[Spce-user] xcap authentication issue with jitsi auto provisinoing

Barry Flanagan barry at flanagan.ie
Fri May 17 06:08:42 EDT 2013


Hi

I am playing^h^h^h testing the Jitsi client with auto provisioning and have
an issue with xcap authentication failing.

What is happening is that the xcap auth is looking for the username but
with a domain of the external IP address of ngcp instead of the actual
domain the user is in.

For example, the SQL query getting sent is

"select password,domain,uuid from subscriber where username='XXXXXXXXXX'
AND domain='xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx is the external IP of
ngcp.

I can see that this is happening for the following reason:

1. The Jitsi xcap server URI is being set as https://<NGCP External IP
Address>:1080/xcap
2. nginx proxy passes the host part of the xcap request to the proxy in
the P-NGCP-XCAP-Host header
3. impresence.cfg contains the following:

    if(is_present_hf("P-NGCP-XCAP-Host"))
    {
        $var(orig_host) = $hdr(P-NGCP-XCAP-Host);
    }
    else
    {
        $var(orig_host) = "xxx.xxx.xxx.xxx";
    }


So, my questions are:

1. How do I change it so that the jitsi provisioning sends a specific xcap
server URI for each domain rather than the external ip address of ngcp?
2. Would it perhaps be better to include the domain info in the xcap URI,
for example https://<IP Address>:1080/xcap?domain=XXXXXX and have nginx set
the P-NGCP-XCAP-Host header from that?

My thinking is that option 2 would be better all around, because if we rely
on the HTTP Host: being equal to the SIP/XCAP domain that gets difficult if
we are using a top level domain name for SIP using DNS SRV but totally
separate IPs for the A records for this domain.

-Barry Flanagan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20130517/0c11a455/attachment.html>


More information about the Spce-user mailing list