Configuring OCNRF

4 Configuring OCNRF

Mandatory Configurations

Following are the mandatory parameter, which must be configured before using OCNRF:

nrfPlmnList: PLMN(s) served by OCNRF. This must be configured before using any OCNRF Services.
ocnrfEndPointHost: OCNRF EndPoint Host's FQDN.
ocnrfEndPointPort: OCNRF EndPoint Host's Port.

OCNRF Configuration

OCNRF can be configured using HELM and REST configuration. Some configuration are performed during installation using HELM and few are modified using REST. For HELM configuration refer to OCNRF Cloud Native Installation and Upgrade Guide. The REST configurations can also be performed using Cloud Native Core (CNC) Console. Refer to Configuring OCNRF using CNC Console for more details.

OCNRF Host Configuration

OCNRF's NfHostConfig Configuration attribute allows to configure the details of NRF and SLF/UDR Network Functions. These attributes (nrfHostConfig and slfHostConfig) used for NRF forwarding and Subscriber Location Function (SLF) features respectively.

The NfHostConfig configuration consists of attributes like apiVersion, scheme, FQDN, port, priority, etc. OCNRF allows to configure more than two host details. However the host with highest priority is considered as Primary Host. The host with second highest priority is considered as Secondary Host.

Note:

Refer 29.510, release 15.5 for definition and allowed range for NfHostConfig attributes (apiVersion, scheme, FQDN, port, priority, etc).
Apart from priority attribute, no other attributes plays any role in Primary/Secondary host selection.
Apart from Primary/Secondary host, other configured hosts (if any) are not used during any message processing.
When more than one host is configured with highest priority, then two of them will be picked as Primary/Secondary host randomly.

In Subscriber Location Function (SLF) feature, SLF request is first sent to Primary SLF. In case of error from Primary SLF, request is sent to Secondary SLF based on below configuration:

rerouteOnResponseHttpStatusCodes: This configuration is used to determine if the SLF request message can be sent to Secondary SLF or not. After getting response from primary SLF, if response status code from primary SLF matches with this configuration, then OCNRF reroutes the request to the secondary SLF. Refer nfHostConfig attribute for Primary and Secondary SLF details.
maximumHopCount: This configuration is used to determine Maximum number of hops (SLF/NRF) that OCNRF can forward a given service request. This Configuration more useful during NRF Forwarding and SLF feature interaction.

In NRF forwarding feature, request is first forwarded to Primary NRF. In case of error, request is forwarded to Secondary NRF based on below configuration:

nrfRerouteOnResponseHttpStatusCodes: This configuration is used to determine if the service operation message can be forwarded to Secondary NRF or not. After getting response from primary NRF, if response status code from primary NRF matches with this configuration, then OCNRF reroutes the request to the secondary NRF. Refer nfHostConfig attribute for Primary and Secondary NRF details.
maximumHopCount: This configuration is used to determine Maximum number of hops (SLF/NRF) that OCNRF can forward a given service request. This Configuration more useful during NRF Forwarding and SLF feature interaction.

General Configurations

The section provides information for configuring general configurations in OCNRF.

General configuration - OCNRF system options

Table 4-1 Service API Interface

Resource Name	Resource URI	HTTP Method or Custom Operation	Description
nrf-configuration (Store)	{apiRoot}/nrf-configuration/v1/system-options	GET	Retrieves OCNRF system options configuration
nrf-configuration (Store)	{apiRoot}/nrf-configuration/v1/system-options	PUT	Updates OCNRF system options configuration

Resource Standard Methods

GET - Retrieve OCNRF System options configuration

Table 4-2 Data structures supported by the GET Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
ProblemDetails	M	1	500 Internal Server Error	The response body contains the error reason of the request message.
NrfSystemOptions	M	1	200 OK	Response body contains the OCNRF current system options

PUT - Update OCNRF System options configuration

Table 4-3 Data structures supported by the PUT Request Body

Data Type	P	Cardinality	Description
NA	M	1	NrfSystemOptions details

Table 4-4 Data structures supported by the PUT Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
ProblemDetails	M	1	500 Internal Server Error	The response body contains the error reason of the request message.
ProblemDetails	M	1	400 Bad request	The response body contains the error reason of the request message.
NrfSystemOptions	M	1	200 OK	Specifies that the update of NrfSystemOptions is successful and provides the values in database.

