EasyManua.ls Logo

AudioCodes mediapack MP-500

AudioCodes mediapack MP-500
574 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
SIP User's Manual 530 Document #: LTRT-12801
MP-500 MSBG
9.17 SIP Authentication Example
The device supports basic and digest (MD5) authentication types, according to SIP RFC
3261 standard. A proxy server might require authentication before forwarding an INVITE
message. A Registrar/Proxy server may also require authentication for client registration. A
proxy replies to an unauthenticated INVITE with a 407 Proxy Authorization Required
response, containing a Proxy-Authenticate header with the form of the challenge. After
sending an ACK for the 407, the user agent can then resend the INVITE with a Proxy-
Authorization header containing the credentials.
User agent, redirect or registrar servers typically use 401 Unauthorized response to
challenge authentication containing a WWW-Authenticate header, and expect the re-
INVITE to contain an Authorization header.
The following example describes the Digest Authentication procedure, including
computation of user agent credentials:
1. The REGISTER request is sent to Registrar/Proxy server for registration, as follows:
REGISTER sip:10.2.2.222 SIP/2.0
Via: SIP/2.0/UDP 10.1.1.200
From: <sip: 122@10.1.1.200>;tag=1c17940
To: <sip: 122@10.1.1.200>
Call-ID: 634293194@10.1.1.200
User-Agent: Audiocodes-Sip-Gateway/MP-500 MSBG/v.5.40.010.006
CSeq: 1 REGISTER
Contact: sip:122@10.1.1.200:
Expires:3600
2. Upon receipt of this request, the Registrar/Proxy returns 401 Unauthorized response.
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.2.1.200
From: <sip:122@10.2.2.222 >;tag=1c17940
To: <sip:122@10.2.2.222 >
Call-ID: 634293194@10.1.1.200
Cseq: 1 REGISTER
Date: Mon, 30 Jul 2001 15:33:54 GMT
Server: Columbia-SIP-Server/1.17
Content-Length: 0
WWW-Authenticate: Digest realm="audiocodes.com",
nonce="11432d6bce58ddf02e3b5e1c77c010d2",
stale=FALSE,
algorithm=MD5
3. According to the sub-header present in the WWW-Authenticate header, the correct
REGISTER request is formed.
4. Since the algorithm is MD5, then:
The username is equal to the endpoint phone number 122.
The realm return by the proxy is audiocodes.com.
The password from the ini file is AudioCodes.
The equation to be evaluated is (according to RFC this part is called A1)
‘122:audiocodes.com:AudioCodes’.
The MD5 algorithm is run on this equation and stored for future usage.
The result is ‘a8f17d4b41ab8dab6c95d3c14e34a9e1’.

Table of Contents

Related product manuals