Skip to end of metadata
Go to start of metadata

Availability: Since 4.0.8

 

Overview

The SBC 5000 series platform supports autonomous authentication for surrogate registration scenarios. If an INVITE (or other supported method) is challenged with a 401/407, the SBC can generate the method with credentials without support of challenge from User Account Control (UAC).

The SBC also supports local authentication autonomously on a per-IP trunk group basis in situations where an IP-PBX does not perform a registration and the service provider does not require/want registrations. This functionality is accomplished using the authentication configurable to the ingress IP Peer and/or ingress IP Trunk Group (IPTG) as described below.

Additionally, the IP Signaling Profile relay flag statusCode4xx6xx should be enabled on egress leg of the call to relay error status codes.

Egress Trunk Group:

  • Define authentication password (authPassword) used when replying to local authentication requests.
  • Define userPart (authUserPart) used when replying to local authentication requests.
  • Enable IP Signaling Profile relay flag statusCode4xx6xx to relay error status codes.

Ingress Trunk Group:

  • Set flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

IP Peer:

  • Set flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

The SBC supports local authentication for dialog initiating INVITE, dialog initiating SUBSCRIBE, mid-dialog INVITE, mid-dialog INFO, mid-dialog REFER, mid-dialog MESSAGE, initial REGISTER, refresh REGISTER, UPDATE, PUBLISH, out-of-dialog REFER, out-of-dialog MESSAGE, BYE and PRACK.

The CLi syntax is shown below. For configuration details, see sipTrunkGroup signaling (CLI).

% set addressContext <addressContext name> zone <zone name> sipTrunkGroup <SIP trunkgroup name> signaling authentication
    authPassword <authentication password for trunkgroup> 
    authUserPart <userPart used for authentication> 
    intChallengeResponse enabled 
    incInternalCredentials enabled

% set profiles signaling ipSignalingProfile <profile_name> commonIpAttributes relayFlags statusCode4xx6xx enable

Egress Trunk Group

  • Define authentication password (authPassword) used when replying to local authentication requests.
  • Define userPart (authUserPart) used when replying to local authentication requests.

Ingress Trunk Group

  • Set flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

IP Peer

  • Set flag to choose whether to reply to authentication locally (intChallengeResponse) if credentials are configured on the egress IPTG.
  • Set flag to choose whether to include credentials (incInternalCredentials) in subsequent mid-dialog requests before they are challenged if the dialog initiating INVITE was challenged.

The SBC supports local authentication for dialog initiating INVITE, dialog initiating SUBSCRIBE, mid-dialog INVITE, mid-dialog INFO, mid-dialog REFER, mid-dialog MESSAGE, initial REGISTER, refresh REGISTER, UPDATE, PUBLISH, out-of-dialog REFER, out-of-dialog MESSAGE, BYE and PRACK.

See following pages for configuration details:

 

  • No labels