pyhss icon indicating copy to clipboard operation
pyhss copied to clipboard
Published 1 month ago verified publisher icon nickvsnetworking

Issue with IMS User Authentication Using AKAv1-MD5 in PyHSS

Open Pandi1981 opened this issue 1 year ago • 1 comments

We are encountering an issue while using PyHSS for IMS user registration with the AKAv1-MD5 algorithm. We have successfully created a user in PyHSS, and the MAR-MAA exchange works fine. However, when we attempt to perform a REGISTER request from the IMS client, the user fails to authenticate at the SCSCF node.

Below is the JSON configuration used when creating the user via the Swagger API:

  1. AUC Configuration: curl -X 'PUT'
    'http://localhost:8080/auc/'
    -H 'accept: application/json'
    -H 'Content-Type: application/json'
    -d '{ "ki": "fbca78108e9ac2aa326a333f5e9a666b", "opc": "6919eddacf87a2c03f1938884540e46d", "amf": "8000", "sqn": "1" }'

  2. Subscriber Configuration: curl -X 'PUT'
    'http://localhost:8080/subscriber/'
    -H 'accept: application/json'
    -H 'Content-Type: application/json'
    -d '{ "default_apn": 1, "roaming_rule_list": null, "apn_list": "0", "subscribed_rau_tau_timer": 600, "msisdn": "123451000001", "ue_ambr_dl": 0, "ue_ambr_ul": 0, "imsi": "001001000090009", "nam": 2, "enabled": true, "roaming_enabled": null, "roaming_rule_list": null, "auc_id": 7 }'

  3. IMS Subscriber Configuration: curl -X 'PUT'
    'http://localhost:8080/ims_subscriber/'
    -H 'accept: application/json'
    -H 'Content-Type: application/json'
    -d '{ "pcscf_realm": null, "scscf_realm": null, "pcscf_active_session": null, "scscf_peer": null, "msisdn": "123451000001", "pcscf_timestamp": null, "sh_template_path": "default_sh_user_data.xml", "msisdn_list": "123451000001", "pcscf_peer": null, "last_modified": "2024-04-25T00:33:37Z", "imsi": "001001000090009", "xcap_profile": null, "ifc_path": "default_ifc.xml", "sh_profile": null, "pcscf": null, "scscf": null, "scscf_timestamp": null }'

Issue:

We are able to successfully get the MAR-MAA exchange. However, when the IMS client sends a REGISTER request with the authentication header, the SCSCF node does not authenticate the user. Note: The SCSCF is configured with the AKAv1-MD5 algorithm for authentication.

Questions:

Does PyHSS support the AKAv1-MD5 authentication algorithm, or does it only support MD5? Are there any issues in the configuration that could prevent the user from being authenticated? We would appreciate your assistance in confirming whether PyHSS supports AKAv1-MD5 or if there might be any configuration errors on our side.

Looking forward to your response.

Pandi1981 avatar Dec 25 '24 09:12 Pandi1981