Layered IPWorks/AAA Provisioning over CAI3G

Ericsson Dynamic Activation 1

1	Introduction
1.1	Purpose and Scope
1.2	Target Group
1.3	Typographic Conventions
1.4	Prerequisites
1.5	Namespaces
1.6	Legends
1.7	Operations
1.8	Web Service Interface
1.9	MOType
1.10	MOId
2	Create AAA User
2.1	Request Data
2.2	Examples
3	Get AAA User
3.1	Request Data
3.2	Response Data
3.3	Examples
4	Set AAA User
4.1	Request Data
4.2	Examples
5	Delete AAA User
5.1	Request Data
5.2	Examples
6	Create AAA Group
6.1	Request Data
6.2	Examples
7	Get AAA Group
7.1	Request Data
7.2	Response Data
7.3	Examples
8	Set AAA Group
8.1	Request Data
8.2	Examples
9	Create AAA Policy
9.1	Request Data
9.2	Examples
10	Get AAA Policy
10.1	Request Data
10.2	Response Data
10.3	Examples
11	Set AAA Policy
11.1	Request Data
11.2	Examples
12	Faults and Errors
12.1	Subordinate AAA Error Codes
12.2	CAI3G Error Message Example
Reference List

1 Introduction

This document describes the interface exposed by Ericsson™ Dynamic Activation (EDA) for provisioning of Authentication and Authorization data in layered IPWorks Authentication, Authorization, and Accounting (AAA). The interface exposes a number of Customers Service Orders (CSOs) that enables management of AAA data, stored in a Consolidated User Data Base (CUDB).

The exposed interface can be used by a Customer Administration System (CAS) or any other provisioning system.

1.1 Purpose and Scope

This document describes the supported Customers Service Orders (CSOs) in the CAI3G interface which is used for provisioning of AAA data in IPWorks.

CAI3G is an Ericsson propriety interface which enables provisioning of user and subscriber data in telecommunication and IT networks. It is a web service interface based on Simple Object Access Protocol (SOAP) 1.1. This document is not a tutorial of CAI3G, the document must be read together with the Generic CAI3G specification, which is described in Generic CAI3G Interface 1.2, Reference [2]

1.2 Target Group

The target groups for this document are as follows:

System Integrator

For more information about other target groups, see Library Overview, Reference [3].

1.3 Typographic Conventions

Typographic conventions are described in Library Overview, Reference [3].

In addition, this document uses the following to indicate operations:

C	Create

S	Set

G	Get

D	Delete

1.4 Prerequisites

To use this document fully, users must meet the following prerequisites:

Basic knowledge about the Dynamic Activation product
Knowledge about Generic CAI3G Interface 1.2, Reference [2].

1.5 Namespaces

The following namespaces are referred to in this document:

CAI3G 1.2 Namespace:
http://schemas.ericsson.com/cai3g1.2/
AAA Provisioning Namespace:
http://schemas.ericsson.com/ma/IPWORKS/

1.6 Legends

The following table shows the legends used in XML schema figures in this specification.

Table 1 Legends Used in XML Schema Figures in This Specification
Legend	Description
	XML attribute
	Optional XML element
	Choice icon
	Mandatory XML element
	Structured element
	Subobject element The occurrence of this element is 0–15.
	User-defined type This is not a standard XML schema type. It is introduced to describe MO schema structure more clearly. In practice, this type is to be replaced by the corresponding elements.
	Sequence icon A list of elements, the sequence order must be followed.

1.7 Operations

See the following table for the operations, or Managed Objects (MOs), and valid operations covered in this document.

Table 2 AAA Data Provisioning CSOs
MO	Operations
MO	Create	Get	Set	Delete
AAAUser	x	x	x	x
AAAGroup	x	x	x
AAAPolicy	x	x	x

1.8 Web Service Interface

The Web Services Definition Language (WSDL) and XML Schema Definition Language (XSD) files that describe the provisioning interface can be found in /home/dveinstaller/ma/. It is also possible to download the files and view or store them in an appropriate area by following below instruction:

Save the zip file, Dynamic_Activation_WSDL_ and_ XSD_ files.zip, to a local folder.
Unpack the zip file.

1.9 MOType

MOType is a plain text string based on the type xs:string. An MO type consists of two parts. One is the namespace of the MO, and the other is the MO name string that is always starting with an alphabetical character in either upper or lower case, followed by zero or more alphabetical characters, digits or underscores.

Those two parts are connected with symbol @. The syntax of the MOType string is MO_Name@MO_Namespace. The name string of an MO type must follow the regular expression: [A-Za-z][A-Za-z0-9]*

The MO name together with the MO namespace must be globally unique.

1.10 MOId

MOId is an Extensible Markup Language (XML) fragment containing the MOId parameter-value pairs that are used to identify an MO instance in the interface data model. CAI3G 1.2 standard supports compound MO identifiers or multiple MO identifier. The following is an example of an MOId:

Example 1 Example of MOId

<MOId>
   <msisdn>46455395000</msisdn>
   <imsi>46234563545000</imsi>
</MOId>

The MOId is defined as a sequence of xs:any element in CAI3G schema file. It is the developers responsibility to define the real schema for this parameter.

The MOId is also the key attributes that must be defined in the top-level element, CreateMODefinition or SetMODefinition, within MOAttributes parameter.

Each implementation of CAI3G interface is to define own logic relationship of MOId. It is also the CAI3GAgents responsibility to interpret this parameter correctly by either the hard-coded logic or the dynamic parsing of the schema.

2 Create AAA User

This section covers the CreateAAAUser command.

The CreateAAAUser creates an AAA user in the CUDB.

MOType

AAAUser@http://schemas.ericsson.com/ma/IPWORKS/

2.1 Request Data

2.1.1 Parameters

MOId

Table 3 Create AAA User MOId
Parameter		Type	Description
aaaUserName		String Min Length = 1 Max Length = 253	The name of the user.

MOAttributes

The parameters that are used in the operation are shown in Figure 1.

Figure 1 Parameters in Create AAA User

The following table covers the parameters that can be used in a CreateAAAUser request.

