Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 3 — SIP messages for a provisioning subscription
VCS Deployment Guide: Device authentication on Cisco VCS (VCS X7.1)
Page 26 of 47
Appendix 3 — SIP messages for a provisioning
subscription
subscription
Active Directory (direct)
The ladder diagram below shows the call flow for SIP messaging when authentication is challenged
using NTLM (Active Directory direct).
using NTLM (Active Directory direct).
The provisioning server may reside on the VCS which authenticates the messaging – in which case
the destination of the signaling will be seen as 127.0.0.1, alternatively the messages may be sent to a
different VCS (for example, a VCS Control from a VCS Expressway) where the provisioning server
resides.
the destination of the signaling will be seen as 127.0.0.1, alternatively the messages may be sent to a
different VCS (for example, a VCS Control from a VCS Expressway) where the provisioning server
resides.
Endpoint
VCS
Provisioning server
Subscribe
407 Proxy Authentication Required
with SIP header: ‘Proxy-Authenticate:
NTLM realm="<VCSHostID>",
qop="auth",
targetname="<VCSHostID>"’
Subscribe
with SIP header: ‘Proxy-Authorization:
NTLM qop="auth",
realm="<VCSHostID>",
targetname="<VCSHostID>", gssapi-
data=""’
407 Proxy Authentication Required
with SIP header: ‘Proxy-Authenticate:
NTLM realm="<VCSHostID>",
opaque="<opData>",
targetname="<VCSHostID>", gssapi-
data="<gsData>"’
Subscribe
with ‘Proxy-Authorization: NTLM
qop="auth", realm="<VCSHostID>",
targetname="<VCSHostID>",
opaque="<opData>", gssapi-
data="<MoviGsData>"’
Subscribe
with SIP header: ‘P-Asserted-Identity:
<sip:<assertedID>>’
200 OK
200 OK