Sip Message Authentication Example - AudioCodes Mediant 800B User Manual
Analog & digital voip media gateway
Hide thumbs
Also See for Mediant 800B:
- User manual (1338 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
User's Manual
18.3.1 SIP Message Authentication Example
The device supports basic and digest (MD5) authentication types, according to SIP RFC
3261 standard. A proxy server might require authentication before forwarding an INVITE
message. A Registrar/Proxy server may also require authentication for client registration. A
proxy replies to an unauthenticated INVITE with a 407 Proxy Authorization Required
response, containing a Proxy-Authenticate header with the form of the challenge. After
sending an ACK for the 407, the user agent can then re-send the INVITE with a Proxy-
Authorization header containing the credentials.
User agents, Redirect or Registrar servers typically use the SIP 401 Unauthorized
response to challenge authentication containing a WWW-Authenticate header, and expect
the re-INVITE to contain an Authorization header.
The following example shows the Digest Authentication procedure, including computation
of user agent credentials:
1.
The REGISTER request is sent to a Registrar/Proxy server for registration:
REGISTER sip:10.2.2.222 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.200
From: <sip: 122@10.1.1.200>;tag=1c17940
To: <sip: 122@10.1.1.200>
Call-ID: 634293194@10.1.1.200
User-Agent: Sip-Gateway/Mediant 800B Gateway and E-
SBC/v.6.60.010.006
CSeq: 1 REGISTER
Contact: sip:122@10.1.1.200:
Expires:3600
2.
Upon receipt of this request, the Registrar/Proxy returns a 401 Unauthorized
response:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.2.1.200
From: <sip:122@10.2.2.222 >;tag=1c17940
To: <sip:122@10.2.2.222 >
Call-ID: 634293194@10.1.1.200
Cseq: 1 REGISTER
Date: Mon, 30 Jul 2012 15:33:54 GMT
Server: Columbia-SIP-Server/1.17
Content-Length: 0
WWW-Authenticate: Digest realm="audiocodes.com",
nonce="11432d6bce58ddf02e3b5e1c77c010d2",
stale=FALSE,
algorithm=MD5
3.
According to the sub-header present in the WWW-Authenticate header, the correct
REGISTER request is created.
4.
Since the algorithm is MD5:
•
The username is equal to the endpoint phone number "122".
•
The realm return by the proxy is "audiocodes.com".
•
The password from the ini file is "AudioCodes".
•
The equation to be evaluated is "122:audiocodes.com:AudioCodes". According to
the RFC, this part is called A1.
•
The MD5 algorithm is run on this equation and stored for future usage.
•
The result is "a8f17d4b41ab8dab6c95d3c14e34a9e1".
5.
The par called A2 needs to be evaluated:
•
The method type is "REGISTER".
•
Using SIP protocol "sip".
•
Proxy IP from ini file is "10.2.2.222".
Version 6.8
287
Mediant 800B Gateway and E-SBC
18. SIP Definitions
Hide quick links:
Advertisement
Chapters
Table of Contents
