1. Essentials Guide
  2. Oracle USM Supporting the IMS Core
  3. SIP Digest User Authentication
  4. Authentication via MAR/MAA

Authentication via MAR/MAA

To authenticate the registering user, the Oracle Communications Unified Session Manager needs a digest realm, QoP, and the H(A1) hash. It requests these from a server, usually the HSS, by sending it a Multimedia Auth Request (MAR) message. The MAR’s AVPs are populated with:

  • Public-User-Identity—the SIP AOR of the endpoint being registered (same as UAR)
  • Private-User-Identity—the username from the SIP authorization header or the SIP AOR if the AOR for PUID parameter is enabled. (Same as UAR)
  • SIP-Number-Auth-Items—always set to 1
  • SIP-Auth-Data-Item -> SIP-Item-Number—always set to 1
  • SIP-Auth-Data-Item -> SIP-Authentication-Scheme—always set to SIP_DIGEST
  • Server-Name—the home-server-route parameter in the sip registrar configuration element. It is the URI (containing FQDN or IP address) used to identify and route to this Oracle Communications Unified Session Manager.

The Oracle Communications Unified Session Manager expects the MAA to include a SIP-Auth-Data-Item VSA, which includes digest realm, QoP and H(A1) information as defined in RFC2617. The information is cached for subsequent requests. Any result code received from the HSS other than DIAMETER_SUCCESS results in a 403 error response returned for the original request.

The MAR/MAA transaction is conducted with the server defined in the credential retrieval config parameter found in the sip-authentication profile configuration element. This parameter is populated with the name of a home-subscriber-server configuration element.