Hi, I am working on a project where a custom sip client will be integrated into a suite of applications to provide voip. The sip client will be working with Kamailio. The goal is to ensure that the client is authorized for communication with kamailio before allowing any calls to be made. Conventional username/password authentication for individual users will also be used once the client has been authenticated. Currently other applications in the suite use a digital signature in the http headers when communicating with server processes. If the signature is validated by the server process then the applications identity is validated and communication with the server process is allowed. Is it possible to include a public key and digital signature in the register events and have kamailio perform the transformation to validate the client's identity? If so which module provides such functionality? Has something like this been implemented in the past? Thanks for any input. ttyl,Dave
David Thomson writes:
Is it possible to include a public key and digital signature in the register events and have kamailio perform the transformation to validate the client's identity? If so which module provides such functionality? Has something like this been implemented in the past?
if you put signature info in some custom header of sip request, kamailio has many ways to pass that info to external server that performs validation unless a straight db query directly from kamailio is not enough.
-- juha
On 09/20/2012 01:12 AM, David Thomson wrote:
Hi,
I am working on a project where a custom sip client will be integrated into a suite of applications to provide voip. The sip client will be working with Kamailio. The goal is to ensure that the client is authorized for communication with kamailio before allowing any calls to be made. Conventional username/password authentication for individual users will also be used once the client has been authenticated.
Hello,
Why not rely on TLS with client-side authentication. Just deploy the client with a CA signed with a certificate known by Kamailio, and then use the tls module with the following configuration to perform the client-certificate check:
1.9.8. |require_certificate| (boolean)
When enabled it will require a certificate from a client. If the client does not offer a certificate and |verify_certificate| is on, the certificate verification will fail.
The default value is off.
More information http://kamailio.org/docs/modules/devel/modules/tls.html
Cheers, Marius
Currently other applications in the suite use a digital signature in the http headers when communicating with server processes. If the signature is validated by the server process then the applications identity is validated and communication with the server process is allowed.
Is it possible to include a public key and digital signature in the register events and have kamailio perform the transformation to validate the client's identity? If so which module provides such functionality? Has something like this been implemented in the past? Thanks for any input.
ttyl, Dave
-
David Thomson -
Juha Heinanen -
Marius Zbihlei