HTTP/. 401 Unauthorized when using Digest Authentication

Hi,

After creating the cwmp.auth configuration in Admin > Config section I successfully added a CPE into GenieACS using the Digest authentication. However, I have a second type of CPE that Genie is not authorizing it. I verified that request “nonce” value and response “nonce” value are equals too:

The request message for the situation that works is shown below:

event: incoming HTTP request
timestamp: 2020-05-29T12:30:06.104Z
remoteAddress: 10.80.44.1
deviceId: FerdinandoDevice
connection: 2020-05-29T12:30:02.576Z
localPort: 7547
method: POST
url: /
headers:
  host: 10.80.43.171
  user-agent: WebClient/1.0
  accept: "*/*"
  authorization: Digest username="sip", realm="GenieACS",
    nonce="294667096334b0d5d8cde2444c5866f3", qop=auth, nc=0000000a,
    cnonce="28154a7c6cb0ec79f346bc83664e576b",
    response="e3bc158696b12ca9ef17153649af92df", uri="/"
  content-type: text/xml; charset=utf-8
  content-length: "10637"
  soapaction: ""
  cookie: session=5ddbebea87953286

And the CPE that is not working:

event: incoming HTTP request
timestamp: 2020-05-29T12:07:35.616Z
remoteAddress: 10.80.44.1
deviceId: FerdinandoDevice2
connection: 2020-05-29T12:07:35.412Z
localPort: 7547
method: POST
url: /
headers:
  host: 10.80.43.171:7547
  user-agent: BCM_TR69_CPE_04_00
  connection: keep-alive
  authorization: Digest username="sip", realm="GenieACS", algorithm="MD5", qop="auth",
    uri="/", nonce="d96e2f0bac4b17eac665e7aac1ec7d6e", cnonce="MDAwNTk2AA==",
    nc=00000001, response="64861a2e47104e840e06c8bc56182e7c"
  soapaction: ""
  content-type: text/xml
  content-length: "3035"

event: outgoing HTTP response
timestamp: 2020-05-29T17:09:03.947Z
remoteAddress: 10.80.44.1
deviceId: FerdinandoDevice2
connection: 2020-05-29T17:09:03.755Z
statusCode: 401
headers:
  content-length: 12
  connection: close
body: Unauthorized

Can you tell me why one works and the other one doesn’t (got Unauthorized message)?? Remembering that username and password in CPE are the same used in wcmp.auth variable config (AUTH(“user”, “pass”)).

Look what I found in RFC 7616:

"For historical reasons, a sender MUST only generate the quoted string syntax for the following parameters: username, realm, nonce, uri, response, cnonce, and opaque.
For historical reasons, a sender MUST NOT generate the quoted string syntax for the following parameters: algorithm, qop, and nc.

If a parameter or its value is improper, or required parameters are missing, the proper response is a 4xx error code. "

qop and MD5 is quoted in the second situation. Is the CPE sending the request in bad format? This detail is considered by Genie?

Regards,
Ferdinando Terada