19 Interworking with Credentials Hoder using AAA server

29.5613GPP5G SystemInterworking between 5G Network and external Data NetworksRelease 17Stage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

19.1 Credentials Holder using AAA server for primary authentication and authorization

The AUSF and the UDM in SNPN may support primary authentication and authorization of UEs using credentials from an AAA Server in a Credentials Holder (CH).

– Upon the UDM decides that the primary authentication is performed by AAA Server with credentials hoder and inform the AUSF that primary authentication by a AAA server in a CH is required, the AUSF shall discover and select the NSSAAF, and then forward EAP messages to the NSSAAF.

– The NSSAAF selects AAA Server based on the domain name corresponds to the realm part of the SUPI, relays EAP messages between AUSF and AAA Server (or AAA proxy) and performs related protocol conversion. The AAA server acts as the EAP Server for the purpose of primary authentication.

NOTE: The UDM in SNPN, based on SLA between Credentials Holder and SNPN, is pre-configured with information indicating whether the UE needs primary authentication from AAA server.

5G System architecture with access to SNPN using credentials from Credentials Holder using AAA Server and related functions are defined in clause 5.30.2.9 of 3GPP TS 23.501 [2].

19.2 Credentials Holder using AAA server for primary authentication procedure

The procedures described in this clause enables UEs to access an SNPN which makes use of a credential management system managed by a credential provider external to the SNPN.

In this scenario the authentication server role is taken by the AAA Server. The AUSF acts as EAP authenticator and interacts with the AAA Server to execute the primary authentication procedure.

Figure 19.2-1: Primary authentication with external domain

The detail procedures description is defined in clause I.2.2.2 of 3GPP TS 33.501 [59].