How do I authenticate when setting up calls through a CM SIP Trunk?
Goal
Describe the possible authentication options supported by the CM Voice platform.
Product
- Voice
Steps
The general authentication flow look like this.
- An User Agent Client (UAC) sends a SIP message to an User Agent Server (UAS)
- The UAS responds back with a 401 challenge response in case of SIP REGISTER or a 407 Authenication Required in case of a SIP INVITE sent without using SIP REGISTER
- An UAC uses data in the 4xx challenge response to encrypt his or her identity credentials (e.g. telephone password)
- The UAC resends the SIP message with the encrypted credentials.
The CM Voice platform supports three authentication options.
- SIP REGISTER
Authentication flow schematic: - The CONTACT and FROM headers must contain the account username in the ‘user’ part of the SIP REGISTER message.
- SIP INVITE incl. DIGEST Authentication (username + password)
- Resulting in a SIP 407 Digest Authentication required challenge
Authentication flow schematic: - IP based authentication/Trusted IP
This will be only offered as last resort solution. Please contact [email protected] or your account manager we offer the possibility of IP based authentication. This is ONLY possible for a single SIP account using the same SIP IP endpoint. An IP endpoint set to trusted cannot be used for another SIP account.
