[OpenSIPS-Users] Adding Proxy-Authorization header

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Mar 26 20:34:17 CET 2014


Hi Diego,

According to the log you posted (at the end of your email), the 
Proxy-Authorization was at least computed (the hdr is actually printed). 
If you do a t_relay() there, you should have the header in the new 
outgoing INVITE.

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 26.03.2014 20:36, Diego Barberio wrote:
> Hi Bogdan,
>
> I followed your sugestion and found the follwing error:
>
> Mar 26 12:53:15 [12396] DBG:uac:uac_auth: no credential for realm 
> "ctelpbx"
>
> So, I added the following lines to my configuration script:
>
> modparam("uac","auth_username_avp", "$avp(user)")
> modparam("uac","auth_password_avp", "$avp(pass)")
> modparam("uac","auth_realm_avp", "$avp(realm)")
>
> route{
>         $avp(user)="268";
>         $avp(pass)="123456";
>         $avp(realm)="ctelpbx";
>
> Opensips is still not sending the invite with the Proxy-Authorizatin 
> header, and now the log is showing this:
>
> Mar 26 16:14:32 [5178] DBG:uac:uac_auth: picked reply is 0xb6b68b68, 
> code 407
> Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=20000000000
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: 
> <algorithm>="MD5" state=7
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: 
> <realm>="ctelpbx" state=2
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: 
> <nonce>="6f0a2c46" state=3
> Mar 26 16:14:32 [5178] DBG:uac_auth:build_authorization_hdr: hdr is 
> <Proxy-Authorization: Digest username="268", realm="ctelpbx", 
> nonce="6f0a2c46", uri="sip:229 at 192.168.2.98:5060 
> <http://sip:229@192.168.2.98:5060>", 
> response="fc3cfd31f4a053d5d16b5ae8f463830d", algorithm=MD5
> >
> Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=ffffffffffffffff
> Mar 26 16:14:32 [5178] DBG:core:buf_init: initializing...
>
> Any suggestion?
>
> Thanks
> Diego
>
>
> On Fri, Mar 7, 2014 at 8:50 AM, Bogdan-Andrei Iancu 
> <bogdan at opensips.org <mailto:bogdan at opensips.org>> wrote:
>
>     Hi Diego,
>
>     Set debug = 4 and watch the logs from the uac_auth() function
>     (also the return code) - I assume the function did not find any
>     credentials (on the server side) to match the authentication
>     challenge (the matching is done based on the realm).
>
>     Regards,
>
>     Bogdan-Andrei Iancu
>     OpenSIPS Founder and Developer
>     http://www.opensips-solutions.com
>
>     On 05.03.2014 19:38, Diego Barberio wrote:
>>     Hi Stefano, Vlad
>>
>>     Thank you for your response I tried your suggestion but still
>>     doesn't work. This is a snippet from my script:
>>
>>     modparam("uac_auth","credential","268:192.168.2.98:password")
>>
>>     t_on_failure("2");
>>     t_relay();
>>
>>     failure_route[2] {
>>             if(t_check_status("407")){
>>                     uac_auth();
>>                     xlog("In failure route 2\n");
>>             }
>>     }
>>
>>     According to the log, the uac_auth function is being called but
>>     the following INVITEs doesn't include the Proxy-Authorization header
>>
>>     What am I missing?
>>
>>     Thanks
>>     Diego
>>
>>
>>
>>     On Mon, Feb 24, 2014 at 2:12 PM, Vlad Paiu <vladpaiu at opensips.org
>>     <mailto:vladpaiu at opensips.org>> wrote:
>>
>>         Hello,
>>
>>         The registrant module is to be used only for generating
>>         REGISTER requests ( with auth included ).
>>         For proxied calls, you need to use the uac and uac_auth
>>         modules ( [1] ) for adding the auth headers - call uac_auth()
>>         ( [2] ) function within failure route when receiving a challenge.
>>
>>         [1]
>>         http://www.opensips.org/html/docs/modules/1.11.x/uac_auth.html
>>         [2]
>>         http://www.opensips.org/html/docs/modules/1.11.x/uac.html#id250288
>>
>>         Best Regards
>>
>>         Vlad Paiu
>>         OpenSIPS Developer
>>         http://www.opensips-solutions.com  
>>
>>         On 24.02.2014 17:33, Stefano Pisani wrote:
>>>         You can use module UAC_AUTH
>>>
>>>         Il 24/02/2014 16.18, Diego Barberio ha scritto:
>>>>         Hi all,
>>>>
>>>>         I have opensips registered to an IP-PBX using registrant
>>>>         module and I want to make an outbound call to that PBX
>>>>         through the proxy.
>>>>
>>>>         I'm sending and INVITE from my application to the proxy
>>>>         with a From that is actually registered by the proxy,
>>>>         however OpenSIPs is not adding the Proxy-Authorization
>>>>         header so the INVITE is rejected with a 401 Unauthorized
>>>>         and that response is forwarded to my application.
>>>>
>>>>         I just want opensips to add the Proxy-Authorization header
>>>>         so the call is not rejected by the IP-PBX. Is it possible
>>>>         to achieve this?
>>>>
>>>>         Thanks
>>>>         Diego
>>>>
>>>>
>>>>         _______________________________________________
>>>>         Users mailing list
>>>>         Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>>         _______________________________________________
>>>         Users mailing list
>>>         Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>         _______________________________________________
>>         Users mailing list
>>         Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140326/5ba1d873/attachment.htm>


More information about the Users mailing list