How do I authenticate when setting up calls through a CM SIP Trunk?

Goal

Describe the possible authentication options supported by the CM Voice platform.

Product

• Voice

Steps

The general authentication flow look like this.

• An User Agent Client (UAC) sends a SIP message to an User Agent Server (UAS)
• The UAS responds back with a 401 challenge response in case of SIP REGISTER or a 407 Authenication Required in case of a SIP INVITE sent without using SIP REGISTER
• An UAC uses data in the 4xx challenge response to encrypt his or her identity credentials (e.g. telephone password)
• The UAC resends the SIP message with the encrypted credentials.
  
  

The CM Voice platform supports three authentication options.

1. SIP REGISTER
   
   Authentication flow schematic:
   

   

   
   
   

1. The CONTACT and FROM headers must contain the account username in the ‘user’ part of the SIP REGISTER message.
   
   

• SIP INVITE incl. DIGEST Authentication (username + password)

1. Resulting in a SIP 407 Digest Authentication required challenge
   
   Authentication flow schematic:
   

   

   
   
   

• IP based authentication/Trusted IP
  
  This will be only offered as last resort solution. Please contact voice.support@cm.com or your account manager we offer the possibility of IP based authentication. This is ONLY possible for a single SIP account using the same SIP IP endpoint. An IP endpoint set to trusted cannot be used for another SIP account.