REST Message Sample

Request_Type: GET and PUT

URL: http://<k8s host>:<port>/nrf-configuration/v1/system-options

{
    "generalSystemOptions": {
        "nrfPlmnList": [{
            "mcc": "310",
            "mnc": "14"
        }],
        "enableF3": true,
        "enableF5": true,
        "maximumHopCount": 3,
        "defaultLoad": 5,
        "defaultPriority": 100,
        "addPriorityInNFProfile": false,
        "addLoadInNFProfile": false
    },
    "nfScreeningSystemOptions": {
        "nfScreeningFeatureStatus": "DISABLED",
        "nfScreeningFailureHttpCode": 403
    },
    "nfAccessTokenSystemOptions": {
        "oauthTokenAlgorithm": "ES256",
        "oauthTokenExpiryTime": "1h",
        "authorizeRequesterNf": "ENABLED",
        "logicalOperatorForScope": "AND",
        "audienceType": "NF_INSTANCE_ID"
    },
    "nfManagementSystemOptions": {
        "nfHeartBeatTimer": "1m30s",
        "nfHeartBeatMissAllowed": 3,
        "nfNotifyLoadThreshold": 5,
        "nrfSupportForProfileChangesInResponse": true,
        "subscriptionValidityDuration": "24h",
        "nrfSupportForProfileChangesInNotification": false,
        "nfProfileSuspendDuration": "168h",
        "acceptAdditionalAttributes": false,
	 "allowDuplicateSubscriptions": true
    },
    "nfDiscoverSystemOptions": {
        "discoveryValidityPeriod": "1h",
        "profilesCountInDiscoveryResponse": 3,
        "discoveryResultLoadThreshold": 0
    },
    "slfSystemOptions": {
        "supportedNfTypeList": [],
        "preferredSubscriberIdType": "SUPI",
        "slfHostConfig": [{
            "nfInstanceId": "c56a4180-65aa-42ec-a945-5fd21dec0538",
            "apiVersions": [{
                "apiVersionInUri": "v1",
                "apiFullVersion": "15.5.0"
            }],
            "scheme": "http",
            "fqdn": "ocudrSlf-1-ingressgateway.ocnrf.svc.cluster.local",
            "priority": 100,
            "port": 80
        }],
        "rerouteOnResponseHttpStatusCodes": {
            "codeList": [134]
        },
        "slfFeatureStatus": "DISABLED"
    },
    "errorResponses": {
        "slfErrorResponses": [{
            "errorCondition": "SLF_Missing_Mandatory_Parameters",
            "errorCode": 400,
            "errorResponse": "Mandatory parameter missing for SLF Lookup"
        }, {
            "errorCondition": "SLF_GroupId_NotFound",
            "errorCode": 404,
            "errorResponse": "Group Id Not found from SLF"
        }, {
            "errorCondition": "SLF_Not_Reachable",
            "errorCode": 504,
            "errorResponse": "SLF not reachable"
        }],
        "nrfForwardingErrorResponses": [{
            "errorCondition": "NRF_Not_Reachable",
            "errorCode": 504,
            "errorResponse": "NRF not reachable"
        }, {
            "errorCondition": "NRF_Forwarding_Loop_Detection",
            "errorCode": 508,
            "errorResponse": "Loop Detected"
        }]       
    },
    "forwardingSystemOptions": {
        "profileRetreivalForwardingStatus": "DISABLED",
        "subscriptionForwardingStatus": "DISABLED",
        "discoveryForwardingStatus": "DISABLED",
        "accessTokenForwardingStatus": "DISABLED",
        "nrfHostConfig": [{
            "nfInstanceId": "c56a4180-65aa-42ec-a945-5fd21dec0538",
            "apiVersions": [{
                "apiVersionInUri": "v1",
                "apiFullVersion": "15.5.0"
            }],
            "scheme": "http",
            "fqdn": "ocnrf-1-ingressgateway.ocnrf.svc.cluster.local",
            "priority": 100,
            "port": 80
        }],
        "nrfRerouteOnResponseHttpStatusCodes": {
            "pattern": "^[3,5][0-9]{2}$"
        }
    },
    "geoRedundancySystemOptions": {
        "geoRedundancyFeatureStatus": "DISABLED",
        "replicationLatency": "5s",
        "monitorNrfServiceStatusInterval": "5s",
        "monitorDBReplicationStatusInterval": "5s"
 }
 
}

Data Model

Note:

At least one attribute must be present to ensure that the PUT request is not empty.

Presence in the JSON BODY in PUT HTTP method means any attribute(s) can be updated individually or together.