Table 4 Create AAA User Parameters
Parameter			Type	Occurrence	Description
aaaUserName			String Min Length = 1 Max Length = 253	Mandatory	The name of the user.
aaaUserPassword			String Min Length = 1 Max Length = 256	Mandatory	The password of the user.
aaaAssociatedImsi			String Length = 15	Optional (0-1)	If the secure SSID feature is used by a non-SIM Wi-Fi subscription, an associated IMSI is needed for IPWorks AAA to download the user profile from HLR. This user profile is used for checking the Wi-Fi subscription for authorization. The associated IMSI must be available as an IMSI identity in CUDB.
aaaAuthenticationMethod			String Enumeration value = "NONE" Enumeration value = "EAP-MD5" Enumeration value = "EAP-SIM" Enumeration value = "EAP-AKA" Enumeration value = "EAP-TLS" Enumeration value = "EAP-TTLS" Enumeration value = "LEAP" Enumeration value = "PEAP" Enumeration value = "EAP-MSCHAP2"	Optional (0-1)	The authentication method used for this user. It can be: `eap-md5` `eap-sim` `eap-aka` `eap-tls` `eap-itls` `leap` `peap` `eap-mschap2`
aaaIPAllocationType			Integer Min Inclusive = 0 Max Inclusive = 3	Optional (0-1)	The policy of IP address allocation. There are 4 types: 0: `Default value`. Assign IP address from the `RADIUS` client-related IP address pool(s) if the field `Framed-IP-Address` is contained in Access-Request message when the user is authenticated successfully, otherwise, do not assign IP address. 1: `Static assignment` - The field `aaaIPAllocationValue` is to be set using a static IP address. This IP is assigned each time to the user when the user is authenticated successfully. 2: `Assign IP from a specific IP address pool` - The field `aaaIPAllocationValue` is to be set using an existent `AAAIPPool`. One available IP address from the specific IP pool is assigned when the user is authenticated successfully. 3: `Assign IP from the RADIUS client related IP address pool(s)` - The field `aaaIPAllocationValue` does not need any value (even if configured, server do not care). An address is assigned from one of the pools associated with the `RADIUS` client when a user is authenticated successfully.
aaaIPAllocationValue			String Min Length = 1 Max Length = 128	Optional (0-1)	The content of the policy that defines the IP address is allocated from which pool or address. Refer to description of the `aaaIPAllocationType` field.
aaaIPv6PrefixAllocationType			Integer Min Inclusive = 0 Max Inclusive = 3	Optional (0-1)	0: Default value - Assign IPv6 prefix from the RADIUS client-related IPv6 prefix pool(s) if the field `Framed-IPv6-Prefix` is contained in the `Access-Request` message when the user is authenticated successfully, otherwise do not assign IPv6 prefix. 1: Static assignment - The field `aaaIPv6PrefixAllocationValue` is to be set using a static IPv6 prefix. This IPv6 prefix is assigned each time to the user when authenticated successfully. 2: Assign IPv6 prefix from a specific IPv6 prefix pool - The field `aaaIPv6PrefixAllocationValue` is to be set using an existent AAAIPv6PrefixPool. One available IPv6 prefix from this specific IPv6 prefix pool is assigned when the user is authenticated successfully. 3: Assign IPv6 prefix from the RADIUS client-related IPv6 prefix pool(s) - The field `aaaIPv6PrefixAllocationValue` does not need any value (even if configured, the server excludes the configured value). An IPv6 prefix is assigned from one of the pools associated with the RADIUS client based on APN selection when a user is authenticated successfully.
aaaIPv6PrefixAllocationValue			String Min Length = 1 Max Length = 128	Optional (0-1)	The content of the policy that defines the IP address is allocated from which pool or address specified in the `aaaIPv6PrefixAllocationType` field.
aaaGroupName			Sub-MO	Optional (0-10)	The list of the groups. The user can belong to multiple groups.
	aaaGroupName		String Min Length = 1 Max Length = 64	Mandatory⁽¹⁾	The name of the group.
aaaPolicy			Sub-MO	Optional (0-1)
	aaaIndividualPolicy		Sub-MO	Optional (0-10)	List of the individual policies. The user can have multiple policies.
		aaaIndividualPolicyName	String Min Length = 1 Max Length = 64	Mandatory ⁽¹⁾	The name of the policy.
		aaaIndividualPolicyChecklist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names are to conform to the AVP name in RFC, except the build-in AVPs such as `System-Time`.
		aaaIndividualPolicyReplylist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The reply list is a reply rule of the policy. If the `Access-Request` message is authorized successfully, the reply rule is added to the `Access-Accept` message
	aaaSharedPolicyName		Sub-MO	Optional (0-10)	List of the shared policies. The user can have multiple shared policies.
		aaaSharedPolicyName	String Min Length = 1 Max Length = 64	Mandatory ⁽¹⁾	The name of the policy.

(1) This parameter is mandatory if the Sub-MO, to which the parameter belongs, is selected.

2.2 Examples

Request Example

This section gives an example of a CreateAAAUser request message, as shown in Example 2.

Example 2 Create AAA User Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a</cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Create>
         <cai3:MOType>AAAUser@http://schemas.ericsson.com/ma/IPWORKS/</cai3:MOType>
         <cai3:MOId>
            <ipw:aaaUserName>User1</ipw:aaaUserName>
         </cai3:MOId>
         <cai3:MOAttributes>
            <ipw:CreateAAAUser aaaUserName="User1">
               <ipw:aaaUserName>User1</ipw:aaaUserName>
               <ipw:aaaUserPassword>Password</ipw:aaaUserPassword>
               <ipw:aaaAuthenticationMethod>EAP-MD5</ipw:aaaAuthenticationMethod>
               <ipw:aaaIPAllocationType>0</ipw:aaaIPAllocationType>
               <ipw:aaaIPAllocationValue>Localhost</ipw:aaaIPAllocationValue>
               <ipw:aaaAssociatedImsi>123456789000000</ipw:aaaAssociatedImsi> 
               <ipw:aaaGroupName aaaGroupName="Group1">
                  <ipw:aaaGroupName>Group1</ipw:aaaGroupName>
               </ipw:aaaGroupName>
               <ipw:aaaPolicy>
                  <ipw:aaaIndividualPolicy aaaIndividualPolicyName="Inpolicy1">
                     <ipw:aaaIndividualPolicyName>Inpolicy1</ipw:aaaIndividualPolicyName>
                     <ipw:aaaIndividualPolicyChecklist>System-Time &gt;= &quot;10:00
                      +0800&quot; &amp;&amp; System-Time &lt;= &quot;20:00 +0800&quot;
                      &amp;&amp; ( User-Name = &quot;Faxin Zhong&quot; &amp;&amp; 
                      ( Service-Type = 1 || Service-Type = 2 ) )
                     </ipw:aaaIndividualPolicyChecklist>
                     <ipw:aaaIndividualPolicyReplylist>User-Name = $REQUEST,
                      Login-IP-Host = 10.170.4.169</ipw:aaaIndividualPolicyReplylist>
                  </ipw:aaaIndividualPolicy>
                  <ipw:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy1">
                     <ipw:aaaSharedPolicyName>Shpolicy1</ipw:aaaSharedPolicyName>
                  </ipw:aaaSharedPolicyName>
               </ipw:aaaPolicy>
            </ipw:CreateAAAUser>
         </cai3:MOAttributes>
      </cai3:Create>
   </soapenv:Body>
</soapenv:Envelope>

An AAA user with User1 as name belonging to Group1 is initiated, who has individual policy1 and shared policy1 associated. Password, Authentication method, IPAllocation type, IPAllocation values, and Associated IMSI are assigned to it.

