| Oracle® Communications Instant Messaging Server System Administrator's Guide Release 9.0.2 E52523-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Communications Instant Messaging Server System Administrator's Guide Release 9.0.2 E52523-01 |
|
|
PDF · Mobi · ePub |
This chapter describes the Oracle Communications Instant Messaging Server 9 SIP/SIMPLE gateway.
Instant Messaging Server 9 implements a SIP/SIMPLE (Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions/Session Initiation Protocol) gateway. The gateway enables federation (inter-domain) and translation between the two protocols, and interoperation between XMPP and SIP/SIMPLE servers (for example, OpenSER).
The Instant Messaging Server SIP gateway enables:
Users to subscribe to the presence of contacts on an external SIP/SIMPLE network
Messaging between users on the Instant Messaging server and their contacts on an external SIP/SIMPLE network
Enforces the privacy preferences of the XMPP Instant Messaging Server users
Enabling of SIP/SIMPLE federation is optional. You can choose a particular set of SIP domains for which federation is allowed or you can enable open federation. If both XMPP and SIP open federation are enabled, and a domain has both XMPP and SIP servers, XMPP federation is the preferred option. You can also choose to blacklist certain domains from open federation. For more information, see "Configuring Federated Communication Between Instant Messaging Servers" and "To Configure Instant Messaging Server for the SIP Gateway".
Currently, the Instant Messaging Server SIP gateway does not support:
File transfer between SIP and XMPP clients (users)
Group chat (text conferencing)
Audio/video chat
Instant Messaging Server can also provide server-to-server federation support between any standard XMPP server and the SIP/SIMPLE Federation Service Gateway. The Instant Messaging Server SIP Gateway uses either Jabber Component Protocol or Server-to-Server federation for interoperability. The Jabber Component Protocol is only supported with Instant Messaging server. For any other third-party XMPP server, you must configure the Server to Server federation option.
You can enable server-to-server federation between any standard XMPP server and the SIP Gateway in the following configurations:
Plain Text and Dialback, also known as Verified Federation
A server accepts a connection from a peer only after the identity of the peer has been weakly verified through Dialback, based on information obtained from the Domain Name System (DNS) and verification keys exchanged in-band over XMPP. However, the connection is not encrypted. The use of identity verification effectively prevents domain spoofing, but federation requires proper DNS setup and is still subject to DNS poisoning attacks.
TLS and Dialback, if self signed certificates are provided, also known as Encrypted Federation
A server accepts a connection from a peer only if the peer supports Transport Layer Security (TLS) and the peer presents a digital certificate. However, the certificate may be self-signed, in which case mutual authentication is typically not possible. Therefore, after STARTTLS negotiation the parties proceed to weakly verify identity using Dialback. This combination results in an encrypted connection with weak identity verification.
TLS, also known as Trusted Federation
A server accepts a connection from a peer only if the peer supports TLS and the peer presents a digital certificate issued by a trusted root certification authority (CA). The list of trusted root CAs is determined by local service policy, as is the level of trust accorded to various types of certificates (for example, Class 1, Class 2, or Class 3). The use of trusted domain certificates effectively prevents DNS poisoning attacks but makes federation more difficult as typically such certificates are not easy to obtain.
Figure 19-1 shows the SIP gateway architecture.
This figure shows that the SIP Federation Service is implemented as a SIP servlet, deployed within the Oracle Communications Converged Application Server. XMPP server users are able to exchange presence and chats with SIP users over the XMPP protocol (by way of the SIP gateway), while SIP users do the same over the SIP/SIMPLE protocol through the SIP/SIMPLE server. The SIP gateway uses either Jabber Component Protocol or Server-to-Server Federation to communicate with the XMPP server. For Server-to-Server federation, you must configure DNS SRV records for both XMPP and SIP domains. The SIP gateway converts SIMPLE requests to the appropriate XMPP format and sends them to the XMPP server over either component or federated connection. SIMPLE requests are acknowledged and responded to appropriately by using the SIP servlet API. Similarly, the SIP gateway converts XMPP requests or responses received from the XMPP server to the appropriate SIMPLE requests and then sends them to the SIMPLE clients. The SIP gateway maintains both SIMPLE and XMPP user subscription states. The SIP gateway needs to interact with the XMPP server to authorize presence subscriptions and obtain SIP user presence notifications.
This section contains the following topics:
You need the following components to configure and use the SIP Gateway:
Instant Messaging Server 9.0.2.6 or any standard XMPP instant messaging server
Oracle Communications Converged Application Server 5.1
XMPP capable client, such as Pidgin
SIP/SIMPLE capable client, such as Jitsi
XMPP and SIP domains federating with each other must be resolvable to the respective XMPP and SIP hosts through DNS Service records (SRV records) for communication to work between them.
