08-08-2017 09:51 AM - edited 03-18-2019 12:19 PM
CUCM etc. 10.5 - We have Active Directory sync'd users and the Devices have the Owner populated (csf, bot, tct) and the devices are set as Controlled devices for the user. However, authentication sometimes has issues. If we populate Digest user, this seems to help. But some users with Digest user set, still have not been able to log in on Jabber. My thought is the Digest user is overriding the Ldap user authentication. So if the Ldap auth is having an issue, Digest user is hiding / bypassing that problem. The biggest issue seems to come from android devices. Your thoughts ?
08-08-2017 05:25 PM
Digest authentication is not required for Jabber.
Looking at the SIP profile assigned to the Jabber device will help to explain why.
I can explain that a bit more tomorrow when Im back in the office.
08-08-2017 08:53 PM
Hi Kent,
Digest Authentication allows Cisco Unified Communications Manager to challenge the identity of a device (SIP Trunk or SIP Phone) that is connecting to it. When challenged, the device presents its digest credentials, similar to a username and password, to Cisco Unified Communications Manager for verification. If the credentials that are presented match those that are configured in the database for that device, digest authentication succeeds, and Cisco Unified Communications Manager processes the SIP request. When you enable digest authentication for a phone, Cisco Unified Communications Manager challenges all requests for phones that are running SIP except keepalive messages.
Cisco Jabber for Windows/Mac doesn't have Digest Authentication under Device Security Profile. So, I assume it doesn't require Digest Authentication.
But for Cisco Jabber for iPhone, Android and Tablet, you have three options related to Digest Authentication:
For more information, please check below URL:
Thanks,
Vaijanath S.
Please rate if this is helpful.
08-09-2017 08:30 AM
Hi Andrew, I would appreciate hearing more about this. Thank you,
08-08-2017 10:44 PM
Hi,
Digest authentication isn't required for Jabber unless you enable it in SIP profile. The best you can do is to share the log file from windows machine (C:\Users\%%\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs) or RTMT traces.
08-09-2017 08:29 AM
I think I need to be more specific, In the Protocol Specific window, we have the Digest User set = the User ID set from the End User page. This is similar to setting the device owner.
I have also used this with Counterpath Bria app for android to make authentication work and not enabled Product Specific Config > Enable Sip Digest Authentication = Disabled.
Also, In any case where Ldap sync is set for username / password and Digest user is set up correctly, Does one take precedence for authentication?
Mohammed, When you say, "Digest authentication isn't required for Jabber unless you enable it in SIP profile", Under Protocol Specific Info window, SIP Profile - (Jabber SIP Profile in my case) There is no Digest enable / disable within the SIP Profile configuration page = Device > Device Settings > Sip Profile.
Under Product Specific Config, there is Enable / Disable the Enable Sip Digest Authentication (I'm not seeing this as = Sip Profile)
08-09-2017 08:49 AM
Hi Kent,
For Digest User, the digest credentials are setup on end user page and those are local to the CUCM database. The digest credentials are not synced with LDAP.
So, in my view, Digest User and Digest Credentials has higher preference over LDAP Authentication.
Thanks,
Vaijanath S.
Please rate if this is helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide