Home NSSAAF

4.2.1 Routes the S-NSSAI to the right place

 Home NSSAAF17.0.0
 33326-h00 33326-i00  
Test Name TC_NSSAAF_CORRECT_ROUTING
Threat Reference

TBD
Requirement Name

Routes the S-NSSAI to the right place
Requirement Reference

TS 33.501 [2], clause 6.8.1.2.3
Requirement Description

"If the AAA-P is present (e.g. because the AAA-S belongs to a third party and the operator deploys a proxy towards third parties), the NSSAAF forwards the EAP ID Response message to the AAA-P, otherwise the NSSAAF forwards the message directly to the AAA-S. NSSAAF routes to the AAA-S based on the S-NSSAI." as specified in TS 33.501 [2], clause 6.13.
Test Purpose

Verify that the NSSAAF forwards the NSSAA request to the right receiving end.
Pre-Conditions

  • Test environment with AMF, AAA-S and AAA-P, which may be simulated. The NSAAF under test is connected with AMF, AAA-S and AAA-P.

  • A document describes the logic how the NSSAAF selects an AAA-S or AAA-P based on S-NSSAI.

  • Preconfigure the NSSAAF under test with two routing entries, each for a NSSAI. One of the slice is a part of MNO and the AAA-S can be directly found by the NSSAAF, while the other slice serves 3^rd^ party and the AAA-P will be used for NSSAA procedure.
Execution Steps

  1. The AMF sends Nssaaf_NSSAA_Authenticate Req to the NSSAAF including one of the S-NSSAI.

  2. The NSSAAF sends AAA message to an AAA-P.

  3. Repeat step 1 and 2 with the other S-NSSAI, and the NSSAAF sends AAA message to an AAA-S.
Expected Results

The NSSAAF forwards the NSSAA request to the correct AAA-S or AAA-P on the S-NSSAI.
Expected Format of Evidence

Save the logs and the communication flow in a .pcap file.
PDFs 98aa6f14954e189e68deef6217afc3f7

4.2.2 AAA-S authorization in re-authentication and revocation scenarios

 Home NSSAAF17.0.0
 33326-h00 33326-i00  
Test Name TC_NSSAAF_AAAS_AUTHORIZATION_REAUTH_REVOCATION
Threat Reference

TBD
Requirement Name

AAA-S authorization in re-authentication and revocation scenarios
Requirement Reference

TS 33.501 [2], clause 16.4
Requirement Description

" The NSSAAF checks whether the AAA-S is authorized to request the re-authentication and re-authorization by checking the local configuration of AAA-S address per S-NSSAI. If success, TtThe NSSAAF requests UDM for the AMF serving the UE using the Nudm_UECM_Get (GPSI, AMF Registration) service operation. The UDM provides the NSSAAF with the AMF ID of the AMF serving the UE. " as specified in TS 33.501 [2], clause 6.13.
Test Purpose

Verify that the AAA-S is authorized to send the re-authentication or revocation.
Pre-Conditions

  • Test environment with AAA-S and AAA-P, which may be simulated. The NSAAF under test is connected with AAA-S and AAA-P.

  • A document describes the mapping between S-NSSAI and AAA-S server.
Execution Steps

  1. The AAA-S sends Re-authentication or revocation message to the NSSAAF including the S-NSSAI and the GPSI.

  2. The NSSAAF checks whether the AAA-S can be matched against with the S-NSSAI based on the mapping table.
Expected Results

The NSSAAF rejects the re-authentication or revocation or pass the re-authentication or revocation.
Expected Format of Evidence

Save the logs and the communication flow in a .pcap file.
PDFs a3cc35d513b2abd8fb2196a47f626803