Authenticating Users as an Authentication Server
Instead of relying on external, third-party authentication servers, the device can be configured to act as an Authentication server, performing authentication and validation challenges with SIP UAs. The SIP method (INVITE or REGISTER) on which it challenges can be defined. If the message is received without an Authorization header, the device challenges the client by sending a 401 or 407 SIP response. The client then resends the request with an Authorization header containing its username and password. The device validates the SIP message and if it fails, the message is rejected and the device sends a 403 "Forbidden" response. If the SIP message is validated, the device verifies identification of the UA by checking whether the username and password received from the user is correct. The usernames and passwords are obtained from the User Information table. If after three attempts the UA is not successfully authenticated, the device sends a 403 "Forbidden" response. The device can also perform authentication on behalf of its UAs with an external third-party server.
The cryptographic hash algorithm used when the device sends the authentication challenge in the SIP 401 or 407 response can be configured, using the [SIPServerDigestAlgorithm] parameter.
| ➢ | To authenticate users: |
| 1. | Open the IP Groups table (Setup menu > Signaling & Media tab > Core Identities folder > IP Groups). |
| 2. | For the IP Group (User-type) of the UAs, configure the following: |
| ● | From the 'Authentication Mode' drop-down list, select SBC as Server. |
| ● | In the 'Authentication Method List' field, enter the SIP message(s) to authenticate (e.g., "INVITE\REGISTER"). |
Configuring SBC as Authentication Server for User-type IP Group
| 3. | Configure the authentication usernames and passwords of the users: |
| a. | Open the Proxy & Registration page (Setup menu > Signaling & Media tab > SIP Definitions folder>, and then from the 'User-Information Usage' drop-down list, select Enable to enable the SBC User Info feature: |
Enabling User Information Feature
The 'User-Information Usage' field is available only if your device's License Key includes a license for far-end users ("FEU").
| b. | Open the SBC User Information table (Setup menu > Signaling & Media tab > SBC folder > SBC User Information), and then add users with authentication usernames and passwords: |
Configured User in SBC User Information Table
