Patton electronic SmartNode 4110 Series manual Applications, Outbound Authentication

Applications

Outbound Authentication

The back-to-back user agent can provide credentials for authentication on another sip user agent or proxy. The username and password used for authentication must be configured in an authentication-service. If one or more realms are configured in the authentication-service, the credentials are only provided to challenges con- taining one of these realms. If no realm is configured, the credentials are provided to any realm.

In an authentication-service, there can be multiple usernames and passwords. An identity which should authenticate can direct the authentication outbound face to a pair of credentials. There can be multiple identi- ties using the same credentials. An identity can also point to multiple credentials, but each of these credentials needs to be in another authentication-service with another realm. It is possible to authenticate to multiple realms with multiple credentials at the same time.

If the gateway has to provide credentials for unknown identities or for any identity which belongs to a certain domain, there can be a “default” identity-group configured. The authentication credentials configured in the identity-group “default” are used for any identity in this location-service that is not explicitly configured.

authentication-service AUTH_INALP realm inalp.com

username hermes password Wh6Xbk9G= encrypted username john password Fa0Y9e4L= encrypted

authentication-service AUTH_ANY

username bob password Co7s3bUp= encrypted

location-service INALP domain inalp.com domain patton.com

identity-group default

If the gateway needs to provide authentication credentials on a sip request, the following procedure takes place:

1.Determine the location-service which provides credentials. The domain of the location service must match the host part of the from-uri and the location-service is bound to the context sip-gateway which sends the request.