cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1287
Views
0
Helpful
6
Replies
Kent Drugge
Beginner

Is Digest User necessary in Protocol Specific window for Jabber authentication ?

CUCM etc. 10.5 - We have Active Directory sync'd users and the Devices have the Owner populated (csf, bot, tct) and the devices are set as Controlled devices for the user. However, authentication sometimes has issues. If we populate Digest user, this seems to help. But some users with Digest user set, still have not been able to log in on Jabber. My thought is the Digest user is overriding the Ldap user authentication. So if the Ldap auth is having an issue, Digest user is hiding / bypassing that problem. The biggest issue seems to come from android devices. Your thoughts ?

6 REPLIES 6
Andrew West
Enthusiast

Digest authentication is not required for Jabber. 

Looking at the SIP profile assigned to the Jabber device will help to explain why. 

I can explain that a bit more tomorrow when Im back in the office. 

Hi Kent,

Digest Authentication allows Cisco Unified Communications Manager to challenge the identity of a device (SIP Trunk or SIP Phone) that is connecting to it. When challenged, the device presents its digest credentials, similar to a username and password, to Cisco Unified Communications Manager for verification. If the credentials that are presented match those that are configured in the database for that device, digest authentication succeeds, and Cisco Unified Communications Manager processes the SIP request. When you enable digest authentication for a phone, Cisco Unified Communications Manager challenges all requests for phones that are running SIP except keepalive messages.

Cisco Jabber for Windows/Mac doesn't have Digest Authentication under Device Security Profile. So, I assume it doesn't require Digest Authentication.

But for Cisco Jabber for iPhone, Android and Tablet, you have three options related to Digest Authentication:

  1. Disable SIP Digest Authentication—Disable SIP Digest Authentication if your deployment does not use this feature
  2. Enable SIP Digest Authentication with automatic password authentication
  3. Enable SIP Digest Authentication with manual password authentication

1           Disable SIP Digest Authentication

1.1             Sign in to the Unified CM Administration portal.

1.2             Navigate to the device page.

1.3             Complete the authentication details in the Product Specific Configuration Layout section.

1.3.1                 In the Enable SIP Digest Authentication drop-down list, select “Disabled.”

1.3.2                 Leave SIP Digest Username blank.

1.4             Restart Cisco Jabber.

2           Enable SIP Digest Authentication with Automatic Password Authentication

2.1             On each End User page, in the User Information section, complete the following tasks:

2.1.1                 In the User ID field, verify that the user ID is entered.

2.1.2                 In the Digest Credentials field, enter the digest credentials.

2.1.3                 In the Confirm Digest Credentials field, reenter the digest credentials.

2.2             On the same device page, complete the authentication details in the Product Specific Configuration Layout section:

2.2.1                 Leave SIP Digest Username blank.

2.3             Restart Cisco Jabber.

3           Enable SIP Digest Authentication with Manual Password Authentication

3.1             On each End User page, in the User Information section, complete the following tasks:

3.1.1                 In the User ID field, verify that the user ID is entered.

3.1.2                 In the Digest Credentials field, enter the digest credentials.

3.1.3                 In the Confirm Digest Credentials field, reenter the digest credentials.

3.2             Make a note of this password. You provide this password to the user later.

3.3             On the same device page, complete the authentication details in the Product Specific Configuration Layout section:

3.3.1                 In the Enable SIP Digest Authentication list, select Enabled.

3.3.2                 For the SIP Digest Username, enter the digest user you just selected.

3.4             Restart Cisco Jabber and step through the setup wizard again.

 

For more information, please check below URL:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/iPad/9_x/JABP_BK_J3C828CB_00_jabber-for-ipad-admin-9-1-1_chapter_010.html#JABI_RF_SEAFA075_00

 

Thanks,

Vaijanath S.

Please rate if this is helpful.

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.

Hi Andrew,  I would appreciate hearing more about this. Thank you,

Mohammed al Baqari
VIP Advisor

Hi,

Digest authentication isn't required for Jabber unless you enable it in SIP profile. The best you can do is to share the log file from windows machine (C:\Users\%%\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs) or RTMT traces. 

I think I need to be more specific, In the Protocol Specific window, we have the Digest User set = the User ID set from the End User page. This is similar to setting the device owner. 

I have also used this with Counterpath Bria app for android to make authentication work and not enabled Product Specific Config > Enable Sip Digest Authentication = Disabled.

Also, In any case where Ldap sync is set for username / password and Digest user is set up correctly, Does one take precedence for authentication?

Mohammed, When you say, "Digest authentication isn't required for Jabber unless you enable it in SIP profile", Under Protocol Specific Info window, SIP Profile - (Jabber SIP Profile in my case) There is no Digest enable / disable within the SIP Profile configuration page = Device > Device Settings > Sip Profile. 

Under Product Specific Config, there is Enable / Disable the Enable Sip Digest Authentication (I'm not seeing this as = Sip Profile)

Hi Kent,

For Digest User, the digest credentials are setup on end user page and those are local to the CUCM database. The digest credentials are not synced with LDAP.

So, in my view, Digest User and Digest Credentials has higher preference over LDAP Authentication.

Thanks,

Vaijanath S.

Please rate if this is helpful.

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.
Content for Community-Ad

Spotlight Awards 2021