authentication OR security supoort while accessing IP Phone Service

Version 1
    This document was generated from CDN thread

    Created by: hemant bobade on 29-07-2009 10:35:24 AM
    Hello All,
     
    After we deploy IP Phone Service on IP Phone using CallManager. When user accesses the IP Phone service from IP Phone what is the security/authentication mechanism involved there?
    Also, when user accesses IP Phone service from IP Phone, then does request goes th' CallManager OR directly goes to application and server?
    Also, we can access the same IP Phone service url from browser on PC.
    What is the security/authentication mechanism involved in CU communicaion when calling IP Phone service from IP Phone?
     
    Thanks and appreciate your response,
    Hemant

    Subject: RE: authentication OR security supoort while accessing IP Phone Service
    Replied by: Anitha V on 29-07-2009 11:46:25 AM
    After we deploy IP Phone Service on IP Phone using CallManager. When
    user accesses the IP Phone service from IP Phone what is the
    security/authentication mechanism involved there?
    There is no default security/authentication mechanism involved.
    Also, when user
    accesses IP Phone service from IP Phone, then does request goes th'
    CallManager OR directly goes to application and server?
    It directly goes to the application
    Also, we can access the same IP Phone service url from browser on PC.
    You can access the  same IP Phone service url from browser on PC provided you haven't configured any authentication.
    What is the security/authentication mechanism involved in CU communicaion when calling IP Phone service from IP Phone?
    There is no default security/authentication mechanism.

    Subject: RE: authentication OR security supoort while accessing IP Phone Service
    Replied by: hemant bobade on 29-07-2009 12:39:45 PM
    Ok, that's a quick reply.
     
    So, there is no security involved in IP Phone and Service communicaation as DEFAULT. How can I change this DEFAULT behaviour.
     
    Also, if I want that the IP service link should only be accessible from IP Phone and not from the PC browser, Is it possible? How can I do that?
     
    Thanks,
    hemant
     

    Subject: RE: authentication OR security supoort while accessing IP Phone Service
    Replied by: David Staudt on 29-07-2009 01:50:22 PM
    When the phones makes the initial HTTP GET request to the server, no authentication mechanism is used.  If the server challenges for Basic auth, then the phone will prompt the user for credentials and resubmit the request with Basic auth.
     
    Other forms of authentication are not available and can not be configured, currently.  HTTPS support is roadmapped for upcoming releases.
     
    A web application can confirm that the request is coming from an IP phone by looking for the extra custom HTTP headers the phones submits with each request:
     
    x-CiscoIPPhoneModelName
    x-CiscoIPPhoneDisplay
    x-CiscoIPPhoneSDKVersion
     
    See the IPPS docs for additional information on these headers.