O - Optional

M - Mandatory

C - Conditional

Table 4-5 NrfSystemOptions - Parameters

Parent Attribute Name	Attribute Name	Data Type	Constraints	M/O/C	Default Values	Description
generalSystemOptions	nrfPlmnList	array (PlmnId)		O		This value shall have at least one PLMN supported by OCNRF and this value shall be set before using OCNRF. See the footnote.
generalSystemOptions	enableF3	ENUM (true or false)	true or false	O	true	OCNRF functions as per 29510 v15.3 specification, if this flag is set to true. If it is set to true, then OCNRF will compliant to 29510 v15.3. If it is set to false, OCNRF will compliant to 29510 v15.2.
generalSystemOptions	enableF5	ENUM (true or false)	true or false	O	true	OCNRF functions as per 29510 v15.5 specification, if this flag is set to true. If it is set to false, OCNRF functions as per 29510 v15.2 or v15.3 specification (depends on enableF3 flag.
generalSystemOptions	defaultLoad	INTEGER	0 - 100	O	5	defaultLoad value is set in NF load attribute of NFProfile, if this attribute is set to true.This value is sent in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have load attribute.
generalSystemOptions	defaultPriority	INTEGER	0 - 65535	O	100	This attribute is default value of NF Priority and will be used if NFProfile does not have priority attribute set by NF.
generalSystemOptions	addLoadInNFProfile	ENUM (true or false)	true or false	O	false	Value of default NF load will be set in NF Load attribute of NFProfile while sending in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have Load attribute.
generalSystemOptions	addPriorityInNFProfile	ENUM (true or false)	true or false	O	false	Value of default NF Priority will be set in NF Priority attribute of NFProfile while sending in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have Priority attribute.
generalSystemOptions	maximumHopCount	INTEGER	1-5	O	3	Maximum number of Nodes (SLF/NRF's) that OCNRF can communicate, to service a request.
generalSystemOptions	ocnrfEndPointHost	STRING	None	O	ocnrf-ingressgateway.ocnrf.svc.cluster.local	ocnrfEndPointHost needs to be OCNRF's External Routable FQDN (e.g. ocnrf.oracle.com) OR External Routable IpAddress (e.g. 10.75.212.60) OR for routing with in the same K8 cluster use full OCNRF Ingress Gateway's Service FQDN as below format: `<helm-releasename>- ingressgateway.<n amespace>.svc.<cluster-domainname>`. Example: `ocnrfingressgateway.nrf-1.svc.cluster.local` where ocnrf: is the helm release name (deployment name that will be used during "helm install") nrf-1: is the namespace in which NRF will be deployed cluster.local: is the K8's dnsDomain name (dnsDomain can be found using `kubectl -n kube-system get configmap kubeadmconfig -o yaml \| grep -i dnsDomain`) This value is used in UriList of NfListRetrival Service Operation response.
generalSystemOptions	ocnrfEndPointPort	INTEGER	None	O	80	OCNRF EndPoint Host's Port
forwardingSystemOptions	nrfHostConfig	array (NFConfig)		O		This is used to configure Primary and Secondary NRF Details which is used for forwarding various requests. It allows to configure details of NRF like apiVersion, scheme, FQDN, port, etc. The only supported value for apiVersionInUri is v1. Hence the apiVersions attribute must have at least one data record with apiVersionInUri attribute values set as v1. This configuration allows you to configure more than 2 NRF Details. NRF with highest priority is considered as Primary NRF for forwarding messages. NRF with second highest priority is considered as Secondary NRF for forwarding. To reset this attribute, please send empty array, for example:- "nrfHostConfig": [ ] If this attribute is already set then there is no need to provide the value again. See the footnote.
forwardingSystemOptions	nrfRerouteOnResponseHttpStatusCodes	ResponseHttpStatusCodes	pattern or specific code list	O	"pattern": "^[3,5][0-9]{2}$"	This configuration is used to determine if the service operation message needs to forwarded to Secondary NRF. After getting response from primary NRF, if response status code from primary NRF matches with the configured response status code list, then NRF reroutes the request to the secondary NRF. Refer nfHostConfig for details for Primary and Secondary NRF details. See the footnote.
forwardingSystemOptions	profileRetreivalForwardingStatus	String (Feature Status)		O	DISABLED	This attribute controls the forwarding of NFProfileRetrieval service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching profile, then OCNRF forwards the NfProfileRetrival request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the NfProfileRetrival request in any case. It will return a response to consumer NF without forwarding it. See the footnote. See the footnote.
forwardingSystemOptions	subscriptionForwardingStatus	String (Feature Status)		O	DISABLED	This attribute controls the forwarding of NFStatusSubscribe, NFStatusUnsubscribe service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching profile, then OCNRF forwards the NfStatusSubscribe/NfStatusUnSubscribe request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the NfStatusSubscribe/NfStatusUnSubscribe request in any case. It will return a response to consumer NF without forwarding it. Note: NfStatusSubscribe forwarding is supported only if the NfInstanceIdCond condition is requested in the Subscription Request. See the footnote.
forwardingSystemOptions	discoveryForwardingStatus	String (Feature Status)		O	DISABLED	This attribute controls the forwarding of NFDiscover service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching profile, then OCNRF forwards the NfDiscover request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the NfDiscover request in any case. It will return a response to consumer NF without forwarding it. See the footnote.
forwardingSystemOptions	accessTokenForwardingStatus	String (Feature Status)		O	DISABLED	This attribute controls the forwarding of AccessToken service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching Producer NF, then OCNRF forwards the AccessToken request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the AccessToken request in any case. It will return a response to consumer NF without forwarding it. See the footnote.
nfScreeningSystemOptions	nfScreeningFeatureStatus	String (Feature Status)		O	DISABLED	This attribute indicates if NF Screening Feature is enabled or not. See the footnote.
nfScreeningSystemOptions	nfScreeningFailureHttpCode	INTEGER		O	403	This attribute will inform what HTTP status code will be returned if incoming request does not pass NF Screening rules barrier. See the footnote.
nfManagementSystemOptions	nfHeartBeatTimer	String	10s - 5m	O	1m30s	If Heartbeat timer value is not received in NFProfile during NFRegister, this default value will be used by OCNRF. If Heartbeat timer value is received in NFProfile during NFRegister, minimum value will be used for validation and limit purpose. It means if value provided less than minimum value, then minimum value will be taken as heartbeat timer value. If Heartbeat timer value is received in NFProfile during NFRegister, maximum value of range will be used for validation and limit purpose. It means if value provided more than maximum value, then maximum value will be taken as heartbeat timer value.The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively. See the footnote.
nfManagementSystemOptions	nfHeartBeatMissAllowed	INTEGER	0 - 15	O	3	Indicates the allowed number of HeartBeat miss after which the NFProfile is marked as suspended. If the value is set to 0, NF profiles for which even single heartbeat is missed will be marked as suspended. See the footnote.
nfManagementSystemOptions	nfNotifyLoadThreshold	INTEGER	0 - 99	O	5	OCNRF generates the Notification trigger when difference between the 'load' value reported by NF in most recent heartbeat and the last reported ‘load’ is more than configured value of nfNotifyloadThreshold attribute. See the footnote.
nfManagementSystemOptions	nrfSupportForProfileChangesInResponse	ENUM (true or false)	true or false	O	true	OCNRF sends mandatory and modified attributes in the NFRegister and NFUpdate responses instead of complete profile, if this flag is enabled. See the footnote.
