At this point, the Oracle Communications Core Session Manager has received an MD5 hash from the HSS and an MD5 hash from the UA. The Oracle Communications Core Session Manager compares the two values and if they are identical, the endpoint is successfully authenticated. Failure to match the two hash values results in a 403 or 503 sent to the authenticating endpoint.

The following image shows the User Authorization and Authentication process: