23 Apr
2019
23 Apr
'19
4:02 p.m.
Hello,
I was wondering if there are any best practices for authenticating
websocket connection establishment inside the xhttp event route?
Thanks and regards,
Grant
12 Jun
12 Jun
7:56 a.m.
Hello,
Websocket is a transport layer, you don't authenticate the client when
establishing a websocket connection (just like you don't do authentication
when establishing a UDP or TCP connection). You establish a websocket
connection first, then do authentication when client sends a REGISTER or
INVITE message.
If you didn't setup UDP SIP messaging, I recommend doing that first to get
a feeling for how to configure kamailio. You can add websocket later.
Hope this helps.
Grant Bagdasarian <grantbagdasarian(a)gmail.com>om>, 23 Nis 2019 Sal, 23:04
tarihinde şunu yazdı:
Hello,
I was wondering if there are any best practices for authenticating
websocket connection establishment inside the xhttp event route?
Thanks and regards,
Grant
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
--
Saygılarımla / Regards,
*Fatih Orhan*
Yazılım Mühendisi
*Software Engineer*
*Verimor Telekomünikasyon A.Ş.*
*www.verimor.com.tr <http://www.verimor.com.tr/>**0850 532 0000*
9:09 a.m.
Websockets are primarily web connections which are upgraded from HTTP (at transport
layer). So you CAN authenticate them like regular HTTP connections before upgrade OR do
authentication after upgrade using websocket sub-protocol specific implementation, e.g.
SIP REGISTER or MSRP AUTH, etc. (Notice SIP and MSRP are sub-protocols here, you can write
your own session level sub-protocol as well).
See the sample implementation provided in websocket module at,
https://kamailio.org/docs/modules/5.2.x/modules/websocket.html#idm1019420836
Hope this helps.
Thank you.
On Jun 12, 2019 at 1:56 PM, <Fatih ORHAN (mailto:fatih.orhan@verimor.com.tr)>
wrote:
Hello,
Websocket is a transport layer, you don't authenticate the client when establishing a
websocket connection (just like you don't do authentication when establishing a UDP or
TCP connection). You establish a websocket connection first, then do authentication when
client sends a REGISTER or INVITE message.
If you didn't setup UDP SIP messaging, I recommend doing that first to get a feeling
for how to configure kamailio. You can add websocket later.
Hope this helps.
Grant Bagdasarian <grantbagdasarian(a)gmail.com
(mailto:grantbagdasarian@gmail.com)>, 23 Nis 2019 Sal, 23:04 tarihinde şunu yazdı:
Hello,
I was wondering if there are any best practices for authenticating websocket connection
establishment inside the xhttp event route?
Thanks and regards,
Grant
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org (mailto:sr-users@lists.kamailio.org)
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
--
Saygılarımla / Regards,
Fatih Orhan
Yazılım Mühendisi
Software Engineer
Verimor Telekomünikasyon A.Ş.
www.verimor.com.tr (http://www.verimor.com.tr/)
0850 532 0000
_______________________________________________ Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
6:48 p.m.
Hi Fatih/Shaheryarkh,
Shaheryarkh comment is exactly what I was going for, so performing some
kind of authentication before the Upgrade of the HTTP connection.
I’ve been playing around with the auth_ephemeral module inside the xhttp
event_route, which seems to be working just fine. Currently, my script
requires a somewhat two step authentication process, first by
authenticating the HTTP request using auth_ephemeral, followed by a SIP
REGISTER using regular Digest Auth.
A few extra questions from my side:
1) In the case of no HTTP authentication, and no IP whitelisting, anyone on
the public internet would be able to open up a WebSocket connection to a
publicly available Kamailio proxy configured with WebSocket support,
correct?
2) If somehow the Kamailio proxy is equipped with an authentication
mechanism of the HTTP request, and a client fails to authenticate, how does
Kamailio handle the closure of the HTTP connection? Like hold resources
like ports, file descriptors, etc, until they’re ready to be cleaned up
after some timeout.
Tbh, I haven’t done a deep dive into HTTP handling by Kamailio yet, and
perhaps these settings can be tuned using the various TCP settings exposed
by Kamailio.
Thanks and regards,
Grant
2024
days inactive
2074
days old
3 comments
3 participants
participants (3)
-
Fatih ORHAN -
Grant Bagdasarian -
Shaheryarkh