Patton electronic SmartNode 4110 Series IP Phone User Manual


 
Applications 567
SmartWare Software Configuration Guide 46 • Context SIP gateway overview
2. Determine the identity which provides credentials. The name or the alias of the identity must match the
user part of the from-uri. If there is no identity that matches and an identity-group with the name
“default” is configured, the identity-group “default” is taken.
3. Determine the authentication-service which provides credentials. The authentication entries of the taken
identity or identity-group are searched for an authentication-service that matches exactly the realm
requested in the answer to our request. Then this authentication service is taken. If no match was found,
an authentication service with no realm configured is taken.
4. Determine the authentication username which provides credentials. If the authentication entry of the
identity which configures the taken authentication service has also configured a username this username is
taken. If there is no username configured the name of the identity is taken as username.
5. Take the credentials in the authentication service with the according username and provide username and
password for re-issuing the request.
If one of these steps has no result and fails, authentication is not possible for that request.
Inbound Authentication
The back-to-back user agent can challenge another sip user agent or proxy for authentication credentials. The
username and password used for challenges must be configured in an authentication-service. There must be at
least one realm configured in the authentication-service. The first realm configured is used for challenging
requests.
In an authentication-service, there can be multiple usernames and passwords. An identity which should be
challenged can direct the authentication inbound face to a pair of credentials. There can be multiple identities
using exactly the same credentials. An identity can also point to multiple credentials, but only the first entry is
used for challenging. If an identity points to multiple credentials, any of these credentials are accepted in the
answer as long as it is valid for the challenged realm.
If the gateway has to challenge credentials for unknown identities or for any identity which belongs to a certain
domain, there can be a “default” identity-group. The challenging credentials configured in the identity-group
“default” are used for any identity in this location-service that is not explicitly configured.
authentication-service AUTH_PATTON
realm patton.com
username kevin password Wh6Xbk9G= encrypted
username dirk password Fa0Y9e4L= encrypted
username boss password Q9Gns6Nd4= encrypted
location-service PATTON
domain patton.com
identity-group default
authentication inbound
authenticate 1 authentication-service AUTH_PATTON username kevin
identity 400
authentication inbound
authenticate 1 authentication-service AUTH_PATTON username kevin
authenticate 2 authentication-service AUTH_PATTON username dirk
identity 555
authentication inbound