nfManagementSystemOptions	subscriptionValidityDuration	String	10s - 720h	O	24h	If Validity time attribute is not received in SubscriptionData during NFSubscribe, this default value will be used for calculation of validity time (current time + default duration). If Validity time attribute is received in SubscriptionData during NFSubscribe, this is minimum value will be used for validation and limit purpose. It means if value provided is less than ( current time + minimum value), then calculated value with minimum duration value will be considered as validity time of subscription and similarly in case validity time is more than (current time + maximum duration), then calculated value with maximum duration will be considered as validity time of subscription. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively. See the footnote.
nfManagementSystemOptions	nrfSupportForProfileChangesInNotification	ENUM (true, false)	true or false	O	false	OCNRF sends profileChanges attribute instead of NFProfile in Notification, if this flag is enabled. See the footnote.
nfManagementSystemOptions	nfProfileSuspendDuration	String	10s - 744h	O	168h	Indicates the duration for which the NF is suspended, before it is deleted from OCNRF database. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively. See the footnote.
nfManagementSystemOptions	acceptAdditionalAttributes	ENUM (true, false)	true or false	O	false	OCNRF preserves additional attributes that are not defined by 3gpp in NFProfile/NFService in the database based on this attribute value. See the footnote.
nfManagementSystemOptions	allowDuplicateSubscriptions	ENUM (true, false)	true or false	O	true	This attribute specifies if OCNRF should allow duplicate Subscriptions to be created or not. Note: In case duplicate subscriptions are not allowed and this flag is marked as false, there will be performance degradation around 50% during NFSubscribe service operation.
nfDiscoverSystemOptions	discoveryValidityPeriod	String	1s - 168h	O	1h	This attribute mentions the validity period of a discovery request after which requester NF must perform discovery again to get the latest values. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively. See the footnote.
nfDiscoverSystemOptions	profilesCountInDiscoveryResponse	INTEGER	0 - 20	C	3	This value restricts NF profile count in NFDiscover response. If value of this attribute is 0, it means this functionality will get disabled, in that case all the profiles will be returned. If GET option returns this attribute value as 0, then it means this feature is disabled. Note:- If Limit attribute is present in SearchData URI then this attribute is not used.
nfDiscoverSystemOptions	discoveryResultLoadThreshold	INTEGER	0 - 100	C	0	This configuration is used to select out profiles from discovery response whose load is more than the configured value. NFDiscover response contains NF profiles with load attribute value less than or equal to this configured value. Value 0 indicates this feature is disabled.
nfAccessTokenSystemOptions	oauthTokenAlgorithm	String (oauthTokenAlgorithm)		O	ES256	Access token key algorithm which will be used to sign the oauth token. See the footnote.
nfAccessTokenSystemOptions	oauthTokenExpiryTime	String	1s - 168h	O	1h	Oauth token expiry time. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively. See the footnote.
nfAccessTokenSystemOptions	authorizeRequesterNf	String (Feature Status)		O	ENABLED	This attribute validates the requester NF is registered with OCNRF or not. OCNRF issues the access token only to the registered requester NFs. If the value is Disabled, OCNRF will issue token to non-registered NFs as well.
nfAccessTokenSystemOptions	audienceType	String (AudienceType )		O	NF_INSTANCE_ID	This value decides the AudienceType in AccessTokenClaim. OCNRF considers this value only if targetnfInstanceId is not received in AccessTokenRequest.
nfAccessTokenSystemOptions	logicalOperatorForScope	String ( LogicalOperatorForScope)		O	AND	This value will decide whether values in scope will have relationship AND or OR. If value is AND, while looking for producer network function profiles, token will be issued for profiles matching all the services-names present in scope. If value is OR, token will be issued for profiles matching any of the services-names present in scope.
slfSystemOptions	slfFeatureStatus	String (Feature Status)		O	DISABLED	Enables/disables the SLF Feature. See NOTE 1.
slfSystemOptions	slfHostConfig	array (NfConfig)		C		This is used to configure Primary and Secondary SLF Details which is used for forwarding various requests. It allows to configure details of SLF like apiVersion, scheme, FQDN, port, etc. The only supported value for apiVersionInUri is v1. Hence the apiVersions attribute must have at least one data record with apiVersionInUri attribute values set as v1. This configuration allows you to configure more than 2 SLF Details. SLF with highest priority is considered as Primary SLF for forwarding messages. SLF with second highest priority is considered as Secondary SLF for forwarding. If supportedNfTypeList is set, then operator must set this attribute. This is because this value will be used to contact the network function hosting the SLF. To reset this attribute, please send empty array, for example:- "slfHostConfig": [ ] If this attribute is already set then there is no need to provide the value again. See the footnote.
slfSystemOptions	supportedNfTypeList	array		C		NF Type list for which SLF need to be supported. SLF look up will happen only for NF Types mentioned in this configuration. To reset this attribute, send empty array, for example:-"supportedNfTypeList": [ ] If this value is set, then slfHostConfig shall also be set. See the footnote.
slfSystemOptions	preferredSubscriberIdType	String (SubscriberIdType)	SUPI or GPSI	O	SUPI	This attribute will only be used, in case different type of subscriber identifiers (SUPI, GPSI) are present in NFDiscover service operation message, which subscriber identifier shall be used for the query to SLF. See the footnote.
slfSystemOptions	rerouteOnResponseHttpStatusCodes	ResponseHttpStatusCodes		O	"pattern": "^[3,5][0-9]{2}$"	This attribute will be used after getting response from primary SLF (SLF Config with highest priority), if response code from primary SLF is present/matches this configuration, then OCNRF will reroute the SLF query to secondary SLF (SLF Config with second highest priority). See the footnote.
geoRedundancySystemOptions	geoRedundancyFeatureStatus	String (Feature Status)		O	DISABLED	Enables/Disables the geoRedundancy feature in OCNRF. See the footnote.
geoRedundancySystemOptions	replicationLatency	String	1s - 10m	O	5s	This attribute defines the time taken for the data in the database to get replicated between GeoRedundant OCNRFs. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
geoRedundancySystemOptions	monitorNrfServiceStatusInterval	String	1s - 10s	O	5s	This attribute defines the time interval for monitoring the aggregated Nf_Management service status (combined status of nfRegistration, nfSubscription and nrfAuditor service). The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
geoRedundancySystemOptions	monitorDBReplicationStatusInterval	String	1s - 10s	O	5s	This attribute defines the time interval for monitoring the DB replication status. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
errorResponses	slfErrorResponses	array (ErrorInfo)		O		This attribute defines the error responses which may be sent during SLF processing. This attribute will allow to update the error response code and error response description for preloaded error conditions. See the footnote.
errorResponses	nrfForwardingErrorResponses	array (ErrorInfo)		O		This attribute defines the error responses which may be sent during NRF Forwarding scenarios. This attribute will allow to update the error response code and error response description for preloaded error conditions. See the footnote.

Note:

If the attribute is not present, existing value in database is used. It can be the default value or the last updated value. But at least one attribute must be present so that the PUT request is not empty.

Table 4-6 General Data Types

Data Type	Reference
NFType	3GPP TS 29.510
NFServiceVersion	3GPP TS 29.510
UriScheme	3GPP TS 29.510
Fqdn	3GPP TS 29.510

Table 4-7 Feature Status

Enumeration value	Description
ENABLED	Enables the feature.
DISABLED	Disables the feature.

Table 4-8 OauthTokenAlgorithm

Enumeration value	Description
ES256	ES256 algorithm key will be used to sign the oauth token
RS256	RS256 algorithm key will be used to sign the oauth token

Table 4-9 AudienceType

Enumeration value	Description
NF_INSTANCE_ID	NF Instance Id(s) in audience IE of AccessTokenClaim.
NF_TYPE	NF Type in audience IE of AccessTokenClaim.

Table 4-10 LogicalOperatorForScope

Enumeration value	Description
AND	If value is AND, while looking for profiles of producer network function, OCNRF issues token for all profiles matching with services-names present in the scope.
OR	If value is OR, OCNRF includes producers matching with any of the services-names present in scope, while looking for profiles of producer NFs.

Table 4-11 NFConfig

Attribute	DataType	Presence	Description
apiVersions	array (NFServiceVersion)	M	API Version of NF
scheme	UriScheme	M	URI schema supported by NF
fqdn	Fqdn	M	FQDN of NF
port	integer	O	Port of NF default value:80 if scheme is HTTP, 443 if its HTTPS
apiPrefix	string	O	ApiPrefix
priority	integer	M	Priority of NF
nfInstanceId	string	M	nfInstanceId of NF

Table 4-12 SubscriberIdType

Enumeration Value	Description
SUPI	Subscriber Id is SUPI
GPSI	Subscriber Id is GPSI

Table 4-13 ErrorInfo

Attribute	DataType	Presence	Description
error_condition	ErrorCondition	ReadOnly	Error Conditions
error_response_code	Integer	M	This response code will be used when corresponding error condition will occur.
error_response_description	String	M	This response description will be used when corresponding error condition will occur.

Table 4-14 ErrorCondition

Error Condition	Error Response Code	Description
SLF_Missing_Mandatory_Parameters	400	SLF mandatory parameters are missing
SLF_Not_Reachable	504	SLF is not reachable from OCNRF
SLF_GroupId_NotFound	404	Group Id Not found from SLF
NRF_Not_Reachable	504	Primary/Secondary NRF is not reachable from NRF
NRF_Forwarding_Loop_Detection	508	Loop detected while processing NRF Service Operation Message

Table 4-15 ResponseHttpStatusCodes

Attribute	DataType	Presence	Description
pattern	String	C C	Either pattern or codeList is present.
codeList	array (integer)	C	Either pattern or codeList is present.

Configuring NF Screening

This section provides information for configuring NF Screening.

Table 4-16 Resources and Methods Overview

Resource Name	Resource URI	HTTP Method or Custom Operation	Description
screening-rules (Store)	{apiRoot}/nrf-configuration/v1/screening-rules	GET	Returns all the screening rules
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	GET	Returns screening rules corresponding to the specified NF Screening Rule List Type.
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PUT	Replace the complete specified NF Screening Rule List Type
screening-rules (Document)	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PATCH	Partially updates the specified NF Screening Rule List Type.

Resource Standard Methods

PUT - Updates a particular screening rule (except read only attributes)

Table 4-17 Data structures supported by the PUT Request Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
NfScreening Rules	M	1	NF Screening Rules which need to be updated.

