call to the GW1?
The openser proxy in our lab simply forwards the Invite without asking for
authentication this time. However, I need to test the situation, where the
proxy asks for authentication for the Reinvite. Is this possible?
This is a difficult question. If GW2 is known to your proxy, the proxy
can challenge GW2. (if the GW supports authentication at all).
Often the domain in the From URI is used to find out if a SIP client is
a "local" user or from another domain. Local users will get challenged,
external users not. But using From header domain works only for initial
INVITE and can not be used reliable for reINVITEs.
Thus, usually in-dialog requests will not be challenged. Thus, its a
matter of your policy and depends if you provide an open SIP service
(like e.g. iptel.org, FWD ...) or if you are in a closed environment
were every SIP client is known to have credentials to authenticate
against the proxy.
regards
klaus
Please let me know.
Thanks,
Padmaja
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users