[OpenSIPS-Users] AVP-based uac_auth in b2bua

Jeff Pyle jpyle at fidelityvoice.com
Thu Nov 14 00:03:17 CET 2013


Hi Ovidiu,

It does not.  At least not for me.  Here are some snippets of my config
file:

modparam("uac_auth","auth_realm_avp",  "$avp(auth_realm)")
modparam("uac_auth","auth_username_avp","$avp(auth_user)")
modparam("uac_auth","auth_password_avp","$avp(auth_pass)")
#modparam("uac_auth","credential","valid-username:appropriate-realm:valid-password")

route {

  ... sanity checks, etc ...

        $avp(auth_realm) := "appropriate-realm";
        $avp(auth_user)  := "valid-username";
        $avp(auth_pass)  := "valid-password";

        if !(b2b_init_request("top hiding/t105")) {
                xlog("L_ERR", "** b2b_init  failed - - S=$si:$sp T=$tU
F=$fU C=$ci\n");
                send_reply("500", "Internal Server Error");
        }
        exit;
}


Configured like this, the 407 gets passed back to the client.  If I
uncomment the 'credential' modparam, the B2B will send an INVITE with the
correct auth.

The same uac_auth config with the same AVPs work correctly if I use
uac_auth() on a failure_route in a pure proxy config.  That's why I'm
confused about it not working with the B2B.  I looked through the source
and as best I can tell the same functions are called the same way for each.

Ok, let me be specific on that last point.  The client to this B2B instance
is another Opensips instance with proxy-only commands, most notably
rtpproxy.  That's where I have uac_auth() working today.  With that I call
the scenario here as "top hiding/at105" (note the "a") to intentionally
pass the 407 back to the proxy config.  It works.  Ideally, I'd prefer the
B2B scenario here field the 407.


- Jeff


On Wed, Nov 13, 2013 at 4:34 PM, Ovidiu Sas <osas at voipembedded.com> wrote:

> If you set the AVPs before creating the b2b call, it should work on 1.10.
>
> Regards,
> Ovidiu Sas
>
> On Tue, Nov 12, 2013 at 11:16 PM, Jeff Pyle <jpyle at fidelityvoice.com>
> wrote:
> > I was about to let this one go when I found "B2B module gets visibility
> to
> > credentials defined via AVPs" on the About Version 1.10 page.  In my
> case it
> > works only if I define the 'credential' modparam for uac_auth.
> >
> > The AVPs do work if I use the uac_auth() function in a failure_route
> instead
> > of the B2BUA top hiding.
> >
> > Is there a trick I'm missing?
> >
> >
> >
> > - Jeff
> >
> >
> > On Mon, Nov 11, 2013 at 11:09 AM, Jeff Pyle <jpyle at fidelityvoice.com>
> wrote:
> >>
> >> Hello,
> >>
> >> I have uac_auth() working with AVPs in a proxy configuration on v1.10.
> >> This is important because I need to choose the authentication username
> and
> >> password based on the usr_preferences of the source IP of the call.  Is
> it
> >> possible choose the credentials at call-time (like the AVPs allow) in a
> B2B
> >> top-hiding scenario?
> >>
> >> The scenario authenticates properly if I statically specify a
> >> "credentials" modparam for uac_auth.  It does not work, however, if I
> set
> >> AVPs prior to calling b2b_init_request("top hiding").  Is there another
> way
> >> to approach this?
> >>
> >>
> >> Regards,
> >> Jeff
> >>
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
>
>
> --
> VoIP Embedded, Inc.
> http://www.voipembedded.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20131113/a293dcaf/attachment.htm>


More information about the Users mailing list