Contents
1 Introduction
This section contains information about the prerequisites, purpose, scope, and target group for the document. This section also contains information about typographic conventions used in this document.
1.1 Purpose and Scope
This document covers descriptions of installation, interface and configuration of Ericsson™ Dynamic Activation (EDA).
In the Secure Entitlement Server (SES) solution, Dynamic Activation is responsible for user and service profile provisioning towards the monolithic nodes, for example IPWorks.
- Note:
- This document is not a tutorial of CAI3G, it must be used together with document Generic CAI3G Interface 1.2, Reference [2].
1.2 Target Groups
The target group for this document is as follows:
- System Integrator
For more information about the different target groups, see Library Overview, Reference [1].
1.3 Typographic Conventions
Typographic conventions are described in the document Library Overview, Reference [1].
1.4 Prerequisites
This document is written with the assumption that the users:
- Have basic knowledge about the Dynamic Activation product.
- Have knowledge about Generic CAI3G Interface 1.2, Reference [2].
1.5 Web Service Interface
The Web Services Definition Language (WSDL) and XML Schema Definition Language (XSD) files that describe the provisioning interface can be found in /home/dveinstaller/ma/. It is also possible to download the files and view or store them in an appropriate area by following below instruction:
- Save the zip file, Dynamic_Activation_WSDL_ and_ XSD_ files.zip, to a local folder.
- Unpack the zip file.
1.6 MOType
MOType is a plain text string based on the type xs:string. An MOType consists of two parts. One is the namespace of the MO, and the other is the MO name string that is always starting with an alphabetical character in either upper or lower case, followed by zero or more alphabetical characters, digits or underscores.
Those two parts are connected with symbol @. The syntax of the MOType string is MO_Name@MO_Namespace. The name string of an MOType must follow the regular expression: [A-Za-z][A-Za-z0-9]*
The MO name together with the MO namespace must be globally unique.
1.7 MOId
MOId is an XML fragment containing the MOId parameter-value pairs that are used to identify an MO instance in the interface data model. CAI3G 1.2 standard supports compound MO identifiers or multiple MO identifier. The following is an example of an MOId:
Example 1 Example of MOId
<MOId> <msisdn>46455395000</msisdn> <imsi>46234563545000</imsi> </MOId>
The MOId is defined as a sequence of xs:any element in CAI3G schema file. It is the developers responsibility to define the real schema for this parameter.
The MOId is also the key attributes that must be defined in the top-level element, CreateMODefinition or SetMODefinition, within MOAttributes parameter.
Each implementation of CAI3G interface is to define own logic relationship of MOId. It is also the CAI3GAgents responsibility to interpret this parameter correctly by either the hard-coded logic or the dynamic parsing of the schema.
2 Voice over Wi-Fi Subscription
2.1 Create VoWifiService
This section describes how to create VoWifiService.
MOType
VoWifiService@http://schemas.ericsson.com/ma/nonSIM/
2.1.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max length = 64 |
Optional |
The transaction ID |
|
vImsi |
String Min length = 6 Max length = 16 |
Mandatory |
The virtual IMSI number |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
vImsi |
String Min length = 6 Max length = 16 |
Mandatory |
The virtual IMSI number |
|
deviceRealm |
String Max length = 128 |
Mandatory |
The Non-SIM device realm |
|
imsi |
String Min length = 6 Max length = 16 |
Mandatory |
The SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
String Min length = 5 Max length = 16 |
Mandatory |
The SIM device MSISDN that is associated with the Non-SIM device |
|
impi |
String Max length = 256 |
Mandatory |
The private user identity in HSS of the Non-SIM device |
|
apn |
String |
Mandatory |
The Access Point Name of the Non-SIM device Format: FQDN |
|
password |
String Min length = 15 Max length = 256 |
Mandatory |
The HSS private user password of Non-SIM device Format: Plain text, US-ASCII character set is accepted, except control characters (0-31) and DEL character (127). Linear White Space (LWS) is also accepted. |
|
userStatus |
One of the following strings: enable, disable, reset |
Optional |
The non-SIM device user status. It can be enabled, disabled and reset:
|
|
csr |
String |
Mandatory |
The required certificate sign request for the Non-SIM certificate. |
2.1.2 Response Data
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
certificate |
String |
Mandatory |
The signed certificate for non-SIM device |
|
certId |
String Max length = 64 |
Mandatory |
The signed certificate identity |
|
certExpireTime |
dateTime |
Mandatory |
The signed certificate expiration time |
2.1.3 Example
An example for creating VoWifiService is shown as follows.
Example 2 Create VoWifiService
Request:
<cai3:Create>
<cai3:MOType>VoWifiService@http://schemas.ericsson.com/ma/nonSIM/
</cai3:MOType>
<cai3:MOId>
<non:vImsi>123456</non:vImsi>
</cai3:MOId>
<cai3:MOAttributes>
<non:CreateVoWifiService xmlns:non=”http://schemas.ericsson.com/ma/nonSIM/”
vImsi="123456">
<non:vImsi>123456</non:vImsi>
<non:deviceRealm>ericsson</non:deviceRealm>
<non:imsi>12345678</non:imsi>
<non:msisdn>13812345678</non:msisdn>
<non:impi>impiuser_ewahong</non:impi>
<non:apn>apn</non:apn>
<non:password>passwordpassword</non:password>
<non:userStatus>enable</non:userStatus>
<non:csr>MIICtTCCAZ0CADBxMQswCQYDVQQGEwJjbjEWMBQGA1UEAxMNbWljaGVsbGUud2Fu
ZzERMA8GA1UEBxMIc2hhbmdoYWkxETAPBgNVBAoTCGVyaWNzc29uMREwDwYDVQQI
EwhzaGFuZ2hhaTERMA8GA1UECxMIY2JjL3hsZWcwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7WXv4WOB6CfgzXwwCDnh7T8JNG34vBNycSKdl3yq2WuCW
5ftyV9/SPRjpSiUDVIHqEkmhT3yBBsH5JRu1fQhkEvw14E8zr7EUFa4JFHO3Xtd8
nqh2JFEjayHpa/NWol6NeSS8GrRShZWbiIII+wLw1HRoDJhMFFjDFQwKgnfyNwmZ
avlhkzCoBvIYgYD/lnFZiyaAuAuIBLLVe768qyaP0TUYq0OeJqiKS5B/pVcF1ZIH
GslT8deWTigxLj6u1YAzQoZNbqlgA0xVW+cR7YgbmOoQjFQoS1EZbPs/QAD0d7vX
ZOJoDgtFmKqKRmpYtT2gHeD2qt8v+61mUuQN40NTAgMBAAGgADANBgkqhkiG9w0B
AQQFAAOCAQEAsHczPihsi9PGr9IZDYIidUYUadMcKyyAY2AagsupIruVFwARV7cd
rg069vUAh8bZ/goQFW9YTRBckuzxF927pHkyTLQLGc0Z2xGKYd6pAcri8MMNfjQ2
MYvW4sxhBVJv/FTkrW8Ivl9X431m0ctND7J/n3dnjRMwYTcf72ZsH9gAYEvMqsvK
3J1Mj8JKByx/atsHxxTM59xKYVpnLPprEviZlxzvolAHI+RLu6dQxKK/AOlrVBFY
3Vjxh7D/RAahVMF9eLJ3cMKoEmKmKvkUoGLUgwC+ZhADx2Osm3TOTIFDZKGggVs7
94jDIFsJP0587t8vLXLtiFe6JcbSOvjLhQ==</non:csr>
</non:CreateVoWifiService>
</cai3:MOAttributes>
</cai3:Create>
Response:
<cai3:CreateResponse>
<cai3:MOId>
<non:vImsi>?</non:vImsi>
</cai3:MOId>
<cai3:MOAttributes>
<non:CreateResponseVoWifiService>
<non:certificate>?</non:certificate>
<non:certId>?</non:certId>
<non:certExpireTime>?</non:certExpireTime>
</non:CreateResponseVoWifiService>
</cai3:MOAttributes>
</cai3:CreateResponse> 2.2 Set VoWifiService
This section describes how to set VoWifiService.
MOType
VoWifiService@http://schemas.ericsson.com/ma/nonSIM/
2.2.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max length = 64 |
Optional |
The transaction ID |
|
vImsi |
String Min length = 6 Max length = 16 |
Mandatory |
The virtual IMSI number |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
vImsi |
String Min length = 6 Max length = 16 |
Mandatory |
The virtual IMSI number |
|
deviceRealm |
String Max length = 128 |
Mandatory |
The Non-SIM device realm |
|
imsi |
String Min length = 6 Max length = 16 |
Optional |
The SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
String Min length = 5 Max length = 16 |
Optional |
The SIM device MSISDN that is associated with the Non-SIM device |
|
impi |
String Max length = 256 |
Optional |
The private user identity in HSS of the Non-SIM device |
|
apn |
String |
Optional |
The Access Point Name of the Non-SIM device Format: FQDN |
|
password |
String Min length = 15 Max length = 256 |
Optional |
The HSS private user password of Non-SIM device Format: Plain text, US-ASCII character set is accepted, except control characters (0-31) and DEL character (127). Linear White Space (LWS) is also accepted. |
|
userStatus |
One of the following strings: enable, disable, reset |
Optional |
The non-SIM device user status. It can be enabled, disabled and reset:
|
|
csr |
String |
Optional |
The required certificate sign request for the Non-SIM certificate. |
|
certId |
String Max length = 64 |
Optional |
The signed certificate identity |
2.2.2 Example
An example for setting VoWifiService is shown as follows.
