Versions Compared

Old Version 25

changes.mady.by.user Baremans, Eric

Saved on

compared with

New Version 26

changes.mady.by.user Huggett, Paul

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
titleIntroduction

To insure ensure that a device is right device that is allowed to download the provisioning file, the access to the (HTTP(S))provisioning server can be protected using HTTP Digest.

A username and password can be used to confirm the identity of a user before sending sensitive information.

Panel
title1. Normal HTTP Digest Authentication Scheme
 
Column
width50%



 

  1. The Maxwell sends the server a request to download the provisioning template.
  2. The WEB-server receives the request and requires an authentication. The WEB-server checks if the authentication information is in the request. Because this is the first request, there is no authentication information available. The WEB-server responds returning an 401 Unauthorized.
  3. The client receives the WEB-server challenge and gathers the required credentials. A new request is send sent containing the username and hashed secret key.

    Username = Maxwell MAC address (12 Digits)
    Password = Maxwell MAC-ID (12 Digits)

    The MAC-ID can be collected when you register the device to the Gigaset Re-direct server.
  4. When username and password are correct, the provisioning template is downloaded.
Column
width50%

Panel
title2. First Authentication fails

 

 
Column
width50%



  1. The client receives the WEB-server challenge and gathers the required credentials. A new request is send sent containing the username (MAC address) and hashed secret key (MAC-ID).
  2. The WEB-server receives the request and requires an authentication. The WEB-server checks if the authentication information is in the request. The wrong authentication information is available. The WEB-server responds returning an 401 Unauthorized.
  3. The client receives the WEB-server challenge and gathers the required credentials coming from the device configuration. A new request is send sent containing the username and hashed secret key.

    Username = Settings - System - Security - HTTP digest username
    Password = Settings - System - Security - HTTP digest password

Column
width50%

Panel
title3. Second Authentication fails
Column
width50%

This functionality is available from Software 2.18.3 or higher.


  1. The client receives the WEB-server challenge and gathers the required credentials coming from the device configuration. A new request is send sent containing the username and hashed secret key.
  2. The WEB-server receives the request and requires an authentication. The WEB-server checks if the authentication information is in the request. The wrong authentication information is available. The WEB-server responds returning an 401 Unauthorized.
  3. On the Maxwell display, the user can add the Username and Password Manually.


    If you press "No" key then menu will be gone after 60 seconds.
    If you press "Any" key then 60 seconds timer will be set to 0 again, 60 seconds after pressing the last key, the menu will be gone.
    To start provisioning using these credentials, you need to press the "Save" key.
    You can try 3 times, will still fails, the menu will be gone. You need to reboot or press provisioning in web-interface to get menu again.
    If the entry is correct, the username and password is stored in the web-interface:

Column
width50%

Panel
titleProvisioning

The following provisioning Parameters are available, these values are used in step 3.

Web-interface: Settings - System - Security
System.Security.HTTPAuthUsername HTTP Digest username
System.Security.HTTPAuthPassword HTTP Digest password
Panel
titleBroadsoft

When connected to Broadsoft, the HTTP Digest username and password in the Broadsoft web-interface can be found:

Go to: Users - Profile - Addresses - Configure Identify/Device Profile - Authentication

FAQ Maxwell 3 / Basic: HTTP Digest

 

...