SIP Authentication

From TBwiki
(Difference between revisions)
Jump to: navigation, search
(Configuration)
(TelcoBridges and SIP Authentication)
Line 12: Line 12:
 
* TDM to IP calls (Tmedia)
 
* TDM to IP calls (Tmedia)
  
=== FreeSBC/ProSBC ===
+
=== Tmedia/FreeSBC/ProSBC ===
 
In the case of IP to IP calls, the challenge messages are forwarded between the SIP device and authentication server.  
 
In the case of IP to IP calls, the challenge messages are forwarded between the SIP device and authentication server.  
  
Line 26: Line 26:
 
By default, TelcoBridges' products will forward authentication challenge messages for INVITE, BYE, REGISTER messages (see [[Sip registration forwarding|Sip registration forwarding]]), etc.
 
By default, TelcoBridges' products will forward authentication challenge messages for INVITE, BYE, REGISTER messages (see [[Sip registration forwarding|Sip registration forwarding]]), etc.
  
=== Tmedia ===
+
=== Tmedia/FreeSBC/ProSBC ===
 
In the case of TDM to IP calls, the tmedia needs to respond to the authentication challenge message.
 
In the case of TDM to IP calls, the tmedia needs to respond to the authentication challenge message.
  

Revision as of 03:56, 26 March 2020

SIP Authentication is a stateless challenge-based mechanism which ensures user's identity. Authentication challenge can be asked commonly for Invite and Bye methods. This means that anyone receiving an INVITE message can force the sender to prove his or her identity before the message is processed. In fact, SIP authentication is not limited to these two messages type. Any SIP method (the proper name for a SIP message) can be challenged by the recipient.

Contents

WWW (401 Unauthorized) or proxy-auth (407 Proxy Authentication)?

  • When authenticating to the server that will deliver a service, a www-authentication header should be used. The 401 (Unauthorized) response message is used by an origin server to challenge the authorization of a user agent.
  • When authenticating to a server that will proxy the request to the endpoint, proxy-authentication should be used. The 407 (Proxy Authentication Required) response message is used by a proxy to challenge the authorization of a client.
  • In _one_ transaction, both www_authentication and proxy_authentication can be used
  • Normally, messages like INVITE and BYE will receive 407 responses and REGISTER and SUBSCRIBE will receive 401 responses.

TelcoBridges and SIP Authentication

TelcoBridges can handle SIP Authentication differently according to your network.

  • IP to IP calls (FreeSBC/ProSBC)
  • TDM to IP calls (Tmedia)

Tmedia/FreeSBC/ProSBC

In the case of IP to IP calls, the challenge messages are forwarded between the SIP device and authentication server.

Invite callflow:

SIP Authentication Ip-IP INVITE

Bye callflow:

SIP Authentication Ip-IP BYE

Configuration

By default, TelcoBridges' products will forward authentication challenge messages for INVITE, BYE, REGISTER messages (see Sip registration forwarding), etc.

Tmedia/FreeSBC/ProSBC

In the case of TDM to IP calls, the tmedia needs to respond to the authentication challenge message.

Invite callflow:

SIP Authentication TDM-IP INVITE

Bye callflow:

SIP Authentication TDM-IP BYE

Configuration

The Tmedia needs to configure the 'Authentication Parameters' section for each SIP NAP that requires to respond to authentication challenge messages.

References

Personal tools