[OpenSER-Users] Proxy Authorization - Two Digests

Iñaki Baz Castillo ibc at aliax.net
Fri Apr 25 01:44:33 CEST 2008


El Viernes, 25 de Abril de 2008, Ash Rah escribió:
> Hi,
>
> On initial INVITEs, both OpenSER and Asterisk send separate nonce and
> X-Lite then sends back two different digests in a single following INVITE :
>
> Proxy-Authorization: Digest
> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848
>484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit
>hm=MD5.
>
>
> Proxy-Authorization: Digest
> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f
>977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response
>="361700cce632c00ff70ede5e5126c6ac",algo
>
> The first one is for asterisk, (realm="asterisk") and the second one is
> for OpenSER. But unfortunately OpenSER probably examines the first
> digest which causes failed Proxy Authorization.
>
> Is it possible to instruct OpenSER to inspect both of the digests before
> it makes a decision?

Yes, but you must specify it, try this:

if (!proxy_authorize("sip.dummydomain.com","subscriber")) {
                        proxy_challenge("","0");
                        exit;
}


Do you understand? if "proxy_authorize" has an empty first parameter then 
OpenSer tries to authenticate against a realm paramenter that the client 
sends in the first "Proxy-Authorization" header.

Anyway I've never tryed it so I'm not sure but hope theorically it should work 
XD


Regards.


-- 
Iñaki Baz Castillo




More information about the sr-users mailing list