Authentication Server
STIR/SHAKEN Authentication Server (STI-AS)
Note: Brekeke SIP Server Premium Edition is required.
1. Enable the STI-AS function
In the [STIR/SHAKEN AS] > [STI-AS Settings] page, set “on” at the [On/Off].
2. Import the key
In the [STIR/SHAKEN AS] > [STI-AS Keys] page, push [New Key] for adding new private key.
Item | Description |
Key ID | ID for referencing the key from DialPlan |
Key File | Private key file in PEM or DER format |
Certificate URL | HTTPS/HTTP URL for the certificate file |
The key with “Default” mark is selected automatically if matched DialPlan rules didn’t specify the preferred Key ID.
3. Enable the Event log (Optional)
In the [STIR/SHAKEN AS] > [STI-AS Settings] page, set “on” at the [Event Log].
4. Enable the Debug log (Optional)
In the [Diagnostics] > [Debug Logs] page, check [STIR/SHAKEN] category and push [Update].
5. Add DialPlan rule (Optional)
In the default, the STI-AS function automatically determines the attestation and insert Identity: header.
For tuning a STI-AS behavior, use DialPlan rules.
5.1. Variables
– Define the Attestation Indicator (“attest”)
Syntax:
&sti.as.attest = <ATTEST>
Example:
&sti.as.attest = A
– Use a certain key for signing Identity: header
Syntax:
&sti.as.keyid = <KEY-ID>
Example:
&sti.as.keyid = production
If no Key ID is specified, the default key will be used.
– Replace preexisting Identity: header
Syntax:
&sti.as.exist-identity = <MODE>
Example:
&sti.as.exist-identity = 1
Mode:
0 = Keep existing Identity: header and not insert new one. (default)
1 = Remove the existing Identity: header and insert new one
2 = Keep existing Identity: header and insert new one.
– Disable the adding of Identity: header
Syntax:
&sti.as.use = false
In the default, the STI-AS function adds Identity: header to all outgoing INVITE requests.
5.2. Sample DialPlan rules
Set the stored attest if the caller number is listed in the Alias database. Othwerwise set the attest ‘C‘.
[Matching Patterns] $request = ^INVITE From = sip:.*(\d{10})@ [Deploy Patterns] &sti.as.attest = %{$alias.lookup( "%1", "tn", "C" )}