Example 3 Set VoWifiService
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ " xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:non="http:// schemas.ericsson.com/ma/nonSIM/"> <soapenv:Header> <cai3:SessionId>a9dd468448dd4d389f6367ac04993930</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Set> <cai3:MOType>VoWifiService@http://schemas.ericsson.com/ma/nonSIM/ </cai3:MOType> <cai3:MOId> <!--Optional:--> <non:transactionLogId>transactionid9999#SetVoWifiService </non:transactionLogId> <non:vImsi>112233</non:vImsi> </cai3:MOId> <cai3:MOAttributes> <non:SetVoWifiService vImsi="112233"> <non:deviceRealm>ericsson</non:deviceRealm> <!--Optional:--> <non:csr>-----BEGIN CERTIFICATE REQUEST----- MIICqzCCAZMCADBnMQswCQYDVQQGEwJjbjEVMBMGA1UEAxMMbWljaGVsbGUuY29t MREwDwYDVQQHEwhzaGFuZ2hhaTEMMAoGA1UEChMDY2JjMREwDwYDVQQIEwhzaGFu Z2hhaTENMAsGA1UECxMEeGxlZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBANMPKqyLgIZ4S2MMrJjCM2uD0U+J8AHpCmV5Dc7x0wL3Z5Rn2KR59YeTt8t6 7SZt14g0I5lfEKAsS77ED4NT+eXGA3HoJ5Mvk+QX0KmsB7h5Ah9/bwYNbM21EBCG 5fjtfDn3W+XCEL9cp2ll16LloclIoCjIuNKNWBwu7+bmGGQuaXJQqPw4s2sbuHhO hpGDa1Y/CiWxEbNw3XIIAHoc3xjHmoQjeTkbmiD++hcbkOu9jTNlAq9WMj5Y9JGK FpL07PXtAlFxMGY7fbOwXDIge6zurldqpZ5GOl/pjOpeZhWO7Ien6UP+v9b/qnTC a5gE7dw3THCbYVLNJqWAP5ssnMsCAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4IBAQBP h4qYL8tfTlVnyyW2h1ip+B0P11QOjSEn/0r0C9o49IAFzWTs2s70GydCXkKt4IYq txvTGAhvUWVQKRe71xSRrvUoMIPglD9tTbtCAhuTMl1QKd8qhgeCebYau9PPQb2O VVW5RYglr8zji501OApp5v4hQPstEG1Mky/vLUZjwze/aCkl3bmfgZoxOpyVh9QM QV9q8Sexb8ToI6fOep6T+eQsarqXcXPISS2RRtpIhanmDwlhWr7TtVynY99q2/FW iMWjAsUx/y3NjM0JxLcX7OOJ9Rk2V1qAMDWCvLeFx0RrUs1Cvjnzqiik4TEsNli3 v8MoYNDU+2R+H8tlgdX5 -----END CERTIFICATE REQUEST-----</non:csr> <!--Optional:--> <non:certId>2007d7a7804a918</non:certId> </non:SetVoWifiService> </cai3:MOAttributes> </cai3:Set> </soapenv:Body> </soapenv:Envelope> Response <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/ " xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>a9dd468448dd4d389f6367ac04993930</cai3g:SessionId> </S:Header> <S:Body> <ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"> <ns2:MOAttributes> <nonsim:SetResponseVoWifiService xmlns:nonsim="http:// schemas.ericsson.com/ma/nonSIM/"> <nonsim:certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FUR S0tLS0tCk1JSURkakNDQWw2Z0F3SUJBZ0lJREV4TWVzdHVhMHd3RFFZSktvWklodm NOQVFFRkJRQXdOekVSTUE4R0ExVUUKQXd3SVFXUnRhVzVEUVRFeEZUQVRCZ05WQkFv TURFVktRa05CSUZOaGJYQnNaVEVMTUFrR0ExVUVCaE1DVTBVdwpIaGNOTVRRd09EQT JNRFV6TnpVMFdoY05NVFl3T0RBMU1EVXpOelUwV2pBK01SZ3dGZ1lEVlFRRERBOHhN VEl5Ck16TkFaWEpwWTNOemIyNHhGVEFUQmdOVkJBb01ERVZLUWtOQklGTmhiWEJzWlR FTE1Ba0dBMVVFQmhNQ1UwVXcKZ2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QX dnZ0VLQW9JQkFRRFREeXFzaTRDR2VFdGpES3lZd2pOcgpnOUZQaWZBQjZRcGxlUTNPOG RNQzkyZVVaOWlrZWZXSGs3ZkxldTBtYmRlSU5DT1pYeENnTEV1K3hBK0RVL25sCnhnTng 2Q2VUTDVQa0Y5Q3ByQWU0ZVFJZmYyOEdEV3pOdFJBUWh1WDQ3WHc1OTF2bHdoQy9YS2Rw WmRlaTVhSEoKU0tBb3lMalNqVmdjTHUvbTVoaGtMbWx5VUtqOE9MTnJHN2g0VG9hUmcydFd Qd29sc1JHemNOMXlDQUI2SE44WQp4NXFFSTNrNUc1b2cvdm9YRzVEcnZZMHpaUUt2VmpJK1 dQU1JpaGFTOU96MTdRSlJjVEJtTzMyenNGd3lJSHVzCjdxNVhhcVdlUmpwZjZZenFYbVl WanV5SHArbEQvci9XLzZwMHdtdVlCTzNjTjB4d20yRlN6U2FsZ0QrYkxKekwKQWdNQkFB R2pmekI5TUIwR0ExVWREZ1FXQkJRNU9oUXBvY2lzTzJ6V3A1N3JPdDNrK0poTGFqQU1CZ 05WSFJNQgpBZjhFQWpBQU1COEdBMVVkSXdRWU1CYUFGQkEyZHp6WXNETExJczdIVzNIZE gvc1VqZnk2TUE0R0ExVWREd0VCCi93UUVBd0lGNERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0V GQlFjREFnWUlLd1lCQlFVSEF3UXdEUVlKS29aSWh2Y04KQVFFRkJRQURnZ0VCQUlGVnN MSWdXSUdxbzVCOVJUV0hYZkRXYzN1V3VBdHo5QUZHV1YzWWlaazZKRGkyZ0hnZworVW tncE91RjNxUXg1Nm85NVFmTmc3aGs1ZFlXRmNKaitwbUhzekhHMDVoaFRxeU1tajJ5Q U1kN0lxWWV3M1I1Cko0TmJRazRqSjdsaWZTalpSOVlPdnpMV3FQMlZEbEtjc2d3WWI3 aXJsa3ZTYWx3M3A0aEkzQ1pNTEFSMG5kM0cKNEx5ODFJTFl6TEhoYzVCOTVLTjh0cEd SdlA4NmE5eXFNZk13MEpqV0ZvZERjRjl2Z2VYbTBKS0V6N21iQnorVQpKaVFoYk5yM S9icG5JajRsZUxMWkIvWU5sOXk5WE5GVjJuRHJxN2Z6dXBDWjlwTjlCVjFGd3BmNit naFpyNkp2ClBlMjFkakVLV1BlRWg3SE5qY2ZGbW5uQklXcC9FRTJMeTR3PQotLS0t LUVORCBDRVJUSUZJQ0FURS0tLS0t</nonsim:certificate> <nonsim:certId>c4c4c7acb6e6b4c</nonsim:certId> <nonsim:certExpireTime>2016-08-05T05:37:54+00:00 </nonsim:certExpireTime> </nonsim:SetResponseVoWifiService> </ns2:MOAttributes> </ns2:SetResponse> </S:Body> </S:Envelope>
2.3 Delete VoWifiService
This section describes how to delete VoWifiService.
MOType
VoWifiService@http://schemas.ericsson.com/ma/nonSIM/
2.3.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max length = 64 |
Optional |
The transaction ID |
|
vImsi |
String Min length = 6 Max length = 16 |
Mandatory |
The virtual IMSI number |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
vImsi |
String Min length = 6 Max length = 16 |
Mandatory |
The virtual IMSI number |
|
deviceRealm |
String Max length = 128 |
Mandatory |
The Non-SIM device realm |
|
imsi |
String Min length = 6 Max length = 16 |
Optional |
The SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
String Min length = 5 Max length = 16 |
Optional |
The SIM device MSISDN that is associated with the Non-SIM device |
|
impi |
String Max length = 256 |
Optional |
The private user identity in HSS of the Non-SIM device |
|
certId |
String Max length = 64 |
Optional |
The signed certificate identity |
2.3.2 Example
An example for deleting VoWifiService is shown as follows.
- Note:
- The parameter certId in the following example is an optional parameter in the delete request. When a valid certId is defined in the delete request, PG NGN revokes the specified certification of the user. Otherwise PG NGN revokes all certifications of the user.
Example 4 Delete VoWifiService
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:non="http://schemas. ericsson.com/ma/nonSIM/"> <soapenv:Header> <cai3:SessionId>a9dd468448dd4d389f6367ac04993930</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Delete> <cai3:MOType>VoWifiService@http://schemas.ericsson.com/ma/nonSIM/ </cai3:MOType> <cai3:MOId> <!--Optional:--> <non:transactionLogId>transactionid9999#DeleteVoWifiService </non:transactionLogId> <non:vImsi>112233</non:vImsi> </cai3:MOId> <!--Optional:--> <cai3:MOAttributes> <non:DeleteVoWifiService vImsi="112233"> <non:deviceRealm>ericsson</non:deviceRealm> <!--Optional:--> <non:imsi>123456</non:imsi> <!--Optional:--> <non:msisdn>54321</non:msisdn> <!--Optional:--> <non:impi>impi_ewahong_123@ericsson.com</non:impi> <!--Optional:--> <non:certId>c4c4c7acb6e6b4c</non:certId> </non:DeleteVoWifiService> </cai3:MOAttributes> </cai3:Delete> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g=" http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>a9dd468448dd4d389f6367ac04993930</cai3g:SessionId> </S:Header> <S:Body> <ns2:DeleteResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"> <ns2:MOId> <non:transactionLogId xmlns:non="http://schemas.ericsson.com/ma/ nonSIM/">transactionid9999#DeleteVoWifiService</non:transactionLogId> <non:vImsi xmlns:non="http://schemas.ericsson.com/ma/nonSIM/ ">112233</non:vImsi> </ns2:MOId> </ns2:DeleteResponse> </S:Body> </S:Envelope>
3 NonSIM HSS User Subscription
This section is only for the customized HSS user data mode with xB2BUA deployment scenario.PG NGN will update the Non-SIM HSS user password. After that, HSS subscription is not needed in the next phase Non-SIM device on-boarding, as described in Section 2.1.
