Hi,
I'm using UAC module in order to centralized authentication when I need to use an external proxy server to call PSTN numbers. To use it, I use a unique tuple login/pwd/domain
The environment is: My openser handles the domain: "myopenserdomain.com" For each INVITE or REGISTER of SIP client of this domain, I force the authentication The external proxy handles the domain "externaldomain.com"
Now I have two questions: 1) before to send an INVITE to the external proxy, must I change the contact header with the correct information of the tuple login/pwd/domain ? Or I must wait the 401 or 407 message before ? In fact I tests several external proxy. Some are waiting a contact header with the information of the tuple and some don't. What is the correct way to do this ?
2) Some of this external proxy accept only my INVITE (with or without contact header modified) if I registered first on it ! I receive 403 message in this situation. But I don't know how to REGISTER first since I don't find any openser module to that . How can I handle this situation ?
Thanks, Regards, Christophe
Hi Christophe,
the contact header has nothing to do with the authentication process. Contact describe the IP location of the device, while credentials describe the auth access.
so, the contact should not be changed at all - of course this does not rule out the possibility for some servers to implement some very strange auth checks ;).
regarding the point 2) - there is no standard policy if a user is allowed to place calls when not registered. Logically I would say is should be no dependency between (as time you are able to authenticate both INVITEs and REGISTERs) - the registration process is related to incoming calls and it should not restrict the ability to place outbound calls.....but again, it is a matter of policy....
better ask the provider about this.
regards, bogdan
Christophe Irles wrote:
Hi,
I'm using UAC module in order to centralized authentication when I need to use an external proxy server to call PSTN numbers. To use it, I use a unique tuple login/pwd/domain The environment is: My openser handles the domain: "myopenserdomain.com" For each INVITE or REGISTER of SIP client of this domain, I force the authentication The external proxy handles the domain "externaldomain.com" Now I have two questions: 1) before to send an INVITE to the external proxy, must I change the contact header with the correct information of the tuple login/pwd/domain ? Or I must wait the 401 or 407 message before ? In fact I tests several external proxy. Some are waiting a contact header with the information of the tuple and some don't. What is the correct way to do this ? 2) Some of this external proxy accept only my INVITE (with or without contact header modified) if I registered first on it ! I receive 403 message in this situation. But I don't know how to REGISTER first since I don't find any openser module to that … How can I handle this situation ?Thanks, Regards, Christophe
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Bogdan-Andrei Iancu -
Christophe Irles