This is fine when proxy P forks and also it collates the 407 responses. Is there any chance for a scenario like this UA1->P1->P2->P3->UA3 ,where P1 and P2 are in the same domain and use same realm.
If yes,then how does the UA1 know the second challenge was from the second proxy(P2) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Saturday, July 08, 2006 7:27 AM To: [email protected] Subject: Re: [Sip-implementors] Multiple challenges - same realm From: "Joseph C T - NPD, Chennai" <[EMAIL PROTECTED]> Assume there are two proxies. As per the above statement the UAC needs to send two credentials when the second proxy authenticates. Now the question is how does the UAC know the second challenge was from the second proxy(assuming the first proxy authenticated successfully)? Secondly,how can the UAC send the same crendentials for the second proxy, having the same realm(nonce may be different) Can anyone through some light on this. As far as I can see, what is intended is this: The UAC sends the request. It is forked by proxy P to two proxies, P1 and P2, each of which responds with 407, giving the same realm but different nonces. P collates the two 407 responses into one 407 response with two Proxy-Authenticate headers, one from each of the 407 responses from P1 and P2. P sends the combined 407 to UAC. The UAC constructs a second try request, including two Authorization headers. Both use the same realm, user, and password, but one uses the nonce from one Proxy-Authenticate, and one uses the nonce from the other. (The UAC does not know the origin of the Proxy-Authenticate's, it just responds appropriately to each of them.) (It is because of the clause "The same credentials SHOULD be used for the same realm." that both Authorization headers should use the same user/password.) P forks this request to P1 and P2. P1 accepts the request because of the first Authorization header, and P2 accepts the request because of the second Authorization header. Dale _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors Disclaimer: This message and any attachment(s) contained here are information that is confidential, proprietary to HCL Technologies and its customers, privileged or otherwise protected by law. The information is solely intended for the individual or the entity it is addressed to. If you are not the intended recipient of this message, you are not authorized to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
