[Spce-user] xcap authentication issue with jitsi auto provisinoing

Oliver Vermeulen oliver at oliverv.com
Fri May 17 07:51:50 EDT 2013 

Change authentication to username at sipdomain and passwd , provisioning put only username and password.

 

That worked for me.

 

 

From: spce-user-bounces at lists.sipwise.com [mailto:spce-user-bounces at lists.sipwise.com] On Behalf Of Barry Flanagan
Sent: Friday, May 17, 2013 12:09 PM
To: spce-user at lists.sipwise.com
Subject: [Spce-user] xcap authentication issue with jitsi auto provisinoing

 

Hi

 

I am playing^h^h^h testing the Jitsi client with auto provisioning and have an issue with xcap authentication failing.

 

What is happening is that the xcap auth is looking for the username but with a domain of the external IP address of ngcp instead of the actual domain the user is in.

 

For example, the SQL query getting sent is

 

"select password,domain,uuid from subscriber where username='XXXXXXXXXX' AND domain='xxx.xxx.xxx.xxx" where xxx.xxx.xxx.xxx is the external IP of ngcp.

 

I can see that this is happening for the following reason:

 

1. The Jitsi xcap server URI is being set as https:// <https://%3cNGCP> <NGCP External IP Address>:1080/xcap

2. nginx proxy passes the host part of the xcap request to the proxy in the P-NGCP-XCAP-Host header

3. impresence.cfg contains the following:

 

    if(is_present_hf("P-NGCP-XCAP-Host"))

    {

        $var(orig_host) = $hdr(P-NGCP-XCAP-Host);

    }

    else

    {

        $var(orig_host) = "xxx.xxx.xxx.xxx";

    }

 

 

So, my questions are:

 

1. How do I change it so that the jitsi provisioning sends a specific xcap server URI for each domain rather than the external ip address of ngcp?

2. Would it perhaps be better to include the domain info in the xcap URI, for example https:// <https://%3cIP> <IP Address>:1080/xcap?domain=XXXXXX and have nginx set the P-NGCP-XCAP-Host header from that? 

 

My thinking is that option 2 would be better all around, because if we rely on the HTTP Host: being equal to the SIP/XCAP domain that gets difficult if we are using a top level domain name for SIP using DNS SRV but totally separate IPs for the A records for this domain. 

 

-Barry Flanagan






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20130517/974549b6/attachment-0001.html>

More information about the Spce-user mailing list