[OpenSIPS-Users] OpenXCAP user authentication format
duane.larson at gmail.com
duane.larson at gmail.com
Sun Nov 28 06:47:03 CET 2010
I am trying to get Bria and Snom to use the same XCAP documents. I am
having issues getting to play well with together with OpenXCAP.
Currently the only way to get Bria xcap config to authenticate with
OpenXCAP you have to manually set the username to be the OpenSIPS
subscriber. If you tell Bria to "Use SIP credentials" OpenXCAP thinks the
username is actually "sip" because it is taking the "sip" from the
uri "sip:XXXXXXX at xyz.com". Yet for some reason when a Snom phone sends its
username info OpenXCAP takes the whole sip uri as the username
successfully, but the authentication still fails because no user exists
that has the full uri "sip:xxxx at xyz.com"
I am wondering what can be done when it comes to OpenXCAP user
authentication. Below you will see 3 displays.
The first is a Bria client that can authenticate when the username is
manually entered (works fine).
The second is a Snom client that tries to authenticate with the sip uri (no
good)
The third is a Bria client that tries to authenticate when the "Use SIP
credentials" is set (no good)
Good Bria Auth
--------------------------------------------------------------------------------------------
####
T 2010/11/27 23:13:49.740070 75.XX.XX.XX:51638 -> 173.XX.XX.XX:80 [AP]
GET
/xcap-root at irock.com/resource-lists/users/9012XX2XX/contacts-resource-list.xml
HTTP/1.1.
Host: xcap.ae.com.
Accept: */*.
.
##
T 2010/11/27 23:13:49.742264 173.XX.XX.XX:80 -> 75.XX.XX.XX:51638 [AP]
HTTP/1.1 401 Unauthorized.
Date: Sun, 28 Nov 2010 05:13:49 GMT.
Content-Length: 141.
Content-Type: text/html.
WWW-Authenticate: digest
nonce="200168871397238953776527501139563679082698914645735932561",
opaque="4da449c730ab8be594dffa4095ea7f30-MjAwMTY4ODcxMzk3MjM4OTUzNzc2NTI3NTAxMTM5NTYzNjc5MDgyNjk4OTE0NjQ1NzM1OTMyNTYxLDc1LjY1LjguMTU4LDEyOTA5MjEyMjk=",
realm="irock.com", algorithm=MD5, qop="auth".
Server: OpenXCAP/2.0.0.
.
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You
are
not authorized to access this resource.</p></body></html>
#
T 2010/11/27 23:13:49.808204 75.XX.XX.XX:51638 -> 173.XX.XX.XX:80 [AP]
GET
/xcap-root at irock.com/resource-lists/users/9012XX2XX/contacts-resource-list.xml
HTTP/1.1.
Authorization: Digest username="9012XX2XX", realm="irock.com",
nonce="200168871397238953776527501139563679082698914645735932561",
uri="/xcap-root at irock.com/resource-lists/users/9012XX2XX/contacts-resource-list.xml",
cnonce="Mjg0NjI2", nc=00000001, qop="auth",
response="e8236a7d007ddab5f22d862dad939f02",
opaque="4da449c730ab8be594dffa4095ea7f30-MjAwMTY4ODcxMzk3MjM4OTUzNzc2NTI3NTAxMTM5NTYzNjc5MDgyNjk4OTE0NjQ1NzM1OTMyNTYxLDc1LjY1LjguMTU4LDEyOTA5MjEyMjk=",
algorithm="MD5".
Host: xcap.ae.com.
Accept: */*.
.
#
T 2010/11/27 23:13:49.811928 173.XX.XX.XX:80 -> 75.XX.XX.XX:51638 [A]
HTTP/1.1 200 OK.
Content-Length: 1277.
Accept-Ranges: bytes.
Server: OpenXCAP/2.0.0.
ETag: "0a777fc8e2fa5738dac84cd37a09728e".
Date: Sun, 28 Nov 2010 05:13:49 GMT.
Content-Type: application/resource-lists+xml.
--------------------------------------------------------------------------------------------
Bad Snom Request
--------------------------------------------------------------------------------------------
GET
/xcap-root%40irock.com/resource-lists/users/sip%3a9012XX2XX%40irock.com/contacts-resource-list.xml
HTTP/1.1.
