User`s manual

ManualsBrandsAudioCodes ManualsAcousticsMEDIAPACK VERSION 6.2

181

182

183

184

185

186

187

188

189

190

MediaPack SIP User’s Manual 8. Telephony Capabilities

Version 4.6 187 June 2005

8.11.3 SIP Authentication Example

MediaPack gateways support basic and digest (MD5) authentication types, according to SIP RFC

3261 standard. A proxy server might require authentication before forwarding an INVITE

message. A Registrar/Proxy server may also require authentication for client registration. A proxy

replies to an unauthenticated INVITE with a 407 Proxy Authorization Required response,

containing a Proxy-Authenticate header with the form of the challenge. After sending an ACK for

the 407, the User Agent can then resend the INVITE with a Proxy-Authorization header

containing the credentials.

User Agent, redirect or registrar servers typically use 401 Unauthorized response to challenge

authentication containing a WWW-Authenticate header, and expect the re-INVITE to contain an

Authorization header.

The following example describes the Digest Authentication procedure including computation of

User Agent credentials.

The REGISTER request is sent to Registrar/Proxy server for registration, as follows:

Via: SIP/2.0/UDP 10.1.1.200

From: <sip: 122@10.1.1.200>;tag=1c17940

To: <sip: 122@10.1.1.200>

Call-ID: 634293194@10.1.1.200

User-Agent: Audiocodes-Sip-Gateway/MP-108 FXS/v.4.20.299.410

CSeq: 1 REGISTER

Contact: sip:122@10.1.1.200:

Expires:3600

On receiving this request the Registrar/Proxy returns 401 Unauthorized response.

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 10.2.1.200

From: <sip:122@10.2.2.222 >;tag=1c17940

To: <sip:122@10.2.2.222 >

Call-ID: 634293194@10.1.1.200

Cseq: 1 REGISTER

Date: Mon, 30 Jul 2001 15:33:54 GMT

Server: Columbia-SIP-Server/1.17

Content-Length: 0

WWW-Authenticate: Digest realm="audiocodes.com",

nonce="11432d6bce58ddf02e3b5e1c77c010d2",

stale=FALSE,

algorithm=MD5

According to the sub-header present in the WWW-Authenticate header the correct REGISTER

request is formed.

Since the algorithm used is MD5, take:

The username is equal to the endpoint phone number: 122

The realm return by the proxy: audiocodes.com

The password from the ini file: AudioCodes.

The equation to be evaluated: (according to RFC this part is called A1).

‘122:audiocodes.com:AudioCodes’.

The MD5 algorithm is run on this equation and stored for future usage.

The result is: ‘a8f17d4b41ab8dab6c95d3c14e34a9e1’

Next we need to evaluate the par called A2. We take: