<div dir="ltr">On 17 May 2013 12:51, Oliver Vermeulen <span dir="ltr"><<a href="mailto:oliver@oliverv.com" target="_blank">oliver@oliverv.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Change authentication to username@sipdomain and passwd , provisioning put only username and password.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u></span></p></div></div></blockquote><div><br></div><div style>I'm not sure what you mean. Change which? Provisioning credentials in Jitsi are currently user@domain. SIP authentication is working fine. It is only xcap auth which fails.</div>
<div style><br></div><div style>-Barry</div><div style><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">That worked for me.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:spce-user-bounces@lists.sipwise.com" target="_blank">spce-user-bounces@lists.sipwise.com</a> [mailto:<a href="mailto:spce-user-bounces@lists.sipwise.com" target="_blank">spce-user-bounces@lists.sipwise.com</a>] <b>On Behalf Of </b>Barry Flanagan<br>
<b>Sent:</b> Friday, May 17, 2013 12:09 PM<br><b>To:</b> <a href="mailto:spce-user@lists.sipwise.com" target="_blank">spce-user@lists.sipwise.com</a><br><b>Subject:</b> [Spce-user] xcap authentication issue with jitsi auto provisinoing<u></u><u></u></span></p>
<div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><p class="MsoNormal">Hi<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">I am playing^h^h^h testing the Jitsi client with auto provisioning and have an issue with xcap authentication failing.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">What is happening is that the xcap auth is looking for the username but with a domain of the external IP address of ngcp instead of the actual domain the user is in.<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">For example, the SQL query getting sent is<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">
"select password,domain,uuid from subscriber where username='XXXXXXXXXX' AND domain='xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx is the external IP of ngcp.<u></u><u></u></p></div><div><p class="MsoNormal">
<u></u> <u></u></p></div><div><p class="MsoNormal">I can see that this is happening for the following reason:<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">1. The Jitsi xcap server URI is being set as <a href="https://%3cNGCP" target="_blank">https://<NGCP</a> External IP Address>:1080/xcap<u></u><u></u></p>
</div><div><p class="MsoNormal">2. nginx proxy passes the host part of the xcap request to the proxy in the P-NGCP-XCAP-Host header<u></u><u></u></p></div><div><p class="MsoNormal">3. impresence.cfg contains the following:<u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><div><p class="MsoNormal"> if(is_present_hf("P-NGCP-XCAP-Host"))<u></u><u></u></p></div><div><p class="MsoNormal"> {<u></u><u></u></p></div><div>
<p class="MsoNormal"> $var(orig_host) = $hdr(P-NGCP-XCAP-Host);<u></u><u></u></p></div><div><p class="MsoNormal"> }<u></u><u></u></p></div><div><p class="MsoNormal"> else<u></u><u></u></p></div><div><p class="MsoNormal">
{<u></u><u></u></p></div><div><p class="MsoNormal"> $var(orig_host) = "xxx.xxx.xxx.xxx";<u></u><u></u></p></div><div><p class="MsoNormal"> }<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">So, my questions are:<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">1. How do I change it so that the jitsi provisioning sends a specific xcap server URI for each domain rather than the external ip address of ngcp?<u></u><u></u></p>
</div><div><p class="MsoNormal">2. Would it perhaps be better to include the domain info in the xcap URI, for example <a href="https://%3cIP" target="_blank">https://<IP</a> Address>:1080/xcap?domain=XXXXXX and have nginx set the P-NGCP-XCAP-Host header from that? <u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">My thinking is that option 2 would be better all around, because if we rely on the HTTP Host: being equal to the SIP/XCAP domain that gets difficult if we are using a top level domain name for SIP using DNS SRV but totally separate IPs for the A records for this domain. <u></u><u></u></p>
</div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal" style="margin-bottom:12.0pt">-Barry Flanagan<br><br><br><br><br><u></u><u></u></p></div></div></div></div></div></div></div></blockquote>
</div>
<br></div></div>