I raised an issue to herlesupreeth for an authentication issue, but it might be related to pyHSS. Can you help me check it? Here the details:
After I successfully attach a srsue_zmq container and establish the connectivity towards kamailio's P-CSCF, registration fails with 403 Authentication Failed. I'm using a SIPp client and REGISTER message successfully reaches S-CSCF, but I can see that pyHSS's MAA specifies to use Algorithm MD5 instead of AKAv1-MD5. I have tried to check how to change the algorithm in pyHSS but haven't found where exactly. I also tried to bypass and force the algorithm on scscf.cfg file but 401 is always generated with Algorithm MD5
Besides the default configs in your repo, here are the subscriber provisioning data on pyHSS:
Hi Nick,
I raised an issue to herlesupreeth for an authentication issue, but it might be related to pyHSS. Can you help me check it? Here the details:
After I successfully attach a srsue_zmq container and establish the connectivity towards kamailio's P-CSCF, registration fails with 403 Authentication Failed. I'm using a SIPp client and REGISTER message successfully reaches S-CSCF, but I can see that pyHSS's MAA specifies to use Algorithm MD5 instead of AKAv1-MD5. I have tried to check how to change the algorithm in pyHSS but haven't found where exactly. I also tried to bypass and force the algorithm on scscf.cfg file but 401 is always generated with Algorithm MD5
Besides the default configs in your repo, here are the subscriber provisioning data on pyHSS:
ims_subscriber _{ "msisdn": "9076543210", "imsi": "001011234567895", "sh_profile": "string", "scscf_timestamp": null, "scscf_realm": "ims.mnc001.mcc001.3gppnetwork.org", "last_modified": "2023-11-10T00:55:11Z", "msisdn_list": "[9076543210]", "ims_subscriber_id": 1, "ifc_path": "default_ifc.xml", "scscf": "sip:scscf.ims.mnc001.mcc001.3gppnetwork.org:6060", "scscfpeer": "scscf.ims.mnc001.mcc001.3gppnetwork.org" }
auc _{ "batch_name": null, "puk2": null, "misc4": null, "auc_id": 1, "sim_vendor": null, "lastmodified": "2023-11-15T23:27:11Z", "esim": false, "lpa": null, "amf": "8000", "pin1": null, "sqn": 1072, "pin2": null, "misc1": null, "iccid": null, "puk1": null, "misc2": null, "imsi": "001011234567895", "misc3": null }
subscriber _{ "enabled": true, "subscriber_id": 1, "default_apn": 2, "apn_list": "1, 2", "ue_ambr_dl": 0, "nam": 0, "serving_mme": null, "serving_mme_realm": null, "last_modified": "2023-11-14T17:44:32Z", "imsi": "001011234567895", "auc_id": 1, "msisdn": "9076543210", "ue_ambr_ul": 0, "subscribed_rau_tau_timer": 300, "serving_mme_timestamp": null, "serving_mmepeer": null }
scscf.cfg _#Select Authorization Algorhithm:
!define REG_AUTH_DEFAULT_ALG "AKAv1-MD5"
!define REG_AUTH_DEFAULT_ALG "AKAv2-MD5"
!define REG_AUTH_DEFAULT_ALG "MD5"
!define REG_AUTH_DEFAULT_ALG "CableLabs-Digest"
!define REG_AUTH_DEFAULT_ALG "3GPP-Digest"
!define REG_AUTH_DEFAULT_ALG "TISPAN-HTTP_DIGEST_MD5"
Let the HSS decide
!define REG_AUTH_DEFAULTALG "HSS-Selected"
capture 20231207c.zip
Here the related case with herlesupreeth: https://github.com/herlesupreeth/docker_open5gs/issues/263
Thanks in advance!