I am having trouble making all of the supposed features of Blink work with Kamailio 4.1.4. My kamailio.cfg file is attached. Specifically, what I am having trouble is with presence (the way Blink wants to implement it), and MSRP. Ordinary voice calls work correctly.
With presence, I have managed to make XCAP storing and retrieval work, in the sense that a document that is being stored with PUT can be later retrieved with GET on the same URL. However, I cannot make Blink use this support in order to actually monitor presence. As far as I understand, when user A subscribes to the presence state of user B, and user B is registered, user B is supposed to receive a notification that user A requests authorization for presence subscription. However, this is not working so far when both A and B use Blink. From what I can see through a packet capture, neither adding a new contact on the Blink window or having existing contacts result in any SUBSCRIBE packets for the contact users being sent to the Kamailio instance. If the subscription is meant to be performed some other way, I am not seeing it being done either. Of course, this results in presence changes not being exchanged between contacts.
The only SUBSCRIBE packet I see from Blink is the one for the SIP account used for Blink.
With MSRP, I have copied the example from the msrp.so documentation, but I have replaced the authentication shown with a static password, with an actual query using auth_db.so, the very same query used to authenticate other SIP packets. Through the packet capture, when user A tries starting a MSRP chat with user B, an INVITE is sent from user A to Kamailio, which has a special check to NOT send this invite to Asterisk, but rather route it itself, and it gets "correctly" routed to user B. Then user B attempts to start a MSRP session with Kamailio (not user A) without authentication credentials, Kamailio challenges user B for the credentials, and... that's it. User B makes no attempt to repeat the MSRP session with the required credentials, and the communication eventually times out.
The presence failure might have something to do with the following exchange I see in the packet capture:
GET /xcap-root/pidf-manipulation/users/sip:avillacisIM@pbx.elastix.com/index HTTP/1.1 Accept-Encoding: identity Authorization: Digest username="avillacisIM", realm="pbx.elastix.com", nonce="U6xFz1OsRKNuU11dgljLCgGppv5lK6Eu", uri="/xcap-root/pidf-manipulation/users/sip:avillacisIM@pbx.elastix.com/index", response="3dfdf556c9812f4bebb8b0cc82578ef9", algorithm="MD5" Host: pbx.elastix.com:5060 Connection: close Accept: application/pidf+xml User-Agent: Blink 0.8.2 (Linux)
HTTP/1.1 404 Not found Via: SIP/2.0/TCP 192.168.3.2:55567 Server: kamailio (4.1.4 (x86_64/linux)) Content-Length: 0
That is, the Blink client tries to fetch the pidf-manipulation document, and Kamailio answers with a 404. In other cases Blink has responded with a PUT of a minimal document at the required URI (which gets stored to the database), but in this case (pidf-manipulation) this is not done. I am not sure of what is supposed to happen here. This 404 is the same regardless of whether there are other (Blink or otherwise) SIP clients connected.
I think this has been asked before, but is there a working implementation of MSRP+presence for Kamailio that works with Blink? Or failing that, a complete kamailio.cfg that has been shown to work with at least one MSRP implementation?
there is at least one show stopper to make blink rls to work with any standards compliant implementation. this is tracker item that i opened year ago.
-- juha
i tried to test address book stuff with blink, but got stuck, because uri scheme is missing in resource-lists entry uris that blink puts to xcap server, e.g.:
<rl:resource-lists xmlns:rl="urn:ietf:params:xml:ns:resource-lists" xmlns:addressbook="urn:ag-projects:xml:ns:addressbook" xmlns:blink="urn:ag-projects:blink:xml:ns:addressbook"> <rl:list name="oma_buddylist"/> <rl:list name="oma_grantedcontacts"> <rl:entry uri="test%40test.tutpro.com"/> </rl:list> ...
El 28/06/14 00:31, Juha Heinanen escribió:
there is at least one show stopper to make blink rls to work with any standards compliant implementation. this is tracker item that i opened year ago.
Do you have an URL for this tracker item?
-- juha
i tried to test address book stuff with blink, but got stuck, because uri scheme is missing in resource-lists entry uris that blink puts to xcap server, e.g.:
<rl:resource-lists xmlns:rl="urn:ietf:params:xml:ns:resource-lists" xmlns:addressbook="urn:ag-projects:xml:ns:addressbook" xmlns:blink="urn:ag-projects:blink:xml:ns:addressbook"> <rl:list name="oma_buddylist"/> <rl:list name="oma_grantedcontacts"> <rl:entry uri="test%40test.tutpro.com"/> </rl:list> ...
Alex Villacís Lasso writes:
El 28/06/14 00:31, Juha Heinanen escribió:
there is at least one show stopper to make blink rls to work with any standards compliant implementation. this is tracker item that i opened year ago.
Do you have an URL for this tracker item?
http://wiki.sip2sip.info/issues/2001
-- juha
El 26/06/14 18:39, Alex Villacís Lasso escribió:
I am having trouble making all of the supposed features of Blink work with Kamailio 4.1.4. My kamailio.cfg file is attached. Specifically, what I am having trouble is with presence (the way Blink wants to implement it), and MSRP. Ordinary voice calls work correctly.
With MSRP, I have copied the example from the msrp.so documentation, but I have replaced the authentication shown with a static password, with an actual query using auth_db.so, the very same query used to authenticate other SIP packets. Through the packet capture, when user A tries starting a MSRP chat with user B, an INVITE is sent from user A to Kamailio, which has a special check to NOT send this invite to Asterisk, but rather route it itself, and it gets "correctly" routed to user B. Then user B attempts to start a MSRP session with Kamailio (not user A) without authentication credentials, Kamailio challenges user B for the credentials, and... that's it. User B makes no attempt to repeat the MSRP session with the required credentials, and the communication eventually times out.
