On 09-08 20:16, Andres wrote:
SER blocked the 401 because we had a failure route associated with that route block. The purpose was to send calls to voicemail in case of some failure/timeout. The 401 was treated as a failure so it was never forwarded to UA1. I disabled the "t_on_failure", and now the 401 did reach back to the UA1. The UA1 would then redo the INVITE with the proper credentials for the SPA3000, but now SER would block and send back a 407 since we have a proxy_authorize on INVITES, and the credentials had already been modified. So now it is very clear that this is not possible. What had me stumped was the t_on_failure deal that was blocking the 401 response.
Modified ? It should add them. According to the specification it is possible, if there are 2 digest challenges (distinguished by realm) in a response then the user agent should generate two digest replies if it has credentials for them and put them in the new message.
SER will pick one of the digest headers, SIPURA should pick the other one and the message will get through.
Jan.