Copyright © 2003, 2004 FhG FOKUS
diameter_client_host (string)diameter_client_port (int)use_domain (int)diameter_client_host parameterdiameter_client_port parameteruse_domain parameterdiameter_www_authorize usagediameter_proxy_authorize usagediameter_is_user_in usageThis module implements SIP authentication and authorization with DIAMETER server, namely DIameter Server Client (DISC).
The digest authentication mechanism is presented in next figure.
Example 1-1. Digest Authentication
...
a) First phase of Digest Authentication for SIP:
+----+ SIP INVITE +=====+ DIAMETER +------+ +------+
| | no Auth hdr #/////# AA-Request | | | |
| |---------1--->#/////#-------2------->| |---2-->| |
|UAC | #UAS//# |DClnt | |DSrv |
| |<-----4-------#(SER)#<------3--------|(DISC)|<--3---|(DISC)|
| | 401 #/////# DIAMETER | | | |
+----+ Unauthorized +=====+ AA-Answer +------+ +------+
Result-Code=4001
b) Second phase of Digest Authentication for SIP:
+----+ SIP INVITE +=====+ DIAMETER +------+ +----+
| | Auth hdr #/////# AA-Request | | | |
| |--------1---->#/////#-------2------>| |---2-->| |
|UAC | #UAS//# |DClnt | |DSrv|
| |<-------4-----#(SER)#<------3-------| |<--3---| |
| | 200 OK #/////# DIAMETER | | | |
+----+ +=====+ AA-Answer +------+ +----+
Result-Code=2001
...The following modules must be loaded before this module:
sl - used to send stateless replies.
The following libraries or applications must be installed before running OpenSER with this module loaded:
None.
diameter_client_host (string)Hostname of the machine where the DIAMETER Client is running.
Default value is "localhost".
diameter_client_port (int)Port number where the DIAMETER Client is listening.
Default value is "3000".
use_domain (int)Specifies whether the domain name part of URI is used when checking the user's privileges.
Default value is "0 (0==false and 1==true )".
diameter_www_authorize(realm)SIP Server checks for authorization having a DIAMETER server in backend. If no credentials are provided inside the SIP request then a challenge is sent back to UAC. If the credentials don't match the ones computed by DISC then "403 Forbidden" is sent back.
Meaning of the parameters is as follows:
realm - the realm to be use for authentication and authorization. The string may contain pseudo variables.
This function can be used from REQUEST_ROUTE.
diameter_proxy_authorize(realm)SIP Proxy checks for authorization having a DIAMETER server in backend. If no credentials are provided inside the SIP request then a challenge is sent back to UAC. If the credentials don't match the ones computed by DISC then "403 Forbidden" is sent back.
Meaning of the parameters is as follows:
realm - the realm to be use for authentication and authorization. The string may contain pseudo variables.
This function can be used from REQUEST_ROUTE.
diameter_is_user_in(who, group)The method performs group membership checking with DISC.
Meaning of the parameters is as follows:
who - what header to be used to get the SIP URI that is wanted to be checked being member in a certain group. It can be: "Request-URI", "From", "To" or "Credentials".
group - the group name where to check if the user is part of.
This function can be used from REQUEST_ROUTE.
Take a look at http://openser.org/.
First at all check if your question was already answered on one of our mailing lists:
User Mailing List - http://openser.org/cgi-bin/mailman/listinfo/users
Developer Mailing List - http://openser.org/cgi-bin/mailman/listinfo/devel
E-mails regarding any stable OpenSER release should be sent to
<users@openser.org> and e-mails regarding development versions
should be sent to <devel@openser.org>.
If you want to keep the mail private, send it to
<team@openser.org>.
Please follow the guidelines provided at: http://sourceforge.net/tracker/?group_id=139143.