3.1 Create NonSIMHSSUser
This section describes how to create NonSIMHSSUser.
MOType
NonSIMHSSUser@http://schemas.ericsson.com/ma/nonSIM/
3.1.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max length = 64 |
Optional |
The transaction ID |
|
impi |
String Max length = 256 |
Mandatory |
The non-SIM device private user identity in HSS |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
impi |
String Max length = 256 |
Mandatory |
The non-SIM device private user identity in HSS |
|
imsi |
String Min length = 6 Max length = 16 |
Mandatory |
The SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
String Min length = 5 Max length = 16 |
Mandatory |
The SIM device MSISDN that is associated with the Non-SIM device |
|
password |
String Min length = 15 Max length = 256 |
Mandatory |
The password of Non-SIM device user and HSS private user |
3.1.2 Example
An example for creating NonSIMHSSUser is shown as follows.
Example 5 Create NonSIMHSSUser
Request:
<cai3:Create>
<cai3:MOType>NonSIMHSSUser@http://schemas.ericsson.com/ma/nonSIM/</cai3:MOType>
<cai3:MOId>
<non:impi>impi_nonsim_hssuser_123@ericsson.com</non:impi>
</cai3:MOId>
<cai3:MOAttributes>
<non:CreateNonSIMHSSUser impi="impi_nonsim_hssuser_123@ericsson.com">
<non:impi>impi_nonsim_hssuser_123@ericsson.com</non:impi>
<non:imsi>123456</non:imsi>
<non:msisdn>8613512341234123</non:msisdn>
<non:password>passwordpasswordpass</non:password>
</non:CreateNonSIMHSSUser>
</cai3:MOAttributes>
</cai3:Create>
Response:
<ns2:CreateResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/">
<ns2:MOId>
<non:impi xmlns:non="http://schemas.ericsson.com/ma/nonSIM/">impi_nonsim_hssuser_123@
ericsson.com</non:impi>
</ns2:MOId>
</ns2:CreateResponse>3.2 Set NonSIMHSSUser
This section describes how to set NonSIMHSSUser.
MOType
NonSIMHSSUser@http://schemas.ericsson.com/ma/nonSIM/
3.2.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max length = 64 |
Optional |
The transaction ID |
|
impi |
String Max length = 256 |
Mandatory |
The non-SIM device private user identity in HSS |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
imsi |
String Min length = 6 Max length = 16 |
Mandatory |
The SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
String Min length = 5 Max length = 16 |
Mandatory |
The SIM device MSISDN that is associated with the Non-SIM device |
|
password |
String Min length = 15 Max length = 256 |
Mandatory |
The password of Non-SIM device user and HSS private user |
|
impi |
String Max length = 256 |
Mandatory |
The non-SIM device private user identity in HSS |
3.2.2 Example
An example for setting NonSIMHSSUser is shown as follows.
Example 6 Set NonSIMHSSUser
Request:
<cai3:Set>
<cai3:MOType>NonSIMHSSUser@http://schemas.ericsson.com/ma/nonSIM/</cai3:MOType>
<cai3:MOId>
<non:impi>123456@ericsson</non:impi>
</cai3:MOId>
<cai3:MOAttributes>
<non:SetNonSIMHSSUser xmlns:non=”http://schemas.ericsson.com/ma/nonSIM/”
impi="123456@ericsson">
<non:imsi>12345678</non:imsi>
<non:msisdn>13812345678</non:msisdn>
<non:password>passwordpasswordpassword</non:password>
</non:SetNonSIMHSSUser>
</cai3:MOAttributes>
</cai3:Set>
Response:
<ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/>
3.3 Delete NonSIMHSSUser
This section describes how to delete NonSIMHSSUser.
MOType
NonSIMHSSUser@http://schemas.ericsson.com/ma/nonSIM/
3.3.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max length = 64 |
Optional |
The transaction ID |
|
impi |
String Max length = 256 |
Mandatory |
The non-SIM device private user identity in HSS |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
imsi |
String Min length = 6 Max length = 16 |
Mandatory |
The SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
String Min length = 5 Max length = 16 |
Mandatory |
The SIM device MSISDN that is associated with the Non-SIM device |
|
impi |
String Max length = 256 |
Mandatory |
The non-SIM device private user identity in HSS |
3.3.2 Example
An example for deleting NonSIMHSSUser is shown as follows.
Example 7 Delete NonSIMHSSUser
<cai3:Delete>
<cai3:MOType>NonSIMHSSUser@http://schemas.ericsson.com/ma/nonSIM/</cai3:MOType>
<cai3:MOId>
<non:impi>impi_nonsim_hssuser_123@ericsson.com</non:impi>
</cai3:MOId>
<cai3:MOAttributes>
<non:DeleteNonSIMHSSUser impi="impi_nonsim_hssuser_123@ericsson.com">
<non:imsi>123456</non:imsi>
<non:msisdn>8613512341234123</non:msisdn>
</non:DeleteNonSIMHSSUser>
</cai3:MOAttributes>
</cai3:Delete>
Response:
<ns2:DeleteResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/">
<ns2:MOId>
<non:impi xmlns:non="http://schemas.ericsson.com/ma/nonSIM/">impi_nonsim_hssuser_123@
ericsson.com</non:impi>
</ns2:MOId>
</ns2:DeleteResponse>4 HSS ISM Subscription
HSS open interface is for IMS private user (IMPI) data provisioning in monolithic HSS. This interface supports the Set and Get operations. Create, Delete, and Set IMPI data are accomplished by using the Set operation.
4.1 Create IMPI
This section describes how to create IMPI.
MOType
ISMSubscription@http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
4.1.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation |
MOAttributes
|
Parameter |
Type |
Occurence |
Description | |
|---|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation | |
|
privateUser | ||||
|
privateUserId |
String Min length = 1 Max length = 256 |
Mandatory |
The HSS private user identity | |
|
userPassword |
String Min length = 4 Max length = 256 |
Optional |
Contains the private user password to be used in the SIP Digest authentication. | |
|
userPrimaryHA1Password |
String Pattern value= "[0-9A-F]{1,64}" |
Optional |
Contains the A1 hashed value to be used in SIP Digest authentication. If the value of UserPasswordEncryption in JDV configuration is YES, the value of userPassword is encrypted and stored in userPrimaryHA1Password. | |
|
userSecondaryHA1Password |
String Pattern value= "[0-9A-F]{1,64}" |
Optional |
Contains the A1 hashed value to be used in SIP Digest authentication. | |
|
allowedAuthMechanism |
One of the following strings:
|
Optional |
The default user authorization mechanism | |
|
userBarringInd |
One of the following strings:
|
Optional |
Indicates whether the HSS user is barred. | |
|
roamingAllowed |
One of the following strings:
|
Optional |
Indicates whether the HSS user roaming is allowed. | |
4.1.2 Example
An example for creating IMPI is shown as follows.
Example 8 Create IMPI
Request:
<cai3:Set>
<cai3:MOType>ISMSubscription@http://schemas.ericsson.com/ema
/UserProvisioning/HSS/ISM/
</cai3:MOType>
<cai3:MOId>
<subscriberId>123456_1002@ericsson.com</subscriberId>
</cai3:MOId>
<cai3:MOAttributes>
<SetISMSubscription subscriberId="123456_1002@ericsson.com"
xsi:schemaLocation=
"http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
ema_UserProvisioning_HSS_ISM.xsd"
xmlns="http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<privateUser privateUserId="user001@ericsson.com">
<privateUserId>user001@ericsson.com</privateUserId>
<userPassword>password001</userPassword>
<allowedAuthMechanism>Digest</allowedAuthMechanism>
<userBarringInd>TRUE</userBarringInd>
<roamingAllowed>TRUE</roamingAllowed>
</privateUser>
</SetISMSubscription>
</cai3:MOAttributes>
</cai3:Set>
Response:
<ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/>
4.2 Delete IMPI
This section describes how to delete IMPI.
MOType
ISMSubscription@http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
4.2.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation |
MOAttributes
|
Parameter |
Type |
Occurence |
Description | |
|---|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation | |
|
privateUser | ||||
|
privateUserId |
String Min length = 1 Max length = 256 |
Mandatory |
The HSS private user identity | |
|
userPassword |
String Min length = 4 Max length = 256 |
Optional |
Contains the private user password to be used in the SIP Digest authentication. | |
|
userPrimaryHA1Password |
String Pattern value= "[0-9A-F]{1,64}" |
Optional |
Contains the A1 hashed value to be used in SIP Digest authentication. If the value of UserPasswordEncryption in JDV configuration is YES, the value of userPassword is encrypted and stored in userPrimaryHA1Password. | |
|
userSecondaryHA1Password |
String Pattern value= "[0-9A-F]{1,64}" |
Optional |
Contains the A1 hashed value to be used in SIP Digest authentication. | |
|
allowedAuthMechanism |
One of the following strings:
|
Optional |
The default user authorization mechanism | |
|
userBarringInd |
One of the following strings:
|
Optional |
Indicates whether the HSS user is barred. | |
|
roamingAllowed |
One of the following strings:
|
Optional |
Indicates whether the HSS user roaming is allowed. | |
4.2.2 Example
An example for deleting IMPI is shown as follows.
Example 9 Delete IMPI
Request:
<cai3:Set>
<cai3:MOType>
ISMSubscription@http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
</cai3:MOType>
<cai3:MOId>
<subscriberId>123456_1002@ericsson.com</subscriberId>
</cai3:MOId>
<cai3:MOAttributes>
<SetISMSubscription subscriberId="123456_1002@ericsson.com"
xsi:schemaLocation=
"http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
ema_UserProvisioning_HSS_ISM.xsd"
xmlns="http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<privateUser privateUserId="user001@ericsson.com" xsi:nil="true"/>
</SetISMSubscription>
</cai3:MOAttributes>
</cai3:Set>
Response:
<ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/>
4.3 Set IMPI
This section describes how to set IMPI.
