Requirement Name:
Routes the S-NSSAI to the right place
Requirement Reference:
Requirement Description:
"If the AAA-P is present (e.g. because the AAA-S belongs to a third party and the operator deploys a proxy towards third parties), the NSSAAF forwards the EAP ID Response message to the AAA-P, otherwise the NSSAAF forwards the message directly to the AAA-S. NSSAAF routes to the AAA-S based on the S-NSSAI." as specified in
TS 33.501, clause 6.13.
Threat Reference:
TBD
Test Name:
TC_NSSAAF_CORRECT_ROUTING
Purpose:
Verify that the NSSAAF forwards the NSSAA request to the right receiving end.
Pre-Conditions:
-
Test environment with AMF, AAA-S and AAA-P, which may be simulated. The NSAAF under test is connected with AMF, AAA-S and AAA-P.
-
A document describes the logic how the NSSAAF selects an AAA-S or AAA-P based on S-NSSAI.
-
Preconfigure the NSSAAF under test with two routing entries, each for a NSSAI. One of the slice is a part of MNO and the AAA-S can be directly found by the NSSAAF, while the other slice serves 3rd party and the AAA-P will be used for NSSAA procedure.
Execution Steps
-
The AMF sends Nssaaf_NSSAA_Authenticate Req to the NSSAAF including one of the S-NSSAI.
-
The NSSAAF sends AAA message to an AAA-P.
-
Repeat step 1 and 2 with the other S-NSSAI, and the NSSAAF sends AAA message to an AAA-S.
Expected Results:
The NSSAAF forwards the NSSAA request to the correct AAA-S or AAA-P on the S-NSSAI.
Expected format of evidence:
Save the logs and the communication flow in a .pcap file.
Requirement Name:
AAA-S authorization in re-authentication and revocation scenarios
Requirement Reference:
Requirement Description:
"The NSSAAF checks whether the AAA-S is authorized to request the re-authentication and re-authorization by checking the local configuration of AAA-S address per S-NSSAI. If success, TtThe NSSAAF requests UDM for the AMF serving the UE using the
Nudm_UECM_Get (GPSI, AMF Registration) service operation. The UDM provides the NSSAAF with the AMF ID of the AMF serving the UE." as specified in
TS 33.501, clause 6.13.
Threat Reference:
TBD
Test Name:
TC_NSSAAF_AAAS_AUTHORIZATION_REAUTH_REVOCATION
Purpose:
Verify that the AAA-S is authorized to send the re-authentication or revocation.
Pre-Conditions:
-
Test environment with AAA-S and AAA-P, which may be simulated. The NSAAF under test is connected with AAA-S and AAA-P.
-
A document describes the mapping between S-NSSAI and AAA-S server.
Execution Steps
-
The AAA-S sends Re-authentication or revocation message to the NSSAAF including the S-NSSAI and the GPSI.
-
The NSSAAF checks whether the AAA-S can be matched against with the S-NSSAI based on the mapping table.
Expected Results:
The NSSAAF rejects the re-authentication or revocation or pass the re-authentication or revocation.
Expected format of evidence:
Save the logs and the communication flow in a .pcap file.
There are no NSSAAF additions to
clause 4.2.4 of TS 33.117.
There are no NSSAAF additions to
clause 4.2.5 of TS 33.117.