[OpenSIPS-Users] Adding Proxy-Authorization header

Diego Barberio diego.barberio at redmondsoftware.com
Wed Mar 26 19:36:32 CET 2014


Hi Bogdan,

I followed your sugestion and found the follwing error:

Mar 26 12:53:15 [12396] DBG:uac:uac_auth: no credential for realm "ctelpbx"

So, I added the following lines to my configuration script:

modparam("uac","auth_username_avp", "$avp(user)")
modparam("uac","auth_password_avp", "$avp(pass)")
modparam("uac","auth_realm_avp", "$avp(realm)")

route{
        $avp(user)="268";
        $avp(pass)="123456";
        $avp(realm)="ctelpbx";

Opensips is still not sending the invite with the Proxy-Authorizatin
header, and now the log is showing this:

Mar 26 16:14:32 [5178] DBG:uac:uac_auth: picked reply is 0xb6b68b68, code
407
Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=20000000000
Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: <algorithm>="MD5"
state=7
Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: <realm>="ctelpbx"
state=2
Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: <nonce>="6f0a2c46"
state=3
Mar 26 16:14:32 [5178] DBG:uac_auth:build_authorization_hdr: hdr is
<Proxy-Authorization: Digest username="268", realm="ctelpbx",
nonce="6f0a2c46", uri="sip:229 at 192.168.2.98:5060",
response="fc3cfd31f4a053d5d16b5ae8f463830d", algorithm=MD5
>
Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=ffffffffffffffff
Mar 26 16:14:32 [5178] DBG:core:buf_init: initializing...

Any suggestion?

Thanks
Diego


On Fri, Mar 7, 2014 at 8:50 AM, Bogdan-Andrei Iancu <bogdan at opensips.org>wrote:

>  Hi Diego,
>
> Set debug = 4 and watch the logs from the uac_auth() function (also the
> return code) - I assume the function did not find any credentials (on the
> server side) to match the authentication challenge (the matching is done
> based on the realm).
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 05.03.2014 19:38, Diego Barberio wrote:
>
>  Hi Stefano, Vlad
>
>  Thank you for your response I tried your suggestion but still doesn't
> work. This is a snippet from my script:
>
> modparam("uac_auth","credential","268:192.168.2.98:password")
>
> t_on_failure("2");
> t_relay();
>
> failure_route[2] {
>         if(t_check_status("407")){
>                 uac_auth();
>                 xlog("In failure route 2\n");
>         }
> }
>
>  According to the log, the uac_auth function is being called but the
> following INVITEs doesn't include the Proxy-Authorization header
>
>  What am I missing?
>
>  Thanks
> Diego
>
>
>
> On Mon, Feb 24, 2014 at 2:12 PM, Vlad Paiu <vladpaiu at opensips.org> wrote:
>
>>  Hello,
>>
>> The registrant module is to be used only for generating REGISTER requests
>> ( with auth included ).
>> For proxied calls, you need to use the uac and uac_auth modules ( [1] )
>> for adding the auth headers - call uac_auth() ( [2] ) function within
>> failure route when receiving a challenge.
>>
>> [1] http://www.opensips.org/html/docs/modules/1.11.x/uac_auth.html
>> [2] http://www.opensips.org/html/docs/modules/1.11.x/uac.html#id250288
>>
>> Best Regards
>>
>> Vlad Paiu
>> OpenSIPS Developerhttp://www.opensips-solutions.com
>>
>>   On 24.02.2014 17:33, Stefano Pisani wrote:
>>
>> You can use module UAC_AUTH
>>
>> Il 24/02/2014 16.18, Diego Barberio ha scritto:
>>
>>   Hi all,
>>
>>  I have opensips registered to an IP-PBX using registrant module and I
>> want to make an outbound call to that PBX through the proxy.
>>
>>  I'm sending and INVITE from my application to the proxy with a From that
>> is actually registered by the proxy, however OpenSIPs is not adding the
>> Proxy-Authorization header so the INVITE is rejected with a 401
>> Unauthorized and that response is forwarded to my application.
>>
>>  I just want opensips to add the Proxy-Authorization header so the call
>> is not rejected by the IP-PBX. Is it possible to achieve this?
>>
>>  Thanks
>> Diego
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140326/fa147fd8/attachment-0001.htm>


More information about the Users mailing list