Table 4-18 Data structures supported by the PUT Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
NfScreeningRules			200 OK	Successful response
ProblemDetails	C	1	404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

NfScreeningRules

200 OK

Successful response

ProblemDetails

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

PATCH - Updates partially a particular screening rule (except read only attributes)

Table 4-19 Data structures supported by the PATCH Request Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
PatchDocument	M	1	It contains the list of changes to be made to the NF Screening Rule, according to the JSON PATCH format specified in IETF RFC 6902 [13].

Table 4-20 Data structures supported by the PATCH Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
NfScreeningRules			200 OK	Successful response
ProblemDetails	C	1	404 NOT FOUND 500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

NfScreeningRules

200 OK

Successful response

ProblemDetails

404 NOT FOUND

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

GET - Collection of screening rules

Table 4-21 URI query parameters supported by the GET method

Name	Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
nfScreeningRulesListType	NfScreeningRulesListType	O	0.1	The type of NF screening rules on this basis of rules list type.
nfScreeningRulesListStatus	NfScreeningRulesListStatus	O	0.1	Screening Rules List on the basis of status (Enabled or Disabled)

Table 4-22 Data structures supported by the GET Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
ScreeningRulesResult	M	1	200 OK	The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result.
ProblemDetails	C	1	500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

ScreeningRulesResult

200 OK

The response body contains a list of screening lists, or an empty object if there are no screening rules to return in the query result.

ProblemDetails

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

Table 4-23 ScreeningRulesResult - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Description
nfScreeningRulesList	array (NfScreeningRules)	M	0.N	It shall contain an array of NF Screening List. An empty array means there is no NF Screening list configured.

GET - Particular screening list rule

Table 4-24 Data structures supported by the GET Response Body

Data Type	Mandatory(M)/Optional(O)/Conditional(C)	Cardinality	Response Codes	Description
NfScreeningRules	M	1	200 OK	The response body contains requested screening list.
ProblemDetails	C	1	500 INTERNAL ERROR 400 BAD REQUEST	The response body contains the error reason of the request message.

Data Type

Mandatory(M)/Optional(O)/Conditional(C)

Cardinality

Response Codes

Description

NfScreeningRules

200 OK

The response body contains requested screening list.

ProblemDetails

500 INTERNAL ERROR

400 BAD REQUEST

The response body contains the error reason of the request message.

REST message samples

Screening List Update

NF screening rules to update particular rule configuration (except read only attributes)

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PUT

Content-Type: application/json

Request Body

NF screening rules to get all of the configured rules

{
    "nfScreeningType": "BLACKLIST",
    "nfScreeningRulesListStatus": "ENABLED",
    "globalScreeningRulesData": {
        "failureAction": "SEND_ERROR",
        "nfCallBackUriList": [
            {
                "ipv4AddressRange":{
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports":[10,20]
            },
            {
                "ipv6AddressRange":{
                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",
                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"
                }
            }
        ]
    },
    "amfScreeningRulesData": {
        "failureAction": "CONTINUE",
        "nfCallBackUriList": [
            {
                "fqdn": "ocnrf-d5g.oracle.com"
            },
            {
                "ipv4AddressRange":{
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports":[10,20]
            }
        ]
    }
}

URL: http://host:port/nrf-configuration/v1/ screening-rules /

Request_Type: GET

Response Body

{

    "nfScreeningRulesList": [

        {

            "nfScreeningRulesListType": "NF_FQDN",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_IP_ENDPOINT",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "amfScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfIpEndPointList": [

                    {

                        "ipv4Address": "198.21.87.192",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "CALLBACK_URI",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfCallBackUriList": [

                    {

                        "fqdn": "ocnrf-d5g.oracle.com",

                        "ports": [

                            10,

                            20

                        ]

                    }

                ]

            }

        },

        {

            "nfScreeningRulesListType": "PLMN_ID",

            "nfScreeningType": "BLACKLIST",

            "nfScreeningRulesListStatus": "DISABLED"

        },

        {

            "nfScreeningRulesListType": "NF_TYPE_REGISTER",

            "nfScreeningType": "WHITELIST",

            "nfScreeningRulesListStatus": "ENABLED",

            "globalScreeningRulesData": {

                "failureAction": "SEND_ERROR",

                "nfTypeList": [

                    "AMF",

                    "SMF",

                    "PCF"

                ]

            }

        }

    ]

}

NF screening rules to get a particular configured rule

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: GET

Response Body

{

    "nfScreeningRulesListType": "CALLBACK_URI",

    "nfScreeningType": "BLACKLIST",

    "nfScreeningRulesListStatus": "ENABLED",

    "globalScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            },

            {

                "ipv6AddressRange": {

                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",

                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"

                }

            }

        ]

    },

    "amfScreeningRulesData": {

        "failureAction": "SEND_ERROR",

        "nfCallBackUriList": [

            {

                "fqdn": "ocnrf-d5g.oracle.com"

            },

            {

                "ipv4AddressRange": {

                    "start": "155.90.171.123",

                    "end": "233.123.19.165"

                },

                "ports": [

                    10,

                    20

                ]

            }

        ]

    }

}

NF screening rules for partial rule update

http://host:port/nrf-configuration/v1/screening-rules/CALLBACK_URI

Request_Type: PATCH

Content-Type: application/json-patch+json

Request Body

[
    {"op":"remove","path":"/globalScreeningRulesData/nfCallBackUriList/2/ports/0"},
    {"op":"replace","path":"/globalScreeningRulesData/failureAction","value": "CONTINUE"}
]

URL: http://host:port/nrf-configuration/v1/ screening-rules /CALLBACK_URI

Request_Type: PATCH

Content-Type: application/json-patch+json

Response Body

[{"op":"add","path":"/nrfScreeningRulesData","value": {"failureAction": "SEND_ERROR","nfCallBackUriList": [{"ipv4AddressRange":{"start" : "189.163.192.10","end": "190.178.127.10"}}]}}]

Table 4-25 NfScreeningRules - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
nfScreeningRulesListType	Table 4-27	C	ReadOnly. It will be returned while retrieving the rule.
nfScreeningType	Table 4-28	M	Screening type of complete screening list. Blacklist or whitelist. All the rules can be either blacklist or whitelist.
nfScreeningRulesListStatus	Table 4-29	M	This attribute will enable or disable complete screening list.
globalScreeningRulesData	Table 4-26	O	This attribute will be present if global screening rules need to be configured.
customNfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for custom NF need to be configured.
nrfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for NRF need to be configured.
udmScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for UDM need to be configured.
amfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for AMF need to be configured.
smfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for custom SMF need to be configured.
ausfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for AUSF need to be configured.
nefScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for NEF need to be configured.
pcfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for PCF need to be configured.
nssfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for NSSF need to be configured.
udrScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for UDR need to be configured.
lmfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for IMF need to be configured.
gmlcScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for GMLC need to be configured.
fiveG_EirScreeningRules	Table 4-26	O	This attribute will be present if screening rules for EIR need to be configured.
seppScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for SEPP need to be configured.
upfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for UPF need to be configured.
n3iwfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for IWF need to be configured.
afScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for AF need to be configured.
udsfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for UDSF need to be configured.
bsfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for BSF need to be configured.
chfScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules for CHF need to be configured.
nwdafScreeningRulesData	Table 4-26	O	This attribute will be present if screening rules forNWDAF need to be configured.

Table 4-26 NfScreeningRulesData - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
failureAction	Table 4-30	M	Indicates what action needs to be taken during failure.
nfFqdn	Table 4-31	C	If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is NF_FQDN.
nfCallBackUriList	array(Table 4-33)	C	If this attribute is present in message it shouldn't be null. This attribute will be present if screeningListType is CALLBACK_URI.
nfIpEndPointList	array(Table 4-32)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_IP_ENDPOINT.
plmnList	array(PlmnId)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is PLMN_ID.
nfTypeList	array(NfTypeList)	C	If this attribute is present in message it shouldn't be null. This attribute may be present if screeningListType is NF_TYPE_REGISTER.

Table 4-27 NfScreeningRulesListType - Parameters

Enumeration Value	Description
"NF_FQDN"	Screening List type for NF FQDN
"NF_IP_ENDPOINT"	Screening list type for IP Endpoint
"CALLBACK_URI"	Screening list type for callback URIs in NF Service and nfStatusNotificationUri in SubscriptionData
"PLMN_ID"	Screening list type for PLMN ID
"NF_TYPE_REGISTER"	Screening list type for allowed NF Types to register

Table 4-28 NfScreeningType - Parameters

Enumeration Value	Description
"BLACKLIST"	When a screening list is configured to operate as a blacklist, the request is allowed to access the service only if the corresponding attribute value is not present in the blacklist.
"WHITELIST"	When a screening list is configured to operate as a whitelist, the request is allowed to access the service only if the corresponding attribute value is present in the whitelist.

Table 4-29 NfScreeningRulesListStatus - Parameters

Enumeration Value	Description
"ENABLED"	Screening List feature is enabled to apply the rules.
"DISABLED"	Screening List feature is disabled.

Table 4-30 FailureAction - Parameters

Enumeration Value	Description
"CONTINUE"	Continue Processing
"SEND_ERROR"	Send response with configured HTTP status code

Table 4-31 NfFqdn - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
fqdn	array(FQDN)	C	Exact FQDN to be matched. This is conditional, at least one attribute shall be present.
pattern	array(string)	C	Regular Expression for FQDN. This is conditional, at least one attribute shall be present.

Table 4-32 NfIpEndPoint - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
ipv4Address	Ipv4Addr	C	IPv4 address to be matched.
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses.
ipv6Address	Ipv6Addr	C	IPv6 address to be matched.
ipv6AddressRange	Table 4-35	C	Range of IPv6 addresses.
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation.
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 4-33 NfCallBackUri - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
fqdn	FQDN	C	Exact Fqdn to be matched.
pattern	string	C	Regular Expression for FQDN, Ipv4Address or Ipv6Address.
ipv4Address	Ipv4Addr	C	IPv4 address to be matched.
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses.
ipv6Address	Ipv6Addr	C	IPv6 address to be matched.
ipv6AddressRange	Table 4-35	C	Range of IPv6 addresses.
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation.
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation.

Note:

Depending on the conditions, only one of the fqdn, pattern, ipv4Address, ipv4AddressRange, ipv6Address, and ipv6AddressRange attributes can be present.

Table 4-34 PortRange - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
start	integer	M	First value identifying the start of port range.
end	integer	M	Last value identifying the end of port range.

Table 4-35 Ipv6AddressRange - Parameters

Attribute Name	Data type	Mandatory(M)/Optional(O)/Conditional(C)	Description
start	Ipv6Addr	M	First value identifying the start of an IPv6 Address range.
end	Ipv6Addr	M	Last value identifying the end of an IPv6 Address range.

