o Alex Balashov on 11/16/2011 12:22 PM:
On 11/16/2011 06:17 AM, Stefan Sayer wrote:
Question about this:
If I route an initial INVITE request through auth_b2b, will the
credentials supplied there in, say, P-App-Param, be kept in memory and
reused for all subsequent authentication challenges within that
dialog, e.g. BYE? Or do I still have to explicitly provide the
yes
credentials needed to answer a challenge to subsequent requests?
no
Well, here's my inbound scenario: A calls B through SEMS. B trusts
SEMS via IP, does not challenge the INVITE or anything, but I still
run the call through auth_b2b. However, when A does not IP-trust SEMS,
so when B hangs up on A, A challenges the BYE.
(This is ignoring, for the sake of simplicity, other A-leg challenges
for other in-dialog requests that can arise from the receiving end.)
If no digest challenge authentication occurred on the initial INVITE,
what is the appropriate way to handle this situation in the other
direction for the BYE? Should I provide credentials in the P-App-Param
header in the BYE originating from B, with A leg authentication
enabled as you indicated? Or something else?
Let me illustrate this:
caller <--- A (first) leg ---> SEMS <--- B (second) leg ---> callee
The 'A' leg is always the first leg, the one from the caller. 'B' leg
is the one to calee.
You generally need to set all SBC parameters for the call in the sbc
profile (e.g. enable_aleg_auth=yes). The profile is evaluated (e.g.
using values from headers as $H(xy) as in
auth_aleg_user=$H(P-A-Auth-User)) only at the start of the call, when
the initial INVITE is processed, and stored in memory for the duration
of the call. The sbc profile is not changed during the course of the call.
If you want to have SEMS authenticate requests in the A leg (e.g. BYE
or re-INVITE from callee/B), you need to enable_aleg_auth=yes and
provide credentials (user and password) for it in the sbc profile
(e.g. from headers at the inital INVITE, at beginning of the call). It
doesn't matter whether the initial request is challenged or not.
hope this explains how that works, maybe I dont get what is not
understood?
Stefan
Thanks for the insights!
-- Alex
--
Stefan Sayer
CEO (Geschäftsführer)
FRAFOS GmbH
email: [email protected]
mobile:+49 162 1366449
www.frafos.com
Prinzessinnenstr. 19/20 betahaus
10969 Berlin
Germany
_______________________________________________
Sems mailing list
[email protected]
http://lists.iptel.org/mailman/listinfo/sems