Host: xcap.ae.com.
Content-Length: 0.
Authorization: Digest
username="sip:9012XX2XX at irock.com",realm="irock.com",nonce="706537289489428161442329100350740932242275198240602726865",uri="/xcap-root%40irock.com/resource-lists/users/sip%3a9012XX2XX%40irock.com/contacts-resource-list.xml",qop=auth,nc=00000001,cnonce="72a71f02",response="f60f4577371ec3cf8e3fdfdc194df2ac",opaque="36dd9c567f00c16f8bc118f0817ba07b-NzA2NTM3Mjg5NDg5NDI4MTYxNDQyMzI5MTAwMzUwNzQwOTMyMjQyMjc1MTk4MjQwNjAyNzI2ODY1LDc1LjY1LjguMTU4LDEyOTA5MjE4MjQ=".
Accept-Language: en.
Connection: Keep-Alive.
Keep-Alive: 5.
User-Agent: Mozilla/4.0 (compatible; snom360-SIP 8.4.18 1.1.3-m).
.
##
T 2010/11/27 23:23:44.144617 173.XX.XX.XX:80 -> 75.XX.XX.XX:2076 [AP]
HTTP/1.1 401 Unauthorized.
Date: Sun, 28 Nov 2010 05:23:44 GMT.
Content-Length: 141.
Content-Type: text/html.
WWW-Authenticate: digest
nonce="139414618774781493440636305424629766704451120358098653186",
opaque="d930569724b82196640444742ca8683b-MTM5NDE0NjE4Nzc0NzgxNDkzNDQwNjM2MzA1NDI0NjI5NzY2NzA0NDUxMTIwMzU4MDk4NjUzMTg2LDc1LjY1LjguMTU4LDEyOTA5MjE4MjQ=",
realm="irock.com", algorithm=MD5, qop="auth".
Server: OpenXCAP/2.0.0.
.
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You
are
not authorized to access this resource.</p></body></html>
--------------------------------------------------------------------------------------------
Bad Bria Request
--------------------------------------------------------------------------------------------
GET
/xcap-root at irock.com/resource-lists/users/sip:9012XX2XX at irock.com/resource-list.xml
HTTP/1.1.
Authorization: Digest username="sip", realm="irock.com",
nonce="50095226763860567326458028738337048298233814822458738089",
uri="/xcap-root at irock.com/resource-lists/users/sip:9012XX2XX at irock.com/resource-list.xml",
cnonce="Mjg1NzE2", nc=00000001, qop="auth",
response="089dd6ca050f6212c6803d74a032009a",
opaque="7a655f7cb5ce8376f21b8fdaf8a3ffe5-NTAwOTUyMjY3NjM4NjA1NjczMjY0NTgwMjg3MzgzMzcwNDgyOTgyMzM4MTQ4MjI0NTg3MzgwODksNzUuNjUuOC4xNTgsMTI5MDkyMjMyMA==",
algorithm="MD5".
Host: xcap.ae.com.
Accept: */*.
If-None-Match: "44a8ee0920c465b4397a1de5f3518b5d".
.
#
T 2010/11/27 23:32:00.468693 173.XX.XX.XX:80 -> 75.XX.XX.XX:51739 [AP]
HTTP/1.1 401 Unauthorized.
Date: Sun, 28 Nov 2010 05:32:00 GMT.
Content-Length: 141.
Content-Type: text/html.
WWW-Authenticate: digest
nonce="331761275047467742060996448408084816202194629691680164782",
opaque="4e6f75781025f661095515876322a7c6-MzMxNzYxMjc1MDQ3NDY3NzQyMDYwOTk2NDQ4NDA4MDg0ODE2MjAyMTk0NjI5NjkxNjgwMTY0NzgyLDc1LjY1LjguMTU4LDEyOTA5MjIzMjA=",
realm="irock.com", algorithm=MD5, qop="auth".
Server: OpenXCAP/2.0.0.
.
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You
are
not authorized to access this resource.</p></body></html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20101128/f2d2396a/attachment-0001.htm>
More information about the Users
mailing list