About the Sentinel Authentication Gateway

The Sentinel Authentication Gateway provides 3GPP Generic Authentication Architecture (GAA) support for OpenCloud’s Sentinel products. This release allows IMS devices to authenticate with their home network and securely login to Sentinel’s XCAP server.

The Sentinel Authentication Gateway consists of two main components:

BSF Server

The Bootstrapping Security Function (BSF) server receives "bootstrap" authentication requests from UEs. These requests ask the BSF to initiate a bootstrap process between the UE and the HSS, which results in a secret key shared by the BSF and the UE. This shared key can then be used to authenticate with a Network Application Function (NAF), or application server. The Sentinel XCAP server is an example of a NAF.

NAF Authentication Filter

The NAF Authentication Filter is deployed with the Sentinel VoLTE XCAP servlet application. It implements the NAF authentication processes for the application, using the shared key generated by the bootstrapping process.

Together these components allow a UE to transparently authenticate with Sentinel VoLTE XCAP and securely perform configuration updates.


Introduction to 3GPP GAA

the main roles, interfaces, and procedures in 3GPP GAA.

Architecture Overview

the components of the Sentinel Authentication Gateway and how they implement 3GPP GAA.

Getting Started

how to install the Sentinel Authentication Gateway BSF Server and NAF Authentication Filter.


how to configure the Sentinel Authentication Gateway BSF Server and NAF Authentication Filter.

Cassandra Storage

how the Sentinel Authentication Gateway uses a Cassandra database for sharing bootstrapped security association details between the BSF and XCAP servers.


the naf-key and naf-digest tools, for creating keys during testing.

Known issues

any known issues with this release

Other documentation for the Sentinel Authentication Gateway can be found on the Sentinel Authentication Gateway product page.

Next page