I have a Boghe (v2.0.153.836) working fine with Kamailio with MD5 algorithm 
however fails to authenticate if I configure S-CSCF to use AKAv1-MD5. We have 
the same configuration on private user identity in FHoSS on both the succ MD5 
run and failed AKAv1-MD5 run.

I wonder if anyone has faced this issue before. Here are some details on 
message exchanges:

  *   S-CSCF included the challenge in 401 Unauthorized – Challenging the UE:

WWW-Authenticate: Digest realm="example.example.org", 
nonce="rzGnTBGPw3hE+mDPHrZ1PAAAAAAApAAAmfftHqYUuUA=", algorithm=AKAv1-MD5, 
ck="629d6d9a6a6befa509b1a9bb17a9c2a3", ik="32fcd14a102279de2e38200a2257efcb", 

  *   The same header was seen when 401 Unauth travelled through I-CSCF and 
P-CSCF (shouldn’t P-CSCF strips out the ck and ik fields before sending to UE?)

  *   UE responded with another register with response:

Authorization: Digest 

  *   S-CSCF failed the calculation and sent back 403 Authentication Failed

I tried AKAv2-MD5 setting as default algorithm on S-CSCF and the result is the 
same as above. It seems that only MD5 works on my setup.

What are the different configs in HSS (or other places) AKAv1-MD5 need? I 
checked the AMF/OP on both HSS and Boghe and they match. Boghe does not have 
SQN setting but I set HSS to start with 0.

Any pointers are appreciated!


Kamailio (SER) - Users Mailing List

Reply via email to