Error while registering - Forbidden - Digest Authentication fails on 4.2.2
Brought to you by:
krunalhire
Menu
▾
▴
#2380 Error while registering - Forbidden - Digest Authentication fails on 4.2.2
Need-Details
nobody
None
Medium
Defect
2014-12-10
2013-05-30
Anonymous
No
Originally created by: caru...@gmail.com
What steps will reproduce the problem?
1. configure SIP profile to be used with CiscoUCM 6.1
2. replicate seme exact profile, config and credentials used successfully on a 4.1.1 Galaxy S3 to a new 4.2.2 Galaxy S4
3. verify every single parameter several times, including network configuration
What is the expected output? What do you see instead?
I would expect the phone to register instead I get "Error while registering - Forbidden"
What version of the product are you using? On what device / operating
system?
1.00.00 [r2225] on a Galaxy S4 running Android 4.2.2
Please provide any additional information below.
I compared the diagnostic logging between the two phone and everything looks the same, but on the S4 (same exact version of csipsimple with same exact credentials) the digest authentication fails..
D/libpjsip( 5437): Authorization: Digest username="lnonino", realm="ccmsipline", nonce="7NqmdRCT3VWP+Ch9muYQcJoDLBP0Lzvc", uri="sip:192.168.111.9", response="c14680db224164f383f5e9e01187904d", algorithm=MD5
D/libpjsip( 5437): Content-Length: 0
D/libpjsip( 5437):
D/libpjsip( 5437): --end msg--
D/libpjsip( 5437): 10:09:46.239 pjsua_core.c .RX 366 bytes Response msg 100/REGISTER/cseq=19739 (rdata0x6d147f5c) from UDP 192.168.111.9:5060:
D/libpjsip( 5437): SIP/2.0 100 Trying
D/libpjsip( 5437): Date: Mon, 30 May 2005 14:09:29 GMT
D/libpjsip( 5437): From: "2959" <sip:2959@192.168.111.9>;tag=LP3Xp7tKwUkfXpIqsbo0e1jXP1ZzsVAc
D/libpjsip( 5437): Content-Length: 0
D/libpjsip( 5437): To: "2959" <sip:2959@192.168.111.9>;tag=1495640922
D/libpjsip( 5437): Call-ID: rd1BdHfRVU4-nx1InJICb1S5tzE.7VbU
D/libpjsip( 5437): Via: SIP/2.0/UDP 192.168.116.228:57394;rport;branch=z9hG4bKPjGV2vveyVcm61elex.Wb54copZPxu1aFA
D/libpjsip( 5437): CSeq: 19739 REGISTER
D/libpjsip( 5437):
D/libpjsip( 5437): --end msg--
D/libpjsip( 5437): 10:09:46.239 mobile_reg_han .mod_reg_tracker_on_rx_response
D/libpjsip( 5437): 10:09:46.239 mobile_reg_han .mod_reg_tracker_on_rx_response done
D/libpjsip( 5437): 10:09:46.244 pjsua_core.c .RX 422 bytes Response msg 403/REGISTER/cseq=19739 (rdata0x6d147f5c) from UDP 192.168.111.9:5060:
D/libpjsip( 5437): SIP/2.0 403 Forbidden
D/libpjsip( 5437): Date: Mon, 30 May 2005 14:09:29 GMT
D/libpjsip( 5437): Warning: 399 cmsub1 "Digest authentication failure"
It looks like an issue with properly executing the Digest authentication under 4.2.2. Is there any workaround or does it need to be fixed in the code?
Thank you in advance,
Sergio Tagliapietra
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: caru...@gmail.com
ps: I now also tested it against a CallManager 5.1.3.5000-3 cluster with exactly the same error. I can use that cluster with the same exact release of csipsimple and configuration on a 4.1.1 Galaxy S3. I hoped to find errors in my setup but after testing for a couple of days I feel confident that this is a software glitch. Thanks and let me know if you have a quick suggestion on how to rectify this.
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: caru...@gmail.com
I wonder if it's because of the changes in SecureRandom under Android 4.2.. ? http://android-developers.blogspot.com/2013/02/security-enhancements-in-jelly-bean.html
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: r3gis...@gmail.com
Mmmmh, your last point is interesting for other problems and can normally be workaround with the fullOpenSSL version (a version that bundle openssl)
http://nightlies.csipsimple.com/specific_builds/CSipSimple-fullOpenSSL.apk
But normally for the digest authentication openssl is not used (it's used for ZRTP and TLS but for digest auth it's just a md5).
So you can try the fullOpenSSL version but I doubt it will help.
The only other potential root cause of this kind of problem is usually a password or auth username not valid (what happens very often is to have the keyboard of the phone that changes the cases/auto-complete something wrong or add extra spaces). But if you checked several times, it's maybe something else.
What you could try to be sure you have exactly same configuration is to backup the configuration from your S3 (in accounts > menu > backup) and get the file exported on the sdcard (remove it while you get it from the S3 sdcard for better security). And then put this file on the sdcard of the S4 (in same folder). And then on the S4, in accounts > menu > restore the file from the sdcard (and remove the file from the sdcard once restored for better security)
Status: Need-Details
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: caru...@gmail.com
I was saddened by seeing this issue closed as I strongly believe it's a
real issue.
Believe me, I tried with several different acount and on different CUCM
clusters and the credentials are absolutely and 101% correct; there is
something that gets the authentication to fail on the S4 but I can't say
what it is.
Any other idea?
(I'm an ex network administrator and now IT Manager for a multinational
corporation with 8+ years of experience in VOIP systems; I'm not a
programmer but please believe me when I say that the configuration is
correct).
Thanks.. I hope you have some other ideas/suggestions.
Sergio
ps: also.. I'm actually not the only user reporting this. I believe issue
2356 has probably the same exact cause
Related
Tickets: #2356
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: scan...@googlemail.com
Error while registering - Forbidden:
Using a password without non-alphanumericals like ". , !" etc. solved the issue for me. Nothing wrong with CSIP or Android 4.2x here. Still slightly astonishing as 6 months earlier non-alphanumericals were accepted for passwords.
Cheers
Gregor
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: caru...@gmail.com
My password just had numbers and lowercase letters really..
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: run...@gmail.com
I have the same issue with Android 4.1.1 and Call Manager 8.6: I get Digest Authentication failure. I've tried with a Sony Xperia E. With SIPDroip same digest worked fine. I've tried first with a password with non-alphanumericals, and then changed to one with lowercase and numbers only with same result.
Did you finally manage to solve the problem?
Thanks in advance,
Natalia
View and moderate all "tickets Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Tickets"
Originally posted by: vermasac...@gmail.com
Hi,
I have the same issue and I am giving alphanumeric password only still giving same error. Could you please help me in this.
this is my error.....
17:54:26.730 pjsua_acc.c ....SIP registration error: Credential failed to authenticate (PJSIP_EFAILEDCREDENTIAL) [status=171100]
Thanks,
Sachin