[OpenSIPS-Users] OpenXCAP user authentication format

duane.larson at gmail.com duane.larson at gmail.com
Sun Nov 28 06:47:03 CET 2010 

I am trying to get Bria and Snom to use the same XCAP documents. I am  
having issues getting to play well with together with OpenXCAP.

Currently the only way to get Bria xcap config to authenticate with  
OpenXCAP you have to manually set the username to be the OpenSIPS  
subscriber. If you tell Bria to "Use SIP credentials" OpenXCAP thinks the  
username is actually "sip" because it is taking the "sip" from the  
uri "sip:XXXXXXX at xyz.com". Yet for some reason when a Snom phone sends its  
username info OpenXCAP takes the whole sip uri as the username  
successfully, but the authentication still fails because no user exists  
that has the full uri "sip:xxxx at xyz.com"

I am wondering what can be done when it comes to OpenXCAP user  
authentication. Below you will see 3 displays.

The first is a Bria client that can authenticate when the username is  
manually entered (works fine).
The second is a Snom client that tries to authenticate with the sip uri (no  
good)
The third is a Bria client that tries to authenticate when the "Use SIP  
credentials" is set (no good)


Good Bria Auth
--------------------------------------------------------------------------------------------

####
T 2010/11/27 23:13:49.740070 75.XX.XX.XX:51638 -> 173.XX.XX.XX:80 [AP]
GET  
/xcap-root at irock.com/resource-lists/users/9012XX2XX/contacts-resource-list.xml  
HTTP/1.1.
Host: xcap.ae.com.
Accept: */*.
.

##
T 2010/11/27 23:13:49.742264 173.XX.XX.XX:80 -> 75.XX.XX.XX:51638 [AP]
HTTP/1.1 401 Unauthorized.
Date: Sun, 28 Nov 2010 05:13:49 GMT.
Content-Length: 141.
Content-Type: text/html.
WWW-Authenticate: digest  
nonce="200168871397238953776527501139563679082698914645735932561",  
opaque="4da449c730ab8be594dffa4095ea7f30-MjAwMTY4ODcxMzk3MjM4OTUzNzc2NTI3NTAxMTM5NTYzNjc5MDgyNjk4OTE0NjQ1NzM1OTMyNTYxLDc1LjY1LjguMTU4LDEyOTA5MjEyMjk=",  
realm="irock.com", algorithm=MD5, qop="auth".
Server: OpenXCAP/2.0.0.
.
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You  
are  
not authorized to access this resource.</p></body></html>
#
T 2010/11/27 23:13:49.808204 75.XX.XX.XX:51638 -> 173.XX.XX.XX:80 [AP]
GET  
/xcap-root at irock.com/resource-lists/users/9012XX2XX/contacts-resource-list.xml  
HTTP/1.1.
Authorization: Digest username="9012XX2XX", realm="irock.com",  
nonce="200168871397238953776527501139563679082698914645735932561",  
uri="/xcap-root at irock.com/resource-lists/users/9012XX2XX/contacts-resource-list.xml",  
cnonce="Mjg0NjI2", nc=00000001, qop="auth",  
response="e8236a7d007ddab5f22d862dad939f02",  
opaque="4da449c730ab8be594dffa4095ea7f30-MjAwMTY4ODcxMzk3MjM4OTUzNzc2NTI3NTAxMTM5NTYzNjc5MDgyNjk4OTE0NjQ1NzM1OTMyNTYxLDc1LjY1LjguMTU4LDEyOTA5MjEyMjk=",  
algorithm="MD5".
Host: xcap.ae.com.
Accept: */*.
.

#
T 2010/11/27 23:13:49.811928 173.XX.XX.XX:80 -> 75.XX.XX.XX:51638 [A]
HTTP/1.1 200 OK.
Content-Length: 1277.
Accept-Ranges: bytes.
Server: OpenXCAP/2.0.0.
ETag: "0a777fc8e2fa5738dac84cd37a09728e".
Date: Sun, 28 Nov 2010 05:13:49 GMT.
Content-Type: application/resource-lists+xml.


--------------------------------------------------------------------------------------------


Bad Snom Request
--------------------------------------------------------------------------------------------

GET  
/xcap-root%40irock.com/resource-lists/users/sip%3a9012XX2XX%40irock.com/contacts-resource-list.xml  
HTTP/1.1.
Host: xcap.ae.com.
Content-Length: 0.
Authorization: Digest  
username="sip:9012XX2XX at irock.com",realm="irock.com",nonce="706537289489428161442329100350740932242275198240602726865",uri="/xcap-root%40irock.com/resource-lists/users/sip%3a9012XX2XX%40irock.com/contacts-resource-list.xml",qop=auth,nc=00000001,cnonce="72a71f02",response="f60f4577371ec3cf8e3fdfdc194df2ac",opaque="36dd9c567f00c16f8bc118f0817ba07b-NzA2NTM3Mjg5NDg5NDI4MTYxNDQyMzI5MTAwMzUwNzQwOTMyMjQyMjc1MTk4MjQwNjAyNzI2ODY1LDc1LjY1LjguMTU4LDEyOTA5MjE4MjQ=".
Accept-Language: en.
Connection: Keep-Alive.
Keep-Alive: 5.
User-Agent: Mozilla/4.0 (compatible; snom360-SIP 8.4.18 1.1.3-m).
.

##
T 2010/11/27 23:23:44.144617 173.XX.XX.XX:80 -> 75.XX.XX.XX:2076 [AP]
HTTP/1.1 401 Unauthorized.
Date: Sun, 28 Nov 2010 05:23:44 GMT.
Content-Length: 141.
Content-Type: text/html.
WWW-Authenticate: digest  
nonce="139414618774781493440636305424629766704451120358098653186",  
opaque="d930569724b82196640444742ca8683b-MTM5NDE0NjE4Nzc0NzgxNDkzNDQwNjM2MzA1NDI0NjI5NzY2NzA0NDUxMTIwMzU4MDk4NjUzMTg2LDc1LjY1LjguMTU4LDEyOTA5MjE4MjQ=",  
realm="irock.com", algorithm=MD5, qop="auth".
Server: OpenXCAP/2.0.0.
.
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You  
are  
not authorized to access this resource.</p></body></html>



--------------------------------------------------------------------------------------------





Bad Bria Request
--------------------------------------------------------------------------------------------


GET  
/xcap-root at irock.com/resource-lists/users/sip:9012XX2XX at irock.com/resource-list.xml  
HTTP/1.1.
Authorization: Digest username="sip", realm="irock.com",  
nonce="50095226763860567326458028738337048298233814822458738089",  
uri="/xcap-root at irock.com/resource-lists/users/sip:9012XX2XX at irock.com/resource-list.xml",  
cnonce="Mjg1NzE2", nc=00000001, qop="auth",  
response="089dd6ca050f6212c6803d74a032009a",  
opaque="7a655f7cb5ce8376f21b8fdaf8a3ffe5-NTAwOTUyMjY3NjM4NjA1NjczMjY0NTgwMjg3MzgzMzcwNDgyOTgyMzM4MTQ4MjI0NTg3MzgwODksNzUuNjUuOC4xNTgsMTI5MDkyMjMyMA==",  
algorithm="MD5".
Host: xcap.ae.com.
Accept: */*.
If-None-Match: "44a8ee0920c465b4397a1de5f3518b5d".
.

#
T 2010/11/27 23:32:00.468693 173.XX.XX.XX:80 -> 75.XX.XX.XX:51739 [AP]
HTTP/1.1 401 Unauthorized.
Date: Sun, 28 Nov 2010 05:32:00 GMT.
Content-Length: 141.
Content-Type: text/html.
WWW-Authenticate: digest  
nonce="331761275047467742060996448408084816202194629691680164782",  
opaque="4e6f75781025f661095515876322a7c6-MzMxNzYxMjc1MDQ3NDY3NzQyMDYwOTk2NDQ4NDA4MDg0ODE2MjAyMTk0NjI5NjkxNjgwMTY0NzgyLDc1LjY1LjguMTU4LDEyOTA5MjIzMjA=",  
realm="irock.com", algorithm=MD5, qop="auth".
Server: OpenXCAP/2.0.0.
.
<html><head><title>Unauthorized</title></head><body><h1>Unauthorized</h1><p>You  
are  
not authorized to access this resource.</p></body></html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20101128/f2d2396a/attachment-0001.htm>

More information about the Users mailing list