Patton electronic SmartNode 4110 Series ユーザーズマニュアル

Applications

SmartWare Software Configuration Guide 

2. Determine the identity which provides credentials. The name or the alias of the identity must match the 

user part of the from-uri. If there is no identity that matches and an identity-group with the name 
“default” is configured, the identity-group “default” is taken.

3. Determine the authentication-service which provides credentials. The authentication entries of the taken 

identity or identity-group are searched for an authentication-service that matches exactly the realm 
requested in the answer to our request. Then this authentication service is taken. If no match was found, 
an authentication service with no realm configured is taken.

4. Determine the authentication username which provides credentials. If the authentication entry of the 

identity which configures the taken authentication service has also configured a username this username is 
taken. If there is no username configured the name of the identity is taken as username. 

5. Take the credentials in the authentication service with the according username and provide username and 

password for re-issuing the request.

If one of these steps has no result and fails, authentication is not possible for that request.

The back-to-back user agent can challenge another sip user agent or proxy for authentication credentials.  The 
username and password used for challenges must be configured in an authentication-service. There must be at 
least one realm configured in the authentication-service. The first realm configured is used for challenging 
requests.

In an authentication-service, there can be multiple usernames and passwords. An identity which should be 
challenged can direct the authentication inbound face to a pair of credentials. There can be multiple identities 
using exactly the same credentials. An identity can also point to multiple credentials, but only the first entry is 
used for challenging. If an identity points to multiple credentials, any of these credentials are accepted in the 
answer as long as it is valid for the challenged realm.

If the gateway has to challenge credentials for unknown identities or for any identity which belongs to a certain 
domain, there can be a “default” identity-group. The challenging credentials configured in the identity-group 
“default” are used for any identity in this location-service that is not explicitly configured.

authentication-service AUTH_PATTON
  realm patton.com
  username kevin password Wh6Xbk9G= encrypted
  username dirk password Fa0Y9e4L= encrypted
  username boss password Q9Gns6Nd4= encrypted

location-service PATTON
  domain patton.com

  identity-group default
    authentication inbound
      authenticate 1 authentication-service AUTH_PATTON username kevin

  identity 400
    authentication inbound
      authenticate 1 authentication-service AUTH_PATTON username kevin
      authenticate 2 authentication-service AUTH_PATTON username dirk

  identity 555
    authentication inbound