WAS v8.5 > Reference > Sets

SIP digest authentication settings page

Use this page to configure Session Initiation Protocol (SIP) digest authentication settings; these settings allow the SIP container to authenticate secured applications.

To view this dmgr console page, click Security > Global Security > Authentication > Web and SIP Security > SIP digest authentication.


Enable digest authentication integrity

Authentication integrity (auth-int) quality of protection (QOP) for digest authentication. Digest authentication defines two types of QOP: auth and auth-int. By default, basic authentication (auth) is used. If the value is set to True, the auth-int QOP is used, which is the highest level of protection.
Information Value
Data type Boolean
Default True


Enable SIP basic authentication

SIP container supports basic authentication. If the value is set to True, requests that have the Authorization header with basic schema are authenticated by the application server. Otherwise, digest authentication is required.
Information Value
Data type Boolean
Default False


Enable multiple use of nonce

Whether to enable multiple uses of the same nonce. If we use the same nonce more than once, then less system resources are required, however, the system is not as secure.
Information Value
Data type Boolean
Default False


Limit nonce maximum age

Whether to enable the nonce maximum age. If we do not disable this parameter, the nonce never expires.
Information Value
Data type Boolean
Default True


Nonce maximum age

Amount of time, in milliseconds, for which a nonce is valid. If the value is set to 1, the amount of time is considered to be infinite.
Information Value
Data type Integer
Default 1


LDAP cache clean intervals

Amount of time that must expire, in minutes, before the LDAP cache is cleaned.
Information Value
Data type Integer
Default 1.0


LDAP password attribute name

Specifies the LDAP attribute name that stores the user password .
Information Value
Data type String
Default Empty string


User cache clean intervals

Amount of time that must expire, in minutes, before the security subject cache is cleaned.
Information Value
Data type Integer
Default 15


Digest password server class

Java class name that implements the PasswordServer interface.
Information Value
Data type String
Default Empty string


Hashed credentials

Name of the LDAP field containing the hashed credentials. If a value is specified for this setting, then this setting overrides the pws_atr_name setting.

LDAP servers automatically provide password support. Unless you enable the LDAP server to use hashed values, the LDAP server stores user passwords and then the request processing component uses these passwords to validate a request. Because this method of authentication exposes user passwords to potential internet theft, you should enable the use of hashed credentials to authenticate a request.

When you enable the use of hashed credentials, the LDAP server stores a hash value for the user, password and realm information. The SIP container then requests this hash value from the LDAP server instead of asking for a user password. This methodology protects the passwords even if the hash data is compromised through internet theft. However, this methodology has the following limitations:

To enable the LDAP server to use hashed credentials, you must define the following two settings:

Information Value
Data type String
Default Empty string


Hashed realm

Specifies the realm for hashed credentials, if the hashed credentials setting is enabled.
Information Value
Data type String
Default Empty string


Related


Configure the SIP container
Configure security for the SIP container


+

Search Tips   |   Advanced Search