[OpenSIPS-Users] Adding Proxy-Authorization header

Diego Barberio diego.barberio at redmondsoftware.com
Thu Mar 27 14:47:07 CET 2014


Thanks Bogdan

I added the t_relay() and now it's sending the INVITE with the
ProxyAuthorization header. However i need to increment its CSeq number
because my IPPBX is ignoring the second INVITE. I googled how to increment
the CSeq but I couldn't find anything useful. Is there a way to increment
the CSeq number?

Thanks
Diego


On Wed, Mar 26, 2014 at 4:34 PM, Bogdan-Andrei Iancu <bogdan at opensips.org>wrote:

>  Hi Diego,
>
> According to the log you posted (at the end of your email), the
> Proxy-Authorization was at least computed (the hdr is actually printed). If
> you do a t_relay() there, you should have the header in the new outgoing
> INVITE.
>
> Regards,
>
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>
> On 26.03.2014 20:36, Diego Barberio wrote:
>
>    Hi Bogdan,
>
>  I followed your sugestion and found the follwing error:
>
> Mar 26 12:53:15 [12396] DBG:uac:uac_auth: no credential for realm "ctelpbx"
>
>  So, I added the following lines to my configuration script:
>
> modparam("uac","auth_username_avp", "$avp(user)")
> modparam("uac","auth_password_avp", "$avp(pass)")
> modparam("uac","auth_realm_avp", "$avp(realm)")
>
> route{
>         $avp(user)="268";
>         $avp(pass)="123456";
>         $avp(realm)="ctelpbx";
>
>  Opensips is still not sending the invite with the Proxy-Authorizatin
> header, and now the log is showing this:
>
> Mar 26 16:14:32 [5178] DBG:uac:uac_auth: picked reply is 0xb6b68b68, code
> 407
> Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=20000000000
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: <algorithm>="MD5"
> state=7
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body: <realm>="ctelpbx"
> state=2
> Mar 26 16:14:32 [5178] DBG:core:parse_authenticate_body:
> <nonce>="6f0a2c46" state=3
> Mar 26 16:14:32 [5178] DBG:uac_auth:build_authorization_hdr: hdr is
> <Proxy-Authorization: Digest username="268", realm="ctelpbx",
> nonce="6f0a2c46", uri="sip:229 at 192.168.2.98:5060",
> response="fc3cfd31f4a053d5d16b5ae8f463830d", algorithm=MD5
> >
> Mar 26 16:14:32 [5178] DBG:core:parse_headers: flags=ffffffffffffffff
> Mar 26 16:14:32 [5178] DBG:core:buf_init: initializing...
>
>  Any suggestion?
>
>  Thanks
>  Diego
>
>
> On Fri, Mar 7, 2014 at 8:50 AM, Bogdan-Andrei Iancu <bogdan at opensips.org>wrote:
>
>>  Hi Diego,
>>
>> Set debug = 4 and watch the logs from the uac_auth() function (also the
>> return code) - I assume the function did not find any credentials (on the
>> server side) to match the authentication challenge (the matching is done
>> based on the realm).
>>
>> Regards,
>>
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developerhttp://www.opensips-solutions.com
>>
>>  On 05.03.2014 19:38, Diego Barberio wrote:
>>
>>  Hi Stefano, Vlad
>>
>>  Thank you for your response I tried your suggestion but still doesn't
>> work. This is a snippet from my script:
>>
>> modparam("uac_auth","credential","268:192.168.2.98:password")
>>
>> t_on_failure("2");
>> t_relay();
>>
>> failure_route[2] {
>>         if(t_check_status("407")){
>>                 uac_auth();
>>                 xlog("In failure route 2\n");
>>         }
>> }
>>
>>  According to the log, the uac_auth function is being called but the
>> following INVITEs doesn't include the Proxy-Authorization header
>>
>>  What am I missing?
>>
>>  Thanks
>> Diego
>>
>>
>>
>> On Mon, Feb 24, 2014 at 2:12 PM, Vlad Paiu <vladpaiu at opensips.org> wrote:
>>
>>>  Hello,
>>>
>>> The registrant module is to be used only for generating REGISTER
>>> requests ( with auth included ).
>>> For proxied calls, you need to use the uac and uac_auth modules ( [1] )
>>> for adding the auth headers - call uac_auth() ( [2] ) function within
>>> failure route when receiving a challenge.
>>>
>>> [1] http://www.opensips.org/html/docs/modules/1.11.x/uac_auth.html
>>> [2] http://www.opensips.org/html/docs/modules/1.11.x/uac.html#id250288
>>>
>>> Best Regards
>>>
>>> Vlad Paiu
>>> OpenSIPS Developerhttp://www.opensips-solutions.com
>>>
>>>   On 24.02.2014 17:33, Stefano Pisani wrote:
>>>
>>> You can use module UAC_AUTH
>>>
>>> Il 24/02/2014 16.18, Diego Barberio ha scritto:
>>>
>>>   Hi all,
>>>
>>>  I have opensips registered to an IP-PBX using registrant module and I
>>> want to make an outbound call to that PBX through the proxy.
>>>
>>>  I'm sending and INVITE from my application to the proxy with a From
>>> that is actually registered by the proxy, however OpenSIPs is not adding
>>> the Proxy-Authorization header so the INVITE is rejected with a 401
>>> Unauthorized and that response is forwarded to my application.
>>>
>>>  I just want opensips to add the Proxy-Authorization header so the call
>>> is not rejected by the IP-PBX. Is it possible to achieve this?
>>>
>>>  Thanks
>>> Diego
>>>
>>>
>>> _______________________________________________
>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>>
>>
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140327/d791afbc/attachment.htm>


More information about the Users mailing list