Requirement Name:
Routes the S-NSSAI to the right place
Requirement Reference:
Requirement Description:
"If the AAA-P is present (e.g. because the AAA-S belongs to a third party and the operator deploys a proxy towards third parties), the NSSAAF forwards the EAP ID Response message to the AAA-P, otherwise the NSSAAF forwards the message directly to the AAA-S. NSSAAF routes to the AAA-S based on the S-NSSAI." as specified in
clause 6.13 of TS 33.501.
Threat Reference:
TBD
Test Name:
TC_NSSAAF_CORRECT_ROUTING
Purpose:
Verify that the NSSAAF forwards the NSSAA request to the right receiving end.
Pre-Conditions:
-
Test environment with AMF, AAA-S and AAA-P, which may be simulated. The NSAAF under test is connected with AMF, AAA-S and AAA-P.
-
A document describes the logic how the NSSAAF selects an AAA-S or AAA-P based on S-NSSAI.
-
Preconfigure the NSSAAF under test with two routing entries, each for a NSSAI. One of the slice is a part of MNO and the AAA-S can be directly found by the NSSAAF, while the other slice serves 3rd party and the AAA-P will be used for NSSAA procedure.
Execution Steps
-
The AMF sends Nssaaf_NSSAA_Authenticate Req to the NSSAAF including one of the S-NSSAI.
-
The NSSAAF sends AAA message to an AAA-P.
-
Repeat step 1 and 2 with the other S-NSSAI, and the NSSAAF sends AAA message to an AAA-S.
Expected Results:
The NSSAAF forwards the NSSAA request to the correct AAA-S or AAA-P on the S-NSSAI.
Expected format of evidence:
Save the logs and the communication flow in a .pcap file.
Requirement Name:
AAA-S authorization in re-authentication and revocation scenarios
Requirement Reference:
Requirement Description:
"The NSSAAF checks whether the AAA-S is authorized to request the re-authentication and re-authorization by checking the local configuration of AAA-S address per S-NSSAI. If success, TtThe NSSAAF requests UDM for the AMF serving the UE using the
Nudm_UECM_Get (GPSI, AMF Registration) service operation. The UDM provides the NSSAAF with the AMF ID of the AMF serving the UE." as specified in
clause 6.13 of TS 33.501.
Threat Reference:
TBD
Test Name:
TC_NSSAAF_AAAS_AUTHORIZATION_REAUTH_REVOCATION
Purpose:
Verify that the AAA-S is authorized to send the re-authentication or revocation.
Pre-Conditions:
-
Test environment with AAA-S and AAA-P, which may be simulated. The NSAAF under test is connected with AAA-S and AAA-P.
-
A document describes the mapping between S-NSSAI and AAA-S server.
Execution Steps
-
The AAA-S sends Re-authentication or revocation message to the NSSAAF including the S-NSSAI and the GPSI.
-
The NSSAAF checks whether the AAA-S can be matched against with the S-NSSAI based on the mapping table.
Expected Results:
The NSSAAF rejects the re-authentication or revocation or pass the re-authentication or revocation.
Expected format of evidence:
Save the logs and the communication flow in a .pcap file.
There are no NSSAAF additions to
clause 4.2.4 of TS 33.117.
There are no NSSAAF additions to
clause 4.2.5 of TS 33.117.