4.5 Digest Authentication Example for Anonymous Join
Alice sends an anonymous INVITE without any authorization header field to the conference focus.
INVITE sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G SIP/2.0 Via: SIP/2.0/TLS 157.56.64.61:13184 Max-Forwards: 70 From: "Alice" <sip:6551156d569c4b7d945f310ff10943c5@anonymous.invalid>;tag=c9ef6b0990;epid=c32b51b28c To: sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G Call-ID: 6d5b48eabee745c49dcf7e064c37cbe9 CSeq: 1 INVITE Contact: <sip:6551156d569c4b7d945f310ff10943c5@anonymous.invalid>;proxy=replace;+sip.instance="<urn:uuid:782873E3-EC25-5E64-B374-0FF05E0839A5>"
Authentication is enabled at the server, which then challenges Alice's client. The server indicates support for digest in the challenge and returns the realm value that it created during initialization and the version of the authentication protocol that it implements.
SIP/2.0 401 Unauthorized Date: Thu, 25 Feb 2010 22:53:49 GMT WWW-Authenticate: Digest realm="bob@contoso.com", nonce="h8A4ZW22ygGZozIIGZcb43waVME-M6Gq", opaque="0C1D4536", algorithm=MD5-sess, qop="auth" From: "Alice" <sip:6551156d569c4b7d945f310ff10943c5@anonymous.invalid>;tag=c9ef6b0990;epid=c32b51b28c To:<sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G>;tag=B19EA55CEC3D9316761BE648319D2FA0 Call-ID: 6d5b48eabee745c49dcf7e064c37cbe9 CSeq: 1 INVITE Via: SIP/2.0/TLS 157.56.64.61:13184;received=157.54.78.7;ms-received-port=13184;ms-received-cid=63995800 Content-Length: 0
The client creates an SA with data from the authentication header field, specifically, Digest, realm, and version. It hashes the user credential using the requested algorithm with the nonce, nonce-count, and cnonce values. The client then sends the digest in the response parameter of the authorization header.
INVITE sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G SIP/2.0 Via: SIP/2.0/TLS 157.56.64.61:13184 Max-Forwards: 70 From: "Alice" <sip:6551156d569c4b7d945f310ff10943c5@anonymous.invalid>;tag=c9ef6b0990;epid=c32b51b28c To: sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G Call-ID: 6d5b48eabee745c49dcf7e064c37cbe9 CSeq: 2 INVITE Contact: <sip:6551156d569c4b7d945f310ff10943c5@anonymous.invalid>;proxy=replace;+sip.instance="<urn:uuid:782873E3-EC25-5E64-B374-0FF05E0839A5>" Authorization: Digest username="6551156d‑569c‑4b7d‑945f‑310ff10943c5", realm="bob@contoso.com", qop=auth, algorithm=MD5-sess, uri="sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G", nonce="h8A4ZW22ygGZozIIGZcb43waVMEM6Gq", nc=1, cnonce="", opaque="0C1D4536", response="b4543cd4d6a923b4ab4fd4583af48f0e"
The server validates the conference PIN by verifying the digest that was passed in the response parameter of the authorization header field and returns a success response back to the client. Alice has successfully joined the conference.
SIP/2.0 200 Invite dialog created From: "Alice" <sip:6551156d569c4b7d945f310ff10943c5@anonymous.invalid>;tag=c9ef6b0990;epid=c32b51b28c To: <sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G>;tag=80730080 Call-ID: 6d5b48eabee745c49dcf7e064c37cbe9 CSeq: 2 INVITE Via: SIP/2.0/TLS 157.56.64.61:13184;received=157.54.78.7;ms-received-port=13184;ms-received-cid=63995800 Contact: <sip:bob@contoso.com;gruu;opaque=app:conf:focus:id:854T0R7G>;isfocus