MOType
ISMSubscription@http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
4.3.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation |
MOAttributes
|
Parameter |
Type |
Occurence |
Description | |
|---|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation | |
|
privateUser | ||||
|
privateUserId |
String Min length = 1 Max length = 256 |
Mandatory |
The HSS private user identity | |
|
userPassword |
String Min length = 4 Max length = 256 |
Optional |
Contains the private user password to be used in the SIP Digest authentication. | |
|
userPrimaryHA1Password |
String Pattern value= "[0-9A-F]{1,64}" |
Optional |
Contains the A1 hashed value to be used in SIP Digest authentication. If the value of UserPasswordEncryption in JDV configuration is YES, the value of userPassword is encrypted and stored in userPrimaryHA1Password. | |
|
userSecondaryHA1Password |
String Pattern value= "[0-9A-F]{1,64}" |
Optional |
Contains the A1 hashed value to be used in SIP Digest authentication. | |
|
allowedAuthMechanism |
One of the following strings:
|
Optional |
The default user authorization mechanism | |
|
userBarringInd |
One of the following strings:
|
Optional |
Indicates whether the HSS user is barred. | |
|
roamingAllowed |
One of the following strings:
|
Optional |
Indicates whether the HSS user roaming is allowed. | |
4.3.2 Example
An example for setting IMPI is shown as follows.
Example 10 Set IMPI
Request:
<cai3:Set>
<cai3:MOType>
ISMSubscription@http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
</cai3:MOType>
<cai3:MOId>
<subscriberId>123456_1002@ericsson.com</subscriberId>
</cai3:MOId>
<cai3:MOAttributes>
<SetISMSubscription subscriberId="123456_1002@ericsson.com"
xsi:schemaLocation=
"http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
ema_UserProvisioning_HSS_ISM.xsd"
xmlns="http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<privateUser privateUserId="user002@ericsson.com">
<userPassword>password</userPassword>
<allowedAuthMechanism>SSO</allowedAuthMechanism>
<userBarringInd>FALSE</userBarringInd>
<roamingAllowed>FALSE</roamingAllowed>
</privateUser>
</SetISMSubscription>
</cai3:MOAttributes>
</cai3:Set>
Response:
<ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/>
4.4 Get IMPI
This section describes how to get IMPI.
MOType
ISMSubscription@http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
4.4.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation |
4.4.2 Response Data
MOAttributes
|
Parameter |
Type |
Occurence |
Description | |
|---|---|---|---|---|
|
subscriberId |
String Max length = 255 |
Mandatory |
The SIM subscriber identity For example: <imsi>@domain or <msisdn>@domain Domain shall derive from IMPI and do pre-configuration in Dynamic Activation | |
|
privateUser | ||||
|
privateUserId |
String Min length = 1 Max length = 256 |
Mandatory |
The HSS private user identity | |
|
allowedAuthMechanism |
One of the following strings:
|
Optional |
The default user authorization mechanism | |
|
userBarringInd |
One of the following strings:
|
Optional |
Indicates whether the HSS user is barred. | |
|
roamingAllowed |
One of the following strings:
|
Optional |
Indicates whether the HSS user roaming is allowed. | |
4.4.3 Example
An example for getting IMPI is shown as follows.
Example 11 Get IMPI
Request:
<cai3:Get>
<cai3:MOType>
ISMSubscription@http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/
</cai3:MOType>
<cai3:MOId>
<subscriberId>123456_1002@ericsson.com</subscriberId>
</cai3:MOId>
</cai3:Get>
Response:
<ns2:GetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/">
<ns2:MOAttributes>
<ns:getResponseISMSubscription subscriberId="123456_1002@ericsson.com"
xmlns:ns="http://schemas.ericsson.com/ema/UserProvisioning/HSS/ISM/">
<ns:subscriberId>123456_1002@ericsson.com</ns:subscriberId>
<ns:privateUser privateUserId="user001@ericsson.com">
<ns:privateUserId>user001@ericsson.com</ns:privateUserId>
<ns:userBarringInd>TRUE</ns:userBarringInd>
<ns:roamingAllowed>TRUE</ns:roamingAllowed>
<ns:allowedAuthMechanism>Digest</ns:allowedAuthMechanism>
</ns:privateUser>
</ns:getResponseISMSubscription>
</ns2:MOAttributes>
</ns2:GetResponse>
5 IPWorks NonSiM AAA User Subscription
IPWorks open interface is used for provisioning IPWorks Name Server Daemon (NSD) user directly, including creating, setting, deleting, and getting Domain Name System (DNS) entity. It provides the Create, Delete, Set, and Get operations.
5.1 Create AAANSDUser
This section describes how to create AAANSDUser.
MOType
AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/
5.1.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max Length = 64 |
Optional |
The transaction ID |
|
name |
String Pattern value=[^A-Z]{1,256} |
Mandatory |
The user name of AAANSDUser. The common format is *****@domain |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
name |
String Pattern value=[^A-Z]{1,256} |
Mandatory |
The user name of AAANSDUser. The common format is *****@domain |
|
password |
String Min length = 4 Max length = 256 |
Optional |
The password of AAANSDUser |
|
imsi |
Digit String 6-16 digits Each digit is 0-9 |
Mandatory |
The Non-SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
Digit String 5-16 digits Each digit is 0-9 |
Mandatory |
The SIM device MSISDN that is associated with the Non-SIM device |
|
apn |
String Multiple values, separated by comma |
Optional |
The Access Point Name of the Non-SIM device |
|
userStatus |
One of the following strings:
|
Optional |
The status of AAANSDUser. Only enable and disable operations are valid when creating the AAANSDUser. Enable, disable, and reset operations are valid when setting the AAANSDUser. |
|
certificateId |
String Max length = 64 |
Optional |
The certificate identity for Non-SIM device. The value of certificateId is a decimal value, which equals to the decimal value converted from the hexadecimal value of certificateSN in the ECAS interface. See Table 33. |
|
certificateIssuerName |
String Max length = 512 |
Optional |
The DN of the certificate issuer. The parameter value equals to the value of certificateIssuerName in the ECAS interface. See Table 34. |
5.1.2 Example
An example for creating AAANSDUser in IPWorks is shown as follows.
Example 12 Create AAANSDUser
Request: <cai3:Create> <cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/</cai3:MOType> <cai3:MOId> <!--Optional:--> <ipw:transactionLogId>transactionid9876540000111##999</ipw:transactionLogId> <ipw:name>${Properties#AAANSDUserNameTID001}</ipw:name> </cai3:MOId> <cai3:MOAttributes> <ipw:CreateAAANSDUser name="${Properties#AAANSDUserNameTID001}"> <ipw:name>${Properties#AAANSDUserNameTID001}</ipw:name> <!--Optional:--> <ipw:password>tidpasswd111#0001</ipw:password> <ipw:imsi>987654321</ipw:imsi> <ipw:msisdn>6543210</ipw:msisdn> <!--Optional:--> <ipw:apn>aliba.com,aaa.com,ating.cn</ipw:apn> <!--Optional:--> <ipw:userStatus>enable</ipw:userStatus> <!--Optional:--> <ipw:certificateId>123456789</ipw:certificateId> <!--Optional:--> <ipw:certificateIssuerName>ECAS</ipw:certificateIssuerName> </ipw:CreateAAANSDUser> </cai3:MOAttributes> </cai3:Create> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>c5feda708a4a4c07890dcc32dc041a75</cai3g:SessionId> </S:Header> <S:Body> <ns2:CreateResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"> <ns2:MOId> <ipw:transactionLogId xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/"> transactionid9876540000111##999</ipw:transactionLogId> <ipw:name xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">aaansduser002 </ipw:name> </ns2:MOId> </ns2:CreateResponse> </S:Body> </S:Envelope>
5.2 Set AAANSDUser
This section describes how to set AAANSDUser.
MOType
AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/
5.2.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max Length = 64 |
Optional |
The transaction ID |
|
name |
String Pattern value=[^A-Z]{1,256} |
Mandatory |
The user name of AAANSDUser. The common format is *****@domain |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
name |
String Pattern value=[^A-Z]{1,256} |
Mandatory |
The user name of AAANSDUser. The common format is *****@domain |
|
password |
String Min length = 4 Max length = 256 |
Optional |
The password of AAANSDUser |
|
apn |
String[nillable](1) Multiple values, separated by comma or Single value |
Optional |
The Access Point Name of the Non-SIM device Use xsi:nil="true" to remove apnlist. |
|
userStatus |
One of the following strings:
|
Optional |
The status of AAANSDUser. Only enable and disable operations are valid when creating the AAANSDUser. Enable, disable, and reset operations are valid when setting the AAANSDUser. |
|
certificateId |
String Max length = 64 |
Optional |
The certificate identity for Non-SIM device. The value of certificateId is a decimal value, which equals to the decimal value converted from the hexadecimal value of certificateSN in the ECAS interface. See Table 33. |
|
certificateIssuerName |
String Max length = 512 |
Optional |
The DN of the certificate issuer. The parameter value equals to the value of certificateIssuerName in the ECAS interface. See Table 34. |
(1) There are two
scenarios for nillable: Remove a single apn value such as <apn
value=”apnNeedRemove" xsi:nil="true"/>; remove all apn values
such as <apn xsi:nil=”true”/>.
5.2.2 Example
An example for setting AAANSDUser (including password, apn, and user status) in IPWorks is shown as follows.
