SIP Authentication
SIP Authentication is a stateless challenge-based mechanism which ensures user's identity. Authentication challenge can be asked commonly for Invite and Bye methods. This means that anyone receiving an INVITE message can force the sender to prove his or her identity before the message is processed. In fact, SIP authentication is not limited to these two messages type. Any SIP method (the proper name for a SIP message) can be challenged by the recipient.
Contents |
TelcoBridges and SIP Authentication
TelcoBridges can handle SIP Authentication differently according to your network.
- IP to IP calls (FreeSBC/ProSBC)
- TDM to IP calls (Tmedia)
WWW (401 Unauthorized) or proxy-auth (407 Proxy Authentication)?
- When authenticating to the server that will deliver a service, a www-authentication header should be used
- When authenticating to a server that will proxy the request to the endpoint, proxy-authentication should be used
- In _one_ transaction, both www_authentication and proxy_authentication can be used
FreeSBC/ProSBC
In the case of IP to IP calls, the challenge messages are forwarded between the SIP device and authentication server.
Invite callflow:
Bye callflow:
Configuration
By default, TelcoBridges' products will forward authentication challenge messages.
Tmedia
In the case of TDM to IP calls, the tmedia needs to respond to the authentication challenge message.
Invite callflow:
Bye callflow:
Configuration
The Tmedia needs to configure the 'Authentication Parameters' section for each SIP NAP that requires to respond to authentication challenge messages.
