21 Interworking with AAA server in DCS for UE onboarding in SNPNs

29.5613GPP5G SystemInterworking between 5G Network and external Data NetworksRelease 17Stage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

21.0 General

A UE configured with Default UE credentials shall consist of the credentials for primary authentication and may optionally consist of the credentials for secondary authentication, may register with an ON-SNPN for the provisioning of SO-SNPN credentials, for the purpose of provisioning the UE with SNPN credentials for primary authentication and other information to enable access to a desired SNPN, i.e. (re-)select and (re-)register with SNPN.

The architectures for Onboarding of UEs in an ON-SNPN are defined in clause 5.30.2.10.2. of 3GPP TS 23.501 [2].

21.1 Primary authentication using AAA server in DCS

The AUSF in SNPN may support primary authentication and authorization of UEs using default UE credentials meant only for primary authentication from a Default Credentials Server (DCS) for Onboarding of UEs in an ON-SNPN. In case of primary authentication and authorization with an AAA server in DCS the procedures defined in clause 19.1 and clause 19.2 shall apply with the AAA server in DCS taking the role of the AAA server in a CH. When AAA server in DCS is used for primary authentication, the AUSF directly selects the NSSAAF as specified in 3GPP TS 23.501 [2]. In this case, the UDM is not involved in the procedure defined in Figure 19.2-1, and the step 3 to step 5 shall be skipped.

21.2 Secondary authentication using AAA server in DCS

The SMF in SNPN may support secondary authentication with a Default Credentials Server (DCS) using default UE credentials meant only for secondary authentication upon establishment of an Onboarding PDU Session when the UE has registered successfully with primary authentication without using DCS. In case of secondary authentication with AAA server in DCS the procedures defined in clause 11 and clause 12 shall apply with the AAA server in DCS taking the role of the DN-AAA server. When AAA server in DCS is used for secondary authentication, the SMF selects the AAA server based on its configuration or using the DN-specific identity provided by the UE inside the EAP message in the PDU Session Authentication Complete message as specified in 3GPP TS 33.501 [8].

Annex A (normative):
Rate control related to 5G Cellular Internet of Things (CIoT) optimisations