I have built and installed the python-sipsimple-clients package. With this, I can see that the receiving party attempts to make a MSRP connection to my Kamailio, and the authentication challenge triggers the following message:
SIP session failed: media stream failed: 'opaque'
It seems that msrplib (used by Blink and the test programs) wants a digest authentication with an "opaque" parameter. Currently the failing dialog goes like this:
MSRP fa4a1c4d39cbf3fd AUTH To-Path: msrp://pbx.elastix.com:5060;tcp From-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp -------fa4a1c4d39cbf3fd$
MSRP fa4a1c4d39cbf3fd 401 Unauthorized To-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp From-Path: msrp://pbx.elastix.com:5060;tcp WWW-Authenticate: Digest realm="pbx.elastix.com", nonce="U7MGKFOzBPxDXr7ggr7imjvcnkodRW5F", qop="auth" -------fa4a1c4d39cbf3fd$
which is, in turn, produced by this code segment in kamailio.cfg:
$var(msrprealm) = $(hdr(To-Path){msrpuri.host}); xlog("L_ALERT","============ msrprealm: [$var(msrprealm)]\n"); if (!www_authenticate("$var(msrprealm)", "subscriber", "$msrp(method)")) { if(auth_get_www_authenticate("$var(msrprealm)", "1", "$var(wauth)")) { msrp_reply("401", "Unauthorized", "$var(wauth)"); } else { msrp_reply("500", "Server Error"); } exit; }
So, how do I make the authentication issue an adequate "opaque" parameter? I do not want to resort to appending a static value opaque="something" if a more elegant solution can be found. From http://en.wikipedia.org/wiki/Digest_access_authentication , I deduce that I need the server to issue an "opaque" parameter like the following:
WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"
El 01/07/14 14:44, Alex Villacís Lasso escribió:
El 26/06/14 18:39, Alex Villacís Lasso escribió:
I am having trouble making all of the supposed features of Blink work with Kamailio 4.1.4. My kamailio.cfg file is attached. Specifically, what I am having trouble is with presence (the way Blink wants to implement it), and MSRP. Ordinary voice calls work correctly.
With MSRP, I have copied the example from the msrp.so documentation, but I have replaced the authentication shown with a static password, with an actual query using auth_db.so, the very same query used to authenticate other SIP packets. Through the packet capture, when user A tries starting a MSRP chat with user B, an INVITE is sent from user A to Kamailio, which has a special check to NOT send this invite to Asterisk, but rather route it itself, and it gets "correctly" routed to user B. Then user B attempts to start a MSRP session with Kamailio (not user A) without authentication credentials, Kamailio challenges user B for the credentials, and... that's it. User B makes no attempt to repeat the MSRP session with the required credentials, and the communication eventually times out.
I have built and installed the python-sipsimple-clients package. With this, I can see that the receiving party attempts to make a MSRP connection to my Kamailio, and the authentication challenge triggers the following message:
SIP session failed: media stream failed: 'opaque'
It seems that msrplib (used by Blink and the test programs) wants a digest authentication with an "opaque" parameter. Currently the failing dialog goes like this:
MSRP fa4a1c4d39cbf3fd AUTH To-Path: msrp://pbx.elastix.com:5060;tcp From-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp -------fa4a1c4d39cbf3fd$
MSRP fa4a1c4d39cbf3fd 401 Unauthorized To-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp From-Path: msrp://pbx.elastix.com:5060;tcp WWW-Authenticate: Digest realm="pbx.elastix.com", nonce="U7MGKFOzBPxDXr7ggr7imjvcnkodRW5F", qop="auth" -------fa4a1c4d39cbf3fd$
which is, in turn, produced by this code segment in kamailio.cfg:
$var(msrprealm) = $(hdr(To-Path){msrpuri.host}); xlog("L_ALERT","============ msrprealm: [$var(msrprealm)]\n"); if (!www_authenticate("$var(msrprealm)", "subscriber", "$msrp(method)")) {if(auth_get_www_authenticate("$var(msrprealm)", "1", "$var(wauth)")) { msrp_reply("401", "Unauthorized", "$var(wauth)"); } else { msrp_reply("500", "Server Error"); } exit; }
So, how do I make the authentication issue an adequate "opaque" parameter? I do not want to resort to appending a static value opaque="something" if a more elegant solution can be found. From http://en.wikipedia.org/wiki/Digest_access_authentication , I deduce that I need the server to issue an "opaque" parameter like the following:
WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Apparently, there is no authentication procedure implemented in Kamailio 4.1.4 that is RFC compliant with MSRP.
According to http://tools.ietf.org/html/rfc4976#section-9.1 , MSRP AUTH request must be authenticated. Simply accepting any AUTH request without actually checking the credentials is not RFC-compliant. However, the authentication specified in rfc4976 differs from ordinary Digest-Authentication - the required URI for the Digest authentication is taken from the To-Path: header in the MSRP request, and is apparently not sent in the Authorization header (at least as implemented by the python-msrplib library). Additionally, none of the Kamailio methods for authentication appear capable of sending an "opaque" parameter that is apparently requested by python-msrplib. It seems that new methods msrp_authenticate() and msrp_challenge() are required.
-
Alex Villacís Lasso -
Juha Heinanen