|
The CUCM standard authentication replies are not understood by the 69xx phones for CUCM releases after 11.5.
Reason
The Apache web server that returns the additional X- options in HTTP header(in red in below Authentication answer from CUCM) seem to break the parsing of the CUCM standard authentication replies on 69xx phones.
HTTP/1.1 200
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Security-Policy: default-src *; script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline'; img-src * data: 'unsafe-inline';
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: JSESSIONID=F9F75B2C4B8A08663CA0F4BFF40D8239; Path=/ccmcip; Secure; HttpOnly
Content-Type: text/html
Content-Length: 10
Date: Fri, 27 May 2022 12:10:59 GMT
Connection: close
Server:
AUTHORIZED
Simplest Workaround
1.Upload to a web server (accessible from phone) a simple text file with text "AUTHORIZED" and change the phone's Authentication URL in device settings to access this URL.
2.To verify, access this text file from any web browser with this Authentication URL and the text "AUTHORIZED" (without quotes) should appear.
Workaround with Security
Please note that the text workaround is not very safe as anyone can access the phone's web screen. To improve, you could create a web script that checks the pre-authentication HTTP header for the supplied username and password that appears in the Application User settings on the Server tab of UPLINX Phone Control Tool.
Sample ASPX Script
Below is a sample script to host on an IIS web server:
<%@ Page Language="vb" AutoEventWireup="false" %>
<%
' Constants for username and password
Const AUTH_USERNAME As String = "pct_app_user"
Const AUTH_PASSWORD As String = "cisco,123"
' Function to decode base64-encoded authorization header
Function DecodeBase64(encoded As String) As String
Dim bytes = Convert.FromBase64String(encoded)
Return Encoding.UTF8.GetString(bytes)
End Function
' Check the Authorization header
Dim authHeader As String = Request.Headers("Authorization")
If Not String.IsNullOrEmpty(authHeader) AndAlso authHeader.StartsWith("Basic ") Then
' Extract and decode the credentials from the Authorization header
Dim encodedCredentials As String = authHeader.Substring(6)
Dim decodedCredentials As String = DecodeBase64(encodedCredentials)
' Split the decoded credentials into username and password
Dim credentials As String() = decodedCredentials.Split(":"c)
If credentials.Length = 2 Then
Dim username As String = credentials(0)
Dim password As String = credentials(1)
' Check if the credentials match the constants
If username = AUTH_USERNAME AndAlso password = AUTH_PASSWORD Then
Response.ContentType = "text/html"
Response.Write("AUTHORIZED")
Response.End()
End If
End If
End If
' If authentication fails, respond with "UN-AUTHORIZED"
Response.ContentType = "text/html"
Response.Write("UN-AUTHORIZED")
Response.End()
%>
Here are the steps to install above script on an IIS web server:
1.Install IIS through Control Panel > Programs > Turn Windows features on or off > Check Internet Information Services.
2.Create and save Auth6900.aspx file with the above script to the default IIS directory (ie C:\inetpub\wwwroot)
3.To test, open a web browser and navigate to http://<ip>/Auth6900.aspx.
4.Set the 'Authentication Server' in the CUCM phone config page to http://<ip>/Auth6900.aspx. The Secure Authentication URL should be empty or set the same URL. This depends on the phone model, try first with empty Secure Authentication.
|