Example 13 Set AAANSDUser
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Set> <cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/ </cai3:MOType> <cai3:MOId> <!--Optional:--> <ipw:transactionLogId>${Properties#transactionLogId}</ipw:transactionLogId> <ipw:name>${Properties#imsi}@aaansd</ipw:name> </cai3:MOId> <cai3:MOAttributes> <ipw:SetAAANSDUser name="${Properties#imsi}@aaansd"> <!--Optional:--> <ipw:password>originPas</ipw:password> <!--Zero or more repetitions:--> <ipw:apn>mnc007.mcc490.3gppnetworks.org</ipw:apn> <!--Optional:--> <ipw:userStatus>disable</ipw:userStatus> <!--Optional:--> <ipw:certificateId>123456789222</ipw:certificateId> <!--Optional:--> <ipw:certificateIssuerName>ECAS</ipw:certificateIssuerName> </ipw:SetAAANSDUser> </cai3:MOAttributes> </cai3:Set> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>1a1fe8d5e8c042429322f0359ee3756f</cai3g:SessionId> </S:Header> <S:Body> <SetResponse xmlns="http://schemas.ericsson.com/cai3g1.2/"/> </S:Body> </S:Envelope>
If the user status is set to disable, the system updates the user status to disable and then disconnects the session between AAA and ePDG.
If the user status is set to reset, the system disconnects the session between AAA and ePDG directly.
Examples for apn operations are shown as follows:
Example 14 Set AAANSDUser - Update All apn List
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Set> <cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/</cai3:MOType> <cai3:MOId> <!--Optional:--> <!--<ipw:transactionLogId>transactionid9876540000111@333#enable </ipw:transactionLogId>--> <ipw:name>${Properties#AAANSDUserNameTID001}</ipw:name> </cai3:MOId> <cai3:MOAttributes> <ipw:SetAAANSDUser name="${Properties#AAANSDUserNameTID001}"> <ipw:apn>apn1,apn1,apn1,apn2,apn3,apn4</ipw:apn> </ipw:SetAAANSDUser> </cai3:MOAttributes> </cai3:Set> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>4e00a89d1ec946b187c33f7aac611391</cai3g:SessionId> </S:Header> <S:Body> <ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/> </S:Body> </S:Envelope>
Example 15 Set AAANSDUser - Add New apn Values
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Set> <cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/</cai3:MOType> <cai3:MOId> <!--Optional:--> <!--<ipw:transactionLogId>transactionid9876540000111@333#enable </ipw:transactionLogId>--> <ipw:name>${Properties#AAANSDUserNameTID001}</ipw:name> </cai3:MOId> <cai3:MOAttributes> <ipw:SetAAANSDUser name="${Properties#AAANSDUserNameTID001}"> <ipw:apn value="value1">value1</ipw:apn> <ipw:apn value="value2">value2</ipw:apn> </ipw:SetAAANSDUser> </cai3:MOAttributes> </cai3:Set> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>4e00a89d1ec946b187c33f7aac611391</cai3g:SessionId> </S:Header> <S:Body> <ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/> </S:Body> </S:Envelope>
Example 16 Set AAANSDUser - Remove a Single apn Value
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Set> <cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/</cai3:MOType> <cai3:MOId> <!--Optional:--> <!--<ipw:transactionLogId>transactionid9876540000111@333#enable </ipw:transactionLogId>--> <ipw:name>${Properties#AAANSDUserNameTID001}</ipw:name> </cai3:MOId> <cai3:MOAttributes> <ipw:SetAAANSDUser name="${Properties#AAANSDUserNameTID001}"> <ipw:apn value="apnNeedRemove" xsi:nil="true"/> </ipw:SetAAANSDUser> </cai3:MOAttributes> </cai3:Set> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>4e00a89d1ec946b187c33f7aac611391</cai3g:SessionId> </S:Header> <S:Body> <ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/> </S:Body> </S:Envelope>
Example 17 Set AAANSDUser - Remove the apn List
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Set> <cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/</cai3:MOType> <cai3:MOId> <!--Optional:--> <!--<ipw:transactionLogId>transactionid9876540000111@333#enable </ipw:transactionLogId>--> <ipw:name>${Properties#AAANSDUserNameTID001}</ipw:name> </cai3:MOId> <cai3:MOAttributes> <ipw:SetAAANSDUser name="${Properties#AAANSDUserNameTID001}"> <ipw:apn xsi:nil="true"/> </ipw:SetAAANSDUser> </cai3:MOAttributes> </cai3:Set> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>4e00a89d1ec946b187c33f7aac611391</cai3g:SessionId> </S:Header> <S:Body> <ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"/> </S:Body> </S:Envelope>
5.3 Delete AAANSDUser
This section describes how to delete AAANSDUser.
MOType
AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/
5.3.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max Length = 64 |
Optional |
The transaction ID |
|
name |
String Pattern value=[^A-Z]{1,256} |
Mandatory |
The user name of AAANSDUser. The common format is *****@domain |
5.3.2 Example
An example for deleting AAANSDUser from IPWorks is shown as follows.
The system deletes AAANSDUser first and then disconnects the session between AAA and ePDG.
Example 18 Delete AAANSDUser
Request:
<cai3:Delete>
<cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/</cai3:MOType>
<cai3:MOId>
<ipw:name xmlns:ipw=”http://schemas.ericsson.com/ma/IPWORKS/”>
123456@ericsson</ipw:name>
</cai3:MOId>
</cai3:Delete>
Response:
<ns2:DeleteResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/">
<ns2:MOId>
<ipw:name xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
123456@ericsson</ipw:name>
</ns2:MOId>
</ns2:DeleteResponse> 5.4 Get AAANSDUser
This section describes how to get AAANSDUser.
MOType
AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/
5.4.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
transactionLogId |
String Max Length = 64 |
Optional |
The transaction ID |
|
name |
String Pattern value=[^A-Z]{1,256} |
Mandatory |
The user name of AAANSDUser. The common format is *****@domain |
5.4.2 Response Data
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
name |
String Pattern value=[^A-Z]{1,256} |
Mandatory |
The user name of AAANSDUser. The common format is *****@domain |
|
imsi |
Digit String 6-16 digits Each digit is 0-9 |
Mandatory |
The SIM device IMSI that is associated with the Non-SIM device |
|
msisdn |
Digit String 5-16 digits Each digit is 0-9 |
Mandatory |
The SIM device MSISDN that is associated with the Non-SIM device |
|
apn |
String |
Mandatory |
The Access Point Name of the Non-SIM device |
|
userStatus |
One of the following strings:
|
Mandatory |
The status of AAANSDUser. Only enable and disable operations are valid when creating the AAANSDUser. Enable, disable, and reset operations are valid when setting the AAANSDUser. |
|
certificateId |
String Max length = 64 |
Optional |
The certificate identity for Non-SIM device. The value of certificateId is a decimal value, which equals to the decimal value converted from the hexadecimal value of certificateSN in the ECAS interface. See Table 33. |
|
certificateIssuerName |
String Max length = 512 |
Optional |
The DN of the certificate issuer. The parameter value equals to the value of certifcateIssuerName in the ECAS interface. See Table 34. |
5.4.3 Example
An example for getting the AAANSDUser from IPWorks is shown as follows.
Example 19 Get AAANSDUser
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Get> <cai3:MOType>AAANSDUser@http://schemas.ericsson.com/ma/IPWORKS/ </cai3:MOType> <cai3:MOId> <!--Optional:--> <ipw:name>${Properties#AAANSDUserNameTID001}</ipw:name> </cai3:MOId> </cai3:Get> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>4e00a89d1ec946b187c33f7aac611391</cai3g:SessionId> </S:Header> <S:Body> <ns2:GetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"> <ns2:MOAttributes> <ip:GetResponseAAANSDUser xmlns:ip="http://schemas.ericsson.com/ma/IPWORKS/"> <ip:name>aaansduser002</ip:name> <ip:imsi>987654321</ip:imsi> <ip:msisdn>6543210</ip:msisdn> <ip:apn>aliba.com,aaa.com,ating.cn</ip:apn> <ip:userStatus>enable</ip:userStatus> <ip:certificateId>123456789111</ip:certificateId> <ip:certificateIssuerName>ECAS_NEW</ip:certificateIssuerName> </ip:GetResponseAAANSDUser> </ns2:MOAttributes> </ns2:GetResponse> </S:Body> </S:Envelope>
6 Ercisson Certificate Authority Server Subscription
ECAS CAI3G interface is provided by PG NGN for the provisioning of CA directly including certification enrollment, renewal, revocation, and retrieval.
The ECAS operation includes the Create, Delete, Set, and Get operations.
6.1 Create ECASCertificate
This section describes how to create ECASCertificate.
MOType
ECASCertificate@http://schemas.ericsson.com/ma/ECAS/
6.1.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
username |
String Max length = 256 |
Mandatory |
Entity user name, used to create an end entity in CA server |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
username |
String Max length = 256 |
Mandatory |
Entity user name, used to create an end entity in CA server |
|
password |
String Min length = 8 Max length = 256 |
Optional |
Entity user password |
|
caName |
String Max length = 512 |
Optional |
The CA name that is used to sign the CSR. The CA name should be as same as the definition in CA server. |
|
csr |
String |
Mandatory |
Certificate Sign Request. PKCS10 request in base64 encode. |
|
certificateSN |
String Max length = 512 |
Optional |
The certificate’s serial number |
6.1.2 Response Data
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
certificate |
String |
Mandatory |
The signed certificate |
|
certificateSN |
String Max length = 64 |
Mandatory |
The certificate’s serial number |
|
certificateExpireTime |
dateTime |
Mandatory |
The certificate expiration time |
|
certificateIssuerName |
String Max length = 512 |
Mandatory |
The DN of the certificate issuer. |
6.1.3 Example
The Create operation of the ECASCertificate provider interface generates a certification according to given csr and returns a signed certificate.
An example for creating ECASCertificate is shown as follows.
