Thank you very much Daniel! It works!

Following your suggestion, I have set the following parameters in the kamailio.cfg in both servers:

modparam("auth", "secret", "samesecretparam")
modparam("auth", "nonce_expire", 1800)
modparam("auth", "nonce_auth_max_drift", 300)
modparam("auth", "one_time_nonce", 0)


Now all xcap requests are authenticated successfully and works! Thanks again!

After some tests, now we are facing another problem with multiple presence servers integrated with XCAP servers in integrated mode. We have configured 2 kamailio servers as both presence server and xcap server with the same backend DB in another machine (thank you for your great guide on http://kb.asipto.com/kamailio:presence:k31-made-simple). In front we have setup a dispatcher for SIP load balancing and apache for http (xcap) load balancing.

It seems the presence server handle the publish/subscribe/notify events with the following tables:
- active_watchers (using local cache and update the local cache to db periodically)
- presentity (using local cache and update to db immediately)
- watchers (db)
- xcap (db)

we have meet 2 problems:
  1. when a subscription is created in one server (in active_watchers in local cache) and the publish related to the same subscription goes to another server (presentity), with fallback to db, only the first publish works (it generates a notify with C-SEQ increased by one). When it receives another publish, it always generate the notify with the same C-SEQ, and the SIP Client ignore it. The problem is that the subscription is in the cache of another server and it periodically update it to db. When the publish related to this subscription goes to another server, the C-SEQ in the local cache is not increased. To workaround it, we have configure the Dispatcher to use hashing over URI for all presence related messages. In this way, it seems all messages related to the same subscription go to the same presence server, so the c-seq is increased correctly. Is it correct way to work with multiple presence server?
  2. pres_refresh_watchers triggered by xcap message in another presence server: with the hashing over to uri in dispacther workaround, it seems solve the first problem for SIP/SIMPLE messages, but we have the same kind of problem for xcap message. For example, a subscription is in a local cache of one server, and the incomming xcap message related to the same subscription goes to another server, and this message trigger the pres_update_watchers pres_refresh_watchers presence functions from the configuration script in the server where there is no subscription in the local cache, then it send the wrong notify message. This can happen when a user add/remove a contact, and the SUBSCRIBE goes to one server and XCAP PUT goes to another server. Unfortunately there is no DB mode only in PRESENCE module like REGISTRAR module. The fallback to db can't help either for point 1 or for point 2. Can you help please?


Thank you in advanced!



Best Regards,
Laura


On Tue, Jun 28, 2011 at 8:43 PM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:
Hello,



On 6/28/11 6:33 PM, laura testi wrote:

Hello all,

I’m using two Kamailio Presence Servers that are also XCAP Servers for the presence and resources management and the Kamailio Dispatcher in order to balance the SIP requestes coming from SIP Client.

Then I’m trying to configure a HTTP  load–balancer for the xcap/http traffic.  

I’m testing both Apache and INginx HTTP proxy but I’m facing with a problem related with the Xcap authentication:

when a client sends the first xcap request to the http load-balancer, it forwards the request to one of the configured Xcap Server that replies with the 401 response in order to let the client authenticates. So, the client sends the second request with the Digest authentication to the http load-balancer. But, sometimes, the http load-balancer forwards the authenticate request to the second Xcap Server that is not able to authenticate the request.  Then the client receive the “Unauthorized” response…

      

Could you please give us some hints about this problem?


you have to set the same value to secret parameter of auth module:
http://kamailio.org/docs/modules/stable/modules/auth.html#auth.secret

Also be sure the two servers have the same time (use ntp or so) and the one_time_nonce parameter to auth module is off (not enabled).

Then it should work.

Cheers,
Daniel
-- 
Daniel-Constantin Mierla -- http://www.asipto.com
http://linkedin.com/in/miconda -- http://twitter.com/miconda