[OpenSER-Users] Proxy Authorization - Two Digests

Ash Rah ash at droshta.net
Thu Apr 24 11:47:26 CEST 2008 

Hi Morten,

Changing proxy to www indeed works.

I have a separate www auth in the REGISTER section.

I have Asterisk added to trusted table and thus it is not asked for 
proxy/www auth. So, I guess I can use this as a solution.

Thanks.

Morten Isaksen wrote:
> Hi!
>
> I think it will work for X-lite if you replace proxy_authorize with
> www_authorize in openser. But X-lite was the only client that works
> with this setup. Asterisk as a client did not work.
>
> You get both a Proxy-Authorization and a WWW-Authorization in this setup.
>
> /Morten
>
> On Thu, Apr 24, 2008 at 12:55 AM, Ash Rah <ash at droshta.net> wrote:
>   
>> Unfortunately I need to authenticate in both places. Any suggestion will
>> be greatly appreciated.
>>
>>
>> Bogdan-Andrei Iancu wrote:
>>     
>>> Hi Ash,
>>>
>>> I guess you first need to decide where you want to have the
>>> authentication done - either on openser, either on asterisk. But it
>>> should be a single place.
>>>
>>> Regards,
>>> Bogdan
>>>
>>> Ash Rah wrote:
>>>       
>>>> Hello,
>>>>
>>>> I am trying to make a design like below to work.
>>>>
>>>> X-Lite ----- OpenSER ----- Asterisk ----->(PSTN Calls)
>>>>
>>>> X-Lite registers with OpenSer and PSTN calls are routed through
>>>> Asterisk from OpenSER. When a call is sent to Asterisk, Asterisk
>>>> tries to authenticate the user on X-Lite. I maintain same username
>>>> and password for both OpenSER and Asterisk.
>>>>
>>>> Now when an INVITE from X-Lite hits OpenSER, it goes through the
>>>> following script and is asked for Proxy Authorization:
>>>>
>>>> if (!proxy_authorize("","subscriber")) {
>>>>                         proxy_challenge("","0");
>>>>                         exit;
>>>> }
>>>>
>>>> When I dial a PSTN number from X-Lite, X-Lite at some point, ends up
>>>> sending two Digests (one for OpenSER and one for Atserisk) in same
>>>> INVITE but gets stuck with Proxy Authorization failure (from
>>>> OpenSER). If I take off the above proxy_authorize section from
>>>> OpenSER script, everything works fine.
>>>>
>>>> Can anyone suggest a solution to this.
>>>>
>>>> Thanks in advance.
>>>>
>>>>
>>>>
>>>> U 2008/04/23 13:28:42.314669 110.110.110.110:26986 ->
>>>> 120.120.120.120:5060
>>>> INVITE sip:6048484848484 at sip.dummydomain.com SIP/2.0.
>>>> Via: SIP/2.0/UDP
>>>> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport.
>>>>
>>>> Max-Forwards: 70.
>>>> Contact: <sip:1274229212 at 110.110.110.110:26986>.
>>>> To: "6048484848484"<sip:6048484848484 at sip.dummydomain.com>.
>>>> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
>>>> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
>>>> CSeq: 3 INVITE.
>>>> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, NOTIFY, MESSAGE,
>>>> SUBSCRIBE, INFO.
>>>> Content-Type: application/sdp.
>>>> Proxy-Authorization: Digest
>>>> username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848484 at sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorithm=MD5.
>>>>
>>>> Proxy-Authorization: Digest
>>>> username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f977cae40a747d26f7e9c5f",uri="sip:6048484848484 at sip.dummydomain.com",response="361700cce632c00ff70ede5e5126c6ac",algo
>>>>
>>>> rithm=MD5.
>>>> User-Agent: X-Lite release 1011s stamp 41150.
>>>> Content-Length: 333.
>>>> .
>>>> v=0.
>>>> o=- 9 2 IN IP4 172.16.40.14.
>>>> s=CounterPath X-Lite 3.0.
>>>> c=IN IP4 172.16.40.14.
>>>> t=0 0.
>>>> m=audio 45136 RTP/AVP 0 101.
>>>> a=alt:1 3 : gpvy8HMY JXNZYRF+ 172.16.40.14 45136.
>>>> a=alt:2 2 : 8S3XPC3M 6q9Z76Pq 192.168.38.1 45136.
>>>> a=alt:3 1 : rISpUdBc PRYZ7B/8 192.168.23.1 45136.
>>>> a=fmtp:101 0-15.
>>>> a=rtpmap:101 telephone-event/8000.
>>>> a=sendrecv.
>>>>
>>>>
>>>> U 2008/04/23 13:28:42.314910 120.120.120.120:5060 ->
>>>> 110.110.110.110:26986
>>>> SIP/2.0 407 Proxy Authentication Required.
>>>> Via: SIP/2.0/UDP
>>>> 172.16.40.14:26986;branch=z9hG4bK-d87543-886860777744b40e-1--d87543-;rport=26986;received=110.110.110.110.
>>>>
>>>> To:
>>>> "6048484848484"<sip:6048484848484 at sip.dummydomain.com>;tag=058e81974577b8ca6a831d36c0f6fe25.d85d.
>>>>
>>>> From: "1274229212"<sip:1274229212 at sip.dummydomain.com>;tag=7d74b26b.
>>>> Call-ID: ZjIyNDQzOWIxZTM2MWJjMTgzNmE1YWE3ZDY1M2RjZWE..
>>>> CSeq: 3 INVITE.
>>>> Proxy-Authenticate: Digest realm="sip.dummydomain.com",
>>>> nonce="480ee6560e7141c28e990448575d0918ce86a82d".
>>>> Server: OpenSER (1.3.1-notls (i386/linux)).
>>>> Content-Length: 0.
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.openser.org
>>>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>>>
>>>>
>>>>         
>>>
>>>       
>> _______________________________________________
>> Users mailing list
>> Users at lists.openser.org
>> http://lists.openser.org/cgi-bin/mailman/listinfo/users
>>
>>     
>
>
>
>

More information about the Users mailing list