Table 4-36 Common data types

Data Type	Reference
Ipv6Addr	3GPP TS 29.571
Ipv4Addr	3GPP TS 29.571
Ipv4AddressRange	3GPP TS 29.510
PlmnId	3GPP TS 29.571
Uri	3GPP TS 29.571
IpEndPoint	3GPP TS 29.510
NFType	3GPP TS 29.510
ProblemDetails	3GPP TS 29.571

OCNRF Access Token Service Usage Details

OCNRF implements Nnrf_AccessToken service (used for OAuth2 authorization), along with the "Client Credentials" authorization grant. It exposes a "Token Endpoint" where the Access Token Request service can be requested by NF Service Consumers.

The Nnrf_AccessToken service operation is defined as follows:

Access Token Request (i.e. Nnrf_AccessToken_Get)

Note:

This procedure is specific to OCNRF Access Token service operation. OCNRF general configurations, database and database specific secret creation are not part of this procedure.

Procedure to use OCNRF Access Token Service Operation

This procedure provides step by step details which are needed to use 3GPP defined Access Token Service Operation supported by OCNRF.

Create OCNRF private key and public certificate
This step explains need to create the OCNRF private keys and public certificates. Private key are used by OCNRF NF to sign the Access Token generated. It shall be available only with OCNRF. Public certificates are used by producer NFs to validate the access token generated by OCNRF. So, public certificates shall be available with producer network functions. Two types of signing algorithms are supported by OCNRF. For both types different keys and certificates required to be generated:
- ES256: ECDSA digital signature with SHA-256 hash algorithm
- RS256: RSA digital signature with SHA-256 hash algorithm
Any one/both of algorithm files can be generated depending upon usage of hash algorithms. One algorithm depending upon configuration at OCNRF will decide which key will used to sign the Access Token.

Note:
Creation process for private keys, certificates and passwords is on discretion of user/operator.
Sample keys and certificates:
After execution of this step, there will be private keys and public certificates of OCNRF (generated files depends upon algorithms chosen by operator/user).

For example:
ES256 based keys and certificates:
- ecdsa_private_key.pem
- ecdsa_certificate.crt
RS256 based keys and certificates:
- rsa_private_key.pem
- rsa_certificate.crt
Password to keep safely the generated keys and certificate inside OCNRF container
This step explains the create password that is used to keep safely the generated keys and certificate inside OCNRF container.
Sample step to create:
```
 echo qwerpoiu > keystore_password.txt
```
where, qwerpoiu is the password and keystore_password.txt is the target password file

Note:
This file is provided in Kubernetes secret.
After execution of this step, file will be available with password.

For example: keystore_password.txt
Name space creation for Secrets
This step explains the need for creating kubernetes namespace in which kubernetes secrets will be created for OCNRF private keys, OCNRF public certificate and keystore password. Refer to Creating OCNRF Namespace section in OCNRF Installation and Upgrade guide.
Note:
- Different namespaces or same namespace can be used for OCNRF private keys, OCNRF public certificate and keystore password.
- Namespace(s) shall have RBAC resources defined with required privileges.
- It can be same namespace as for OCNRF.
- Namespace will be available in which required secrets can be created in next steps
Secret creation for OCNRF private keys, OCNRF public certificate and keystore password
This step explain commands to create the kubernetes secret(s) in which OCNRF private keys, OCNRF public certificate and keystore password can be kept safely. Refer to Configuring Kubernetes Secret for Accessing OCNRF Database section in OCNRF Installation and Upgrade guide.

Note:
Single secret can be created for OCNRF private keys, OCNRF public certificate and keystore password. Sample command is provided in steps to create single secret. In case, there is need to create separate secret for each entity, then same command can be used.
Configure OCNRF custom_values.yaml with outcome details of Steps 1 to 4
This step explains customize the OCNRF custom_values.yaml to use the OCNRF private keys, OCNRF public certificate, keystore password file, secrets, and secret namespace. Refer to Configuring Secret for Enabling AccessToken Service section in OCNRF Installation and Upgrade guide.
Key Attributes in OCNRF custom_values.yaml:
- nfaccesstoken.oauth.nrfInstanceId - OCNRF's NF Instance ID that will be used for signing AccessTokenClaim.
- nfaccesstoken.oauth.initialAlgorithm - Signing algorithm which will be used by Access Token microservice. This is default value.
- NF Access Token OCNRF Private Key Details
  1. k8SecretName - K8 Secret Name for OCNRF Access Token Private key
  2. k8NameSpace - Namespace for OCNRF Access Token Private key Secret
  3. rsa.filename - Key File name which is OCNRF Access Token Private Key for RSA algorithm
  4. ecdsa.filename - Key File name which is OCNRF Access Token Private Key for ECDSA algorithm
- NF Access Token OCNRF Public Certificate Details
  1. k8SecretName - K8 Secret Name for OCNRF Access Token Public Certificate
  2. k8NameSpace - Namespace for OCNRF Access Token Public Certificate Secret
  3. rsa.filename - Key File name which is OCNRF Access Token Public Certificate for RSA algorithm
  4. ecdsa.filename - Key File name which is OCNRF Access Token Public Certificate for ECDSA algorithm
- NF Access Token Key Store Password Details
  1. k8SecretName - K8 Secret Name for OCNRF Access Token Key Store Password
  2. k8NameSpace - Namespace for OCNRF Access Token Key Store password Secret
  3. filename - KeyStore password file