Hi There I initially set up my IMS in an AWS VPC, using chef. It worked out of the box without an HSS, I was able to use Ellis to provision accounts and they registered no problem using Bria 4. I decided to add an HSS (using ‘knife box’ to add an openimscore HSS instance) so that I can test our application servers. Now that I have the HSS integrated (there were niggles in the installation), I provisioned a new user on the HSS but the Bria phone will not authenticate, and a feedback loop is generated on the first REGISTER attempt. The problem seems to be related to nonce counting. The process seems to go like this:
UE REGISTER -> Bono Bono REGISTER -> icscf No Authorization. Challenge is built, and IMPI is created with nc=1, and stored icscf 401 -> Bono Bono 401 -> UE UE builds an Authorisation header UE REGISTER -> Bono Bono REGISTER -> icscf The Authorisation header contains nc=000001. IMPI is loaded and validation is successful. IMPI is stored with nc=2, log line 'Debug authenticationsproutlet.cpp:1033: Storing challenge because nonce counts are supported’ icscf REGISTER -> scscf-proxy The Authorisation header still contains nc=000001. IMPI is loaded, but log line says: 'Info authenticationsproutlet.cpp:971: Nonce count supplied (1) is lower than expected (2) - ignore it’ The Authorisation header is ignored and another 401 challenge is issued, and the UE responds …. and this causes a loop scscf-proxy 401 -> icscf icscf 401 -> Bono Bono 401 -> UE There seems to be a fundamental flaw here. The IMPI nc is incrementing, but the Authorisation header is not. I can’t see how this can work unless icscf increments nc in the authorisation header before sending it to the scscf Also please note: I disabled nonce_count_supported in shared_config, but the result was a log line ‘nonce count is supplied but not supported’ (or words to that effect) and the Authorisation header is again ignored, and there is a loop. How to move forward from here? I have searched in vain for a way to disable nonce count in Bria 4. I can provide logs if helpful, but they are long and I don’t want to clog everyone’s inbox. Kind regards Jim RedMatter Ltd Jim Page VP Mobile Services +44 (0)333 150 1666 +44 (0)7870 361412 [email protected]<mailto:[email protected]>
_______________________________________________ Clearwater mailing list [email protected] http://lists.projectclearwater.org/mailman/listinfo/clearwater_lists.projectclearwater.org
