[OpenSIPS-Users] uac_auth
Bogdan-Andrei Iancu
bogdan at opensips.org
Fri Nov 1 12:34:00 CET 2013
Hello Rik,
It may be silly , but are you sure you filled in the proper credentials
(realm, auth user and password) ??
Also, based on how the response for digest is computed, you can double
check the OpenSIPS auth response (calculating the HA and md5 sums as per
RFC 2617).
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 11/01/2013 01:09 PM, Rik Broers wrote:
>
> Yes, thats correct. Opensips sends out an invite with Authorization
> header as response on the 401 unauthorized.
>
> This authorization header contains the correct Nonce.
>
> Instead of being authorized I receive another 401 unauthorized which
> opensips replies again with new nonce and so on until max branches is
> reached.
>
>
>
> Met vriendelijke groet,
>
> Regards,
>
>
>
> *Rik Broers*
>
> */Voice Engineer/**//*
>
>
>
>
>
> *From:*Bogdan-Andrei Iancu [mailto:bogdan at opensips.org]
> *Sent:* vrijdag 1 november 2013 11:49
> *To:* OpenSIPS users mailling list
> *Cc:* Rik Broers
> *Subject:* Re: [OpenSIPS-Users] uac_auth
>
>
>
> Hello Rik,
>
> So OpenSIPS generates a new INVITE with credentials (as a result of
> the uac_auth() ), but this is also rejected ?
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
>
> On 10/31/2013 11:46 AM, Rik Broers wrote:
>
> Hi,
>
>
>
> I'm trying to use the uac_auth() function to add Authorization to
> my invite after I received a 401 Unauthorized.
>
> I call the function in the failure route and according to Debug
> the authorization header is inserted. I also see this in a trace.
>
> Unfortunately I haven't been able to authorize successfully,
> double checked everything and also tried with phones to ensure the
> credentials are correct and my asterisk is working.
>
> I'm filling the credentials with a modparam not with AVP.
>
>
>
> In DBG I see this: DBG:uac_auth:build_authorization_hdr: hdr is
> <Authorization: Digest username="**", realm="**",
> nonce="31d5b0d9", uri="***;user=phone",
> response="ea344343187f27c668be8fdc3acf8c5a", algorithm=MD5#015#012>
>
> So it seems to match correctly.
>
>
>
> I'm authenticating against Asterisk. And my failure route looks
> like this:
>
> failure_route[FailPBX]{
>
> xlog("Im in failpbx route");
>
> uac_auth();
>
> t_on_failure("FailPBX");
>
> t_relay();
>
> }
>
>
>
> What happens is the following
>
> -> Invite
>
> <- 100 Giving a try
>
> <- 401 Unauthorized (Unique nonce 1)
>
> -> ACK
>
> -> invite with authorization header (unique Nonce 1)
>
> <- 100 Giving a try
>
> <- 401 Unauthorized (Unique nonce 2)
>
> -> invite with authorization header (unique Nonce 2)
>
> ..... and so on until ERROR:tm:add_uac: maximum number of branches
> exceeded.
>
>
>
>
>
> Only thing left for me now is to verify that the Digest calculated
> is correct. *How can I do this?* What functions should I use on
> linux..
>
> Below my authorization challenge.
>
>
>
> Or are there any other things I'm missing?
>
> Im using NOTICE:core:main: version: opensips 1.10.0-notls
> (x86_64/linux)
>
>
>
>
>
> Met vriendelijke groet,
>
> Regards,
>
>
>
> *Rik Broers*
>
> */Voice Engineer/*
>
>
>
>
>
>
>
> _______________________________________________
>
> Users mailing list
>
> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20131101/a95146d8/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 3285 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20131101/a95146d8/attachment-0001.png>
More information about the Users
mailing list