Call Flow examples
SIP Digest authentication
This example explains the SIP INVITE authentication flow from customer gateway with IP address 192.0.2.10 to destination number 12345678910 with caller-id 9876543210.
During the first step, the UAC sends an INVITE without Authorization header:
192.0.2.10.5060 > 46.19.209.44.5060: SIP, length: 992
INVITE sip:12345678910@out.didww.com SIP/2.0
Via: SIP/2.0/UDP 192.0.2.10:5060;branch=z9hG4bK48496580;rport
Max-Forwards: 70
From: <sip:9876543210@sbc.customer.com>;tag=as1fc3fe35
To: <sip:12345678910@out.didww.com>
Contact: <sip:9876543210@192.0.2.10:5060>
Call-ID: 479b59102ffeda0c04eed76d17304eb5@sbc.customer.com
CSeq: 102 INVITE
User-Agent: customer-switch v1.22
Date: Wed, 03 Mar 2021 17:53:43 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 325
v=0
o=root 2120298149 2120298149 IN IP4 192.0.2.10
s=customer-switch 1.22
c=IN IP4 192.0.2.10
t=0 0
m=audio 12348 RTP/AVP 18 0 8 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
46.19.209.44.5060 > 192.0.2.10.5060: SIP, length: 334
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.0.2.10:5060;branch=z9hG4bK48496580;rport=5060;received=192.0.2.10
From: <sip:9876543210@sbc.customer.com>;tag=as1fc3fe35
To: <sip:12345678910@out.didww.com>
Call-ID: 479b59102ffeda0c04eed76d17304eb5@sbc.customer.com
CSeq: 102 INVITE
Server: Y balancing node
Content-Length: 0
46.19.209.44.5060 > 192.0.2.10.5060: SIP, length: 609
SIP/2.0 401 Unauthorized
Record-Route: <sip:46.19.209.8;r2=on;lr;ftag=as1fc3fe35>
Record-Route: <sip:46.19.209.44;r2=on;lr;ftag=as1fc3fe35>
Via: SIP/2.0/UDP 192.0.2.10:5060;received=192.0.2.10;branch=z9hG4bK48496580;rport=5060
From: <sip:9876543210@sbc.customer.com>;tag=as1fc3fe35
To: <sip:12345678910@out.didww.com>;tag=10-67E5E9A8-603FCD270008B2AB-ED917700
Call-ID: 479b59102ffeda0c04eed76d17304eb5@sbc.customer.com
CSeq: 102 INVITE
WWW-Authenticate: Digest realm="out.didww.com", qop="auth", nonce="603FCD4151d08b2d92526f23f65208788a5425a1"
Server: DIDWW Y SBC node
Content-Length: 0
192.0.2.10.5060 > 46.19.209.44.5060: SIP, length: 441
ACK sip:12345678910@out.didww.com SIP/2.0
Via: SIP/2.0/UDP 192.0.2.10:5060;branch=z9hG4bK48496580;rport
Max-Forwards: 70
From: <sip:9876543210@sbc.customer.com>;tag=as1fc3fe35
To: <sip:12345678910@out.didww.com>;tag=10-67E5E9A8-603FCD270008B2AB-ED917700
Contact: <sip:9876543210@192.0.2.10:5060>
Call-ID: 479b59102ffeda0c04eed76d17304eb5@sbc.customer.com
CSeq: 102 ACK
User-Agent: customer-switch v1.22
Content-Length: 0
If the username/password authentication is enabled on the DIDWW side, the initial INVITE will be rejected with 401 Unauthorized response. In the response the DIDWW system will send the following nonce value: 603FCD4151d08b2d92526f23f65208788a5425a1. Once UAC receives this data, it will be able to calculate the response to build the Authorization header:
192.0.2.10.5060 > 46.19.209.44.5060: SIP, length: 1251
INVITE sip:12345678910@out.didww.com SIP/2.0
Via: SIP/2.0/UDP 192.0.2.10:5060;branch=z9hG4bK34d0ea96;rport
Max-Forwards: 70
From: <sip:9876543210@sbc.customer.com>;tag=as1fc3fe35
To: <sip:12345678910@out.didww.com>
Contact: <sip:9876543210@192.0.2.10:5060>
Call-ID: 479b59102ffeda0c04eed76d17304eb5@sbc.customer.com
CSeq: 103 INVITE
User-Agent: customer-switch v1.22
Authorization: Digest username="WwAPO4asrLsk5Mhv", realm="out.didww.com", algorithm=MD5, uri="sip:12345678910@out.didww.com", nonce="603FCD4151d08b2d92526f23f65208788a5425a1", response="78381cc4a3258cc5418888988ad68552567", qop=auth, cnonce="58c9df37", nc=00000001
Date: Wed, 03 Mar 2021 17:53:43 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 325
v=0
o=root 2120298149 2120298150 IN IP4 192.0.2.10
s=customer-switch 1.22
c=IN IP4 192.0.2.10
t=0 0
m=audio 12348 RTP/AVP 18 0 8 101
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=ptime:20
a=maxptime:150
a=sendrecv
46.19.209.44.5060 > 192.0.2.10.5060: SIP, length: 334
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.0.2.10:5060;branch=z9hG4bK34d0ea96;rport=5060;received=192.0.2.10
From: <sip:9876543210@sbc.customer.com>;tag=as1fc3fe35
To: <sip:12345678910@out.didww.com>
Call-ID: 479b59102ffeda0c04eed76d17304eb5@sbc.customer.com
CSeq: 103 INVITE
Server: Y balancing node
Content-Length: 0
The DIDWW system will check the username and response values of the Authorization header and will be able authenticate this INVITE by matching the username/password values on the trunk.