[SR-Users] Making RLS presence work with Blink and Kamailio 4.1.4

Alex Villací­s Lasso a_villacis at palosanto.com
Tue Jul 1 21:44:09 CEST 2014 

El 26/06/14 18:39, Alex Villací­s Lasso escribió:
> I am having trouble making all of the supposed features of Blink work with Kamailio 4.1.4. My kamailio.cfg file is attached. Specifically, what I am having trouble is with presence (the way Blink wants to implement it), and MSRP. Ordinary voice calls 
> work correctly.
>

> With MSRP, I have copied the example from the msrp.so documentation, but I have replaced the authentication shown with a static password, with an actual query using auth_db.so, the very same query used to authenticate other SIP packets. Through the 
> packet capture, when user A tries starting a MSRP chat with user B, an INVITE is sent from user A to Kamailio, which has a special check to NOT send this invite to Asterisk, but rather route it itself, and it gets "correctly" routed to user B. Then user 
> B attempts to start a MSRP session with Kamailio (not user A) without authentication credentials, Kamailio challenges user B for the credentials, and... that's it. User B makes no attempt to repeat the MSRP session with the required credentials, and the 
> communication eventually times out.
I have built and installed the python-sipsimple-clients package. With this, I can see that the receiving party attempts to make a MSRP connection to my Kamailio, and the authentication challenge triggers the following message:

SIP session failed: media stream failed: 'opaque'

It seems that msrplib (used by Blink and the test programs) wants a digest authentication with an "opaque" parameter. Currently the failing dialog goes like this:

MSRP fa4a1c4d39cbf3fd AUTH
To-Path: msrp://pbx.elastix.com:5060;tcp
From-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp
-------fa4a1c4d39cbf3fd$

MSRP fa4a1c4d39cbf3fd 401 Unauthorized
To-Path: msrp://192.168.3.2:39981/8b2dedc998fc1f1ed6f3;tcp
From-Path: msrp://pbx.elastix.com:5060;tcp
WWW-Authenticate: Digest realm="pbx.elastix.com", nonce="U7MGKFOzBPxDXr7ggr7imjvcnkodRW5F", qop="auth"
-------fa4a1c4d39cbf3fd$

which is, in turn, produced by this code segment in kamailio.cfg:

                 $var(msrprealm) = $(hdr(To-Path){msrpuri.host});
                 xlog("L_ALERT","============ msrprealm: [$var(msrprealm)]\n");
                 if (!www_authenticate("$var(msrprealm)", "subscriber", "$msrp(method)")) {
if(auth_get_www_authenticate("$var(msrprealm)", "1", "$var(wauth)")) {
                                 msrp_reply("401", "Unauthorized", "$var(wauth)");
                         } else {
                                 msrp_reply("500", "Server Error");
                         }
                         exit;
                 }

So, how do I make the authentication issue an adequate "opaque" parameter? I do not want to resort to appending a static value opaque="something" if a more elegant solution can be found. From http://en.wikipedia.org/wiki/Digest_access_authentication , I 
deduce that I need the server to issue an "opaque" parameter like the following:

WWW-Authenticate: Digest realm="testrealm at host.com",
                         qop="auth,auth-int",
                         nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
                         opaque="5ccc069c403ebaf9f0171e9517f40e41"

More information about the sr-users mailing list