Merge pull request #108 from andy89923/guide/sbi-oauth

Guide: Add configuration of OAuth2
free5gc · Feb 26, 2024 · acb51e6 · acb51e6
2 parents 76cbba2 + 939907a
commit acb51e6
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/docs/guide/Configuration.md b/docs/guide/Configuration.md
@@ -4,9 +4,18 @@
 
 ## SBI Configuration
 
+### NF IP
+
 There are registerIP and bindingIP design on every NF's sbi interface.
 
-![SBI interface](https://i.imgur.com/IB0cqqP.png)
+```yaml
+configuration:
+  sbi: # Service-based interface information
+    scheme: http # the protocol for sbi (http or https)
+    registerIPv4: 127.0.0.18 # IP used to register to NRF
+    bindingIPv4: 127.0.0.18  # IP used to bind the service
+    port: 8000 # port used to bind the service
+```
 
 This is due to some orchestration, such as Kubernetes or OpenStack, has the design of service IP mapping.
 
@@ -16,6 +25,21 @@ Use Kubernetes as an example. K8s has the service type that enable users to defi
 
 If you are not sure what IP you should set, just configure it as the same IP address.
 
+### OAuth2
+
+- Enable OAuth2 setting in NRF config (nrfcfg.yaml):
+```yaml
+configuration:
+  sbi: # Service-based interface information
+    oauth: true
+```
+- Set NRF's certificate path in each NF:
+```yaml
+configuration:
+    nrfCertPem: cert/nrf.pem # NRF Certificate
+```
+- For more detailed information about OAuth2 in free5GC, please refer to the [Design Document](./OAuth2/OAuth2Design.md).
+
 ## Sample configuration
 
 We provide a sample config to connect to outer ran under `/sample/ran_attach_config/`. The architecture is as following.

diff --git a/docs/guide/OAuth2/OAuth2Design.md b/docs/guide/OAuth2/OAuth2Design.md
@@ -87,7 +87,7 @@ We use part of the SMF code, for explanation.
     - Validating the access token when there is a service request, the NF must use the NRF's public key to ensure security. So, we have to tell the NF the location of the NRF certificate. (We can retrieve the Public key from the certificate).  
     ```yaml
     configuration:
-    nrfCertPem: cert/nrf.pem # NRF Certificate
+      nrfCertPem: cert/nrf.pem # NRF Certificate
     ```
 
     - We apply ```AuthorizationCheck()``` via ```router.use()```. (Take the Nsmf_pdusession service, for example).