Kamailio integration with Sansay NSS

updated 2 mths ago

Integration

This integration guide explains the necessary steps to use Sansay NSS to obtain a SHAKEN PASSPorT and inject a SIP Identity header on your calls.

Kamailio Configuration

Kamailio is configured to make synchronous query NSS STI interface via REST. The returned Identity value is added to the egress INVITE. The configuration was performed in Kamailio 5.7.4 (x86_64/linux). This configuration works for ANI/DNIS formatted as: “+1NXXNXXXXXX”, “1NXXNXXXXXX” or “NXXNXXXXXX”. If another format is in use, the ANI/DNIS will have to be adjusted to match the previous formats.

Kamailio.cfg

Replace YOUR_NSS_IP-DOMAIN with your NSS IP or domain.

...

# If using TLS, this line must come after TLS is loaded

loadmodule "http_client.so"

...

# Set timeout to 2 seconds

modparam("http_client", "connection_timeout", 2)

# OPTIONAL - Use if the NSS doesn't have a CA-issued SSL cert installed in the REST interface

modparam("http_client", "verify_host", 0)

...

request_route {

...

        # Request to STI-AS

        if (is_method("INVITE")) {

                route(SANSAY_STI_AS);

        }

...

}

...

route[ SANSAY_STI_AS ] {

        # Extract ANI and DNIS from the SIP message

        $var(ani) = $fU;

        $var(dnis) = $tU;

        # Get Call-ID to use as X-RequestID

        $var(x_request_id) = $ci; # Using Call-ID as X-RequestID

        # Get the current timestamp

        $var(iat) = $Ts; # Get the current timestamp

        # HTTP POST variables

        $var(url) = "https://YOUR_NSS_IP-DOMAIN:3334/stir/v1/signing";

        $var(headers) = "Content-Type: application/json\n"

                        "Accept: application/json\n"

                        "X-RequestID: " + $var(x_request_id) ;

        $var(body) = "{\"signingRequest\":{\"orig\":{\"tn\":\"" + $var(ani) + "\"},"

                     "\"dest\":{\"tn\":[\"" + $var(dnis) + "\"]},"

                     "\"iat\":" + $var(iat) + "}}";

        # Log for debugging

        #xlog("L_INFO", "HTTP Request URL: $var(url)\n");

        #xlog("L_INFO", "HTTP Request Body: $var(body)\n");

        #xlog("L_INFO", "HTTP Request Headers: $var(headers)\n");

        # Send the HTTP POST request

        http_client_query("$var(url)", "$var(body)", "$var(headers)", "$var(json_data)");

        #xlog("L_INFO", "HTTP Response: $var(json_data)\n");

        if ($rc == "200") {

                # Extract identity value

                $var(remove) = "{\"signingResponse\":{\"identity\":\"";

                $var(remove1) = "\"}}";

                $var(identity_value) = $(var(json_data){s.rm,$var(remove)});

                $var(identity_value) = $(var(identity_value){s.rm,$var(remove1)});

                #xlog("L_INFO", "Identity: $var(identity_value)\n");

                # Add Identity to INVITE

                append_hf("Identity: $var(identity_value)\r\n", "Call-ID");

        }

}

...