forked from acouzens/open5gs
609 lines
21 KiB
YAML
609 lines
21 KiB
YAML
openapi: 3.0.0
|
|
info:
|
|
version: 1.1.2
|
|
title: AUSF API
|
|
description: |
|
|
AUSF UE Authentication Service.
|
|
© 2021, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC).
|
|
All rights reserved.
|
|
|
|
externalDocs:
|
|
description: 3GPP TS 29.509 V16.7.0; 5G System; 3GPP TS Authentication Server services.
|
|
url: 'http://www.3gpp.org/ftp/Specs/archive/29_series/29.509'
|
|
|
|
servers:
|
|
- url: '{apiRoot}/nausf-auth/v1'
|
|
variables:
|
|
apiRoot:
|
|
default: https://example.com
|
|
description: apiRoot as defined in clause clause 4.4 of 3GPP TS 29.501.
|
|
security:
|
|
- {}
|
|
- oAuth2ClientCredentials:
|
|
- nausf-auth
|
|
paths:
|
|
/ue-authentications:
|
|
post:
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/AuthenticationInfo'
|
|
required: true
|
|
responses:
|
|
'201':
|
|
description: UEAuthenticationCtx
|
|
content:
|
|
application/3gppHal+json:
|
|
schema:
|
|
$ref: '#/components/schemas/UEAuthenticationCtx'
|
|
headers:
|
|
Location:
|
|
description: 'Contains the URI of the newly created resource according to the structure: {apiRoot}/nausf-auth/v1/ue-authentications/{authCtxId}'
|
|
required: true
|
|
schema:
|
|
type: string
|
|
'307':
|
|
description: temporary redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'308':
|
|
description: permanent redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'400':
|
|
description: Bad Request from the AMF
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'403':
|
|
description: Forbidden due to serving network not authorized
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'404':
|
|
description: User does not exist in the HPLMN
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'500':
|
|
description: Internal Server Error
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'501':
|
|
description: Received protection scheme is not supported by HPLMN
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
/ue-authentications/deregister:
|
|
post:
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/DeregistrationInfo'
|
|
required: true
|
|
responses:
|
|
'204':
|
|
description: Expected response to a successful removal of security context
|
|
'307':
|
|
description: temporary redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'308':
|
|
description: permanent redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'404':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/404'
|
|
|
|
/ue-authentications/{authCtxId}/5g-aka-confirmation:
|
|
put:
|
|
parameters:
|
|
- name: authCtxId
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: string
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ConfirmationData'
|
|
responses:
|
|
'200':
|
|
description: Request processed (EAP success or Failure)
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/ConfirmationDataResponse'
|
|
'307':
|
|
description: temporary redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'308':
|
|
description: permanent redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'400':
|
|
description: Bad Request
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'500':
|
|
description: Internal Server Error
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
delete:
|
|
summary: Deletes the authentication result in the UDM
|
|
operationId: Delete5gAkaAuthenticationResult
|
|
tags:
|
|
- Authentication Result Deletion
|
|
parameters:
|
|
- name: authCtxId
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
'204':
|
|
description: Expected response to a successful authentication result removal
|
|
'307':
|
|
description: temporary redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'308':
|
|
description: permanent redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'400':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/400'
|
|
'404':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/404'
|
|
'500':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/500'
|
|
'503':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/503'
|
|
default:
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/default'
|
|
/ue-authentications/{authCtxId}/eap-session:
|
|
post:
|
|
operationId: EapAuthMethod
|
|
parameters:
|
|
- name: authCtxId
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: string
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/EapSession'
|
|
responses:
|
|
'200':
|
|
description: Use to handle or close the EAP session
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/EapSession'
|
|
|
|
application/3gppHal+json:
|
|
schema:
|
|
type: object
|
|
properties:
|
|
eapPayload:
|
|
$ref: '#/components/schemas/EapPayload'
|
|
_links:
|
|
type: object
|
|
description: 'URI : /{eapSessionUri}'
|
|
additionalProperties:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'
|
|
minProperties: 1
|
|
required:
|
|
- eapPayload
|
|
- _links
|
|
'307':
|
|
description: temporary redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'308':
|
|
description: permanent redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'400':
|
|
description: Bad Request
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'500':
|
|
description: Internal Server Error
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
delete:
|
|
summary: Deletes the authentication result in the UDM
|
|
operationId: DeleteEapAuthenticationResult
|
|
tags:
|
|
- Authentication Result Deletion
|
|
parameters:
|
|
- name: authCtxId
|
|
in: path
|
|
required: true
|
|
schema:
|
|
type: string
|
|
responses:
|
|
'204':
|
|
description: Expected response to a successful authentication result removal
|
|
'307':
|
|
description: temporary redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'308':
|
|
description: permanent redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'400':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/400'
|
|
'404':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/404'
|
|
'500':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/500'
|
|
'503':
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/503'
|
|
default:
|
|
$ref: 'TS29571_CommonData.yaml#/components/responses/default'
|
|
/rg-authentications:
|
|
post:
|
|
requestBody:
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/RgAuthenticationInfo'
|
|
required: true
|
|
responses:
|
|
'201':
|
|
description: RgAuthCtx
|
|
content:
|
|
application/json:
|
|
schema:
|
|
$ref: '#/components/schemas/RgAuthCtx'
|
|
headers:
|
|
Location:
|
|
description: 'Contains the URI of the newly created resource according to the structure: {apiRoot}/nausf-auth/v1/rg-authentications/{authCtxId}'
|
|
required: true
|
|
schema:
|
|
type: string
|
|
'307':
|
|
description: temporary redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'308':
|
|
description: permanent redirect
|
|
headers:
|
|
Location:
|
|
description: 'An alternative URI of the resource located on an alternative service instance within the same AUSF or AUSF (service) set '
|
|
required: true
|
|
schema:
|
|
type: string
|
|
3gpp-Sbi-Target-Nf-Id:
|
|
description: 'Identifier of target AUSF (service) instance towards which the request is redirected'
|
|
schema:
|
|
type: string
|
|
'403':
|
|
description: The UE is not allowed to be authenticated
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'400':
|
|
description: Bad Request from the AMF
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
'404':
|
|
description: User does not exist in the HPLMN
|
|
content:
|
|
application/problem+json:
|
|
schema:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/ProblemDetails'
|
|
|
|
components:
|
|
securitySchemes:
|
|
oAuth2ClientCredentials:
|
|
type: oauth2
|
|
flows:
|
|
clientCredentials:
|
|
tokenUrl: '{nrfApiRoot}/oauth2/token'
|
|
scopes:
|
|
nausf-auth: Access to Nausf_UEAuthentication API
|
|
schemas:
|
|
AuthenticationInfo:
|
|
type: object
|
|
properties:
|
|
supiOrSuci:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/SupiOrSuci'
|
|
servingNetworkName:
|
|
$ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ServingNetworkName'
|
|
resynchronizationInfo:
|
|
$ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ResynchronizationInfo'
|
|
pei:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/Pei'
|
|
traceData:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/TraceData'
|
|
udmGroupId:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/NfGroupId'
|
|
routingIndicator:
|
|
type: string
|
|
pattern: '^[0-9]{1,4}$'
|
|
cellCagInfo:
|
|
type: array
|
|
items:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/CagId'
|
|
minItems: 1
|
|
n5gcInd:
|
|
type: boolean
|
|
default: false
|
|
supportedFeatures:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/SupportedFeatures'
|
|
required:
|
|
- supiOrSuci
|
|
- servingNetworkName
|
|
UEAuthenticationCtx:
|
|
type: object
|
|
properties:
|
|
authType:
|
|
$ref: '#/components/schemas/AuthType'
|
|
5gAuthData:
|
|
oneOf:
|
|
- $ref: '#/components/schemas/Av5gAka'
|
|
- $ref: '#/components/schemas/EapPayload'
|
|
_links:
|
|
type: object
|
|
additionalProperties:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'
|
|
servingNetworkName:
|
|
$ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/ServingNetworkName'
|
|
required:
|
|
- authType
|
|
- 5gAuthData
|
|
- _links
|
|
|
|
Av5gAka:
|
|
type: object
|
|
required:
|
|
- rand
|
|
- hxresStar
|
|
- autn
|
|
properties:
|
|
rand:
|
|
$ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/Rand'
|
|
hxresStar:
|
|
$ref: '#/components/schemas/HxresStar'
|
|
autn:
|
|
$ref: 'TS29503_Nudm_UEAU.yaml#/components/schemas/Autn'
|
|
ConfirmationData:
|
|
type: object
|
|
required:
|
|
- resStar
|
|
properties:
|
|
resStar:
|
|
$ref: '#/components/schemas/ResStar'
|
|
supportedFeatures:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/SupportedFeatures'
|
|
ConfirmationDataResponse:
|
|
type: object
|
|
properties:
|
|
authResult:
|
|
$ref: '#/components/schemas/AuthResult'
|
|
supi:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/Supi'
|
|
kseaf:
|
|
$ref: '#/components/schemas/Kseaf'
|
|
|
|
required:
|
|
- authResult
|
|
EapSession:
|
|
type: object
|
|
properties:
|
|
eapPayload:
|
|
$ref: '#/components/schemas/EapPayload'
|
|
kSeaf:
|
|
$ref: '#/components/schemas/Kseaf'
|
|
_links:
|
|
type: object
|
|
additionalProperties:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/LinksValueSchema'
|
|
authResult:
|
|
$ref: '#/components/schemas/AuthResult'
|
|
supi:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/Supi'
|
|
supportedFeatures:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/SupportedFeatures'
|
|
required:
|
|
- eapPayload
|
|
DeregistrationInfo:
|
|
type: object
|
|
properties:
|
|
supi:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/Supi'
|
|
supportedFeatures:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/SupportedFeatures'
|
|
required:
|
|
- supi
|
|
RgAuthenticationInfo:
|
|
type: object
|
|
properties:
|
|
suci:
|
|
$ref: '#/components/schemas/Suci'
|
|
authenticatedInd:
|
|
type: boolean
|
|
default: false
|
|
supportedFeatures:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/SupportedFeatures'
|
|
required:
|
|
- suci
|
|
- authenticatedInd
|
|
RgAuthCtx:
|
|
type: object
|
|
properties:
|
|
authResult:
|
|
$ref: '#/components/schemas/AuthResult'
|
|
supi:
|
|
$ref: 'TS29571_CommonData.yaml#/components/schemas/Supi'
|
|
authInd:
|
|
type: boolean
|
|
default: false
|
|
required:
|
|
- authResult
|
|
|
|
AuthResult:
|
|
type: string
|
|
enum:
|
|
- AUTHENTICATION_SUCCESS
|
|
- AUTHENTICATION_FAILURE
|
|
- AUTHENTICATION_ONGOING
|
|
EapPayload:
|
|
type: string
|
|
format: base64
|
|
description: contains an EAP packet
|
|
nullable: true
|
|
Kseaf:
|
|
type: string
|
|
pattern: '[A-Fa-f0-9]{64}'
|
|
ResStar:
|
|
type: string
|
|
pattern: '[A-Fa-f0-9]{32}'
|
|
nullable: true
|
|
HxresStar:
|
|
type: string
|
|
pattern: "[A-Fa-f0-9]{32}"
|
|
Suci:
|
|
type: string
|
|
pattern: '^(suci-(0-[0-9]{3}-[0-9]{2,3}|[1-7]-.+)-[0-9]{1,4}-(0-0-.+|[a-fA-F1-9]-([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])-[a-fA-F0-9]+)|.+)$'
|
|
AuthType:
|
|
# anyOf:
|
|
# - type: string
|
|
type: string
|
|
enum:
|
|
- 5G_AKA
|
|
- EAP_AKA_PRIME
|
|
- EAP_TLS
|
|
# - type: string
|