Response Example

This section gives an example of a CreateAAAUser response message, as shown in Example 3.

Example 3 Create AAA User Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:CreateResponse xmlns:ns2=
       "http://schemas.ericsson.com/cai3g1.2/">
         <ns2:MOId>
            <ipw:aaaUserName xmlns:ipw= 
             "http://schemas.ericsson.com/ma/IPWORKS/">User1
            </ipw:aaaUserName>
         </ns2:MOId>
      </ns2:CreateResponse>
   </S:Body>
</S:Envelope>

3 Get AAA User

This section covers the GetAAAUser command.

The GetAAAUser retrieves an AAA user in the CUDB.

MOType

AAAUser@http://schemas.ericsson.com/ma/IPWORKS/

3.1 Request Data

3.1.1 Parameters

The following table covers the parameters that can be received in a GetAAAUser request.

Table 5 Get AAA User Parameters
Parameter		Type	Description
aaaUserName		String Min Length = 1 Max Length = 253	The name of the user.

3.2 Response Data

3.2.1 Parameters

MOId

Table 6 Get AAA User Parameters
Parameter		Type	Description
aaaUserName		String Min Length = 1 Max Length = 253	The name of the user.

MOAttributes

The parameters that are used in the operation are shown in Figure 2.

Figure 2 Parameters in Get AAA User

The following table covers the parameters that can be received in a GetAAAUser response.

Table 7 Get AAA User Parameters
Parameter			Type	Occurrence	Description
aaaUserName			String Min Length = 1 Max Length = 253	Mandatory	The name of the user.
aaaUserPassword			String Min Length = 1 Max Length = 256	Mandatory	The password of the user.
aaaAssociatedImsi			String Length = 15	Optional (0-1)	If the secure SSID feature is used by a non-SIM Wi-Fi subscription, an associated IMSI is needed for IPWorks AAA to download the user profile from HLR. This user profile is used for checking the Wi-Fi subscription for authorization. The associated IMSI must be available as an IMSI identity in CUDB.
aaaAuthenticationMethod			String Enumeration value = "NONE" Enumeration value = "EAP-MD5" Enumeration value = "EAP-SIM" Enumeration value = "EAP-AKA" Enumeration value = "EAP-TLS" Enumeration value = "EAP-TTLS" Enumeration value = "LEAP" Enumeration value = "PEAP" Enumeration value = "EAP-MSCHAP2"	Optional (0-1)	The authentication method used for this user. It can be: `eap-md5` `eap-sim` `eap-aka` `eap-tls` `eap-itls` `leap` `peap` `eap-mschap2`
aaaIPAllocationType			Integer Min Inclusive = 0 Max Inclusive = 3	Optional (0-1)	The policy of IP address allocation. There are 4 types: 0: `Default value`. Assign IP address from the `RADIUS` client-related IP address pool(s) if the field `Framed-IP-Address` is contained in Access-Request message when the user is authenticated successfully, otherwise, do not assign IP address. 1: `Static assignment` - The field `aaaIPAllocationValue` is to be set using a static IP address. This IP is assigned each time to the user when the user is authenticated successfully. 2: `Assign IP from a specific IP address pool` - The field `aaaIPAllocationValue` is to be set using an existent `AAAIPPool`. One available IP address from the specific IP pool is assigned when the user is authenticated successfully. 3: `Assign IP from the RADIUS client related IP address pool(s)` - The field `aaaIPAllocationValue` does not need any value (even if configured, server do not care). An address is assigned from one of the pools associated with the `RADIUS` client when a user is authenticated successfully.
aaaIPAllocationValue			String Min Length = 1 Max Length = 128	Optional (0-1)	The content of the policy that defines the IP address is allocated from which pool or address. Refer to description of the `aaaIPAllocationType` field.
aaaIPv6PrefixAllocationType			Integer Min Inclusive = 0 Max Inclusive = 3	Optional (0-1)	0: Default value - Assign IPv6 prefix from the RADIUS client-related IPv6 prefix pool(s) if the field `Framed-IPv6-Prefix` is contained in the `Access-Request` message when the user is authenticated successfully, otherwise do not assign IPv6 prefix. 1: Static assignment - The field `aaaIPv6PrefixAllocationValue` is to be set using a static IPv6 prefix. This IPv6 prefix is assigned each time to the user when authenticated successfully. 2: Assign IPv6 prefix from a specific IPv6 prefix pool - The field `aaaIPv6PrefixAllocationValue` is to be set using an existent AAAIPv6PrefixPool. One available IPv6 prefix from this specific IPv6 prefix pool is assigned when the user is authenticated successfully. 3: Assign IPv6 prefix from the RADIUS client-related IPv6 prefix pool(s) - The field `aaaIPv6PrefixAllocationValue` does not need any value (even if configured, the server excludes the configured value). An IPv6 prefix is assigned from one of the pools associated with the RADIUS client based on APN selection when a user is authenticated successfully.
aaaIPv6PrefixAllocationValue			String Min Length = 1 Max Length = 128	Optional (0-1)	The content of the policy that defines the IP address is allocated from which pool or address specified in the `aaaIPv6PrefixAllocationType` field.
aaaGroupName			Sub-MO	Optional (0-10)	The list of the groups. The user can belong to multiple groups.
	aaaGroupName		String Min Length = 1 Max Length = 64	Mandatory	The name of the group.
aaaPolicy			Sub MO	Optional (0-1)
	aaaIndividualPolicy		Sub-MO	Optional (0-10)	List of the individual policies. The user can have multiple policies.
		aaaIndividualPolicyName	String Min Length = 1 Max Length = 64	Mandatory	The name of the policy.
		aaaIndividualPolicyChecklist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names are to conform to the AVP name in RFC, except the build-in AVPs such as `System-Time`.
		aaaIndividualPolicyReplylist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The reply list is a reply rule of the policy. If the `Access-Reques`t message is authorized successfully, the reply rule is added to the `Access-Accept` message
	aaaSharedPolicyName		Sub-MO	Optional (0-10)	List of the shared policies. The user can have multiple shared policies.
		aaaSharedPolicyName	String Min Length = 1 Max Length = 64	Mandatory	The name of the policy.

3.3 Examples

Request Example

This section gives an example of a GetAAAUser request message, as shown in Example 4.

Example 4 Get AAA User Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Get>
         <cai3:MOType>AAAUser@http://schemas.ericsson.com/ma/IPWORKS/
         </cai3:MOType>
         <cai3:MOId>
            <ipw:aaaUserName>User1</ipw:aaaUserName>
         </cai3:MOId>
      </cai3:Get>
   </soapenv:Body>
</soapenv:Envelope>

Response Example

This section gives an example of a GetAAAUser response message, as shown in Example 5.

Example 5 Get AAA User Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a</cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:GetResponse xmlns:ns2="http://schemas.ericsson.com/cai3g1.2/">
         <ns2:MOAttributes>
            <ns:GetResponseAAAUser aaaUserName="User1"
             xmlns:ns="http://schemas.ericsson.com/ma/IPWORKS/">
               <ns:aaaUserName>User1</ns:aaaUserName>
               <ns:aaaAuthenticationMethod>EAP-MD5</ns:aaaAuthenticationMethod>
               <ns:aaaIPAllocationType>0</ns:aaaIPAllocationType>
               <ns:aaaIPAllocationValue>Localhost</ns:aaaIPAllocationValue>
               <ns:aaaAssociatedImsi>123456789000000</ns:aaaAssociatedImsi>  
               <ns:aaaIPv6PrefixAllocationType>1</ns:aaaIPv6PrefixAllocationType>
               <ns:aaaIPv6PrefixAllocationValue>2607:f0d0:1002:51::4
               </ns:aaaIPv6PrefixAllocationValue>
              <ns:aaaGroupName aaaGroupName="Group1">
                  <ns:aaaGroupName>Group1</ns:aaaGroupName>
               </ns:aaaGroupName>
               <ns:aaaGroupName aaaGroupName="Group2">
                  <ns:aaaGroupName>Group2</ns:aaaGroupName>
               </ns:aaaGroupName>
               <ns:aaaPolicy>
                  <ns:aaaIndividualPolicy aaaIndividualPolicyName="Inpolicy1">
                     <ns:aaaIndividualPolicyName>Inpolicy1
                     </ns:aaaIndividualPolicyName>
                     <ns:aaaIndividualPolicyChecklist>System-Time &gt;=
                      &quot;10:00 +0800&quot; &amp;&amp; System-Time &lt;=
                      &quot;20:00 +0800&quot; &amp;&amp; ( User-Name = &quot
                      ;Faxin Zhong&quot; &amp;&amp; ( Service-Type = 1 ||
                       Service-Type = 2 ) )</ns:aaaIndividualPolicyChecklist>
                     <ns:aaaIndividualPolicyReplylist>User-Name = $REQUEST,
                      Login-IP-Host = 10.170.4.169</ns:aaaIndividualPolicyReplylist>
                  </ns:aaaIndividualPolicy>
                  <ns:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy1">
                     <ns:aaaSharedPolicyName>Shpolicy1</ns:aaaSharedPolicyName>
                  </ns:aaaSharedPolicyName>
                  <ns:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy2">
                     <ns:aaaSharedPolicyName>Shpolicy2</ns:aaaSharedPolicyName>
                  </ns:aaaSharedPolicyName>
               </ns:aaaPolicy>
            </ns:GetResponseAAAUser>
         </ns2:MOAttributes>
      </ns2:GetResponse>
   </S:Body>
</S:Envelope>

The AAA User1 is printed.

4 Set AAA User

This section covers the SetAAAUser command.

The SetAAAUser modifies an AAA user in the CUDB.

MOType

AAAUser@http://schemas.ericsson.com/ma/IPWORKS/

4.1 Request Data

4.1.1 Parameters

MOId

Table 8 Set AAA User MOId
Parameter		Type	Description
aaaUserName		String Min Length = 1 Max Length = 253	The name of the user.

MOAttributes

The parameters that are used in the operation are shown in Figure 3.

Figure 3 Parameters in Set AAA User, Part 1

The following table covers the parameters that can be used in a SetAAAUser request.

Table 9 Set AAA User Parameters
Parameter			Type	Occurrence	Description
aaaUserName			String Min Length = 1 Max Length = 253	Mandatory	The name of the user.
aaaUserPassword			String Min Length = 1 Max Length = 256	Mandatory	The password of the user.
aaaAssociatedImsi			String Length = 15	Optional (0-1)	If the secure SSID feature is used by a non-SIM Wi-Fi subscription, an associated IMSI is needed for IPWorks AAA to download the user profile from HLR. This user profile is used for checking the Wi-Fi subscription for authorization. The associated IMSI must be available as an IMSI identity in CUDB.
aaaAuthenticationMethod			String Enumeration value = "NONE" Enumeration value = "EAP-MD5" Enumeration value = "EAP-SIM" Enumeration value = "EAP-AKA" Enumeration value = "EAP-TLS" Enumeration value = "EAP-TTLS" Enumeration value = "LEAP" Enumeration value = "PEAP" Enumeration value = "EAP-MSCHAP2"	Optional (0-1)	The authentication method used for this user. It can be: `eap-md5` `eap-sim` `eap-aka` `eap-tls` `eap-itls` `leap` `peap` `eap-mschap2`
aaaIPAllocationType			Integer Min Inclusive = 0 Max Inclusive = 3	Optional (0-1)	The policy of IP address allocation. There are 4 types: 0: `Default value`. Assign IP address from the `RADIUS` client-related IP address pool(s) if the field `Framed-IP-Address` is contained in Access-Request message when the user is authenticated successfully, otherwise, do not assign IP address. 1: `Static assignment` - The field `aaaIPAllocationValue` is to be set using a static IP address. This IP is assigned each time to the user when the user is authenticated successfully. 2: `Assign IP from a specific IP address pool` - The field `aaaIPAllocationValue` is to be set using an existent `AAAIPPool`. One available IP address from the specific IP pool is assigned when the user is authenticated successfully. 3: `Assign IP from the RADIUS client related IP address pool(s)` - The field `aaaIPAllocationValue` does not need any value (even if configured, server do not care). An address is assigned from one of the pools associated with the `RADIUS` client when a user is authenticated successfully.
aaaIPAllocationValue			String Min Length = 1 Max Length = 128	Optional (0-1)	The content of the policy that defines the IP address is allocated from which pool or address. Refer to description of the `aaaIPAllocationType` field.
aaaIPv6PrefixAllocationType			Integer Min Inclusive = 0 Max Inclusive = 3	Optional (0-1)	0: Default value - Assign IPv6 prefix from the RADIUS client-related IPv6 prefix pool(s) if the field `Framed-IPv6-Prefix` is contained in the `Access-Request` message when the user is authenticated successfully, otherwise do not assign IPv6 prefix. 1: Static assignment - The field `aaaIPv6PrefixAllocationValue` is to be set using a static IPv6 prefix. This IPv6 prefix is assigned each time to the user when authenticated successfully. 2: Assign IPv6 prefix from a specific IPv6 prefix pool - The field `aaaIPv6PrefixAllocationValue` is to be set using an existent AAAIPv6PrefixPool. One available IPv6 prefix from this specific IPv6 prefix pool is assigned when the user is authenticated successfully. 3: Assign IPv6 prefix from the RADIUS client-related IPv6 prefix pool(s) - The field `aaaIPv6PrefixAllocationValue` does not need any value (even if configured, the server excludes the configured value). An IPv6 prefix is assigned from one of the pools associated with the RADIUS client based on APN selection when a user is authenticated successfully.
aaaIPv6PrefixAllocationValue			String Min Length = 1 Max Length = 128	Optional (0-1)	The content of the policy that defines the IP address is allocated from which pool or address specified in the `aaaIPv6PrefixAllocationType` field.
aaaGroupName			Sub-MO	Optional (0-10)	The list of the groups. The user can belong to multiple groups.
	aaaGroupName		String Min Length = 1 Max Length = 64	Mandatory⁽¹⁾	The name of the group.
aaaPolicy			Sub-MO	Optional (0-1)
	aaaIndividualPolicy		Sub-MO	Optional (0-10)	List of the individual policies. The user can have multiple policies.
		aaaIndividualPolicyName	String Min Length = 1 Max Length = 64	Mandatory ⁽¹⁾	The name of the policy.
		aaaIndividualPolicyChecklist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names are to conform to the AVP name in RFC, except the build-in AVPs such as `System-Time`.
		aaaIndividualPolicyReplylist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The reply list is a reply rule of the policy. If the `Access-Request` message is authorized successfully, the reply rule is added to the `Access-Accept` message
	aaaSharedPolicyName		Sub-MO	Optional (0-10)	List of the shared policies. The user can have multiple shared policies.
		aaaSharedPolicyName	String Min Length = 1 Max Length = 64	Mandatory ⁽¹⁾	The name of the policy.

(1) This parameter is mandatory if the Sub-MO, to which the parameter belongs, is selected.

4.2 Examples

Request Example

This section gives an example of a SetAAAUser request message, as shown in Example 6.

Example 6 Set AAA User Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Create>
         <cai3:MOType>AAAUser@http://schemas.ericsson.com/ma/IPWORKS/
         </cai3:MOType>
         <cai3:MOId>
            <ipw:aaaUserName>User1</ipw:aaaUserName>
         </cai3:MOId>
         <cai3:MOAttributes>
            <ipw:SetAAAUser aaaUserName="User1">
               <ipw:aaaUserPassword>Password</ipw:aaaUserPassword>
               <ipw:aaaAuthenticationMethod>EAP-MD5</ipw:aaaAuthenticationMethod>
               <ipw:aaaIPAllocationType>0</ipw:aaaIPAllocationType>
               <ipw:aaaIPAllocationValue>Localhost</ipw:aaaIPAllocationValue>
               <ipw:aaaAssociatedImsi>123456789000000</ipw:aaaAssociatedImsi> 
               <ipw:aaaGroupName aaaGroupName="Group1">
                  <ipw:aaaGroupName>Group1</ipw:aaaGroupName>
               </ipw:aaaGroupName>
               <ipw:aaaGroupName aaaGroupName="Group2" xsi:nil="true"/>
               <ipw:aaaPolicy>
                  <ipw:aaaIndividualPolicy aaaIndividualPolicyName="Inpolicy1">
                     <ipw:aaaIndividualPolicyName>Inpolicy1
                     </ipw:aaaIndividualPolicyName>
                     <ipw:aaaIndividualPolicyChecklist>System-Time &gt;=
                      &quot;10:00 +0800&quot; &amp;&amp; System-Time &lt;=
                      &quot;20:00 +0800&quot; &amp;&amp; ( User-Name = &quot
                      ;Faxin Zhong&quot; &amp;&amp; ( Service-Type = 1 ||
                       Service-Type = 2 ) )</ipw:aaaIndividualPolicyChecklist>
                     <ipw:aaaIndividualPolicyReplylist>User-Name = $REQUEST, 
                      Login-IP-Host = 10.170.4.169</ipw:aaaIndividualPolicyReplylist>
                  </ipw:aaaIndividualPolicy>
                  <ipw:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy1">
                     <ipw:aaaSharedPolicyName>Shpolicy1</ipw:aaaSharedPolicyName>
                  </ipw:aaaSharedPolicyName>
                  <ipw:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy2"
                   xsi:nil="true">
               </ipw:aaaPolicy>
            </ipw:SetAAAUser>
         </cai3:MOAttributes>
      </cai3:Set>
   </soapenv:Body>
</soapenv:Envelope>

The AAA User1 belongs to a new Group1 and does not belong to old Group2. It has a new individual policy1 and shared policy1 associated, removed an old shared policy2 association. New password, Authentication method, IPAllocation type, IPAllocation values, and Associated IMSI are set to it.

Response Example

This section gives an example of a SetAAAUser response message, as shown in Example 7.

Example 7 Set AAA User Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:SetResponse xmlns:ns2=
      "http://schemas.ericsson.com/cai3g1.2/" />
   </S:Body>
</S:Envelope>

5 Delete AAA User

This section covers the DeleteAAAUser command.

The DeleteAAAUser deletes an AAA user in the CUDB.

MOType

AAAUser@http://schemas.ericsson.com/ma/IPWORKS/

5.1 Request Data

5.1.1 Parameters

MOId

Table 10 Delete AAA User MOId
Parameter		Type	Description
aaaUserName		String Min Length = 1 Max Length = 253	The name of the user.

MOAttributes

N/A

5.2 Examples

Request Example

This section gives an example of a DeleteAAAUser request message, as shown in Example 8.

Example 8 Delete AAA User Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Delete>
         <cai3:MOType>AAAUser@http://schemas.ericsson.com/ma/IPWORKS/
         </cai3:MOType>
         <cai3:MOId>
            <ipw:aaaUserName>User1</ipw:aaaUserName>
         </cai3:MOId>
      </cai3:Delete>
   </soapenv:Body>
</soapenv:Envelope

The AAA User1 is deleted.

Response Example

This section gives an example of a DeleteAAAUser response message, as shown in Example 9.

Example 9 Delete AAA User Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:DeleteResponse xmlns:ns2=
       "http://schemas.ericsson.com/cai3g1.2/">
         <ns2:MOId>
            <ipw:aaaUserName xmlns:ipw=
             "http://schemas.ericsson.com/ma/IPWORKS/">User1
            </ipw:aaaUserName>
         </ns2:MOId>
      </ns2:DeleteResponse>
   </S:Body>
</S:Envelope>

6 Create AAA Group

This section covers the CreateAAAGroup command.

The CreateAAAGroup creates an AAA group in the CUDB.

MOType

AAAGroup@http://schemas.ericsson.com/ma/IPWORKS/

6.1 Request Data

6.1.1 Parameters

MOId

Table 11 Create AAA Group MOId
Parameter		Type	Description
aaaUserName		String Min Length = 1 Max Length = 253	The name of the group.

MOAttributes

The parameters that are used in the operation are shown in Figure 4.

Figure 4 Parameters in Create AAA Group

The following table covers the parameters that can be used in a CreateAAAGroup request.

Table 12 Create AAA Group Parameters
Parameter		Type	Occurrence	Description
aaaGroupName		String Min Length = 1 Max Length = 64	Mandatory	The name of the group.
aaaSharedPolicyName		Sub-MO	Optional (0-10)	The list of the shared policies. The group can have multiple shared policies.
	aaaSharedPolicyName	String Min Length = 1 Max Length = 64	Mandatory⁽¹⁾	The name of the shared policy.

(1) This parameter is mandatory if the Sub-MO, to which the parameter belongs, is selected.

6.2 Examples

Request Example

This section gives an example of a CreateAAAGroup request message, as shown in Example 10.

Example 10 Create AAA Group Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Create>
         <cai3:MOType>AAAGroup@http://schemas.ericsson.com
         /ma/IPWORKS/</cai3:MOType>
         <cai3:MOId>
            <ipw:aaaGroupName>Group1</ipw:aaaGroupName>
         </cai3:MOId>
         <cai3:MOAttributes>
            <ipw:CreateAAAGroup aaaGroupName="Group1">
               <ipw:aaaGroupName>Group1</ipw:aaaGroupName>
               <ipw:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy1">
                  <ipw:aaaSharedPolicyName>Shpolicy1</ipw:aaaSharedPolicyName>
               </ipw:aaaSharedPolicyName>
               <ipw:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy2">
                  <ipw:aaaSharedPolicyName>Shpolicy2</ipw:aaaSharedPolicyName>
               </ipw:aaaSharedPolicyName>
            </ipw:CreateAAAGroup>
         </cai3:MOAttributes>
      </cai3:Create>
   </soapenv:Body>
</soapenv:Envelope>

An AAA group with name Group1 is initiated. The group have two shared policies associated, policy1 and policy2.

Response Example

This section gives an example of a CreateAAAGroup response message, as shown in Example 11.

Example 11 Create AAA Group Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:CreateResponse xmlns:ns2=
       "http://schemas.ericsson.com/cai3g1.2/">
         <ns2:MOId>
            <ipw:aaaGroupName xmlns:ipw=
             "http://schemas.ericsson.com/ma/IPWORKS/">Group1
            </ipw:aaaGroupName>
         </ns2:MOId>
      </ns2:CreateResponse>
   </S:Body>
</S:Envelope>

7 Get AAA Group

This section covers the GetAAAGroup command.

The GetAAAGroup retrieves an AAA group in the CUDB.

MOType

AAAGroup@http://schemas.ericsson.com/ma/IPWORKS/

7.1 Request Data

7.1.1 Parameters

The following table covers the parameters that can be received in a GetAAAGroup request.

Table 13 Get AAA Group Parameters
Parameter		Type	Description
aaaGroupName		String Min Length = 1 Max Length = 64	The name of the group.

7.2 Response Data

7.2.1 Parameters

MOId

Table 14 Get AAA Group Parameters
Parameter		Type	Description
aaaGroupName		String Min Length = 1 Max Length = 64	The name of the group.

MOAttributes

The parameters that are used in the operation are shown in Figure 5.

Figure 5 Parameters in Get AAA Group

The following table covers the parameters that can be received in a GetAAAGroup response.

Table 15 Get AAA Group Parameters
Parameter		Type	Occurrence	Description
aaaGroupName		String Min Length = 1 Max Length = 64	Mandatory	The name of the group.
aaaSharedPolicyName		Sub-MO	Optional (0-10)	The list of the shared policies. The group can have multiple shared policies.
	aaaSharedPolicyName	String Min Length = 1 Max Length = 64	Mandatory⁽¹⁾	The name of the shared policy.

(1) This parameter is mandatory if the Sub-MO, to which the parameter belongs, is selected.

7.3 Examples

Request Example

This section gives an example of a GetAAAGroup request message, as shown in Example 12.

Example 12 Get AAA Group Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Get>
         <cai3:MOType>AAAGroup@http://schemas.ericsson.com/
          ma/IPWORKS/</cai3:MOType>
         <cai3:MOId>
            <ipw:aaaGroupName>Group1</ipw:aaaGroupName>
         </cai3:MOId>
      </cai3:Get>
   </soapenv:Body>
</soapenv:Envelope>

Response Example

This section gives an example of a GetAAAGroup response message, as shown in Example 13.

Example 13 Get AAA Group Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:GetResponse xmlns:ns2=
       "http://schemas.ericsson.com/cai3g1.2/">
         <ns2:MOAttributes>
            <ns:GetResponseAAAGroup aaaGroupName="Group1"
             xmlns:ns="http://schemas.ericsson.com/ma/IPWORKS/">
               <ns:aaaGroupName>Group1</ns:aaaGroupName>
               <ns:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy1">
                  <ns:aaaSharedPolicyName>Shpolicy1</ns:aaaSharedPolicyName>
               </ns:aaaSharedPolicyName>
               <ns:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy2">
                  <ns:aaaSharedPolicyName>Shpolicy2</ns:aaaSharedPolicyName>
               </ns:aaaSharedPolicyName>
            </ns:GetResponseAAAGroup>
         </ns2:MOAttributes>
      </ns2:GetResponse>
   </S:Body>
</S:Envelope>

The AAA Group1 is printed.

8 Set AAA Group

This section covers the SetAAAGroup command.

The SetAAAGroup modifies AAA Group in the CUDB.

MOType

AAAGroup@http://schemas.ericsson.com/ma/IPWORKS/

8.1 Request Data

8.1.1 Parameters

MOId

Table 16 Set AAA Group MOId
Parameter		Type	Description
aaaGroupName		String Min Length = 1 Max Length = 64	The name of the Group.

MOAttributes

The parameters that are used in the operation are shown in Figure 6.

Figure 6 Parameters in Set AAA Group

The following table covers the parameters that can be used in a SetAAAGroup request.

Table 17 Set AAA Group Parameters
Parameter		Type	Occurrence	Description
aaaGroupName		String Min Length = 1 Max Length = 64	Mandatory	The name of the group.
aaaSharedPolicyName		Sub-MO	Optional (0-10)	The list of the shared policies. The group can have multiple shared policies.
	aaaSharedPolicyName	String Min Length = 1 Max Length = 64	Mandatory⁽¹⁾	The name of the shared policy.

(1) This parameter is mandatory if the Sub-MO, to which the parameter belongs, is selected.

8.2 Examples

Request Example

This section gives an example of a SetAAAGroup request message, as shown in Example 14.

Example 14 Set AAA Group Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Set>
         <cai3:MOType>AAAGroup@http://schemas.ericsson.com
          /ma/IPWORKS/</cai3:MOType>
         <cai3:MOId>
            <ipw:aaaGroupName>Group1</ipw:aaaGroupName>
         </cai3:MOId>
         <cai3:MOAttributes>
            <ipw:SetAAAGroup aaaGroupName="Group1">
               <ipw:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy1">
                  <ipw:aaaSharedPolicyName>Shpolicy1</ipw:aaaSharedPolicyName>
               </ipw:aaaSharedPolicyName>
               <ipw:aaaSharedPolicyName aaaSharedPolicyName="Shpolicy2"
                xsi:nil="true"/>
            </ipw:SetAAAGroup>
         </cai3:MOAttributes>
      </cai3:Set>
   </soapenv:Body>
</soapenv:Envelope>

The AAA Group1 has been extended with a new shared policy1 associated and an old shared policy2 association has been removed.

