Enable Session Initiation Protocol (SIP) flow token security

The Session Initiation Protocol (SIP) container supports client-initiated connection reuse. SIP flow token security enables you to establish communication between a server and SIP clients in situations where the SIP clients can create a connection to the server, but are not prepared to accept connections from the server.

Manage client-initiated connections in the SIP container involves generating flow tokens, as described in the SIP standard RFC 5626. When the SIP container delivers a flow token to the network, it encodes the token in a way that prevents anyone from modifying this token. When the container receives a flow token that it previously generated, it decodes the flow token and verifies its integrity.

WebSphere Application Server SIP flow token security implements the outbound SIP protocol extension, as defined in RFC 5626, with the following exceptions:

• Only TCP and TLS stream transports are supported.
• UDP flows are not reused.
• TCP keepalives are supported, but STUN keepalives are not.
• Support of this protocol extension is provided for SIP applications that act as a proxy/registrar, as described in RFC 5626, but not as a user agent, as described in this RFC.

Encoding and decoding the flow token requires a pre-defined key. The SIP container obtains this security key from the SIP container settings. Complete the following steps to configure the SIP container to support flow token security.

1. Create a key set, if one does not already exist.

   If we already have a key set configured, we can use that key set as the key set for SIP flow token security.

   If we need to create a new key set, the scope of the key set must be at the cell level. See the topic Create a key set configuration for a description of how to create a new key set.

2. Add the com.ibm.ws.sip.key.set custom property to the SIP container settings.

   1. In the console, open the configuration tab for the server...
      Servers | Server Types | WebSphere application servers | server_name | Container settings | SIP Container settings | SIP container | Additional properties | Custom Properties | New

   2. On the settings page, specify com.ibm.ws.sip.key.set in the Name field, and the name of the key set to use for flow token security in the Value field.

   3. Click Apply or OK.

   4. Click Save on the console task bar to save your configuration changes.

   5. Restart the server.

Results

SIP flow token security is enabled for the SIP container.

Related tasks

Browse all SIP topics

Create a key set configuration