[OpenSER-Users] Proxy Authorization - Two Digests

Morten Isaksen misak at misak.dk
Thu Apr 24 08:40:13 CEST 2008


Hi!

I think it will work for X-lite if you replace proxy_authorize with
www_authorize in openser. But X-lite was the only client that works
with this setup. Asterisk as a client did not work.

You get both a Proxy-Authorization and a WWW-Authorization in this setup.

/Morten

On Thu, Apr 24, 2008 at 12:55 AM, Ash Rah <ash at droshta.net> wrote:
> Unfortunately I need to authenticate in both places. Any suggestion will
> be greatly appreciated.
>
>
> Bogdan-Andrei Iancu wrote:
> > Hi Ash,
> >
> > I guess you first need to decide where you want to have the
> > authentication done - either on openser, either on asterisk. But it
> > should be a single place.
> >
> > Regards,
> > Bogdan
> >
> > Ash Rah wrote:
> >> Hello,
> >>
> >> I am trying to make a design like below to work.
> >>
> >> X-Lite ----- OpenSER ----- Asterisk ----->(PSTN Calls)
> >>
> >> X-Lite registers with OpenSer and PSTN calls are routed through
> >> Asterisk from OpenSER. When a call is sent to Asterisk, Asterisk
> >> tries to authenticate the user on X-Lite. I maintain same username
> >> and password for both OpenSER and Asterisk.
> >>
> >> Now when an INVITE from X-Lite hits OpenSER, it goes through the
> >> following script and is asked for Proxy Authorization:
> >>
> >> if (!proxy_authorize("","subscriber")) {
> >>                         proxy_challenge("","0");
> >>                         exit;
> >> }
> >>
> >> When I dial a PSTN number from X-Lite, X-Lite at some point, ends up
> >> sending two Digests (one for OpenSER and one for Atserisk) in same
> >> INVITE but gets stuck with Proxy Authorization failure (from
> >> OpenSER). If I take off the above proxy_authorize section from
> >> OpenSER script, everything works fine.
> >>
> >> Can anyone suggest a solution to this.
> >>
> >> Thanks in advance.
> >>
> >>
> >>
> >> U 2008/04/23 13:28:42.314669 110.110.110.110:26986 ->
> >> 120.120.120.120:5060
> >> INVITE sip:6048484848484 at sip.dummydomain.com SIP/2.0.
> >> Via: SIP/2.0/UDP
> >> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport.
> >>
> >> Max-Forwards: 70.
> >> Contact: <sip:1274229212 at 110.110.110.110:26986>.
> >> To: "6048484848484"<sip:6048484848484 at sip.dummydomain.com>.
> >> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
> >> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
> >> CSeq: 3 INVITE.
> >> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
> >> SUBSCRIBE, INFO.
> >> Content-Type: application/sdp.
> >> Proxy-Authorization: Digest
> >> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorithm=MD5.
> >>
> >> Proxy-Authorization: Digest
> >> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response="361700cce632c00ff70ede5e5126c6ac",algo
> >>
> >> rithm=MD5.
> >> User-Agent: X-Lite release 1011s stamp 41150.
> >> Content-Length: 333.
> >> .
> >> v=0.
> >> o=- 9 2 IN IP4 172.16.40.14.
> >> s=CounterPath X-Lite 3.0.
> >> c=IN IP4 172.16.40.14.
> >> t=0 0.
> >> m=audio 45136 RTP/AVP 0 101.
> >> a=alt:1 3 : gpvy8HMY JXNZYRF+ 172.16.40.14 45136.
> >> a=alt:2 2 : 8S3XPC3M 6q9Z76Pq 192.168.38.1 45136.
> >> a=alt:3 1 : rISpUdBc PRYZ7B/8 192.168.23.1 45136.
> >> a=fmtp:101 0-15.
> >> a=rtpmap:101 telephone-event/8000.
> >> a=sendrecv.
> >>
> >>
> >> U 2008/04/23 13:28:42.314910 120.120.120.120:5060 ->
> >> 110.110.110.110:26986
> >> SIP/2.0 407 Proxy Authentication Required.
> >> Via: SIP/2.0/UDP
> >> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport=26986;received=110.110.110.110.
> >>
> >> To:
> >> "6048484848484"<sip:6048484848484 at sip.dummydomain.com>;tag=058e81974577b8ca6a831d36c0f6fe25.d85d.
> >>
> >> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
> >> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
> >> CSeq: 3 INVITE.
> >> Proxy-Authenticate: Digest realm="sip.dummydomain.com",
> >> nonce="480ee6560e7141c28e990448575d0918ce86a82d".
> >> Server: OpenSER (1.3.1-notls (i386/linux)).
> >> Content-Length: 0.
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.openser.org
> >> http://lists.openser.org/cgi-bin/mailman/listinfo/users
> >>
> >>
> >
> >
> >
>
>
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>



-- 
Morten Isaksen
http://www.misak.dk/blog/




More information about the Users mailing list