[OpenSER-Users] Proxy Authorization - Two Digests
Iñaki Baz Castillo
ibc at aliax.net
Fri Apr 25 01:44:33 CEST 2008
El Viernes, 25 de Abril de 2008, Ash Rah escribió:
> Hi,
>
> On initial INVITEs, both OpenSER and Asterisk send separate nonce and
> X-Lite then sends back two different digests in a single following INVITE :
>
> Proxy-Authorization: Digest
> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848
>484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit
>hm=MD5.
>
>
> Proxy-Authorization: Digest
> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f
>977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response
>="361700cce632c00ff70ede5e5126c6ac",algo
>
> The first one is for asterisk, (realm="asterisk") and the second one is
> for OpenSER. But unfortunately OpenSER probably examines the first
> digest which causes failed Proxy Authorization.
>
> Is it possible to instruct OpenSER to inspect both of the digests before
> it makes a decision?
Yes, but you must specify it, try this:
if (!proxy_authorize("sip.dummydomain.com","subscriber")) {
proxy_challenge("","0");
exit;
}
Do you understand? if "proxy_authorize" has an empty first parameter then
OpenSer tries to authenticate against a realm paramenter that the client
sends in the first "Proxy-Authorization" header.
Anyway I've never tryed it so I'm not sure but hope theorically it should work
XD
Regards.
--
Iñaki Baz Castillo
More information about the sr-users
mailing list