CHAPTER30 SBC Overview
Mediant 1000 Gateway & E-SBC | User's Manual
5. The RADIUS server verifies the client's credentials and sends an Access-Accept (or Access-
Reject) response to the device.
6. The device accepts the SIP client's request (sends a SIP 200 OK or forwards the
authenticated request) or rejects it (sends another SIP 407 to the SIP client).
To configure this feature, set the SBCServerAuthMode ini file parameter to 2.
OAuth2-based User Authentication
The device supports the OAuth 2.0 authentication protocol (RFC 7662 and Internet Draft "draft-ietf-
sipcore- sip- authn-02"), allowing it to authenticate any specified incoming SIP request (e.g.,
REGISTER and INVITE) with a third-party OAuth Authorization server over HTTP/S.
OAuth-based authentication is applicable only to the SBC application.
OAuth authorization consists of the following main stages:
1. (This stage does not involve the device.) The client application requires an OAuth Access
Token for the user. There are multiple schemes to do this. For example, it may use the
Authorization Code method, whereby the client application refers the user to the OAuth
Authorization server to request an Authorization Code. The client application then uses the
received Authorization Code to request an Access Token (and a Refresh Token) for the user
from the Authorization server.
2. When the user wants to register with the device or make a call, the client application (e.g., Web
browser for the WebRTC application) through which the user communicates with the device,
sends a SIP REGISTER or INVITE request that includes the user's Access Token in the SIP
Authorization header ("Bearer" value), as shown in the following REGISTER message
example:
REGISTER sip:server.com SIP/2.0
Via: SIP/2.0/WSS 9rihbeck4vat.invalid;branch=z9hG4bK2426139
Max-Forwards: 69
To: <sip:alice@example.com>
From: "alice" <sip:alice@example.com>;tag=mstg4hpof6
Call-ID: 0il6hahess4ndc1pdlleqj
CSeq: 1 REGISTER
Authorization: Bearer
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJUdDl1TF9Ya0hSampFR2N
UZFRlYXZ0dmxTc0pXYWplRHhIR1MzLXlVazhZIn0.eyJqdGkiOiIwOTgzOGNhZi1m
YTg0LTRjNzQtODkyMi1kNDQzNzI3ZjYzNTYiLCJleHAiOjE1MzI1MTI1NTAsIm5iZiI
6MCwiaWF0IjoxNTMyNTExOTUwLCJpc3MiOiJodHRwczovL3dlYnJ0Y29hdXRoLm
F1ZGlvY29kZXMuY29tL2F1dGgvcmVhbG1zL2RlbW8iLCJhdWQiOiJXZWJSVENEZ
W1vIiwic3ViIjoiMjQxZjlkNWEtMzhhNC00Y2Q1LTlhOWItYzBhYjIxNzJkZDZiIiwidHl
wIjoiQmVhcmVyIiwiYXpwIjoiV2ViUlRDRGVtbyIsIm5vbmNlIjoiMDEyMjg4ZmQtMzA
yNy00OWU3LTgyZGEtYTIxMGE1MzZkNmUyIiwiYXV0aF90aW1lIjoxNTMyNTExOT
Q5LCJzZXNzaW9uX3N0YXRlIjoiNTY1MjBkZjItMzUyMy00NjNhLWExY2ItMTgzMz
A5YzlhNzBjIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyIqIl0sInJlYWxtX2FjY
2VzcyI6eyJyb2xlcyI6WyJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNj
ZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2U
tYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sIm5hbWUiOiJIYWlmYTEgV
XNlcjEiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJoYWlmYXVzZXIxIiwiZ2l2ZW5fbm
FtZSI6IkhhaWZhMSIsImZhbWlseV9uYW1lIjoiVXNlcjEiLCJlbWFpbCI6ImhhaWZhdX
NlcjFAZXhhbXBsZS5jb20ifQ.aDoFsyt-KGN3kHkT7IZvHya0kf03xrfFzOBGgz_
- 741 -
To Next Page
Loading...
Need help?
General
