Configuring sip.xml for Identity Authentication

To configure a SIP or converged web/SIP application for identity authentication, specify the security-role, security-constraint, and login-config elements in the sip.xml file.

Part of specifying a security-constraint element is specifying one or more resource-collection subelements. In turn, resource-collection elements have optional sip-method subelements, which specify the SIP methods on those resources within a servlet application to which a security-constraint applies. If no SIP methods are specified, then the security constraint applies to all SIP methods.

The login-config element is the only one that has values unique to identity authentication. As specified in JSR 289, identity authentication is available in two modes: REQUIRED or SUPPORTED. In the REQUIRED mode, the identity header must be present in the request. In the SUPPORTED mode, incoming SIP messages are processed as follows:

• If the identity header is present, it is processed.

• If the identity header is not present, the authentication method configured in the auth-method element is applied.

Here is an example login-config with no auth-method or realm-name defined:

<login-config>
     <identity-assertion>
          <identity-assertion-scheme>Identity</identity-assertion-scheme>
          <identity-assertion-support>REQUIRED</identity-assertion-support>
     </identity-assertion>
</login-config> 

Here is an example login-config with the auth-method and realm-name defined:

<login-config>
     <auth-method>DIGEST</auth-method>
     <realm-name>MyAssertedAppRealm</realm-name>
     <identity-assertion>
          <identity-assertion-scheme>Identity</identity-assertion-scheme>
          <identity-assertion-support>SUPPORTED</identity-assertion-support>
     </identity-assertion>
</login-config>

For more information, see JSR 116, the SIP Servlet API Specification.