Example 20 Create ECASCertificate
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ecas="http://schemas.ericsson.com/ma/ECAS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Create> <cai3:MOType>ECASCertificate@http://schemas.ericsson.com/ma/ECAS/</cai3:MOType> <cai3:MOId> <ecas:username>${username_1}</ecas:username> </cai3:MOId> <cai3:MOAttributes> <ecas:CreateECASCertificate username="${username_1}"> <ecas:username>${username_1}</ecas:username> <!--Optional:--> <ecas:password>onetimePassword</ecas:password> <!--Optional:--> <ecas:caName>ManagementCA</ecas:caName> <ecas:csr> MIICpjCCAY4CADBiMQswCQYDVQQGEwJDTjEVMBMGA1UEAxMMY29tbW9uTmFtZVQx MREwDwYDVQQHEwhzaGFuZ2hhaTENMAsGA1UEChMEYnVzczELMAkGA1UECBMCU0gx DTALBgNVBAsTBHhsZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD g+zZICj1fmJGMzI7q1NTC+EcoCXIK40aXIVzPQ9RJ5iCW7cNB8LIVfYKCmNWrVNM Bv9PLLZ8Tq6HtxAQtz/SyYJj15Sp1kpPU98pSNXoy1zJF9mknMMea0g5DlFPvGM7 pgjLaYtMyaKSY9z8h93CAQQBHKjVA+eRtm+LDF6PsvHYTuvTOWUqkRpntyQMupvi n9jAZxNjg+dvAMhjSqg8qruKhuD85NGOwsZKlzMMVVKzFRoaY7r2bksvdHgep0VR Ka0DkVw+ON0UzDn/FkWA7oXjhUlNqYFwRL0B6gbXbF3eD66K8MzU2X6RN+uFNJg+ 2M/F2X4Uz+0J7ckdFLJdAgMBAAGgADANBgkqhkiG9w0BAQQFAAOCAQEAuIC+aBQi GK1IIibCRccJYyySaZPZ1Sen7OMRh87/0a5PwSHyOvQEGdybUCojOWvySHTnqpsw hLM05k3s2DdZSy2wUnLIhuIm46ttNq7ts1ycxv+p506vP8GSN5CeaZLeDWeXZTLm 3+Ry5OCn7ygvZ/oaikKZub1/1jO7vHYJNGswiflp9b1W8MuxyWRIPMxwCDATMiWj lO83mmDrKw29cW/LEwMWZccD9F4fGHtLRc7JoKhb80C0hgdwDttRMCZ4Icwk1zJw UPutqKcKgJp75L/anQBsW7G3LxeeWLbLlxTcDuXGLzhBOf3t3fnRDIZJDU7/9rjZ /bDz6Jjp7uHu0w==</ecas:csr> <!--Optional:--> <!--<ecas:subjectDN>CN=ezhimen@Ericsson</ecas:subjectDN>--> </ecas:CreateECASCertificate> </cai3:MOAttributes> </cai3:Create> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>3c31a1fa9409472ba1c148a823702e48</cai3g:SessionId> </S:Header> <S:Body> <ns2:CreateResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"> <ns2:MOId> <ecas:username xmlns:ecas="http://schemas.ericsson.com/ma/ECAS/"> ezhimen@ericsson.com</ecas:username> </ns2:MOId> <ns2:MOAttributes> <ecas:CreateResponseECASCertificate xmlns:ecas="http://schemas.ericsson.com/ma/ECAS/"> <ecas:certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tL S0tCk1JSURXekNDQWtPZ0F3SUJBZ0lJRFpJWXlOMWI5enN3RFFZSktvWklodmNOQVF FRkJRQXdPekVWTUJNR0ExVUUKQXd3TVRXRnVZV2RsYldWdWRFTkJNUlV3RXdZRFZRU UtEQXhGU2tKRFFTQlRZVzF3YkdVeEN6QUpCZ05WQkFZVApBbE5GTUI0WERURTFNRFV 5TnpBek1EWXpOVm9YRFRFM01EVXlOakF6TURZek5Wb3dIekVkTUJzR0ExVUVBd3dVC lpYcG9hVzFsYmtCbGNtbGpjM052Ymk1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkF RVUFBNElCRHdBd2dnRUsKQW9JQkFRRERnK3paSUNqMWZtSkdNekk3cTFOVEMrRWNvQ 1hJSzQwYVhJVnpQUTlSSjVpQ1c3Y05COExJVmZZSwpDbU5XclZOTUJ2OVBMTFo4VHE 2SHR4QVF0ei9TeVlKajE1U3Axa3BQVTk4cFNOWG95MXpKRjlta25NTWVhMGc1CkRsR lB2R003cGdqTGFZdE15YUtTWTl6OGg5M0NBUVFCSEtqVkErZVJ0bStMREY2UHN2SFl UdXZUT1dVcWtScG4KdHlRTXVwdmluOWpBWnhOamcrZHZBTWhqU3FnOHFydUtodUQ4N U5HT3dzWktsek1NVlZLekZSb2FZN3IyYmtzdgpkSGdlcDBWUkthMERrVncrT04wVXp Ebi9Ga1dBN29YamhVbE5xWUZ3UkwwQjZnYlhiRjNlRDY2SzhNelUyWDZSCk4rdUZOS mcrMk0vRjJYNFV6KzBKN2NrZEZMSmRBZ01CQUFHamZ6QjlNQjBHQTFVZERnUVdCQlI 5ajI3VTVMQ24KQldrTXl3WCtRUDRNKzMrSFVUQU1CZ05WSFJNQkFmOEVBakFBTUI4R 0ExVWRJd1FZTUJhQUZOTFExSXhiT0ZSbAorMmh0Znovb1lHTUdiS1lXTUE0R0ExVWR Ed0VCL3dRRUF3SUY0REFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNECkFnWUlLd1lCQ lFVSEF3UXdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBR0tkRjhEUFF4OENJNGNTVWl zRUlXQlkKZFh6YzJnRkxncE1TUmV1Y0lQVTlXQ3BIWGprTEtKY1pNdVpSc1EwQk9jS GJnemhQOFlvekpQdUp3Y0pCa0dINApsczNYSXkxU0xYK3ZYTFJYdS9EM3ppVU95Yzl 6WFVaV3kxZkc4SVlCZEtTRXNsYVZYd3VURHp4MXFPRHZ6RFNVCkZqK2hTekcra3Q5T 0JQK2kzdUJnQzJKbEdid3ZUcCt2VnFxaEZwdG1BK1ZISzJhdy93elZQaFArQzRqZTR 0R04KeFZyT3BsdDNMT0RZeFlURHQ3M1V0ZVFhQnFJdE9oTnZvRk1QYnBoMzNkMFQzd EpwZHVjaElNMS9neW9JOHU1eQp0VDI5TVFOcXQ1MGFJL3gwWlVFYTUzRkxWSFZjdmV qcmRIVFZQZC9MNmdOemtVY21JVEhxM3VsTjdMUTlDcTQ9Ci0tLS0tRU5EIENFUlRJR klDQVRFLS0tLS0=</ecas:certificate> <ecas:certificateSN>d9218c8dd5bf73b</ecas:certificateSN> <ecas:certificateExpireTime>2017-05-26T03:06:35+00:00 </ecas:certificateExpireTime> <ecas:certificateIssuerName>C=SE, O=EJBCA Sample, CN=ManagementCA </ecas:certificateIssuerName> </ecas:CreateResponseECASCertificate> </ns2:MOAttributes> </ns2:CreateResponse> </S:Body> </S:Envelope>
6.2 Set ECASCertificate
This section describes how to set ECASCertificate.
MOType
ECASCertificate@http://schemas.ericsson.com/ma/ECAS/
6.2.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
username |
String Max length = 256 |
Mandatory |
Entity user name, used to create an end entity in CA server |
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
username |
String Max length = 256 |
Mandatory |
Entity user name, used to create an end entity in CA server |
|
password |
String Min length = 8 Max length = 256 |
Optional |
Entity user password |
|
certificateSN |
String Max length = 64 |
Mandatory |
The certificate’s serial number |
|
caName |
String Max length = 512 |
Optional |
The CA name that is used to sign the CSR. The CA name should be as same as the definition in CA server. |
|
csr |
String |
Mandatory |
Certificate Sign Request. PKCS10 request in base64 encode. |
|
subjectDN |
String Max length = 512 |
Optional |
Certificate user DN. CA server considers it as the Subject DN when generating a certificate. |
|
issuerDN |
String Max length = 512 |
Optional |
CA’s DN, for example, CN=AdminCA1,O=EJBCA Sample,C=SE |
6.2.2 Response Data
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
certificate |
String |
Mandatory |
The signed certificate |
|
certificateSN |
String Max length = 64 |
Mandatory |
The certificate’s serial number |
|
certificateExpireTime |
dateTime |
Mandatory |
The certificate expiration time |
|
certificateIssuerName |
String Max length = 512 |
Mandatory |
The DN of the certificate issuer. |
6.2.3 Example
The Set operation of the ECASCertificate renews a certificate of the given user. It contains two steps during the provisioning: revoking the old certificate; signing and issuing a certificate.
An example for setting ECASCertificate is shown as follows.
