Sip authentication example, 12 sip authentication example – Nortel Networks Mediant TP-1610 SIP User Manual

Page 156

Advertising
background image

Mediant 2000 SIP

Mediant 2000 SIP User’s Manual

156

Document #: LTRT-72504

8.12 SIP Authentication Example

Mediant 2000 gateway supports basic and digest authentication types, according to SIP RFC
3261 standard. A proxy server might require authentication before forwarding an INVITE
message. A Registrar/Proxy server may also require authentication for client registration. A proxy
replies to an unauthenticated INVITE with a 407 Proxy Authorization Required response,
containing a Proxy-Authenticate header with the form of the challenge. After sending an ACK for
the 407, the User Agent can then resend the INVITE with a Proxy-Authorization header
containing the credentials.
User Agent, Redirect or Registrar servers typically use 401 Unauthorized responses to challenge
authentication containing a WWW-Authenticate header, and expect the re-INVITE to contain an
Authorization header.
The following example describes the Digest Authentication procedure including computation of
User Agent credentials.
The REGISTER request is sent to Registrar/Proxy server for registration, as follows:

REGISTER sip:10.2.2.222 SIP/2.0

Via: SIP/2.0/UDP 10.1.1.200

From: <sip: [email protected]>;tag=1c17940

To: <sip: [email protected]>

Call-ID: [email protected]

User-Agent: Audiocodes-Sip-Gateway/TrunkPack 1610/v.4.20.299.412

CSeq: 1 REGISTER

Contact: sip:[email protected]:

Expires:3600

On receiving this request the Registrar/Proxy returns 401 Unauthorized response.

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 10.2.1.200

From: <sip:[email protected] >;tag=1c17940

To: <sip:[email protected] >

Call-ID: [email protected]

Cseq: 1 REGISTER

Date: Mon, 30 Jul 2001 15:33:54 GMT

Server: Columbia-SIP-Server/1.17

Content-Length: 0

WWW-Authenticate: Digest realm="audiocodes.com",

nonce="11432d6bce58ddf02e3b5e1c77c010d2",

stale=FALSE,

algorithm=MD5

According to the sub-header present in the WWW-Authenticate header the correct REGISTER
request is formed.

Since the algorithm used is MD5, take:
The username from the ini file: M2K-AudioCodes
The realm return by the proxy: audiocodes.com
The password from the ini file: AudioCodes.
The equation to be evaluated: (according to RFC this part is called A1).

“M2K-AudioCodes:audiocodes.com:AudioCodes”.

The MD5 algorithm is run on this equation and stored for future usage.
The result is: “a8f17d4b41ab8dab6c95d3c14e34a9e1”
Next we need to evaluate the par called A2. We take:
The method type “REGISTER”

Advertising
Popular Brands
Popular manuals