Cisco Unified Communications Manager Security Guide, Release 9.1(1)
Digest authentication for SIP phones setup
Downloads: This chapterpdf (PDF - 268.0KB) The complete bookPDF (PDF - 3.54MB) | Feedback

Digest authentication for SIP phones setup

Digest authentication for SIP phones setup

This chapter provides information about digest authentication for SIP phones setup. For additional information on how digest authentication works for phones that are running SIP, see topics related to digest authentication.

When you enable digest authentication for a phone, Cisco Unified Communications Manager challenges all requests except keepalive messages for phones that are running SIP. Cisco Unified Communications Manager uses the digest credentials for the end user, as configured in the End User Configuration window, to validate the credentials that the phone offers.

If the phone supports extension mobility, Cisco Unified Communications Manager uses the digest credentials for the extension mobility end user, as configured in the End User Configuration window, when the extension mobility user logs in.

For information about configuring digest authentication for non-Cisco phones that are running SIP, refer to Appendix C in the Cisco Unified Communications Manager Administration Guide.

Set up SIP phone digest authentication

The following procedure provides the tasks used to configure digest authentication for phones that are running SIP.

Procedure
    Step 1   Configure the security profiles for phones that are running SIP; make sure that you check the Enable Digest Authentication check box.
    Step 2   Apply a security profile to the phone that is running SIP.
    Step 3   If you want to update the default setting, configure service parameters that are related to digest authentication; for example, configure the SIP Station Realm service parameter.
    Step 4   Configure the digest credentials in the End User Configuration window.
    Step 5   Choose the Digest User in the Phone Configuration window.

    Choosing a digest user for these phones that are running SIP ensures that the digest credentials get included in the phone configuration file: Cisco Unified IP Phones 7970G, 7971G, 7971G-GE,7975G, 7961G, 7961G-GE,7962G, 7965G, 7945G, 7941G, 7941G-GE, 7942G, 7945G, and 7911G.

    Step 6   On Cisco Unified IP Phones 7940G or 7960G (SIP only), enter the digest credentials that you configured in the End User Configuration window.

    For information on how to enter the authentication name and password on the phone, refer to the Cisco Unified IP Phone Administrator Guide that supports this version of Cisco Unified Communications Manager.


    Related Information

    Set up digest authentication service parameters

    You configure the SIP Realm for challenges to phones with the service parameter SIP Station Realm. At installation, Cisco Unified Communications Manager provides a default setting, ccmsipline. For additional information on the parameter, click the question mark or the parameter name link that displays in the Service Parameter Configuration window.

    To update digest authentication service parameters, for example, the SIP Realm Station parameter, perform the following procedure:

    Procedure
      Step 1   In Cisco Unified Communications Manager Administration, choose System > Service Parameters.
      Step 2   From the Server drop-down list box, choose a node where you activated the Cisco CallManager service.
      Step 3   From the Service drop-down list box, choose the Cisco CallManager service. Verify that the word "Active" displays next to the service name.
      Step 4   Update the SIP Realm Station parameter, as described in the help. To display help for the parameter, click the question mark or the parameter name link.
      Step 5   Click Save.

      Set up end user digest credentials

      The following procedure assumes that the end user exists in the Cisco Unified Communications Manager database. To configure digest credentials for the end user, perform the following procedure:

      Procedure
        Step 1   Find the end user, as described in the Cisco Unified Communications Manager Administration Guide.
        Step 2   After the specific End User Configuration window displays, enter the appropriate settings.

        See Table 1 for field descriptions.

        Step 3   Click Save.
        Step 4   To configure digest credentials for additional end users, repeat the procedure.

        What to Do Next

        After you configure digest credentials in the End User Configuration window, choose the digest user for the phone by accessing the Phone Configuration window.

        After you choose the digest user, enter the digest authentication credentials that you get from the End User Configuration window on the Cisco Unified IP Phone 7960G or 7940G (SIP only).

        End user digest credential settings

        The following table describes the settings for the digest credential settings in the End User Configuration window in Cisco Unified Communications Manager Administration.

        Table 1 Digest Credentials

        Setting

        Description

        Digest Credentials

        Enter a string of alphanumeric characters.

        Confirm Digest Credentials

        To confirm that you entered the digest credentials correctly, enter the credentials in this field.

        Set up digest user using phone

        To associate a digest user with a phone, perform the following procedure:

        Procedure
          Step 1   Find the phone, as described in the Cisco Unified Communications Manager Administration Guide.
          Step 2   After the specific Phone Configuration window displays, locate the Digest User setting and choose the end user that you want to associate with the phone.
          Step 3   Click Save.
          Step 4   Click Reset.

          After you associate the end user with the phone, save the configuration and reset the phone.


          Where to find more information about digest authentication

          Related Information