1. Configuration Guide
  2. STIR/SHAKEN Client
  3. HTTP Client Operating Modes
  4. Number Authentication Mechanism Standards Compliance Features
  5. Enhanced STI-VS Failure Reason Headers

Enhanced STI-VS Failure Reason Headers

When you enable the man-compliance option in the sti-config, the SBC provides enhanced STI-VS failure information to SIP Reason headers added to applicable egress INVITE messages.

From the top level perspective, when the SBC receives a 4xx/5xx answer from an STI-VS request, it populates the SIP Reason Header with:

  • HTTP response code
  • JSON reason phrase/text as described in ATIS 1000082 (8.2.4.6 HTTP Response Codes) and in 3GPP TS 124 229 (V.2.4.3.2 Service errors

The SBC behaves differently when there is a single or multiple reason values presented. This section proceeds with descriptions of behaviors following single reason values first, and then multiple values. Examples of each are included.

When there is a single reason value in the HTTP response in either ATIS or 3GPP mode, the SBC populates the SIP Reason Header as follows:

  • cause:
    • reasonCode (included in JSON body)
    • OR HTTP response code if reasonCode is not available in JSON body
  • text::
    • reasonText (included in JSON body)
    • OR error (included in JSON body) if reasonText is not available in JSON body
    • OR HTTP reason phrase if reasonText nor error is available in JSON body

Single Reason Value - Example 1

In this case, the reasonCode and reasonText are included in the JSON Body. The HTTP response may appear as follows.

HTTP/1.1 430 Bad Request
X-RequestID: AA97B177-9383-4934-8543-0F91A7A02836 
Content-Type: application/json 
Content-Length: …
{
"verificationResponse": {
"verifyResults": [
 {
"verifyResult": {
"status": "fail",
"ppt": "shaken",
"reasonCode": 438,
"reasonText": "Bad Identity Info",
 "passport": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsIn....."
 }
 }
 ],
 "verstatValue": "TN-Validation-Failed"
 }
}

In this case, the Expected Reason header is as follows.

Reason: SIP ; cause=438 ;text="Bad Identity Info"

Single Reason Value - Example 2

In this case, the reasonCode and reasonText are not included in the JSON Body, but error text is included in the JSON Body. The HTTP response may appear as follows.

HTTP/1.1 430 Bad Request
X-RequestID: AA97B177-9383-4934-8543-0F91A7A02836 
Content-Type: application/json 
Content-Length: …
{
 "verificationResponse": {
 "verifyResults": [
 {
 "verifyResult": {
 "status": "fail",
 "ppt": "shaken",
"reasonText": "Bad Identity Info",
 "passport": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsIn....."
 }
 }
 ],
 "verstatValue": "TN-Validation-Failed"
 }
}
}

In this case, the Expected Reason header is as follows.

Reason: SIP ;cause=430 ;text=" Bad Identity Info"

Single Reason Value - Example 3

In this cased, the reasonCode is included in the JSON Body, but no reasonText or error text is included. The HTTP response may appear as follows.

HTTP/1.1 430 Bad Request
X-RequestID: AA97B177-9383-4934-8543-0F91A7A02836 
Content-Type: application/json
Content-Length: …
{
 "verificationResponse": {
 "verifyResults": [
 {
 "verifyResult": {
"status": "fail",
 "ppt": "shaken",
"reasonCode": 438,
 "passport": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsIn....."
 }
 }
 ],
 "verstatValue": "TN-Validation-Failed"
 }
 }
 }

In this case, the Expected Reason header is as follows.

Reason: SIP ;cause=438 ;text=" Bad Request"

Single Reason Value - Example 4

In this case, the Response is a 200OK, and neither reasonCode nor reasonText or error text included in JSON Body. The HTTP response may appear as follows.

HTTP/1.1 200 OK 
X-RequestID: AA97B177-9383-4934-8543-0F91A7A02836
Content-Type: application/json
Content-Length: … 
{ 
 "verificationResponse": { 
 “verstat”: “TN-Validation-Passed” 
 } 
}

In this case, the Expected Reason header is None. The Reason header is not populated in this scenario.

Multiple Reason Values in Response

In the case of 3GPP, if the response from STI server includes multiple reason values, the SBC includes two reason values in the SIP Reason header:

  • cause and text specific to shaken PASSporT verification
  • cause and text specific to first div PASSporT verification

It is assumed that the STI-VS always returns a SHAKEN PASSporT verification on top of the JSON body, followed by any DIV PASSporT verification(s). For example, consider the scenario wherein there are multiple reasonCode and reasonText objects included in the JSON Body. In this case, the HTTP Response may appear as follows.

{"verificationResponse":
{"verifyResults": [
 {"verifyResult": {"status": "fail", "ppt": "shaken", "reasonCode": 438, "reasonText": "Identity signature payload does not match the re-constructed one", "passport": "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsIn....."}},
{"verifyResult": {"status": "fail", "ppt": "div", "reasonCode": 438, "reasonText": "Identity signature payload does not match the re-constructed one", "passport": "eyJhbGciOiJFUzI1NiIsInBwdCI6uPuDqJ8ua..........."}}
 ],
"verstatValue": "TN-Validation-Failed"
 }
 }

In this case, the Expected Reason header is as follows.

Reason: SIP ; cause=438 ;text="Identity signature payload does not match the re-constructed one"; cause=438 ;text=" Identity signature payload does not match the re-constructed one"

Note:

It is assumed that the STI-VS always returns the SHAKEN PASSporT verification on top of the JSON body, followed by any DIV PASSporT verification(s).

Invalid Responses

Oracle considers a verification response as an invalid STI response based on below given points.

  • 200 OK case
    • From an ATIS perspective, meaningless answer:
      • no JSON body
      • JSON body but no verificationResponse
      • JSON body and verificationResponse but no verstat
    • From a 3GPP perspective, meaningless answer:
      • no JSON body
      • JSON body but no verificationResponse
      • if SHAKEN verification: JSON body and verificationResponse but no verstatValue
      • if DIV verification:
      • JSON body and verificationResponse but no divResult
      • JSON body and verificationResponse and divResult but no verstatValue
  • 4xx/5xx case—Within 4xx/5xx responses from the STI-VS, there is no "invalid sti response" possible. The SBC, therefore, populates the SIP Reason Header as follows:
    • cause:
      • reasonCode if included in JSON body
      • HTTP response status-code if reasonCode is not available in JSON body
    • text:
      • reasonText if included in JSON body
      • OR error included in JSON body if reasonText is not available in JSON body
      • OR HTTP reason phrase if reasonText nor error is available in JSON body