HP-UX C SIP Stack Programmer's Guide (Novembery 2007)
Authentication 197
Server Authentication Implementation
SERVER
A
UTHENTICATION
I
MPLEMENTATION
Call-leg, subscription and server transactions can authenticate incoming
requests, and respond with 401/407 when the authentication process fails. The
originator credentials are located in an Authorization header. An incoming
request message may contain more than one Authorization header. The server
authentication process is actually a loop that searches for Authorization header
in the received request message, tries to verify the credentials of the header, and
if verification fails, searches for the next Authorization header. The server
authentication procedure is completed if there are no more Authorization
headers in the message, or if one Authorization header with verified credentials
was found.
APPLYING THE SERVER
AUTHENTICATION
M
ECHANISM
In order to apply the server authentication mechanism, you must follow the steps
below.
To apply the server authentication mechanism
1. Set the enableServerAuth configuration parameter to
RV_TRUE.
2. Implement the MD5 callback and set it to the authenticator
using the Authenticator API. (For more information, see the
above section, Client Authentication Implementation.)
3. Use the Call-leg, Subscription and Server Transaction API
functions and callback functions to trigger and advance the
authentication process. These functions scan and verify the
Authorization headers.
Note The application is responsible for the progress of the loop, and may do it in
an asynchronic or synchronic way.