Nausf_UEAuthentication

The Authentication Server Function (AUSF) acts as NF Service Producer. It provides UE authentication service to the requester NF. The NF Service Consumer is the AMF.

For this service, the following service operations are defined

  • Authenticate

This service permits to authenticate the UE and to provide one or more master keys which are used by the AMF to derived subsequent keys.

Reference: 3GPP TS 33.501 v15.5.0

OpenAPI

OpenAPI Version: 3.0.0

info

Version: 1.0.0

Title: AUSF API

Description: OpenAPI specification for AUSF

externalDocs

Description: 3GPP TS 29.509 V15.2.0; 5G System; 3GPP TS Authentication Server services.

URL: http://www.3gpp.org/ftp/Specs/archive/29_series/29.509

security

- {}

- oAuth2ClientCredentials:

- nausf-auth

servers

URL: '{apiRoot}/nausf-auth/v1'

Variables:

API Root:

Default: https://example.com

Description: apiRoot as defined in subclause subclause 4.4 of 3GPP TS 29.501.

paths

/ue-authentications

Method: Post

Request Body:

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/AuthenticationInfo'

Required/Optional: true

Responses:

'201' UEAuthenticationCtx

Content:

application/3gppHal+json:

Schema:

Reference: '#/components/schemas/UEAuthenticationCtx'

Headers:

Location:

Description: 'Contains the URI of the newly created resource according to the structure: {apiRoot}/nausf-auth/v1/ue-authentications/{authCtxId}'

Required/Optional: true

Schema:

Type: string

'400' Bad Request from the AMF

Content:

application/problem+json:

Schema:

Reference: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'

'403' Fordidden due to serving network not authorized

Content:

application/problem+json:

Schema:

Reference: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'

'500' Internal Server Error

Content:

application/problem+json:

Schema:

Reference: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'

/ue-authentications/{authCtxId}/5g-aka-confirmation

put:

Parameters:

- name: authCtxId

In: path

Required/Optional: true

Schema:

Type: string

Request Body:

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/ConfirmationData'

Responses:

'200' Request processed (EAP success or Failure)

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/ConfirmationDataResponse'

'400' Bad Request

Content:

application/problem+json:

Schema:

Reference: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'

'500' Internal Server Error

Content:

application/problem+json:

Schema:

Reference: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'

/ue-authentications/{authCtxId}/eap-session

Method: Post

Operation ID: EapAuthMethod

Parameters:

- name: authCtxId

In: path

Required/Optional: true

Schema:

Type: string

Request Body:

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/EapSession'

Responses:

'200' Use to handle or close the EAP session

Content:

Application/JSON:

Schema:

Reference: '#/components/schemas/EapSession'

application/3gppHal+json:

Schema:

Type: object

Properties:

eapPayload:

Reference: '#/components/schemas/EapPayload'

_links:

Type: object

Description: 'URI : /{eapSessionUri}'

additionalProperties:

Reference: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'

minProperties: 1

Required/Optional:

- eapPayload

- _links

'400' Bad Request

Content:

application/problem+json:

Schema:

Reference: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'

'500' Internal Server Error

Content:

application/problem+json:

Schema:

Reference: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'

components

securitySchemes

oAuth2ClientCredentials

Type: oauth2

Flows:

clientCredentials:

tokenUrl: '{nrfApiRoot}/oauth2/token'

scopes:

nausf-auth: Access to Nausf_UEAuthentication API

schemas

AuthenticationInfo

Type: object

Properties:

supiOrSuci:

Reference: 'TS29503_Nudm_UEAU.yaml#/components/schemas/SupiOrSuci'

servingNetworkName:

Reference: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ServingNetworkName'

resynchronizationInfo:

Reference: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ResynchronizationInfo'

traceData:

Reference: 'TS29571_CommonData.yaml#/components/schemas/TraceData'

Required:

- supiOrSuci

- servingNetworkName

UEAuthenticationCtx

Type: object

Properties:

authType:

Reference: '#/components/schemas/AuthType'

5gAuthData:

oneOf:

- $ref: '#/components/schemas/Av5gAka'

- $ref: '#/components/schemas/EapPayload'

_links:

Type: object

additionalProperties:

Reference: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'

servingNetworkName:

Reference: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ServingNetworkName'

Required:

- authType

- 5gAuthData

- _links

Av5gAka

Type: object

Required:

- rand

- hxresStar

- autn

Properties:

rand:

Reference: 'TS29503_Nudm_UEAU.yaml#/components/schemas/Rand'

hxresStar:

Reference: '#/components/schemas/HxresStar'

autn:

Reference: 'TS29503_Nudm_UEAU.yaml#/components/schemas/Autn'

ConfirmationData

Type: object

Required:

- resStar

Properties:

resStar:

Reference: '#/components/schemas/ResStar'

ConfirmationDataResponse

Type: object

Properties:

authResult:

Reference: '#/components/schemas/AuthResult'

supi:

Reference: 'TS29571_CommonData.yaml#/components/schemas/Supi'

kseaf:

Reference: '#/components/schemas/Kseaf'

Required:

- authResult

EapSession

Type: object

Properties:

eapPayload:

Reference: '#/components/schemas/EapPayload'

kSeaf:

Reference: '#/components/schemas/Kseaf'

_links:

Type: object

additionalProperties:

Reference: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'

authResult:

Reference: '#/components/schemas/AuthResult'

supi:

Reference: 'TS29571_CommonData.yaml#/components/schemas/Supi'

Required:

- eapPayload

AuthResult

Type: string

enum:

- AUTHENTICATION_SUCCESS

- AUTHENTICATION_FAILURE

- AUTHENTICATION_ONGOING

EapPayload

Type: string

format: base64

Description: contains an EAP packet

Kseaf

Type: string

Pattern: '[A-Fa-f0-9]{64}'

ResStar

Type: string

Pattern: '[A-Fa-f0-9]{32}'

HxresStar

Type: string

Pattern: "[A-Fa-f0-9]{32}"

AuthType

anyOf:

- type: string

enum:

- 5G_AKA

- EAP_AKA_PRIME

- EAP_TLS

- type: string