[OpenSIPS-Users] SSO integration = Custom auth module?

Bogdan-Andrei Iancu bogdan at voice-system.ro
Sat Sep 13 11:52:09 CEST 2008


Hi Denis,

More or less you need to write some new extension - probably the easiest 
way will be to follow the ldap model - the module just fetch the 
password into the script and then you can use the auth module to inject 
directly the auth username and passwd.

If you need assistance with this, please let's continue the discussion 
on the devel list.

Regards,
Bogdan

Sukhoroslov Denis wrote:
>
> Hi,
>
> Our company provides mobile internet via WiMAX network. There are many 
> services that can be accessed by our mobile clients via HTTP protocol. 
> Now we’d like to provide VoIP (and probably other IMS services in the 
> future) via SIP protocol. On the server side we’re planning to use 
> OpenSIPS. All our HTTP services are integrated with one common 
> authentication module, so we have SSO between HTTP clients. Is it 
> possible to integrate SIP services with SSO as well?
>
> This is how I can see it:
>
> - We have a custom VoIP client app. During authentication procedure 
> with SIP server the app will append SSO token (if any) to the REGISTER 
> request. SSO token can be obtained from our common mobile SSO token store.
>
> - The auth module on the server side should check SSO token first. If 
> the token exists the auth module should communicate with SSO server 
> and validate token. If token is valid then the user considered as 
> authenticated and server must respond with 200 OK.
>
> - If the token doesn’t exist or is not valid then the regular SIP 
> authentication procedure starts. Auth module must respond with 401 
> Unauthorized.
>
> - Client will provide login/password. Auth module will ask SSO server 
> to perform authentication.
>
> - In case of success SSO server will open a new SSO session and 
> respond with new SSO token. Auth module must append the token to the 
> 200 OK response.
>
> - Client app stores SSO token to its common store.
>
> Is it possible to provide such functionality with OpenSIPS, what do 
> you think? Do I need to develop a custom auth module for this, or can 
> I use some existing functionality? Any pointers or links on how to 
> develop and deploy custom modules would be very helpful.
>
> Thanks, Denis.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>   




More information about the Users mailing list