[SR-Users] xcap server - http load–balancer: xcap authentication problem

[Daniel-Constantin Mierla]

Hello,


On 6/28/11 6:33 PM, laura testi wrote:
>
> Hello all,
>
> I’m using two Kamailio Presence Servers that are also XCAP Servers for 
> the presence and resources management and the Kamailio Dispatcher in 
> order to balance the SIP requestes coming from SIP Client.
>
> Then I’m trying to configure a HTTP load–balancer for the xcap/http 
> traffic.
>
> I’m testing both Apache and INginx HTTP proxy but I’m facing with a 
> problem related with the Xcap authentication:
>
> when a client sends the first xcap request to the http load-balancer, 
> it forwards the request to one of the configured Xcap Server that 
> replies with the 401 response in order to let the client 
> authenticates. So, the client sends the second request with the Digest 
> authentication to the http load-balancer. But, sometimes, the http 
> load-balancer forwards the authenticate request to the second Xcap 
> Server that is not able to authenticate the request. Then the client 
> receive the “Unauthorized” response…
>
> Could you please give us some hints about this problem?
>

you have to set the same value to secret parameter of auth module:
http://kamailio.org/docs/modules/stable/modules/auth.html#auth.secret

Also be sure the two servers have the same time (use ntp or so) and the 
one_time_nonce parameter to auth module is off (not enabled).

Then it should work.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla -- http://www.asipto.com
http://linkedin.com/in/miconda -- http://twitter.com/miconda

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20110628/a6fda32f/attachment.htm>