On 10/20/15 8:37 AM, Tuxic Geek wrote:
Hello Anand,
You are totally right, although I have a confusion here about what proxy is
challenging me with the 407 response code?
I mean by the word proxy what does the server mean? Does it mean Media
Proxy?
It means sip proxy as defined in rfc3261. IOW, a middle box in the
signaling path between the UAC and UAS. In modern deployments this may
also include a B2BUA in the signaling path. This *might* be a media
proxy, but it might not touch the media.
The key difference is that you can only get challenged once by the UAS,
but you can receive challenges from any number of proxies on the path
for the same call. The way you would see this is:
- first a 407 response, realm 1.
- you retry, with credentials to satisfy the realm 1 challenge.
- you get another 407 challenge, realm 2.
- you retry, with credentials for realms 1 & 2.
- ...
- you get a 401 response, realm N.
- you retry, with credentials for realms 1, 2, ..., N.
If you don't include credentials for all the challenges you have
received, you can get locked into a retry loop and never succeed.
Obviously you want to query the user at most once per realm, so you need
to cache the credentials.
Thanks,
Paul
On Tue, Oct 20, 2015 at 9:14 AM, Anand Konji <abko...@gmail.com> wrote:
Hi Harshith,
The 401 (Unauthorized) response message is used by an origin server to
challenge the authorization of a user agent.
401 response MUST include a WWW-Authenticate header field containing at
least one challenge applicable to the requested resource.
The 407 (Proxy Authentication Required) response message is used by a proxy
to challenge the authorization of a client and MUST include a
Proxy-Authenticate header field containing at least one challenge
applicable to the proxy for the requested resource.
Sent from Nexus 6,
Anand Konji
On 20-Oct-2015 12:35 PM, "Harshith Mulky" <harshith.mu...@outlook.com>
wrote:
What is the difference between a SIP 401 Unauthorized and SIP 407 Proxy
Authentication Required?
I assumed SIP 401 is for REGISTER messages and SIP 407 was for INVITE
message challenging
Am i correct?
Thanks
Harshith
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
