25 Apr
2008
25 Apr
'08
2:44 a.m.
El Viernes, 25 de Abril de 2008, Ash Rah escribió:
Hi,
On initial INVITEs, both OpenSER and Asterisk send separate nonce and
X-Lite then sends back two different digests in a single following INVITE :
Proxy-Authorization: Digest
username="1274229212",realm="asterisk",nonce="01d3972c",uri="sip:6048484848
484@sip.dummydomain.com",response="ff9058f8ea89c55d0b110d4eccf27e9c",algorit
hm=MD5.
Proxy-Authorization: Digest
username="1274229212",realm="sip.dummydomain.com",nonce="480ee655da312e1c8f
977cae40a747d26f7e9c5f",uri="sip:6048484848484@sip.dummydomain.com",response
="361700cce632c00ff70ede5e5126c6ac",algo
The first one is for asterisk, (realm="asterisk") and the second one is
for OpenSER. But unfortunately OpenSER probably examines the first
digest which causes failed Proxy Authorization.
Is it possible to instruct OpenSER to inspect both of the digests before
it makes a decision?
Yes, but you must specify it, try this:
if (!proxy_authorize("sip.dummydomain.com","subscriber")) {
proxy_challenge("","0");
exit;
}
Do you understand? if "proxy_authorize" has an empty first parameter then
OpenSer tries to authenticate against a realm paramenter that the client
sends in the first "Proxy-Authorization" header.
Anyway I've never tryed it so I'm not sure but hope theorically it should work
XD
Regards.
--
Iñaki Baz Castillo