< Previous by Date Date Index Next by Date >
  Thread Index Next in Thread >

[reSIProcate] Managing authentication in an B2BUA


Hi,

I'm using resiprocate (version 1.0.2) as a base for my B2BUA and wanted to implement following scenario:

UserA                  B2BUA                   UserB
 |                       |                       |
 |  1.INVITE             |                       |
 |---------------------->|  2.INVITE             |
 |                       |---------------------->|
 |                       |    3.401 Unauthorized |
 |    4.401 Unauthorized |<----------------------|
 |<----------------------|  5.ACK                |
 |  6.ACK                |---------------------->|
 |---------------------->|                       |
 |                       |                       |
 |  7.INVITE(credential) |                       |
 |---------------------->|  8.INVITE(credential) |
 |                       |---------------------->|


The idea is, that after receiving '401 Unauthorized' from UserB, B2BUA should challenge UserA using realm & nonce taken from the message just received from UserB. Later on, B2BUA can reuse the credential received in message (7) to reINVITE UserB.

To setup DUM to be able to respond to digest challenges from UserB, I have to use ClientAuthManager.

I suppose I'll need to modify ClientAuthManager::handle() method, so that it will issue a challenge for UserA.

I'm wondering if I need to modify also DialogSet::handledByAuthOrRedirect() so that it:
- doesn't send a reINVITE immediately (it has to be done after message (7)),
- return always true, so that the DialogSet (between B2BUA & UserB) doesn't get destroyed.

Besides, how can I know, when an INVITE with credentials comes - do I have to modify ServerAuthManager logic?

What are your thoughts on my idea - I'm affraid I can miss something or introduce some bugs especially by modifying DialogSet code.

Best Regards,
Tomasz Nowak