Script for Stir/Shaken with Neustar
Page 1 of 1
Script for Stir/Shaken with Neustar
by NicoleTan Mon Dec 18, 2023 11:32 pm
This script is to handle the below AS Authentication and VS verification call flow with Nuestar
Nuestar AS Authentication signing call flow:
a. ProSBC receives call from customers with NO token
b. ProSBC sends Invite to Neustar Authentication service (AS) to get the token
c. Neustar responds 302 with token:
e.g.
Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jci11YXQuY2NpZC5uZXVzdGFyLmJpei9jY2lkL2F1dGhuL3YyL2NlcnRzLzExNDUwLjEwMTQwIn0.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI2MzE3OTE4Mzc4Il19
d. ProSBC forwards the call to outbound Vendor with the token
2- Nuestar VS verification call flow:
a. ProSBC receives call from Vendor with token
b. ProSBC sends Invite to Neustar Verification service (VS) to validate the token
c. If the token is good, Neustar responds 302 with verstat in PAI
e.g. P-Asserted-Identity: "1235724705"sip:1235724705;verstat=TN-Validation-Passed@xxx.xxx.xxx.xxx
d. ProSBC forwards the call to the customers with the verstat header . Same DID could be sent to multiple customers
e. If the token is NOT good, Neustar responds 4xx (could be remapped to any reason code) with detail reason:
e..g in a 403 (438 with remapped reason code: 403) response:
Reason: SIP;cause=438;text="IdentityClaimOrigMismatch - 'orig' value specified in PASSporT claim does not match SIP From/P-Asserted-Identity header values. orig_cc is empty"
f. Upon the 4xx response, ProSBC determines to drop the call or continue the call
In order to use this module, follow the steps below:
1- Add the "require 'Nuestar' unless defined?(NuestarQuery)" statement at the top of the main script.
2- Add the "include NuestarQuery" statement in the main routing class.
3- Add the filter " after_filter :method => :nuestar_query" in the main routing class.
4a- Create Link to Nuestar
4a1- Create a TCP transport server
SIP -> Create New Transport Server
Name: SIP_TS_Nuestar
Port Type: UDP
Port: 5060
IP Interface: [Select IP interface that can have access to the internet]
4a2- Create Nuestar AS or VS NAP
NAPs -> Create New NAP
Name: NAP_Nuestar_AS or NAP_Nuestar_VS
SIP Transport Servers: SIP_TS_Nuestar
Proxy address: FQDN of the Nuestar_AS or Nuestar_VS (provided by Nuestar )
Port range: [Select port range of IP interface above)
--> Other settings are unchanged
5- In Profiles -> default -> Edit Reason Cause Mapping
503 Service unavailable -> Route retry action: Continue call
603 Decline -> Route retry action: Stop call
302 Moved Temporarily -> Route retry action: Process call routing
6- Add NAP information to identify the type of destination
In NAP Columns -> Create New NAP Column
Name: service_type
Type Attributes: NORMAL|AUTHENTICATION|VERIFICATION
Default: NORMAL
Save
7 - In NAP menu -> select NAP_Nuestar_AS
Service_type: AUTHENTICATION
- In NAP menu -> select NAP_Nuestar_VS
Service_type: VERIFICATION
Nuestar AS Authentication signing call flow:
a. ProSBC receives call from customers with NO token
b. ProSBC sends Invite to Neustar Authentication service (AS) to get the token
c. Neustar responds 302 with token:
e.g.
Identity: eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9jci11YXQuY2NpZC5uZXVzdGFyLmJpei9jY2lkL2F1dGhuL3YyL2NlcnRzLzExNDUwLjEwMTQwIn0.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyI2MzE3OTE4Mzc4Il19
d. ProSBC forwards the call to outbound Vendor with the token
2- Nuestar VS verification call flow:
a. ProSBC receives call from Vendor with token
b. ProSBC sends Invite to Neustar Verification service (VS) to validate the token
c. If the token is good, Neustar responds 302 with verstat in PAI
e.g. P-Asserted-Identity: "1235724705"sip:1235724705;verstat=TN-Validation-Passed@xxx.xxx.xxx.xxx
d. ProSBC forwards the call to the customers with the verstat header . Same DID could be sent to multiple customers
e. If the token is NOT good, Neustar responds 4xx (could be remapped to any reason code) with detail reason:
e..g in a 403 (438 with remapped reason code: 403) response:
Reason: SIP;cause=438;text="IdentityClaimOrigMismatch - 'orig' value specified in PASSporT claim does not match SIP From/P-Asserted-Identity header values. orig_cc is empty"
f. Upon the 4xx response, ProSBC determines to drop the call or continue the call
In order to use this module, follow the steps below:
1- Add the "require 'Nuestar' unless defined?(NuestarQuery)" statement at the top of the main script.
2- Add the "include NuestarQuery" statement in the main routing class.
3- Add the filter " after_filter :method => :nuestar_query" in the main routing class.
4a- Create Link to Nuestar
4a1- Create a TCP transport server
SIP -> Create New Transport Server
Name: SIP_TS_Nuestar
Port Type: UDP
Port: 5060
IP Interface: [Select IP interface that can have access to the internet]
4a2- Create Nuestar AS or VS NAP
NAPs -> Create New NAP
Name: NAP_Nuestar_AS or NAP_Nuestar_VS
SIP Transport Servers: SIP_TS_Nuestar
Proxy address: FQDN of the Nuestar_AS or Nuestar_VS (provided by Nuestar )
Port range: [Select port range of IP interface above)
--> Other settings are unchanged
5- In Profiles -> default -> Edit Reason Cause Mapping
503 Service unavailable -> Route retry action: Continue call
603 Decline -> Route retry action: Stop call
302 Moved Temporarily -> Route retry action: Process call routing
6- Add NAP information to identify the type of destination
In NAP Columns -> Create New NAP Column
Name: service_type
Type Attributes: NORMAL|AUTHENTICATION|VERIFICATION
Default: NORMAL
Save
7 - In NAP menu -> select NAP_Nuestar_AS
Service_type: AUTHENTICATION
- In NAP menu -> select NAP_Nuestar_VS
Service_type: VERIFICATION
Last edited by NicoleTan on Tue Dec 19, 2023 12:49 pm; edited 1 time in total
NicoleTan- Number of Messages : 18
Point : 38
Registration Date : 2017-11-27
Stir-Shaken-Call-Flow-Attestation-Signing with Neustar
by NicoleTan Mon Dec 18, 2023 11:42 pm
An example of the use case:
NicoleTan- Number of Messages : 18
Point : 38
Registration Date : 2017-11-27
Similar topics» STIR-SHAKEN Top 10 FAQ
» How to Implement STIR-SHAKEN
» Top 10 SBC Use Cases #7, STIR/SHAKEN
» ProSBC Install and STIR/SHAKEN
» Battling Robocaller Fraud with STIR/SHAKEN
» How to Implement STIR-SHAKEN
» Top 10 SBC Use Cases #7, STIR/SHAKEN
» ProSBC Install and STIR/SHAKEN
» Battling Robocaller Fraud with STIR/SHAKEN
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum