Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1817
Views
0
Helpful
6
Replies

Is Digest User necessary in Protocol Specific window for Jabber authentication ?

Kent Drugge
Level 1
Level 1

‎08-08-2017 09:51 AM - edited ‎03-18-2019 12:19 PM

CUCM etc. 10.5 - We have Active Directory sync'd users and the Devices have the Owner populated (csf, bot, tct) and the devices are set as Controlled devices for the user. However, authentication sometimes has issues. If we populate Digest user, this seems to help. But some users with Digest user set, still have not been able to log in on Jabber. My thought is the Digest user is overriding the Ldap user authentication. So if the Ldap auth is having an issue, Digest user is hiding / bypassing that problem. The biggest issue seems to come from android devices. Your thoughts ?

Labels:
0 Helpful
6 Replies 6

Andrew West
Level 4
Level 4

‎08-08-2017 05:25 PM

Digest authentication is not required for Jabber. 

Looking at the SIP profile assigned to the Jabber device will help to explain why. 

I can explain that a bit more tomorrow when Im back in the office. 

0 Helpful

Vaijanath Sonvane
VIP Alumni
VIP Alumni
In response to Andrew West

‎08-08-2017 08:53 PM

Hi Kent,

Digest Authentication allows Cisco Unified Communications Manager to challenge the identity of a device (SIP Trunk or SIP Phone) that is connecting to it. When challenged, the device presents its digest credentials, similar to a username and password, to Cisco Unified Communications Manager for verification. If the credentials that are presented match those that are configured in the database for that device, digest authentication succeeds, and Cisco Unified Communications Manager processes the SIP request. When you enable digest authentication for a phone, Cisco Unified Communications Manager challenges all requests for phones that are running SIP except keepalive messages.

Cisco Jabber for Windows/Mac doesn't have Digest Authentication under Device Security Profile. So, I assume it doesn't require Digest Authentication.

But for Cisco Jabber for iPhone, Android and Tablet, you have three options related to Digest Authentication:

  1. Disable SIP Digest Authentication—Disable SIP Digest Authentication if your deployment does not use this feature
  2. Enable SIP Digest Authentication with automatic password authentication
  3. Enable SIP Digest Authentication with manual password authentication

1           Disable SIP Digest Authentication

1.1             Sign in to the Unified CM Administration portal.

1.2             Navigate to the device page.

1.3             Complete the authentication details in the Product Specific Configuration Layout section.

1.3.1                 In the Enable SIP Digest Authentication drop-down list, select “Disabled.”

1.3.2                 Leave SIP Digest Username blank.

1.4             Restart Cisco Jabber.

2           Enable SIP Digest Authentication with Automatic Password Authentication

2.1             On each End User page, in the User Information section, complete the following tasks:

2.1.1                 In the User ID field, verify that the user ID is entered.

2.1.2                 In the Digest Credentials field, enter the digest credentials.

2.1.3                 In the Confirm Digest Credentials field, reenter the digest credentials.

2.2             On the same device page, complete the authentication details in the Product Specific Configuration Layout section:

2.2.1                 Leave SIP Digest Username blank.

2.3             Restart Cisco Jabber.

3           Enable SIP Digest Authentication with Manual Password Authentication

3.1             On each End User page, in the User Information section, complete the following tasks:

3.1.1                 In the User ID field, verify that the user ID is entered.

3.1.2                 In the Digest Credentials field, enter the digest credentials.

3.1.3                 In the Confirm Digest Credentials field, reenter the digest credentials.

3.2             Make a note of this password. You provide this password to the user later.

3.3             On the same device page, complete the authentication details in the Product Specific Configuration Layout section:

3.3.1                 In the Enable SIP Digest Authentication list, select Enabled.

3.3.2                 For the SIP Digest Username, enter the digest user you just selected.

3.4             Restart Cisco Jabber and step through the setup wizard again.

 

For more information, please check below URL:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/iPad/9_x/JABP_BK_J3C828CB_00_jabber-for-ipad-admin-9-1-1_chapter_010.html#JABI_RF_SEAFA075_00

 

Thanks,

Vaijanath S.

Please rate if this is helpful.

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

0 Helpful

Kent Drugge
Level 1
Level 1
In response to Andrew West

‎08-09-2017 08:30 AM

Hi Andrew,  I would appreciate hearing more about this. Thank you,

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎08-08-2017 10:44 PM

Hi,

Digest authentication isn't required for Jabber unless you enable it in SIP profile. The best you can do is to share the log file from windows machine (C:\Users\%%\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs) or RTMT traces. 

0 Helpful

Kent Drugge
Level 1
Level 1
In response to Mohammed al Baqari

‎08-09-2017 08:29 AM

I think I need to be more specific, In the Protocol Specific window, we have the Digest User set = the User ID set from the End User page. This is similar to setting the device owner. 

I have also used this with Counterpath Bria app for android to make authentication work and not enabled Product Specific Config > Enable Sip Digest Authentication = Disabled.

Also, In any case where Ldap sync is set for username / password and Digest user is set up correctly, Does one take precedence for authentication?

Mohammed, When you say, "Digest authentication isn't required for Jabber unless you enable it in SIP profile", Under Protocol Specific Info window, SIP Profile - (Jabber SIP Profile in my case) There is no Digest enable / disable within the SIP Profile configuration page = Device > Device Settings > Sip Profile. 

Under Product Specific Config, there is Enable / Disable the Enable Sip Digest Authentication (I'm not seeing this as = Sip Profile)

0 Helpful

Vaijanath Sonvane
VIP Alumni
VIP Alumni
In response to Kent Drugge

‎08-09-2017 08:49 AM

Hi Kent,

For Digest User, the digest credentials are setup on end user page and those are local to the CUCM database. The digest credentials are not synced with LDAP.

So, in my view, Digest User and Digest Credentials has higher preference over LDAP Authentication.

Thanks,

Vaijanath S.

Please rate if this is helpful.

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents