I have to admit that even looking at the debug logs I cannot understand what's going on in your case. As said I'm running an authentication scenario very similar to yours, being the challenge the only difference. What I can suggest to further digging is to reduce your configuration as much as possible (e.g. I see that you are using topoh) and see if we can understand better what is causing the issue.
Cheers,
Federico
On Thu, Feb 3, 2022 at 7:58 AM Olle E. Johansson oej@edvina.net wrote:
On 2 Feb 2022, at 23:58, Cyril Ramière cyril.ramiere@gmail.com wrote:
Hi Karsten,
Thanks for the clue, unfortunately I can't use this module because the clients are "dumb" sip phones.
The goal of my implementation is to use our application API to handle the login.
The plan was that a sip phone sends a REGISTER, I ask the API endpoint if this user/password is ok to connect and allow/deny based on the reply and informations provided by the API.
Everything is relying on the fact that I can make my HTTP call when handling the REGISTER, sadly for me, it doesn't work and I still can't figure why.
Try http_client. I’ve used it a lot of time for authentication. It will block your thread while waiting for response, but you can handle some of those issues by caching secrets for a short time with htable.
/O
Cheers,
Cyril
Le mer. 2 févr. 2022 à 19:49, Karsten Horsmann khorsmann@gmail.com a écrit :
Hi Cyril,
This Kamailio module could imho do the same
https://www.kamailio.org/docs/modules/devel/modules/auth_ephemeral.html
Cyril Ramière cyril.ramiere@gmail.com schrieb am Do., 27. Jan. 2022, 08:04:
Hi there,
I have a weird issue with kamailio (latest docker image kamailio-ci:5.5.2-alpine) and http_async_client.
Before posting a lot of logs, let me describe what I want to achieve.
I have a Kamailio and a SIP Phone.
The SIP phone sends a REGISTER to kamailio, then in my routing block, I check if I have an Authorization header.
Since I don't have an Authorization (first message), I use "www_challenge()". This replies to the SIP phone, and then the SIP phone sends a new REGISTER with the correct Authorization header.
So far so good.
Now, when I get the REGISTER with Authorization header, I want to ask an HTTP endpoint if this user is allowed to connect and check the password using http_async_query().
The problem is that when the transaction resumes, the tmx module is unhappy and throws this error :
30(36) CRITICAL: tmx [t_var.c:546]: pv_get_tm_reply_code(): no picked branch (-1) for a final response in MODE_ONFAILURE
And a 500 error is sent back to the sip phone. The AUTH_REPLY route is still called and I can use the $http* values.
Do you see something that I am doing wrong or missing in my logic? Is pausing/resuming to use the async http client is allowed if I'm handling a REGISTER transaction?
Here's a simplified version of my routing block (not far from reality):
##### SNIP
request_route{
route(AUTH);
route[AUTH]{
if (is_method("REGISTER"){ if(no_auth_header){ www_challenge("$td","1"); exit; } else{ t_newtran(); http_async_query("http://xxx.xxx.xxx.xxx:9000/auth?foo=bar", "AUTH_REPLY"); } }}
route[AUTH_REPLY]{
xlog("L_INFO", "route[HTTP_REPLY]: status $http_rs\n");}
}
##### END SNIP
Best regards! __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions
- sr-users@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: