Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SPA112 - HTTP Authentication with Provisioning

Is it possible to provision a device with an HTTP server using HTTP Digest Authentication?

I've tried using the URL format of: http://username:password@example.com/spa.xml

But formatting it like that makes the SPA request the entire URL in a DNS query, which doesn't resolve properly.

Am I missing some username/password fields?

Thanks!

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

SPA112 - HTTP Authentication with Provisioning

I found some of the information you were looking for.

To include the username and password when you resync the phone,

the details are located in the provisioning guide p 90 here

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/csbpvga/ata/provisioning/guide/Provisioning.pdf

The word to search for is “digest authentication” We are talking about using the profile rule

Digest Authentication Support in Profile and Report Rule

Digest Authentication based on the username and password is defined as part of

profile rule and a report rule. The syntax is:

[--uid $SA]

[--pwd $SB]

In the following example, the phone uses this username and password when it is challenged by the server:

[--uid slee --pwd 1234] http://download.com/spacfg.xml

Dan

5 REPLIES
New Member

SPA112 - HTTP Authentication with Provisioning

I found some of the information you were looking for.

To include the username and password when you resync the phone,

the details are located in the provisioning guide p 90 here

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/csbpvga/ata/provisioning/guide/Provisioning.pdf

The word to search for is “digest authentication” We are talking about using the profile rule

Digest Authentication Support in Profile and Report Rule

Digest Authentication based on the username and password is defined as part of

profile rule and a report rule. The syntax is:

[--uid $SA]

[--pwd $SB]

In the following example, the phone uses this username and password when it is challenged by the server:

[--uid slee --pwd 1234] http://download.com/spacfg.xml

Dan

New Member

I am also having trouble with

I am also having trouble with this.  It took me some time to figure out how to populate the GPP_SA and GPP_SB variables.   I am still not sure I have done this part the easiest way.   To get it done, I generated a mostly blank config file setting these fields and placed it on an open HTTP server - then placed that URL in my profile rule field.

This initial config file sets $SA and $SB and also resets the profile rule to:

[--uid $SA --pwd $SB] http://myserver.com/?mac=$MA

I still seem to be failing HTTP Auth using this method.   

Anyone see what I am doing wrong?

The prov/HTTP server is nginx if that makes any difference.

Thanks

Thanks

VIP Gold

"Failing auth" may mean "no

"Failing auth" may mean "no authentication has been done at all", "no authentication of supported type", "incorrect name or password", ...

With no details, no way to help.

Create simple configuration with constant id and pwd (e.g. without macros), catch HTTP dialog between phone and nginx and analyze the true cause of failed authentication. We can continue then.

New Member

Sorry, after looking at a

Sorry, after looking at a trace it looks like the SPA is not sending auth at all.

The HTTP server sends a 401 Unauth, but then the SPA doesnt do anything further.

This is the same result when i use either

[--uid myuser --pwd mypass] http://myserver.com/?mac=$MA or

[--uid $SA --pwd $SB] http://myserver.com/?mac=$MA

something else I just noticed that I feel silly about is that this unit is an spa122 not 112.  not sure if that matters - latest firmware

Also, I have verified that I can download the file using a web browser.  I get the username/pw challenge popup and after entering i get the file.

VIP Gold

The answer is so simple.

The answer is so simple.

  • From the file you attached:
WWW-Authenticate: Basic realm="subdomain.mydomain.com Fri, 20 M...

Digest Authentication based on the username and password is defined as part of

profile rule and a report rule. The syntax is:

[--uid $SA]

[--pwd $SB]

Basic authentication is not supported.

1641
Views
0
Helpful
5
Replies