Response Example

This section gives an example of a SetAAAGroup response message, as shown in Example 15.

Example 15 Set AAA Group Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:SetResponse xmlns:ns2="
      http://schemas.ericsson.com/cai3g1.2/" />
   </S:Body>
</S:Envelope>

9 Create AAA Policy

This section covers the CreateAAAPolicy command.

The CreateAAAPolicy creates an AAA policy request.

MOType

AAAPolicy@http://schemas.ericsson.com/ma/IPWORKS/

9.1 Request Data

9.1.1 Parameters

MOId

Table 18 Create AAA Policy MOId
Parameter		Type	Description
aaaPolicyName		String Min Length = 1 Max Length = 64	The name of the policy.

MOAttributes

The parameters that are used in the operation are shown in Figure 7.

Figure 7 Parameters in Create AAA Policy

The following table covers the parameters that can be used in a CreateAAAPolicy request.

Table 19 Create AAA Policy Parameters
Parameter	Type	Occurrence	Description
aaaPolicyName	String Min Length = 1 Max Length = 64	Mandatory	The name of the policy.
aaaPolicyChecklist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names are to conform to the AVP name in RFC, except the build-in AVPs such as `System-Time`
aaaPolicyReplylist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The reply list is a reply rule of the policy. If the `Access-Request` message is authorized successfully, the reply rule is added to the `Access-Accept` message.

9.2 Examples

Request Example

This section gives an example of a CreateAAAPolicy request message, as shown in Example 16.

Example 16 Create AAA Policy Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Create>
         <cai3:MOType>AAAPolicy@http://schemas.ericsson.com
          /ma/IPWORKS/</cai3:MOType>
         <cai3:MOId>
            <ipw:aaaPolicyName>Policy1</ipw:aaaPolicyName>
         </cai3:MOId>
         <cai3:MOAttributes>
            <ipw:CreateAAAPolicy aaaPolicyName="Policy1">
               <ipw:aaaPolicyName>Policy1</ipw:aaaPolicyName>
               <ipw:aaaPolicyChecklist>System-Time &gt;= &quot;
                10:00 +0800&quot; &amp;&amp; System-Time &lt;= &quot;20:00 
                +0800&quot; &amp;&amp; ( User-Name = &quot;Faxin Zhong&quot;
                &amp;&amp; ( Service-Type = 1 || Service-Type = 2 ) )
                </ipw:aaaPolicyChecklist>
               <ipw:aaaPolicyReplylist>User-Name = $REQUEST, Login-IP-Host
                = 10.170.4.169</ipw:aaaPolicyReplylist>
            </ipw:CreateAAAPolicy>
         </cai3:MOAttributes>
      </cai3:Create>
   </soapenv:Body>
</soapenv:Envelope>

An AAA policy with name Policy1 is initiated with specific policy checklist and reply list.

Response Example

This section gives an example of a CreateAAAPolicy response message, as shown in Example 17.

Example 17 Create AAA Policy Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:CreateResponse xmlns:ns2=
       "http://schemas.ericsson.com/cai3g1.2/">
         <ns2:MOId>
            <ipw:aaaPolicyName xmlns:ipw= "http://schemas.ericsson.com
             /ma/IPWORKS/">Policy1
            </ipw:aaaPolicyName>
         </ns2:MOId>
      </ns2:CreateResponse>
   </S:Body>
</S:Envelope>

10 Get AAA Policy

This section covers the GetAAAPolicy command.

The GetAAAPolicy retrieves an AAA policy in the CUDB.

MOType

AAAPolicy@http://schemas.ericsson.com/ma/IPWORKS/

10.1 Request Data

10.1.1 Parameters

The following table covers the parameters that can be received in a GetAAAPolicy request.

Table 20 Get AAA Policy Parameters
Parameter		Type	Description
aaaPolicyName		String Min Length = 1 Max Length = 64	The name of the policy.

10.2 Response Data

10.2.1 Parameters

MOId

Table 21 Get AAA Policy Parameters
Parameter		Type	Description
aaaPolicyName		String Min Length = 1 Max Length = 64	The name of the policy.

MOAttributes

The parameters that are used in the operation are shown in Figure 8.

Figure 8 Parameters in Get AAA Policy

The following table covers the parameters that can be received in a GetAAAPolicy response.

Table 22 Get AAA Policy Parameters
Parameter	Type	Occurrence	Description
aaaPolicyName	String Min Length = 1 Max Length = 64	Mandatory	The name of the policy.
aaaPolicyChecklist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names are to conform to the AVP name in RFC, except the build-in AVPs such as `System-Time`
aaaPolicyReplylist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The reply list is a reply rule of the policy. If the `Access-Request` message is authorized successfully, the reply rule is added to the `Access-Accept` message.

10.3 Examples

Request Example

This section gives an example of a GetAAAPolicy request message, as shown in Example 18.

Example 18 Get AAA Policy Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Get>
         <cai3:MOType>AAAPolicy@http://schemas.ericsson.com
          /ma/IPWORKS/</cai3:MOType>
         <cai3:MOId>
            <ipw:aaaPolicyName>Policy1
            </ipw:aaaPolicyName>
         </cai3:MOId>
      </cai3:Get>
   </soapenv:Body>
</soapenv:Envelope>

Response Example

This section gives an example of a GetAAAPolicy response message, as shown in Example 19.

Example 19 Get AAA Policy Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:GetResponse xmlns:ns2="http://schemas.ericsson.com
       /cai3g1.2/">
         <ns2:MOAttributes>
            <ns:GetResponseAAAPolicy aaaPolicyName="Group1"
             xmlns:ns="http://schemas.ericsson.com/ma/IPWORKS/">
               <ns:aaaPolicyName>Policy1</ns:aaaPolicyName>
               <ns:aaaPolicyChecklist>System-Time &gt;= &quot;10:00
               +0800&quot; &amp;&amp; System-Time &lt;= &quot;20:00
               +0800&quot; &amp;&amp; ( User-Name = &quot;Faxin Zhong&quot;
               &amp;&amp; ( Service-Type = 1 || Service-Type = 2 ) )
               </ns:aaaPolicyChecklist>
               <ns:aaaPolicyReplylist>User-Name = $REQUEST, Login-IP-Host = 
                10.170.4.169</ns:aaaPolicyReplylist>
            </ns:GetResponseAAAPolicy>
         </ns2:MOAttributes>
      </ns2:GetResponse>
   </S:Body>
</S:Envelope>

The AAA Policy1 is printed.

11 Set AAA Policy

This section covers the SetAAAPolicy command.

The SetAAAPolicy modifies AAA policy in the CUDB.

MOType

AAAPolicy@http://schemas.ericsson.com/ma/IPWORKS/

11.1 Request Data

11.1.1 Parameters

MOId

Table 23 Set AAA Policy MOId
Parameter		Type	Description
aaaPolicyName		String Min Length = 1 Max Length = 64	The name of the policy.

MOAttributes

The parameters that are used in the operation are shown in Figure 9.

Figure 9 Parameters in Set AAA Policy

The following table covers the parameters that can be used in a SetAAAPolicy request.

Table 24 Set AAA Policy Parameters
Parameter	Type	Occurrence	Description
aaaPolicyName	String Min Length = 1 Max Length = 64	Mandatory	The name of the policy.
aaaPolicyChecklist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The checklist is a check rule of the policy. It is used to check whether the coming AVPs are matched with this check rule. All the AVP names should conform to the AVP name in RFC, except the build-in AVPs such as `System-Time`
aaaPolicyReplylist	String Min Length = 1 Max Length = 1024	Optional (0-1)	The reply list is a reply rule of the policy. If the `Access-Request` message is authorized successfully, the reply rule will be added to the `Access-Accept` message.

11.2 Examples

Request Example

This section gives an example of a SetAAAPolicy request message, as shown in Example 20.

Example 20 Set AAA Policy Request Message

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3="http://schemas.ericsson.com/cai3g1.2/"
 xmlns:ipw="http://schemas.ericsson.com/ma/IPWORKS/">
   <soapenv:Header>
      <cai3:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3:SessionId>
   </soapenv:Header>
   <soapenv:Body>
      <cai3:Set>
         <cai3:MOType>AAAPolicy@http://schemas.ericsson.com/ma/IPWORKS/
         </cai3:MOType>
         <cai3:MOId>
            <ipw:aaaPolicyName>Policy1</ipw:aaaPolicyName>
         </cai3:MOId>
         <cai3:MOAttributes>
            <ipw:SetAAAPolicy aaaPolicyName="Policy1">
               <ipw:aaaPolicyChecklist>System-Time &gt;= &quot;10:00 
                +0800&quot; &amp;&amp; System-Time &lt;= &quot;20:00 +0800&quot;
                &amp;&amp; ( User-Name = &quot;Faxin Zhong&quot; &amp;&amp;
                ( Service-Type = 1 || Service-Type = 2 ) )</ipw:aaaPolicyChecklist>
               <ipw:aaaPolicyReplylist>User-Name = $REQUEST, Login-IP-Host
                = 10.170.4.169</ipw:aaaPolicyReplylist>
            </ipw:SetAAAPolicy>
         </cai3:MOAttributes>
      </cai3:Set>
   </soapenv:Body>
</soapenv:Envelope>

The AAA Policy1 is set to the new policy checklist and reply list.

Response Example

This section gives an example of a SetAAAPolicy response message, as shown in Example 21.

Example 21 Set AAA Policy Response Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>d78e0fd9ff6c436984bd4d998633487a
      </cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:SetResponse xmlns:ns2=
      "http://schemas.ericsson.com/cai3g1.2/" />
   </S:Body>
</S:Envelope>

12 Faults and Errors

The generic structure for fault responses is covered in Generic CAI3G Interface 1.2, Reference [2]. That document also covers the generic fault codes, which are applicable to all CAI3G operations.

This section covers the subordinate CAI3G errors. They can appear in the errorcode element in the error message.

Only AAA specific error codes are described in this section. These error codes are included in the Fault type PGFault.

For generic error codes, and information about the different Fault types, see CAI3G Implementation, Reference [4].

12.1 Subordinate AAA Error Codes

The following table covers the subordinate error codes for AAA commands over the CAI3G interface

Table 25 Subordinate AAA Error Codes
Error Code	Error Message	Error Details	MO	Operation
18001	AAA USER DATA ALREADY EXISTS	AAA User data exists	AAAUser	C
18002	AAA USER NOT DEFINED	AAA User does not exist	AAAUser	G/S/D
18003	INCOMPLETE AAA USER DATA IN CUDB	Inconsistency AAA data in CUDB, manually rollback needed	AAAUser	G/S/D
18004	AAA GROUP DATA ALREADY EXISTS	AAA Group data exists	AAAGroup	C
18005	AAA GROUP NOT DEFINED	AAA Group does not exist	AAAGroup	G/S
18006	INCOMPLETE AAA GROUP DATA IN CUDB	Inconsistency AAA data in CUDB, manually rollback needed	AAAGroup	G/S
18007	AAA REQUEST VALIDATION ERROR	AAA Request Validation Failure	AAAUser/AAAPolicy	C/G/S
18008	AAA POLICY DATA ALREADY EXISTS	AAA Policy data exists	AAA Policy data exists	G
18009	AAA POLICY NOT DEFINED	AAA Policy does not exist	AAA Policy does not exist	G/S

12.2 CAI3G Error Message Example

The following, shown in Example 22, is an example of a CAI3G error message:

Example 22 CAI3G Error Message

<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
 xmlns:cai3g="http://schemas.ericsson.com/cai3g1.2/">
   <S:Header>
      <cai3g:SessionId>c9b002ea2cbb45d097a1ca5e7c9da32e</cai3g:SessionId>
   </S:Header>
   <S:Body>
      <ns2:Fault xmlns:ns2="http://schemas.xmlsoap.org/soap/envelope/"
       xmlns:ns3="http://www.w3.org/2003/05/soap-envelope">
         <faultcode>ns2:Server</faultcode>
         <faultstring>This is a server fault</faultstring>
         <detail>
            <Cai3gFault:Cai3gFault xmlns="http://schemas.ericsson.com/cai3g1.2/"
             xmlns:Cai3gFault="http://schemas.ericsson.com/cai3g1.2/">
               <faultcode>4006</faultcode>
               <faultreason>
                  <reasonText>External error.</reasonText>
               </faultreason>
               <faultrole>MF</faultrole>
               <details>
                  <PGFault:PGFault xmlns="http://schemas.ericsson.com/pg/1.0"
                   xmlns:PGFault="http://schemas.ericsson.com/pg/1.0">
                     <errorcode>18002</errorcode>
                     <errormessage>AAA USER NOT DEFINED</errormessage>
                     <errordetails>AAA User does not exist - 
                      [Processed by PG Node: vmx1771]</errordetails>
                  </PGFault:PGFault>
               </details>
            </Cai3gFault:Cai3gFault>
         </detail>
      </ns2:Fault>
   </S:Body>
</S:Envelope>

Reference List

Ericsson Documents
[1] Glossary of Terms and Acronyms, 0033-CSH 109 628 Uen
[2] Generic CAI3G Interface 1.2 Specification, 2/155 19-FAY 302 0003 Uen
[3] Library Overview, 18/1553-CSH 109 628 Uen
[4] CAI3G Implementation, 26/155 19-CSH 109 628 Uen