But as per Section 3.3 flow of RFC 3665, second 407 contains only one Proxy-authenticate header and not two headers, so how will UA know that he has to send two Proxy-Authorization headers in INVITE message.
Am I missing something? "Attila Sipos" <[EMAIL PROTECTED]> 01/24/2007 05:26 PM To Udit Goyal/C/IN/[EMAIL PROTECTED], "SIP Implementors" <[email protected]> cc Subject RE: [Sip-implementors] Regarding authentication yes, you can have multiple Proxy-Authenticate headers. You might be able to store the response provided the challenge hasn't changed. I'm not sure. But you could definitely just recalculate both authentication responses (so you wouldn't have to store anything). For the user being challenged you'd just have separate passwords for each realm ( I assume the Proxy-Authenticate headers would have different realms) Regards, Attila -----Original Message----- From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Wed 24/01/2007 19:51 To: SIP Implementors Cc: Subject: [Sip-implementors] Regarding authentication Hi, Can UAC receive 407 response with multiple Proxy-authenticate headers? As per RFC 3665 Section 3.3. flow, for multiple proxy authentication flow, when proxy 2 challenges the request, proxy 1 sends 407 back to UAC with only one Proxy-authenticate header containing the challenge of only proxy 2. Is it responsibility of UAC to store the previous Proxy-Authorization that it sent to proxy 1, and when it receives 407 again from proxy1 with different challenge, sends the collated invite with both authorization headers. Regards, Udit _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
