OAuth 2.0 Support

The Oracle Communications Unified Session Manager supports Open Authorization (OAuth) in addition to SIP digest authentication for user authorization within ENUM deployments. Both authorization methods can be operational simultaneously, allowing some users to authorize via OAuth and others via SIP digest. Applicable scenarios include authorizing registrations, subscriptions and invites.

OAuth uses HTTP to provide end users with access to services from OAuth 2.0 protected resources using various clients. OAuth also allows users to authorize third-party access to their services using user-agent redirections rather than sharing username password pairs. Any party presenting the proper bearer token can be authenticated. The methodology avoids the use of cryptographic keys, and requires protection from token disclosure during transit and storage. OAuth assumes a secure exchange of credential validation information between end points, specifically an OAuth client and server, prior to operation.

The Oracle Communications Unified Session Manager implements OAuth in compliance with RFCs 6749 and 6750. OAuth typically requires deployment-specific compliance beyond RFC compliance. The Oracle Communications Unified Session Manager allows for typical deployment environments via configuration.

You configure the Oracle Communications Unified Session Manager to use OAuth by creating OAuth profiles and applying them globally and/or to specific interfaces. Interface profiles take precedence. In addition, you specify the server that the Oracle Communications Unified Session Manager must contact for authentication using Oracle ’s Session Processing Language (SPL). Note that this functionality requires that you upload a script file, provided by Oracle , and run an ACLI command to configure the script to use your server. This script file is referred to as a plug-in.