Example 21 Set ECASCertificate
Request: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ecas="http://schemas.ericsson.com/ma/ECAS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Set> <cai3:MOType>ECASCertificate@http://schemas.ericsson.com/ma/ECAS/</cai3:MOType> <cai3:MOId> <ecas:username>${username_1}</ecas:username> </cai3:MOId> <cai3:MOAttributes> <ecas:SetECASCertificate username="${username_1}"> <!--Optional:--> <ecas:password>setPassword</ecas:password> <!--This set operation will revoke certification which declare in request and issue one new certification--> <ecas:certificateSN>${certificateSN1}</ecas:certificateSN> <!--Optional:--> <ecas:caName>ManagementCA</ecas:caName> <ecas:csr> MIICpjCCAY4CADBiMQswCQYDVQQGEwJDTjEVMBMGA1UEAxMMY29tbW9uTmFtZVQx MREwDwYDVQQHEwhzaGFuZ2hhaTENMAsGA1UEChMEYnVzczELMAkGA1UECBMCU0gx DTALBgNVBAsTBHhsZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD g+zZICj1fmJGMzI7q1NTC+EcoCXIK40aXIVzPQ9RJ5iCW7cNB8LIVfYKCmNWrVNM Bv9PLLZ8Tq6HtxAQtz/SyYJj15Sp1kpPU98pSNXoy1zJF9mknMMea0g5DlFPvGM7 pgjLaYtMyaKSY9z8h93CAQQBHKjVA+eRtm+LDF6PsvHYTuvTOWUqkRpntyQMupvi n9jAZxNjg+dvAMhjSqg8qruKhuD85NGOwsZKlzMMVVKzFRoaY7r2bksvdHgep0VR Ka0DkVw+ON0UzDn/FkWA7oXjhUlNqYFwRL0B6gbXbF3eD66K8MzU2X6RN+uFNJg+ 2M/F2X4Uz+0J7ckdFLJdAgMBAAGgADANBgkqhkiG9w0BAQQFAAOCAQEAuIC+aBQi GK1IIibCRccJYyySaZPZ1Sen7OMRh87/0a5PwSHyOvQEGdybUCojOWvySHTnqpsw hLM05k3s2DdZSy2wUnLIhuIm46ttNq7ts1ycxv+p506vP8GSN5CeaZLeDWeXZTLm 3+Ry5OCn7ygvZ/oaikKZub1/1jO7vHYJNGswiflp9b1W8MuxyWRIPMxwCDATMiWj lO83mmDrKw29cW/LEwMWZccD9F4fGHtLRc7JoKhb80C0hgdwDttRMCZ4Icwk1zJw UPutqKcKgJp75L/anQBsW7G3LxeeWLbLlxTcDuXGLzhBOf3t3fnRDIZJDU7/9rjZ /bDz6Jjp7uHu0w==</ecas:csr> <!--Optional:--> <!--<ecas:subjectDN>CN=ezhimen@Ericsson</ecas:subjectDN>--> <!--Optional:--> <!--ecas:issuerDN>CN=AdminCA1,O=EJBCA Sample,C=SE</ecas:issuerDN--> <ecas:issuerDN>CN=ManagementCA,O=EJBCA Sample,C=SE</ecas:issuerDN> </ecas:SetECASCertificate> </cai3:MOAttributes> </cai3:Set> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>8e8a11f9acf34e3fbf807aa68a9d7dd1</cai3g:SessionId> </S:Header> <S:Body> <ns2:SetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"> <ns2:MOAttributes> <ecas:SetResponseECASCertificate xmlns:ecas="http://schemas.ericsson.com/ma/ECAS/"> <ecas:certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JS URXekNDQWtPZ0F3SUJBZ0lJTlE3dDY1VWpKOUV3RFFZSktvWklodmNOQVFFRkJRQXdPekVWTUJ NR0ExVUUKQXd3TVRXRnVZV2RsYldWdWRFTkJNUlV3RXdZRFZRUUtEQXhGU2tKRFFTQlRZVzF3Y kdVeEN6QUpCZ05WQkFZVApBbE5GTUI0WERURTFNRFV5TmpBMU1qRXpORm9YRFRFM01EVXlOVEE xTWpFek5Gb3dIekVkTUJzR0ExVUVBd3dVClpYcG9hVzFsYmtCbGNtbGpjM052Ymk1amIyMHdnZ 0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUsKQW9JQkFRRERnK3paSUNqMWZtSkd Nekk3cTFOVEMrRWNvQ1hJSzQwYVhJVnpQUTlSSjVpQ1c3Y05COExJVmZZSwpDbU5XclZOTUJ2O VBMTFo4VHE2SHR4QVF0ei9TeVlKajE1U3Axa3BQVTk4cFNOWG95MXpKRjlta25NTWVhMGc1CkR sRlB2R003cGdqTGFZdE15YUtTWTl6OGg5M0NBUVFCSEtqVkErZVJ0bStMREY2UHN2SFlUdXZUT 1dVcWtScG4KdHlRTXVwdmluOWpBWnhOamcrZHZBTWhqU3FnOHFydUtodUQ4NU5HT3dzWktsek1 NVlZLekZSb2FZN3IyYmtzdgpkSGdlcDBWUkthMERrVncrT04wVXpEbi9Ga1dBN29YamhVbE5xW UZ3UkwwQjZnYlhiRjNlRDY2SzhNelUyWDZSCk4rdUZOSmcrMk0vRjJYNFV6KzBKN2NrZEZMSmR BZ01CQUFHamZ6QjlNQjBHQTFVZERnUVdCQlI5ajI3VTVMQ24KQldrTXl3WCtRUDRNKzMrSFVUQ U1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZOTFExSXhiT0ZSbAorMmh0Znovb1l HTUdiS1lXTUE0R0ExVWREd0VCL3dRRUF3SUY0REFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEC kFnWUlLd1lCQlFVSEF3UXdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRElyOTJUQ1lEZFVYWmN pcWIyMHRjcWMKOS90NXJka0tlRVlDUSszaXVOay96NkR3QTFhU2FmMGl6MmoxalBVa040Uk5me lh5MWY5RHpWNmR3cU96Y0Y3WgpEd3I1M1o1OUdpVDVMbVNDOUdKNE9RUys5T3dmQlhicGxoeSt TbEdDSS92djZEVnVKSWNWWU4xZnpITENiQk5BCnJ4ZWxNUUVvU3h0eG1XVEg5emQxcjczd0l0a zdMS283ZGhOS2hrR2EybGFpZnYzMGhKSzZiN05mNXIxNUdqVUkKQWZKNHdRTDA0bFphNnpqaWg wTmRGYlg0bm1DM1ZYeUs1NWYzcm5GWUlqS2dXUWtTejd3eDc3YXNjSEY1ZEtIQgo5VG11RnQ5V llkUnRGN3BOTXZmTS9YUmJldDFWUUFLMTNkUllHWndOWkw4Z3JkWVJZTlNoUHYrVHc0cEt6c0U 9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=</ecas:certificate> <ecas:certificateSN>350eedeb952327d1</ecas:certificateSN> <ecas:certificateExpireTime>2017-05-25T05:21:34+00:00 </ecas:certificateExpireTime> <ecas:certificateIssuerName>C=SE, O=EJBCA Sample, CN=ManagementCA </ecas:certificateIssuerName> </ecas:SetResponseECASCertificate> </ns2:MOAttributes> </ns2:SetResponse> </S:Body> </S:Envelope>
6.3 Delete ECASCertificate
This section describes how to delete ECASCertificate.
MOType
ECASCertificate@http://schemas.ericsson.com/ma/ECAS/
6.3.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
username |
String Max length = 256 |
Mandatory |
Entity user name, used to create an end entity in CA server |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
username |
String Max length = 256 |
Mandatory |
Entity user name, used to create an end entity in CA server |
|
password |
String Min length = 8 Max length = 256 |
Optional |
Entity user password |
|
issuerDN |
String Max length = 512 |
Optional |
CA’s DN, for example, CN=AdminCA1,O=EJBCA Sample,C=SE |
|
certificateSN |
String Max length = 64 |
Optional |
The certificate’s serial number |
6.3.2 Example
The Delete operation of the ECASCertificate provides the capacity to revoke a certificate or end entity. When the certificate SN is provided, PG NGN tries to revoke the given certificate. If only username is provided, PG NGN tries to revoke all the certificates of the end entity.
An example for deleting ECASCertificate is shown as follows.
Example 22 Delete ECASCertificate
Request1: revoke the certificate according to certificateSN.
<ecas:DeleteECASCertificate username="username">
<ecas:issuerDN>CN=AdminCA1,O=EJBCA Sample,C=SE</ecas:issuerDN>
<ecas:certificateSN>44b9b175bb6b2244</ecas:certificateSN>
</ecas:DeleteECASCertificate>
Response 1
<ns2:revokeCertResponse xmlns:ns2="http://ws.protocol.core.ejbca.org/"/>
Request 2: revoke all certificates that belong to the given user
<ecas:DeleteECASCertificate username="username">
</ecas:DeleteECASCertificate>
Response 2
<ns2:revokeCertResponse xmlns:ns2="http://ws.protocol.core.ejbca.org/"/>
6.4 Get ECASCertificate
This section describes how to get ECASCertificate.
MOType
ECASCertificate@http://schemas.ericsson.com/ma/ECAS/
6.4.1 Request Data
MOId
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
username |
String Max length = 256 |
Mandatory |
Entity user name, used to create an end entity in CA server |
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
certificateSN |
String Max length = 64 |
Mandatory |
The certificate’s serial number |
|
issuerDN |
String Max length = 512 |
Optional |
CA’s DN, for example, CN=AdminCA1,O=EJBCA Sample,C=SE |
6.4.2 Response Data
MOAttributes
|
Parameter |
Type |
Occurrence |
Description |
|---|---|---|---|
|
certificate |
String |
Mandatory |
The signed certificate |
|
certificateSN |
String Max length = 64 |
Mandatory |
The certificate’s serial number |
|
certificateExpireTime |
dateTime |
Mandatory |
The certificate expiration time |
|
issuerDN |
String Max length = 512 |
Mandatory |
CA’s DN, for example, CN=AdminCA1,O=EJBCA Sample,C=SE |
|
isRevoked |
One of the following strings:
|
Mandatory |
Indicates whether the certificate is revoked. |
|
revocationDate |
dateTime |
Optional |
The date when the certificate is revoked |
6.4.3 Example
The Get operation of the ECASCertificate retrieves the certificate from CA server according to the given certification's SN and issuer’s DN.
An example for getting ECASCertificate is shown as follows.
