Patton electronic SmartNode 4110 Series IP Phone User Manual


 
Applications 566
SmartWare Software Configuration Guide 46 • Context SIP gateway overview
Applications
Outbound Authentication
The back-to-back user agent can provide credentials for authentication on another sip user agent or proxy. The
username and password used for authentication must be configured in an authentication-service. If one or
more realms are configured in the authentication-service, the credentials are only provided to challenges con-
taining one of these realms. If no realm is configured, the credentials are provided to any realm.
In an authentication-service, there can be multiple usernames and passwords. An identity which should
authenticate can direct the authentication outbound face to a pair of credentials. There can be multiple identi-
ties using the same credentials. An identity can also point to multiple credentials, but each of these credentials
needs to be in another authentication-service with another realm. It is possible to authenticate to multiple
realms with multiple credentials at the same time.
If the gateway has to provide credentials for unknown identities or for any identity which belongs to a certain
domain, there can be a “default” identity-group configured. The authentication credentials configured in the
identity-group “default” are used for any identity in this location-service that is not explicitly configured.
authentication-service AUTH_INALP
realm inalp.com
username hermes password Wh6Xbk9G= encrypted
username john password Fa0Y9e4L= encrypted
authentication-service AUTH_ANY
username bob password Co7s3bUp= encrypted
location-service INALP
domain inalp.com
domain patton.com
identity-group default
authentication outbound
authenticate 1 authentication-service AUTH_ANY username bob
identity 400
authentication outbound
authenticate 1 authentication-service AUTH_INALP username hermes
authenticate 2 authentication-service AUTH_ANY username bob
identity 500
authentication outbound
authenticate 1 authentication-service AUTH_INALP username hermes
identity 600
authentication outbound
authenticate 1 authentication-service AUTH_INALP username john
If the gateway needs to provide authentication credentials on a sip request, the following procedure takes place:
1. Determine the location-service which provides credentials. The domain of the location service must match
the host part of the from-uri and the location-service is bound to the context sip-gateway which sends the
request.