1. Configuration Guide
  2. STIR/SHAKEN Client
  3. Including CALEA in Authentication Requests

Including CALEA in Authentication Requests

You can configure the SBC to include Communications Assistance for Law Enforcement Act (CALEA) information in SHAKEN and DIV PASSporT authentication requests. This feature applies to both ATIS and 3GPP operation modes. Some environments provide CALEA information within the correlation ID (corrID) string and convey it within the P-NokiaSiemens.Session-Info SIP header in an INVITE. You use this feature is to provide corrID source information to the STI-AS. When configured, the SBC extracts this string and includes it in the proprietary SipCallId header within the proprietary JSON SipCallId parameter of a REST request for use by the STI-AS authentication process.

Upon configuration, the SBC monitors INVITEs for the presence of the SIP P-NokiaSiemens.Session-Info header. An INVITE can contain only one P-NokiaSiemens.Session-Info header. Upon detection, and assuming the scenario generated an authentication request, the SBC forwards that information to the STI-AS. The SBC does not process CALEA information for any of its own signaling purposes.

If the received INVITE already has a SHAKEN or DIV PASSporT, or you have not configured the egress for STIR/SHAKEN, the SBC does not make an authentication request to the STI-AS and, therefore, does not forward CALEA information. Furthermore, the SBC does not perform this function if it finds the P-NokiaSiemens.Session-Info header does not include a corrID parameter, of if the corrID is empty.

Note:

The text corrID is case sensitive.

The P-NokiaSiemens.Session-Info header may include multiple parameters in addition to a corrID, separated by semi-colons. If it contains multiple corrID parameters, the SBC uses the first corrID listed in the header for this function.

The SBC only forwards a maximum of 256 characters from a corrID. If a corrID length exceed 256 characters, the SBC truncates it so that it does not exceed 256 characters. The SBC does this by deleting all parameters and their values that cause the SipCallId to exceed 256 characters. In practice, this results in the SBC normally forwarding corrIDs that are less than 256 characters.

When enabled, the SBC inserts the corrID into a proprietary JSON parameter named “SipCallId”, and includes this parameter in standard authentication requests. This parameter does not conflict with other standard authentication parameters. An example of a SipCallId follows: 

“SipCallId”:“LU-1583529412591367-group0.example.com”

You enable this functionality using the sti-as-correlation-id in the sti-config: 

ORACLE(sti-config)# sti-as-correlation-id enabled