Example 23 Get ECASCertificate
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/" xmlns:ecas="http://schemas.ericsson.com/ma/ECAS/"> <soapenv:Header> <cai3:SessionId>${Properties#sessionId}</cai3:SessionId> </soapenv:Header> <soapenv:Body> <cai3:Get> <cai3:MOType>ECASCertificate@http://schemas.ericsson.com/ma/ECAS/ </cai3:MOType> <cai3:MOId> <ecas:username>${username_1}</ecas:username> </cai3:MOId> <!--Optional:--> <cai3:MOAttributes> <ecas:GetECASCertificate> <ecas:certificateSN>${certificateSN1}</ecas:certificateSN> <!--Optional:--> <ecas:issuerDN>CN=ManagementCA,O=EJBCA Sample,C=SE</ecas:issuerDN> </ecas:GetECASCertificate> </cai3:MOAttributes> </cai3:Get> </soapenv:Body> </soapenv:Envelope> Response: <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/" xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/"> <S:Header> <cai3g:SessionId>8e8a11f9acf34e3fbf807aa68a9d7dd1</cai3g:SessionId> </S:Header> <S:Body> <ns2:GetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/"> <ns2:MOAttributes> <ecas:GetResponseECASCertificate xmlns:ecas="http://schemas.ericsson.com/ma/ECAS/"> <ecas:certificate>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR XekNDQWtPZ0F3SUJBZ0lJRm9KSnEyMWU5Ull3RFFZSktvWklodmNOQVFFRkJRQXdPekVWTUJNR0E xVUUKQXd3TVRXRnVZV2RsYldWdWRFTkJNUlV3RXdZRFZRUUtEQXhGU2tKRFFTQlRZVzF3YkdVeEN 6QUpCZ05WQkFZVApBbE5GTUI0WERURTFNRFV5TmpBMU1qRXpNMW9YRFRFM01EVXlOVEExTWpFek0 xb3dIekVkTUJzR0ExVUVBd3dVClpYcG9hVzFsYmtCbGNtbGpjM052Ymk1amIyMHdnZ0VpTUEwR0N TcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUsKQW9JQkFRRERnK3paSUNqMWZtSkdNekk3cTFOVEM rRWNvQ1hJSzQwYVhJVnpQUTlSSjVpQ1c3Y05COExJVmZZSwpDbU5XclZOTUJ2OVBMTFo4VHE2SHR 4QVF0ei9TeVlKajE1U3Axa3BQVTk4cFNOWG95MXpKRjlta25NTWVhMGc1CkRsRlB2R003cGdqTGF ZdE15YUtTWTl6OGg5M0NBUVFCSEtqVkErZVJ0bStMREY2UHN2SFlUdXZUT1dVcWtScG4KdHlRTXV wdmluOWpBWnhOamcrZHZBTWhqU3FnOHFydUtodUQ4NU5HT3dzWktsek1NVlZLekZSb2FZN3IyYmt zdgpkSGdlcDBWUkthMERrVncrT04wVXpEbi9Ga1dBN29YamhVbE5xWUZ3UkwwQjZnYlhiRjNlRDY 2SzhNelUyWDZSCk4rdUZOSmcrMk0vRjJYNFV6KzBKN2NrZEZMSmRBZ01CQUFHamZ6QjlNQjBHQTF VZERnUVdCQlI5ajI3VTVMQ24KQldrTXl3WCtRUDRNKzMrSFVUQU1CZ05WSFJNQkFmOEVBakFBTUI 4R0ExVWRJd1FZTUJhQUZOTFExSXhiT0ZSbAorMmh0Znovb1lHTUdiS1lXTUE0R0ExVWREd0VCL3d RRUF3SUY0REFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNECkFnWUlLd1lCQlFVSEF3UXdEUVlKS29 aSWh2Y05BUUVGQlFBRGdnRUJBRmNYNERFNmFmTHVQNXNram5jVjNHZUsKc1p5TzlpYUptQVplTGg 5TDNPUU9leHlYWi9aYVgvNkNDQmdkUXNyWThpRG9SVUFhdVZ4TU4vMmtkNEFNU1ExegpDY2NrUlh wU3ZORmxnZHRqVUl3YkRiYjN6cDNLbXVmRmdGYllOTlM5bTBxOTloc3FkTy93cHZuYlpkaDlwSFZ uCkx6bXlrTUQ2emVyNlVXSHErcXhNbWRnMDNiSWQ4YThzUHZ1M2g2NnRGWWNNZUNyck5pbStDRGN kcnY2MXY3Z0gKVTVMMEE2U210SGJaam1aTFVvbVVjY3luaWE2V1NGRDBKcW1hQXQ0eEpUVEdUWmJ EYkVld0c2V1hwZ2xKMWFVOQp4MnpYaWpsbFh5ZVN0YVF5UFp3aS82QUprbXFGQ0oya3N5Vm1VUDV QWTVpZUhxNnRrc0I1TlNWaUNuSDJVdnc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= </ecas:certificate> <ecas:certificateSN>168249ab6d5ef516</ecas:certificateSN> <ecas:certificateExpireTime>2017-05-25T05:21:33+00:00 </ecas:certificateExpireTime> <ecas:issuerDN>CN=ManagementCA,O=EJBCA Sample,C=SE</ecas:issuerDN> <ecas:isRevoked>No</ecas:isRevoked> </ecas:GetResponseECASCertificate> </ns2:MOAttributes> </ns2:GetResponse> </S:Body> </S:Envelope>
7 Error Codes
|
Error Code |
Error Message |
MO |
Operation |
|---|---|---|---|
|
30000 |
AAA operation failure |
VoWifiService |
C |
|
30001 |
CSR renew failure |
VoWifiService |
S |
|
30002 |
CSR revocation failure |
VoWifiService |
S/D |
|
30003 |
VoWifiService |
C | |
|
IMPI operation failure |
VoWifiService |
C | |
|
30004 |
VoWifiService |
C | |
|
30005 |
CSR enrollment failure, AAA data is been cleared and IMPI is been cleared |
VoWifiService |
C |
|
CSR enrollment failure, AAA data is been cleared |
VoWifiService |
C | |
|
30006 |
CSR enrollment failure, AAA data is not been cleared and IMPI is been cleared |
VoWifiService |
C |
|
CSR enrollment failure, AAA data is not been cleared |
VoWifiService |
C | |
|
30007 |
CSR enrollment failure, AAA data is been cleared and IMPI is not been cleared |
VoWifiService |
C |
|
30008 |
CSR enrollment failure, AAA data is not been cleared and IMPI is not been cleared |
VoWifiService |
C |
|
30009 |
AAA user removal failure |
VoWifiService |
D |
|
30010 |
IMPI data removal failure |
VoWifiService |
D |
|
30011 |
IMPI data modification failure |
VoWifiService |
S |
|
30012 |
AAA data modification failure |
VoWifiService |
S |
|
30013 |
CSR enroll failure |
VoWifiService |
C/S |
|
30020 |
CSR enrollment failure, HSS data is cleared |
VoWifiService |
C |
|
30021 |
CSR enrollment failure, HSS data is not cleared |
VoWifiService |
C |
|
30022 |
AAA operation failure, certificate is cleared and HSS data is cleared |
VoWifiService |
C |
|
AAA operation failure, certificate is cleared |
VoWifiService |
C | |
|
30023 |
AAA operation failure, certificate is not cleared and HSS data is not cleared |
VoWifiService |
C |
|
30024 |
AAA operation failure, certificate is not cleared and HSS data is cleared |
VoWifiService |
C |
|
AAA operation failure, certificate is not cleared |
VoWifiService |
C | |
|
30025 |
AAA operation failure, certificate is cleared and HSS data is not cleared |
VoWifiService |
C |
|
30026 |
AAA certificate update failure, certificate is cleared |
VoWifiService |
S |
|
30027 |
AAA certificate update failure, certificate is not cleared |
VoWifiService |
S |
|
Error Code |
Error Message |
MO |
Operation |
|---|---|---|---|
|
35103 |
Operations error |
NonSIMHSSUser |
C/S/D |
|
35104 |
NonSIMHSSUser |
C/S/D | |
|
35105 |
HSS Already exists |
NonSIMHSSUser |
C |
|
35106 |
HSS No such object |
NonSIMHSSUser |
S |
|
35199 |
Other HSS dependent faults |
NonSIMHSSUser |
C/S/D |
|
Error Code |
Error Message |
MO |
Operation |
|---|---|---|---|
|
35101 |
Missing or invalid parameter |
ISMSubscription |
C |
|
35102 |
Invalid DN, missing parameter |
ISMSubscription |
C |
|
35103 |
Operations error |
ISMSubscription |
C/S/G/D |
|
35104 |
Cannot contact LDAP server |
ISMSubscription |
C/S/G/D |
|
35105 |
Already exists |
ISMSubscription |
C |
|
35106 |
No such object |
ISMSubscription |
S/G/D |
|
35108 |
Type or value exists |
ISMSubscription |
C |
|
35199 |
Other HSS dependent faults |
ISMSubscription |
C/S/G/D |
|
Error Code |
Error Message |
MO |
Operation |
|---|---|---|---|
|
35250 |
Other IPWorks error |
AAANSDUser |
C/S/G/D |
|
35255 |
No AAANSDUser found |
AAANSDUser |
S/G/D |
|
35256 |
An AAANSDUser with the given name already existed |
AAANSDUser |
C |
|
35257 |
AAA is in maintenance mode, please try later. |
AAANSDUser |
C/S/G/D |
|
35258 |
OPERATION FAILED, ROLLBACK HAS BEEN PERFORMED SUCCESSFULLY |
AAANSDUser |
C(1) |
|
35259 |
OPERATION FAILED, ROLLBACK WAS UNSUCCESSFUL |
AAANSDUser |
C (1) |
(1) For layered AAANSD only.
|
Error Code |
Error Message |
MO |
Operation |
|---|---|---|---|
|
36000 |
Certificate Enrollment failure |
ECASCertificate |
C |
|
36001 |
Certificate Renew failure |
ECASCertificate |
S |
|
36002 |
Certificate Revocation failure |
ECASCertificate |
D |
|
36003 |
Certificate Retrieve failure |
ECASCertificate |
G |
|
36004 |
Certificate Already Revoked |
ECASCertificate |
D |
Reference List
| Ericsson Documents |
|---|
| [1] Library Overview, 18/1553-CSH 109 628 Uen |
| [2] Generic CAI3G Interface 1.2, 2/15519-FAY3020003 Uen |