<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Change authentication to username@sipdomain and passwd , provisioning put only username and password.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>That worked for me.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> spce-user-bounces@lists.sipwise.com [mailto:spce-user-bounces@lists.sipwise.com] <b>On Behalf Of </b>Barry Flanagan<br><b>Sent:</b> Friday, May 17, 2013 12:09 PM<br><b>To:</b> spce-user@lists.sipwise.com<br><b>Subject:</b> [Spce-user] xcap authentication issue with jitsi auto provisinoing<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hi<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I am playing^h^h^h testing the Jitsi client with auto provisioning and have an issue with xcap authentication failing.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>What is happening is that the xcap auth is looking for the username but with a domain of the external IP address of ngcp instead of the actual domain the user is in.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>For example, the SQL query getting sent is<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>"select password,domain,uuid from subscriber where username='XXXXXXXXXX' AND domain='xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx is the external IP of ngcp.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I can see that this is happening for the following reason:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>1. The Jitsi xcap server URI is being set as <a href="https://%3cNGCP">https://<NGCP</a> External IP Address>:1080/xcap<o:p></o:p></p></div><div><p class=MsoNormal>2. nginx proxy passes the host part of the xcap request to the proxy in the P-NGCP-XCAP-Host header<o:p></o:p></p></div><div><p class=MsoNormal>3. impresence.cfg contains the following:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal> if(is_present_hf("P-NGCP-XCAP-Host"))<o:p></o:p></p></div><div><p class=MsoNormal> {<o:p></o:p></p></div><div><p class=MsoNormal> $var(orig_host) = $hdr(P-NGCP-XCAP-Host);<o:p></o:p></p></div><div><p class=MsoNormal> }<o:p></o:p></p></div><div><p class=MsoNormal> else<o:p></o:p></p></div><div><p class=MsoNormal> {<o:p></o:p></p></div><div><p class=MsoNormal> $var(orig_host) = "xxx.xxx.xxx.xxx";<o:p></o:p></p></div><div><p class=MsoNormal> }<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>So, my questions are:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>1. How do I change it so that the jitsi provisioning sends a specific xcap server URI for each domain rather than the external ip address of ngcp?<o:p></o:p></p></div><div><p class=MsoNormal>2. Would it perhaps be better to include the domain info in the xcap URI, for example <a href="https://%3cIP">https://<IP</a> Address>:1080/xcap?domain=XXXXXX and have nginx set the P-NGCP-XCAP-Host header from that? <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>My thinking is that option 2 would be better all around, because if we rely on the HTTP Host: being equal to the SIP/XCAP domain that gets difficult if we are using a top level domain name for SIP using DNS SRV but totally separate IPs for the A records for this domain. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>-Barry Flanagan<br><br><br><br><br><o:p></o:p></p></div></div></div></div></body></html>