[OpenSIPS-Users] Adding Proxy-Authorization header
Bogdan-Andrei Iancu
bogdan at opensips.org
Wed Mar 26 20:34:17 CET 2014
Hi Diego,
According to the log you posted (at the end of your email), the
Proxy-Authorization was at least computed (the hdr is actually printed).
If you do a t_relay() there, you should have the header in the new
outgoing INVITE.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 26.03.2014 20:36, Diego Barberio wrote:
> Hi Bogdan,
>
> I followed your sugestion and found the follwing error:
>
> Mar 26 12:53:15 [12396] DBG:uac:uac_auth: no credential for realm
> "ctelpbx"
>
> So, I added the following lines to my configuration script:
>
> modparam("uac","auth_username_avp", "$avp(user)")
> modparam("uac","auth_password_avp", "$avp(pass)")
> modparam("uac","auth_realm_avp", "$avp(realm)")
>
> route{
> $avp(user)="268";
> $avp(pass)="123456";
> $avp(realm)="ctelpbx";
>
> Opensips is still not sending the invite with the Proxy-Authorizatin
> header, and now the log is showing this:
>
> Mar 26 16:14:32 [5178] DBG:uac:uac_auth: picked reply is 0xb6b68b68,
> code 407
> Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=20000000000
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body:
> <algorithm>="MD5" state=7
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body:
> <realm>="ctelpbx" state=2
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body:
> <nonce>="6f0a2c46" state=3
> Mar 26 16:14:32 [5178] DBG:uac_auth:build_authorization_hdr: hdr is
> <Proxy-Authorization: Digest username="268", realm="ctelpbx",
> nonce="6f0a2c46", uri="sip:229 at 192.168.2.98:5060
> <http://sip:229@192.168.2.98:5060>",
> response="fc3cfd31f4a053d5d16b5ae8f463830d", algorithm=MD5
> >
> Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=ffffffffffffffff
> Mar 26 16:14:32 [5178] DBG:core:buf_init: initializing...
>
> Any suggestion?
>
> Thanks
> Diego
>
>
> On Fri, Mar 7, 2014 at 8:50 AM, Bogdan-Andrei Iancu
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
> Hi Diego,
>
> Set debug = 4 and watch the logs from the uac_auth() function
> (also the return code) - I assume the function did not find any
> credentials (on the server side) to match the authentication
> challenge (the matching is done based on the realm).
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
>
> On 05.03.2014 19:38, Diego Barberio wrote:
>> Hi Stefano, Vlad
>>
>> Thank you for your response I tried your suggestion but still
>> doesn't work. This is a snippet from my script:
>>
>> modparam("uac_auth","credential","268:192.168.2.98:password")
>>
>> t_on_failure("2");
>> t_relay();
>>
>> failure_route[2] {
>> if(t_check_status("407")){
>> uac_auth();
>> xlog("In failure route 2\n");
>> }
>> }
>>
>> According to the log, the uac_auth function is being called but
>> the following INVITEs doesn't include the Proxy-Authorization header
>>
>> What am I missing?
>>
>> Thanks
>> Diego
>>
>>
>>
>> On Mon, Feb 24, 2014 at 2:12 PM, Vlad Paiu <vladpaiu at opensips.org
>> <mailto:vladpaiu at opensips.org>> wrote:
>>
>> Hello,
>>
>> The registrant module is to be used only for generating
>> REGISTER requests ( with auth included ).
>> For proxied calls, you need to use the uac and uac_auth
>> modules ( [1] ) for adding the auth headers - call uac_auth()
>> ( [2] ) function within failure route when receiving a challenge.
>>
>> [1]
>> http://www.opensips.org/html/docs/modules/1.11.x/uac_auth.html
>> [2]
>> http://www.opensips.org/html/docs/modules/1.11.x/uac.html#id250288
>>
>> Best Regards
>>
>> Vlad Paiu
>> OpenSIPS Developer
>> http://www.opensips-solutions.com
>>
>> On 24.02.2014 17:33, Stefano Pisani wrote:
>>> You can use module UAC_AUTH
>>>
>>> Il 24/02/2014 16.18, Diego Barberio ha scritto:
>>>> Hi all,
>>>>
>>>> I have opensips registered to an IP-PBX using registrant
>>>> module and I want to make an outbound call to that PBX
>>>> through the proxy.
>>>>
>>>> I'm sending and INVITE from my application to the proxy
>>>> with a From that is actually registered by the proxy,
>>>> however OpenSIPs is not adding the Proxy-Authorization
>>>> header so the INVITE is rejected with a 401 Unauthorized
>>>> and that response is forwarded to my application.
>>>>
>>>> I just want opensips to add the Proxy-Authorization header
>>>> so the call is not rejected by the IP-PBX. Is it possible
>>>> to achieve this?
>>>>
>>>> Thanks
>>>> Diego
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140326/5ba1d873/attachment.htm>
More information about the Users
mailing list