Sip Message Authentication Example - AudioCodes E-SBC User Manual

CHAPTER 20 SIP Definitions
■ Click Un-Register button to un-register.
Instead of registering the entire device, you can register specific entities as listed below by using
the Register button located on the page in which these entities are configured:
■ FXS endpoints, FXO endpoints, BRI endpoints, Trunk Groups - Trunk Group table (see
Configuring Trunk
■ Accounts - Accounts table (see

SIP Message Authentication Example

The device supports basic and digest (MD5) authentication types, according to SIP RFC 3261. A
proxy server might require authentication before forwarding an INVITE message. A Registrar/Proxy
server may also require authentication for client registration. A proxy replies to an unauthenticated
INVITE with a 407 Proxy Authorization Required response, containing a Proxy-Authenticate header
with the form of the challenge. After sending an ACK for the 407, the user agent can then re-send
the INVITE with a Proxy-Authorization header containing the credentials.
User agents, Redirect or Registrar servers typically use the SIP 401 Unauthorized response to
challenge authentication containing a WWW-Authenticate header, and expect the re-INVITE to
contain an Authorization header.
The following example shows the Digest Authentication procedure, including computation of user
agent credentials:
1. The REGISTER request is sent to a Registrar/Proxy server for registration:
REGISTER sip:10.2.2.222 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.200
From: <sip: 122@10.1.1.200>;tag=1c17940
To: <sip: 122@10.1.1.200>
Call-ID: 634293194@10.1.1.200
CSeq: 1 REGISTER
Contact: sip:122@10.1.1.200:
Expires:3600
2. Upon receipt of this request, the Registrar/Proxy returns a 401 Unauthorized response:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.2.1.200
From: <sip:122@10.2.2.222 >;tag=1c17940
To: <sip:122@10.2.2.222 >
Call-ID: 634293194@10.1.1.200
Cseq: 1 REGISTER
Date: Mon, 30 Jul 2012 15:33:54 GMT
Server: Columbia-SIP-Server/1.17
Content-Length: 0
WWW-Authenticate: Digest realm="AudioCodes.com",
nonce="11432d6bce58ddf02e3b5e1c77c010d2",
stale=FALSE,
algorithm=MD5
3. According to the sub-header present in the WWW-Authenticate header, the correct
REGISTER request is created.
4. Since the algorithm is MD5:
● The username is equal to the endpoint phone number "122".
Groups)
Configuring Registration
- 470 -
Mediant 1000 Gateway & E-SBC | User's Manual
Accounts)