[OpenSIPS-Devel] [OpenSIPS-Users] SSO integration = Custom auth module?

Sukhoroslov Denis DSukhoroslov at scartel.ru
Mon Sep 15 09:43:30 CEST 2008 

Bogdan, thank you very much for the response.
Ok, I'll try to follow the ldap model for authentication. It is possible
to fetch password from SSO DB, but I don't store passwords in plain text
form. If this is necessary, I can store in SSO DB the full HA1 auth
string with username and domain. It should be enough to perform DB auth,
right?
But the first thing I have to perform is SSO token validation, when it
is provided in REGISTER request. If SSO server decides that the token is
valid I'll need to notify OpenSIPS that the user is authenticated and do
not perform digest authentication further. Could you suggest how to do
this? BTW, I'm going to pass SSO token between SIP server and client in
Call-Info header, is it ok? 

Thanks, Denis.


-----Original Message-----
From: Bogdan-Andrei Iancu [mailto:bogdan at voice-system.ro] 
Sent: Saturday, September 13, 2008 1:52 PM
To: Sukhoroslov Denis
Cc: users at lists.opensips.org; devel at lists.opensips.org
Subject: Re: [OpenSIPS-Users] SSO integration = Custom auth module?

Hi Denis,

More or less you need to write some new extension - probably the easiest

way will be to follow the ldap model - the module just fetch the 
password into the script and then you can use the auth module to inject 
directly the auth username and passwd.

If you need assistance with this, please let's continue the discussion 
on the devel list.

Regards,
Bogdan

Sukhoroslov Denis wrote:
>
> Hi,
>
> Our company provides mobile internet via WiMAX network. There are many

> services that can be accessed by our mobile clients via HTTP protocol.

> Now we'd like to provide VoIP (and probably other IMS services in the 
> future) via SIP protocol. On the server side we're planning to use 
> OpenSIPS. All our HTTP services are integrated with one common 
> authentication module, so we have SSO between HTTP clients. Is it 
> possible to integrate SIP services with SSO as well?
>
> This is how I can see it:
>
> - We have a custom VoIP client app. During authentication procedure 
> with SIP server the app will append SSO token (if any) to the REGISTER

> request. SSO token can be obtained from our common mobile SSO token
store.
>
> - The auth module on the server side should check SSO token first. If 
> the token exists the auth module should communicate with SSO server 
> and validate token. If token is valid then the user considered as 
> authenticated and server must respond with 200 OK.
>
> - If the token doesn't exist or is not valid then the regular SIP 
> authentication procedure starts. Auth module must respond with 401 
> Unauthorized.
>
> - Client will provide login/password. Auth module will ask SSO server 
> to perform authentication.
>
> - In case of success SSO server will open a new SSO session and 
> respond with new SSO token. Auth module must append the token to the 
> 200 OK response.
>
> - Client app stores SSO token to its common store.
>
> Is it possible to provide such functionality with OpenSIPS, what do 
> you think? Do I need to develop a custom auth module for this, or can 
> I use some existing functionality? Any pointers or links on how to 
> develop and deploy custom modules would be very helpful.
>
> Thanks, Denis.
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

More information about the Devel mailing list