5.4 Nhss_imsUEAuthentication Service

29.5623GPP5G SystemHome Subscriber Server (HSS) servicesRelease 18Stage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.4.1 Service Description

See 3GPP TS 23.228 [6], clause AA.2.1.4.

5.4.2 Service Operations

5.4.2.1 Introduction

For the Nhss_ imsUEAuthentication service the following service operation is defined:

– Get

The Nhss_ imsUEAuthentication Service is used by the S-CSCF to request the SBI capable HSS to select an authentication method, calculate a fresh authentication vector (AV) if required for the selected method, and provide it to the S-CSCF by means of the Get service operation.

5.4.2.2 Get

5.4.2.2.1 General

The following procedures using the Get service operation are supported:

– Authentication Information Retrieval

5.4.2.2.2 Authentication Information Retrieval

Figure 5.4.2.2.2-1 shows a scenario where the NF service consumer (S-CSCF) retrieves authentication information for the UE from the HSS. The request contains the UE’s identity (IMS Private Identity) and the SIP authentication scheme and may contain resynchronization info.

Figure 5.4.2.2.2-1: NF service consumer requesting authentication information

1. The NF service consumer sends a POST request (custom method: generate-sip-auth-data) to the resource representing the UE’s security information. The payload shall contain the S-CSCF name, SIP authentication scheme and the resynchronization info.

2a. The HSS responds with "200 OK" with the message body containing the authentication data information.

2b. If the operation cannot be authorized due to e.g UE does not have required subcription data, HTTP status code "403 Forbidden" should be returned including additional error information in the response body (in "ProblemDetails" element).

On failure, the appropriate HTTP status code indicating the error shall be returned and appropriate additional error information should be returned in the POST response body.

In the case of redirection, the HSS shall return 3xx status code, which shall contain a Location header with an URI pointing to the endpoint of another HSS (service) instance.