When using the SIP Sateway in federation mode, you must ensure that the XMPP domain SRV record points to the SIP Gateway host for the SIP network, and that the SIP domain SRV record points to the SIP Gateway host for XMPP network.
This section contains the following topics:
Perform the following steps on the Instant Messaging Server host:
Install and configure Instant Messaging Server. For information, see Instant Messaging Server Installation and Configuration Guide.
Enable open federation by running the following command:
/opt/sun/comms/im/sbin/imconfutil set-prop -c /opt/sun/comms/im/config/iim.conf.xml iim_server.federation.policy=OPEN
Create a SIP WAR file by running the following command:
/opt/sun/comms/im/sbin/create_sip_war -c component -h coms-121.example.com -p 5269 -j sip.coms-121.example.com -t true -o imfed.war
When prompted, enter the password.
Add the SIP component by running the following command:
/opt/sun/comms/im/sbin/imconfutil add-component -c /opt/sun/comms/im/config/iim.conf.xml id=fed jid=sip.coms-121.example.com password=password
Note:
Even though SIP Gateway support in component mode exists beginning with Instant Messaging Server 9, these steps are specific to Instant Messaging Server 9.0.2.6.0. For Instant Messaging Server 9 and 9.0.1.4, see Configuring the SIP Gateway with Oracle Communications Instant Messaging Server 9, at:https://wikis.oracle.com/display/CommSuite/Configuring+the+SIP+Gateway+with+Instant+Messaging+9
Starting with Instant Messaging Server 9.0.2.6, you can configure server-to-server federation support between any standard XMPP server and a SIP/SIMPLE Federation Service Gateway.
Before you can configure Instant Messaging Server for the SIP Gateway using TLS, you must first create an SSL certificate. For more information, see the topic on setting up TLS in Instant Messaging Server Security Guide.
Note:
The Instant Messaging Server 9.0.2.6 SIP Gateway supports XMPP federation with single XMPP and SIP domains.This section contains the following topics:
Use the create_sip_war command to create the WAR file:
create_sip_war -c s2s -h xmppserver.domainname -j sipserver.domainname -t true -k /tmp/trust.jks -f /tmp/sslpassword.conf -o imfed.war
In this command:
-k specifies the path to the keystore file.
-f specifies the path to the file that contains the password for the keystore.
Create a default configuration file, if it does not already exist.
create_sip_war -c s2s -h xmppserver.domainname -j sipserver.domainname -t true -k /tmp/trust.jks -f /tmp/sslpassword.conf -o imfed.war
If you are using a self-signed certificate for the SIP Gateway, set the iim_server.trust_all_cert option to true.
imconfutil -c ../config/iim.conf.xml set-prop iim_server.trust_all_cert='true'
Regenerate the WAR file.
create_sip_war -c s2s -h xmppserver.domainname -j sipserver.domainname -t true -k /tmp/trust.jks -f /tmp/sslpassword.conf -o imfed.war
When prompted, enter the dialback secret.
Use the create_sip_war command to create the WAR file:
create_sip_war -c s2s -h xmppserver.domainname -j sipserver.domainname -t false -o imfed.war
When prompted, enter the dialback secret.
To change the log level or log location of the imfed.log file, edit the /opt/sun/comms/im/lib/log4j-sip.conf file.
Make the necessary changes.
Redeploy the WAR file.
Perform the following steps on the Oracle Communications Converged Application Server host:
Set up Oracle Communications Converged Application Server in basic domain mode. For more information, see Converged Application Server Documentation at:
Deploy the SIP WAR file generated in the preceding procedure, "To Configure Instant Messaging Server for the SIP Gateway".
Restart XMPP server.
If you are using Instant Messaging Server for federation, run the following command:
imadmin start
Restart the Oracle Communications Converged Application Server. See Starting and Stopping Servers:
http://docs.oracle.com/cd/E17645_01/doc.50/e17647/opg_starting.htm#CHDHDCFB
After restarting the Oracle Communications Converged Application Server, you must enable DNS lookup in the SipServer General setting page.
On the SIP host, make sure that you have configured XML Configuration Access Protocol (XCAP) and created users.
On the Instant Messaging server, log in an XMPP user.
On the SIP host, log in a SIP user by using SIP Communicator.
Verify that the SIP user is able to add the XMPP user and vice-versa. The two users should be able to chat with each other and see each other's presence.
When troubleshooting the SIP gateway, make use of the SIP Federator's log file, imfed.log. You set the location of the imfed.log file before generating the WAR file. By default, the file resides in the /tmp directory.
XMPP and SIP domains federating with each other must be resolvable to the respective XMPP and SIP hosts through DNS Service records (SRV records) for communication to work between them. See "Configuring DNS for XMPP Federation" and "Configuring DNS for SIP Federation" for more information.
|
 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|