[Spce-user] xcap authentication issue with jitsi auto provisinoing

Barry Flanagan barry at flanagan.ie
Wed May 22 08:06:35 EDT 2013


Hi Barry,

>
> An update has been pushed to 2.8, you might want to try again the
> auto-provisioning. Again, the restriction still applies that if you've an
> SRV record behind your SIP domain, it will still not work, as Jitsi doesn't
> do SRV for XCAP URIs. Should work in most other cases now though.
>
>
Thanks Andreas. We do use SRV so it won't do anything for me at present.
For testing I have just set the auth_db use_domain parameter to 0 in the
proxy as usernames are unique anyway.

-Barry

Andreas
>
>
> On 05/22/2013 12:53 PM, Andreas Granig wrote:
>
>> Hi,
>>
>> On 05/17/2013 02:03 PM, Barry Flanagan wrote:
>>
>>> On 17 May 2013 12:51, Oliver Vermeulen <oliver at oliverv.com
>>> <mailto:oliver at oliverv.com>> wrote:
>>>
>>>     Change authentication to username at sipdomain and passwd ,
>>>     provisioning put only username and password.____
>>>
>>>     __
>>>
>>>
>>> I'm not sure what you mean. Change which? Provisioning credentials in
>>> Jitsi are currently user at domain. SIP authentication is working fine. It
>>> is only xcap auth which fails.
>>>
>>
>> The problem with the Jitsi auto-provisioning and XCAP is that it
>> currently uses the IP of the load-balancer as host part of the URL,
>> instead of the SIP domain of the user.
>>
>> What you can try is making a csc.conf.customtt.tt2 in
>> /etc/ngcp-config/templates/**etc/ngcp-www-csc/ and change the "host" to
>> the SIP domain you're using. A more flexible way is to modify
>> /usr/share/perl5/Sipwise/**JitsiProvisioning.pm and change this line:
>>
>>    my $xcap_ip = $cfg->{uaprovisioning}->{xcap}**->{host};
>>
>> to something like
>>
>>     my $xcap_ip = $domain;
>>
>> The problem with that approach is that it only works if the domain part
>> of your SIP URI resolves to your CE IP in an A or AAAA record and
>> doesn't point to a different host via SRV (e.g. your SIP domain is
>> sip.example.org, and this resolves to the IP of the CE, instead of
>> having an SRV record sip.example.org resolving to something else like
>> ce.sip.example.org, because Jitsi doesn't do an SRV lookup for the XCAP
>> host).
>>
>> In any case, the second approach should work quite well in cases without
>> SRV. We're going to push a fix for that in the next days.
>>
>> Andreas
>>
>>
>>
>> ______________________________**_________________
>> Spce-user mailing list
>> Spce-user at lists.sipwise.com
>> http://lists.sipwise.com/**listinfo/spce-user<http://lists.sipwise.com/listinfo/spce-user>
>>
>
> ______________________________**_________________
> Spce-user mailing list
> Spce-user at lists.sipwise.com
> http://lists.sipwise.com/**listinfo/spce-user<http://lists.sipwise.com/listinfo/spce-user>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20130522/7b72d138/attachment-0001.html>


More information about the Spce-user mailing list