Cisco Unified CallManager Security Guide, Release 5.0(2)
Configuring Digest Authentication for the SIP Phone
Downloads: This chapterpdf (PDF - 177.0KB) The complete bookPDF (PDF - 4.67MB) | Feedback

Configuring Digest Authentication for the SIP Phone

Table Of Contents

Configuring Digest Authentication for the SIP Phone

SIP Phone Digest Authentication Configuration Checklist

Configuring Digest Authentication Service Parameters

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Configuring the Digest User in the Phone Configuration Window

Where to Find More Information


Configuring Digest Authentication for the SIP Phone


When you configure digest authentication for SIP phones, Cisco Unified CallManager challenges the identity of the phone every time that the phone sends a SIP request to Cisco Unified CallManager. For additional information on how digest authentication works for SIP phones, see the "Digest Authentication" section.

This chapter contains information on the following topics:

SIP Phone Digest Authentication Configuration Checklist

Configuring Digest Authentication Service Parameters

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Configuring the Digest User in the Phone Configuration Window

Where to Find More Information

SIP Phone Digest Authentication Configuration Checklist

Table 8-1 describes the tasks to configure digest authentication for SIP phones.

Table 8-1 SIP Phone Digest Authentication Configuration Checklist 

Configuration Steps
Related Procedures and Topics

Step 1 

Configure the SIP phone security profiles; make sure that you check the Enable Digest Authentication check box.

Configuring a Phone Security Profile

Step 2 

Apply a SIP phone security profile to the phone.

Configuring a Phone Security Profile

Step 3 

If you want to update the default setting, configure service parameters that are related to digest authentication; for example, configure the SIP Station Realm service parameter.

Configuring Digest Authentication Service Parameters

Step 4 

Configure the digest credentials in the End User Configuration window.

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Step 5 

Choose the Digest User in the Phone Configuration window.

Choosing a digest user for a Cisco Unified SIP IP Phone models 7970, 7971, 7961G/41G, 7961GE/41GE, and 7911 ensures that the digest credentials get included in the phone configuration file.

Configuring the Digest User in the Phone Configuration Window

Step 6 

On the Cisco Unified SIP IP Phone models 7940 or 7960, enter the digest credentials that you configured in the End User Configuration window.

The Cisco Unified CallManager Security Guide does not provide information on how to enter the digest authentication credentials on the phone. For information on how to perform this task, refer to the Cisco Unified IP Phone administration guide that supports your phone model and this version of Cisco Unified CallManager.

Configuring Digest Authentication Service Parameters

The SIP Realm Station service parameter, which supports the Cisco CallManager service, specifies the string that is used in the realm field when Cisco Unified CallManager challenges a SIP phone in response to a 401 Unauthorized message. For additional information on the parameter, click the question mark or the parameter name link that displays in the Service Parameter Configuration window.

To update digest authentication service parameters, for example, the SIP Realm Station parameter, perform the following procedure:

Procedure


Step 1 In Cisco Unified CallManager Administration, choose System > Service Parameters.

Step 2 From the Server drop-down list box, choose a node where you activated the Cisco Unified CallManager service.

Step 3 From the Service drop-down list box, choose the Cisco CallManager service. Verify that the word, Active, displays next to the service name.

Step 4 Update the SIP Realm Station parameter, as described in the help. To display help for the CAPF service parameters, click the question mark or the parameter name link.

Step 5 Click Save.


Additional Information

See the "Related Topics" section.

Configuring Digest Credentials in the End User Configuration Window

The following procedure assumes that the end user exists in the Cisco Unified CallManager database. To configure digest credentials for the end user, perform the following procedure:

Procedure


Step 1 Find the end user, as described in the Cisco Unified CallManager Administration Guide.

Step 2 After the specific End User Configuration window displays, enter the appropriate settings, as described in Table 8-2.

Step 3 Click Save.

Step 4 Repeat the procedure to configure digest credentials for additional end users.


Additional Steps

After you configure digest credentials in the End User Configuration window, choose the digest user for the phone by accessing the Phone Configuration window in Cisco Unified CallManager Administration.

After you choose the digest user, enter the digest authentication credentials that you get from the End User Configuration window on the Cisco Unified SIP IP Phone 7960 or 7940.

Additional Information

See the "Related Topics" section.

End User Digest Credential Configuration Settings

Table 8-2 describes the settings for the digest credential settings in the End User Configuration window in Cisco Unified CallManager Administration.

Table 8-2 Digest Credentials

Setting
Description

Digest Credentials

Enter a string of alphanumeric characters.

Confirm Digest Credentials

To confirm that you entered the digest credentials correctly, enter the credentials in this field.


Configuring the Digest User in the Phone Configuration Window

To associate a digest user with a phone, perform the following procedure:

Procedure


Step 1 Find the phone, as described in the Cisco Unified CallManager Administration Guide.

Step 2 After the specific Phone Configuration window displays, locate the Digest User setting and choose the end user that you want to associate with the phone.

Step 3 Click Save.

Step 4 Click Reset.

After you associate the end user with the phone, save the configuration and reset the phone, Cisco Unified CallManager challenges all SIP requests from the phone; Cisco Unified CallManager uses the digest credentials for the end user, as configured in the End User Configuration window, to validate the credentials that the phone offers.

If the phone supports extension mobility, then Cisco Unified CallManager uses the digest credentials for the extension mobility end user, as configured in the End User Configuration window, when the extension mobility user logs in.


Additional Information

See the "Related Topics" section.

Where to Find More Information

Related Topics

Digest Authentication

Configuring a Phone Security Profile

SIP Phone Digest Authentication Configuration Checklist

Configuring Digest Authentication Service Parameters

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Configuring the Digest User in the Phone Configuration Window

Related Cisco Documentation

Cisco Unified IP Phone administration guide that supports your phone model and this version of Cisco Unified CallManager