[OpenSER-Users] Reg. Proxy authentication

Klaus Darilion klaus.mailinglists at pernau.at
Wed Jan 23 11:06:47 CET 2008



Padmaja schrieb:
> Hi all,
> Please see the call flow below:
> 
> GW1                        Proxy                    GW2
> |-----invite----------->|                             |
> |<------407-----------|                             |
> |-----invite w/cred--->|                             |
> |                                  |-----Invite------->|
> |<------------200 Ok---------------------|
> |----------------Ack--------------------->|
> |                                                                |
> |                                  |<----ReInvite -----|
> |
> 
> When the proxy receives the Reinvite below from GW 2, should it again 
> challenge it for proxy authentication or simply forward the call to the GW1? 
> The openser proxy in our lab simply forwards the Invite without asking for 
> authentication this time. However, I need to test the situation, where the 
> proxy asks for authentication for the Reinvite. Is this possible?

This is a difficult question. If GW2 is known to your proxy, the proxy 
can challenge GW2. (if the GW supports authentication at all).

Often the domain in the From URI is used to find out if a SIP client is 
a "local" user or from another domain. Local users will get challenged, 
external users not. But using From header domain works only for initial 
INVITE and can not be used reliable for reINVITEs.

Thus, usually in-dialog requests will not be challenged. Thus, its a 
matter of your policy and depends if you provide an open SIP service 
(like e.g. iptel.org, FWD ...) or if you are in a closed environment 
were every SIP client is known to have credentials to authenticate 
against the proxy.

regards
klaus

> 
> Please let me know.
> 
> Thanks,
> Padmaja 
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list