5.6 Nhss_gbaUEAuthentication Service

29.5623GPP5G SystemHome Subscriber Server (HSS) servicesRelease 18Stage 3TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

5.6.1 Service Description

See 3GPP TS 33.220 [6], clause X.2.1.3.

5.6.2 Service Operations

5.6.2.1 Introduction

For the Nhss_gbaUEAuthentication service the following service operations are defined:

– Get

The Nhss_gbaUEAuthentication Service is used by Consumer NFs (GBA BSF) to:

– request the authentication data of the UE

5.6.2.2 Get

5.6.2.2.1 General

The following procedures using the Get service operation are supported:

– Request UE authentication data

5.6.2.2.2 Request UE authentication data

Figure 5.6.2.2.2-1 shows a scenario where the GBA BSF sends a request to the HSS to retrieve UE authentication data (authentication vectors) for GBA. The request contains the UE’s identity (/{ueId}) which shall be one of IMSI, MSISDN, IMPI, IMPU.

Figure 5.6.2.2.2-1: Request UE authentication data

1. The GBA BSF sends a POST request (custom method: generate-auth-data) to the HSS.

2a. Upon success, the HSS responds with "200 OK" with the AuthenticationInfoResult data structure (containing authentication vectors) in the response body, and HSS supported features.

2b. If the operation is not authorized due to, e.g. received UE identity not being allowed for GBA services, or the requesting node not being authorized to fetch the requested data, HTTP status code "403 Forbidden" shall be returned including additional error information in the response body (in "ProblemDetails" data structure).

2c. If the UE identity is not found in HSS, HTTP status code "404 Not Found" shall be returned including additional error information in the response body (in "ProblemDetails" data structure).

In the case of redirection, the HSS shall return 3xx status code, which shall contain a Location header with an URI pointing to the endpoint of another HSS (service) instance.