Hi,
If topos is activated and kamailio responds with a 407 "proxy
authentication required" to an initial INVITE, INVITE received after with
credentials (MD5 response in Proxy-Authorization header) is badly managed.
Credentials are never validated and Kamailio responds 407 again. If topoh
is used instead topos all works fine and credentials are validated.
call flow is:
Phone sends INVITE to kamailio SBC
kamailio respond 407 "proxy authentication required" because SBC wants to
authenticate caller
Phone resends INVITE with Proxy-Authorization header with all valid
information
kamailio responds 407 again instead forwarding INVITE.
My code:
if (!pv_auth_check("$fd", "$sht(auth_cache=>$var(key))",
"0", "1")) {
auth_challenge("$fd", “1”);
exit;
}
# user authenticated - remove auth header
consume_credentials();
So if topos is used, pv_auth_check always returns false even if the phone
sets valid information.
If topoh is activated, pv_auth_check always returns true (same phone and
same kamailio SBC versioning)
I made my tests with kamailio 5.4.3 on centos 7.
Regards,
Frédéric Gaisnon
Show replies by date