[SR-Users] Failed AKAv1-MD5 authentication with Boghe

Daniel-Constantin Mierla miconda at gmail.com
Fri Oct 18 09:24:05 CEST 2019 

Hello,

try to set debug=3 in kamailio config files, restart, reproduce and see
if you get any hints about why it fails via the syslog debug messages.

Cheers,
Daniel

On 09.10.19 22:48, Bao, Yin wrote:
>
>  
>
> I have a Boghe (v2.0.153.836) working fine with Kamailio with MD5
> algorithm however fails to authenticate if I configure S-CSCF to use
> AKAv1-MD5. We have the same configuration on private user identity in
> FHoSS on both the succ MD5 run and failed AKAv1-MD5 run.
>
>  
>
> I wonder if anyone has faced this issue before. Here are some details
> on message exchanges:
>
>  
>
>   * S-CSCF included the challenge in 401 Unauthorized – Challenging
>     the UE:
>
>  
>
> /WWW-Authenticate: Digest realm="example.example.org",
> nonce="rzGnTBGPw3hE+mDPHrZ1PAAAAAAApAAAmfftHqYUuUA=",
> algorithm=AKAv1-MD5, ck="629d6d9a6a6befa509b1a9bb17a9c2a3",
> ik="32fcd14a102279de2e38200a2257efcb", qop="auth,auth-int"\r\n/
>
>  
>
>   * The same header was seen when 401 Unauth travelled through I-CSCF
>     and P-CSCF (shouldn’t P-CSCF strips out the ck and ik fields
>     before sending to UE?)
>
>  
>
>   * UE responded with another register with response:
>
>  
>
> /Authorization: Digest
> username="bob at example.example.org",realm="example.example.org",nonce="rzGnTBGPw3hE+mDPHrZ1PAAAAAAApAAAmfftHqYUuUA=",uri="sip:example.example.org",response="6445f9df2b785eab3fa461849880b48d",algorithm=AKAv1-MD5,cnonce="34baf441e99a23e0fcb2bc001355c4bf",qop=auth-int,nc=00000001\r\n/
>
> / /
>
>   * S-CSCF failed the calculation and sent back 403 Authentication Failed
>
>  
>
> I tried AKAv2-MD5 setting as default algorithm on S-CSCF and the
> result is the same as above. It seems that only MD5 works on my setup.
>
>  
>
> What are the different configs in HSS (or other places) AKAv1-MD5
> need? I checked the AMF/OP on both HSS and Boghe and they match. Boghe
> does not have SQN setting but I set HSS to start with 0.
>
>  
>
> Any pointers are appreciated!
>
>  
>
> Yin
>
>  
>
>  
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191018/637b4215/attachment.html>

More information about the sr-users mailing list