I am using proxy_authorize & proxy_challenge on the invite.
if (!(method=="REGISTER"))
{
if (!allow_trusted())
{
if (!proxy_authorize("", "subscriber")) {
$var(debug) = proxy_authorize("", "subscriber");
xlog("Not Proxy Authorize: $var(debug)");
proxy_challenge("", "0");
exit;
}
if (!check_from()) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
consume_credentials();
# caller authenticated
}
}
Below is the output I see in the log file when this path is executed.
Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -4
Jun 30 10:10:47 rolecall /sbin/openser[15629]: Not Proxy Authorize: -5
Jun 30 10:10:47 rolecall /sbin/openser[15625]: Not Proxy Authorize: -5
Jun 30 10:10:47 rolecall /sbin/openser[15627]: Not Proxy Authorize: -5
As you can see on the initial invite the credentials are not found
which is to be expected. But on the subsequent invites OpenSER is
returning the generic error which doesn't tell me a whole lot. Can
you tell me how to obtain more verbose debugging.
Is it possible that OpenSER is using the From tag and not the
credentials supplied in the Proxy-Authorization header?
Thank You
Stagg Shelton
On Jun 30, 2008, at 4:21 AM, Bogdan-Andrei Iancu wrote:
Hi Stagg,
For INVITEs, use proxy_challenge() + proxy_authorize() functions and
not the www_xxxxxxx() functions.
Regards,
Bogdan
Stagg Shelton wrote:
I've been trying to work through openser
successfully
authenticating a user on an INVITE. I've tried using
www_challenge and proxy_challenge. Each time, OpenSER will
respond to the INVITE with the appropriate Authentication header
depending on what I'm using, and asterisk will resend the INVITE
with the Digest credentials. I've determined that OpenSER returns
a -5 when processing either www_authorize or proxy_authorize and
the INVITE has the Digest credentials.
The authentication seems to work just fine when asterisk Registers
to openser. Are there any known issues with asterisk
authenticating during an INVITE? I would prefer to do it this way
in case the PBX loses its primary network connectivity and is
failing to a secondary route, or some other reason that would
cause the IP address to change.
I am currently using OpenSER 1.3.1
Thank You
Stagg Shelton
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users