Is the database shared? If so maybe when they authenticate add a secure token to the header that the second proxy can use for auth?
Just a suggestion not sure if its the answer your looking for or perhaps I didn't understand the scenario well enough. On Nov 19, 2012 7:53 AM, "Andreas Granig" <agra...@sipwise.com> wrote: > Hi, > > There are lots of parameters controlling the creation of nonce values on > a server, and I'm curious if there is a way to kind of "sync" them > between servers. > > The use case would be to have a UA send for example its registration to > Proxy1. Proxy1 would challenge it, UA will send the registration again, > this time with credentials. Proxy1 would look up the user based on > $au/$ar in the subscriber table, and if it's not found, will look up the > responsible proxy from another table (with key being $au@$ar), forward > it to Proxy2, which then would be able authenticate the user. > > The reason for this is that the auth credentials are unique across all > servers and reliably identify a user, whereas for example From could be > something else (e.g. in case of an IP-PBX sending a CLI in the > From-userpart). > > Challenging the user on the second proxy again would theoretically be > possible, but if the UA gets a 401 twice (once from Proxy1, once from > Proxy2), it'll most likely pop up a password form for soft-clients, so I > want to avoid that. > > Any ideas how to accomplish that? > > Andreas > > > > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users > >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users