Patton electronic SmartNode 4110 Series manual Inbound Authentication

2.Determine the identity which provides credentials. The name or the alias of the identity must match the user part of the from-uri. If there is no identity that matches and an identity-group with the name “default” is configured, the identity-group “default” is taken.

3.Determine the authentication-service which provides credentials. The authentication entries of the taken identity or identity-group are searched for an authentication-service that matches exactly the realm requested in the answer to our request. Then this authentication service is taken. If no match was found, an authentication service with no realm configured is taken.

4.Determine the authentication username which provides credentials. If the authentication entry of the identity which configures the taken authentication service has also configured a username this username is taken. If there is no username configured the name of the identity is taken as username.

5.Take the credentials in the authentication service with the according username and provide username and password for re-issuing the request.

If one of these steps has no result and fails, authentication is not possible for that request.

Inbound Authentication

The back-to-back user agent can challenge another sip user agent or proxy for authentication credentials. The username and password used for challenges must be configured in an authentication-service. There must be at least one realm configured in the authentication-service. The first realm configured is used for challenging requests.

In an authentication-service, there can be multiple usernames and passwords. An identity which should be challenged can direct the authentication inbound face to a pair of credentials. There can be multiple identities using exactly the same credentials. An identity can also point to multiple credentials, but only the first entry is used for challenging. If an identity points to multiple credentials, any of these credentials are accepted in the answer as long as it is valid for the challenged realm.

If the gateway has to challenge credentials for unknown identities or for any identity which belongs to a certain domain, there can be a “default” identity-group. The challenging credentials configured in the identity-group “default” are used for any identity in this location-service that is not explicitly configured.

authentication-service AUTH_PATTON realm patton.com

username kevin password Wh6Xbk9G= encrypted username dirk password Fa0Y9e4L= encrypted username boss password Q9Gns6Nd4= encrypted

location-service PATTON domain patton.com

identity-group default