Cisco Unified Communications Manager Security Guide, Release 8.0(1)
Configuring Digest Authentication for the SIP Phone
Downloads: This chapterpdf (PDF - 367.0KB) The complete bookPDF (PDF - 2.63MB) | Feedback

Configuring Digest Authentication for the SIP Phone

Table Of Contents

Configuring Digest Authentication for the SIP Phone

SIP Phone Digest Authentication Configuration Checklist

Configuring Digest Authentication Service Parameters

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Configuring the Digest User in the Phone Configuration Window

Where to Find More Information


Configuring Digest Authentication for the SIP Phone


When you enable digest authentication for a phone, Cisco Unified Communications Manager challenges all requests except keepalive messages for phones that are running SIP. Cisco Unified Communications Manager uses the digest credentials for the end user, as configured in the End User Configuration window, to validate the credentials that the phone offers.

If the phone supports extension mobility, Cisco Unified Communications Manager uses the digest credentials for the extension mobility end user, as configured in the End User Configuration window, when the extension mobility user logs in.

For additional information on how digest authentication works for phones that are running SIP, see the "Digest Authentication" section on page 1-19.

For information about configuring digest authentication for non-Cisco phones that are running SIP, refer to Appendix C in the Cisco Unified Communications Manager Administration Guide.

This chapter contains information on the following topics:

SIP Phone Digest Authentication Configuration Checklist

Configuring Digest Authentication Service Parameters

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Configuring the Digest User in the Phone Configuration Window

Where to Find More Information

SIP Phone Digest Authentication Configuration Checklist

Table 10-1 describes the tasks to configure digest authentication for phones that are running SIP.

Table 10-1 SIP Phone Digest Authentication Configuration Checklist 

Configuration Steps
Related Procedures and Topics

Step 1 

Configure the security profiles for phones that are running SIP; make sure that you check the Enable Digest Authentication check box.

Configuring a Phone Security Profile, page 6-1

Step 2 

Apply a security profile to the phone that is running SIP.

Configuring a Phone Security Profile, page 6-1

Step 3 

If you want to update the default setting, configure service parameters that are related to digest authentication; for example, configure the SIP Station Realm service parameter.

Configuring Digest Authentication Service Parameters

Step 4 

Configure the digest credentials in the End User Configuration window.

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Step 5 

Choose the Digest User in the Phone Configuration window.

Choosing a digest user for these phones that are running SIP ensures that the digest credentials get included in the phone configuration file: Cisco Unified IP Phones 7970G, 7971G, 7971G-GE,7975G, 7961G, 7961G-GE,7962G, 7965G, 7945G, 7941G, 7941G-GE, 7942G, 7945G, and 7911G.

Configuring the Digest User in the Phone Configuration Window

Step 6 

On Cisco Unified IP Phones 7940G or 7960G (SIP only), enter the digest credentials that you configured in the End User Configuration window.

For information on how to enter the authentication name and password on the phone, refer to the Cisco Unified IP Phone Administrator Guide that supports this version of Cisco Unified Communications Manager.

Configuring Digest Authentication Service Parameters

You configure the SIP Realm for challenges to phones with the service parameter SIP Station Realm. At installation, Cisco Unified Communications Manager provides a default setting, ccmsipline. For additional information on the parameter, click the question mark or the parameter name link that displays in the Service Parameter Configuration window.

To update digest authentication service parameters, for example, the SIP Realm Station parameter, perform the following procedure:

Procedure


Step 1 In Cisco Unified Communications Manager Administration, choose System > Service Parameters.

Step 2 From the Server drop-down list box, choose a node where you activated the Cisco CallManager service.

Step 3 From the Service drop-down list box, choose the Cisco CallManager service. Verify that the word "Active" displays next to the service name.

Step 4 Update the SIP Realm Station parameter, as described in the help. To display help for the parameter, click the question mark or the parameter name link.

Step 5 Click Save.


Additional Information

See the "Related Topics" section.

Configuring Digest Credentials in the End User Configuration Window

The following procedure assumes that the end user exists in the Cisco Unified Communications Manager database. To configure digest credentials for the end user, perform the following procedure:

Procedure


Step 1 Find the end user, as described in the Cisco Unified Communications Manager Administration Guide.

Step 2 After the specific End User Configuration window displays, enter the appropriate settings, as described in Table 10-2.

Step 3 Click Save.

Step 4 To configure digest credentials for additional end users, repeat the procedure.


Next Steps

After you configure digest credentials in the End User Configuration window, choose the digest user for the phone by accessing the Phone Configuration window.

After you choose the digest user, enter the digest authentication credentials that you get from the End User Configuration window on the Cisco Unified IP Phone 7960G or 7940G (SIP only).

Additional Information

See the "Related Topics" section.

End User Digest Credential Configuration Settings

Table 10-2 describes the settings for the digest credential settings in the End User Configuration window in Cisco Unified Communications Manager Administration. For related procedures, see the "Configuring the Digest User in the Phone Configuration Window" section.

Table 10-2 Digest Credentials

Setting
Description

Digest Credentials

Enter a string of alphanumeric characters.

Confirm Digest Credentials

To confirm that you entered the digest credentials correctly, enter the credentials in this field.


Configuring the Digest User in the Phone Configuration Window

To associate a digest user with a phone, perform the following procedure:

Procedure


Step 1 Find the phone, as described in the Cisco Unified Communications Manager Administration Guide.

Step 2 After the specific Phone Configuration window displays, locate the Digest User setting and choose the end user that you want to associate with the phone.

Step 3 Click Save.

Step 4 Click Reset.

After you associate the end user with the phone, save the configuration and reset the phone.


Additional Information

See the "Related Topics" section.

Where to Find More Information

Related Topics

Digest Authentication, page 1-19

Configuring a Phone Security Profile, page 6-1

SIP Phone Digest Authentication Configuration Checklist

Configuring Digest Authentication Service Parameters

Configuring Digest Credentials in the End User Configuration Window

End User Digest Credential Configuration Settings

Configuring the Digest User in the Phone Configuration Window

Related Cisco Documentation

Cisco SIP IP Phone Administrator Guide