Enabling Session Initiation Protocol (SIP) flow token security

The Session Initiation Protocol (SIP) container supports client-initiated connection reuse. SIP flow token security enables you to establish communication between a server and SIP clients in situations where the SIP clients can create a connection to the server, but are not prepared to accept connections from the server.

About this task

Managing client-initiated connections in the SIP container involves generating flow tokens, as described in the SIP standard RFC 5626. When the SIP container delivers a flow token to the network, it encodes the token in a way that prevents anyone from modifying this token. When the container receives a flow token that it previously generated, it decodes the flow token and verifies its integrity.

WebSphere® Application Server SIP flow token security implements the outbound SIP protocol extension, as defined in RFC 5626, with the following exceptions:
  • Only TCP and TLS stream transports are supported.
  • UDP flows are not reused.
  • TCP keepalives are supported, but STUN keepalives are not.
  • Support of this protocol extension is provided for SIP applications that act as a proxy/registrar, as described in RFC 5626, but not as a user agent, as described in this RFC.

Encoding and decoding the flow token requires a pre-defined key. The SIP container obtains this security key from your SIP container settings. Complete the following steps to configure the SIP container to support flow token security.

Procedure

  1. Create a key set, if one does not already exist.

    If you already have a key set configured, you can use that key set as the key set for SIP flow token security.

    If you need to create a new key set, the scope of the key set must be at the cell level. See the topic Creating a key set configuration for a description of how to create a new key set.

  2. Add the com.ibm.ws.sip.key.set custom property to the SIP container settings.
    1. In the administrative console, expand Servers > Server Types > WebSphere application servers > server_name to open the configuration tab for the server.
    2. From Container settings, expand SIP Container settings, and click SIP container.
    3. From Additional properties, select Custom Properties > New.
    4. On the settings page, specify com.ibm.ws.sip.key.set in the Name field, and the name of the key set to use for flow token security in the Value field.
    5. Click Apply or OK.
    6. Click Save on the console task bar to save your configuration changes.
    7. Restart the server.

Results

SIP flow token security is enabled for the SIP container.