JAPANESE PAGE
Opengate Home Page
Opengate - A Network User Authentication System for Public and Mobile
Terminals
Outline |
What's New |
Download |
Development and Management |
Background |
Purpose |
Usage |
Function and Requirements |
Flow |
Features |
Publications |
Another System |
Contacts |
Recent Q&A |
Q&A |
References |
Chart of WorkFlow |
Document of WorkFlow |
Install Memo |
Error Check List |
Example of User Help |
Merits and Specifications |
Administration Memo
Caution: Project main page is moved to
http://opengate.osdn.jp.
This page may not follow the main page.
Outline
- This page is prepared for development and distribution of the Open
Source Software "Opengate".
- Opengate is a (captive portal type) user authentication gateway system
for networks in public areas.
- Opengate can be applied to wireless LANs and wired LANs. It can be
applied to public terminals and privately-owned terminals.
- Opengate can close the network immediately at the usage termination.
- Opengate can be distributed under GPL
(Gnu General Public License).
- Opengate uses Web browsers as the user interface. No specific software
is needed in terminals.
- We are also developing a complementary authentication system
OpengateM
OpengateM
to support devices needing continuous online mode or being troublesome in
input (Opengate is a Web authentication system and OpengateM is a MAC
authentication system).
- The initial web request from a terminal is forwarded to the
authentication page. If the authentication is accepted, the network is
opened and can be accessed freely form the terminal.
- Opengate uses Ajax script or the Java Applet after authentication, to
control TCP connections. Therfore, network access can be closed without
delay when the client exits the browser or OS.
- In deficient terminals, the user can use the network until the time
limit indicated by the user in authentication page. But for security,
the network is closed at the detection of no-packet duration or MAC
address change.
- In cooperation with the firewall, Opengate can control the packets of
all protocols in both IPv4/IPv6. Mail, FTP or other protocols can be
used after authenticating through the web browser.
- Opengate is developed and implemented by the Saga University Japan to
control the universities campus-wide open network.
Redirect Page |
Auth Request
Page |
Accept Page |
Usage Start Page
(Popped Up) |
|
|
|
|
What's New
- Ver.1.5.35 is released.
- The construction procedure and the system image using VirtualBox are
released.
- Ver.1.5.34 is released.
- Fixed CLang warning messages.
- Modified ipfw rules.
- Moved documents to Web.
- Ver.1.5.33 is released.
- Added checking of null language string.
- Changed strncpy/strncat to strlcpy/strlcat.
- Ver.1.5.32 is released.
- Fixed error to ignore duration in ExtraSet.
- Ver.1.5.31 is released.
- Modified code for authentication recheck when ExtraSet exists.
- SourceForge Page is modified.
- Changed SF project from classic one to new one. Changed code
repository from CVS to Git.
- Ver.1.5.30 is released.
- Added code to remove cookie at deny [Contributed by M. Tagawa].
- Ver.1.5.29 is released.
- Added patterns for ExtraSet in conf file.
- Ver.1.5.28 is released.
- Modified code for aquiring shibboleth data.
- Ver.1.5.27 is released.
- Modified to deny plural ipfw rules for one ip address. Added ipfw
rule in syslog message. Added udp sending to opengatemd(need to set
udp port in conf file). Added dummy html for network connectivity
check of iOS.
- Ver.1.5.26 is released.
- Added sqlite3_busy_timeout to reduce lock error.
- Ver.1.5.25 is released.
- Fixed small bugs in processing termination button and movement to
other language page [Contributed by M. Tagawa].
- Ver.1.5.24 is released.
- Modified string at address conversion error in opengatefwd.
- Ver.1.5.23 is released.
- Fixed error at loading httpkeep page on ie9.
- Ver.1.5.22 is released.
- Modified a variable name to avoid misunderstanding.
- Ver.1.5.21 is released.
- Added message to avoid popup blocking in httpkeep page.
Download
Following link has download files. The code "****" in "opengate****.tar.gz"
indicates the version. Please download the newest one.
We link the construction procedure and the system image using VirtualBox below.
Please use it for inspection and the system construction.
Trial of Opengate/OpengateM on VirtualBox
Development and Management
The Main Project Page is
http://en.osdn.jp/projects/opengate/. It includes Git repository.
Background
To support educational and research activities, a lot of "public
terminals", "network sockets" and "wireless LANs" were implemented
throughout the campus. Considering the many incidents such as computer
cracking or copyright infringement that were occurring on the network,
authentication and usage log methods before network access is granted,
quickly became a necessity. Seeing it can prove quite difficult to
maintain such systems in terminals for public use, network sockets, and
wireless LANs, Opengate was developed to address these issues.
Purpose
Authenticate users and record usage logs in a public network environment..
Usage
When a user tries to access any given site, the authentication request
page is returned. The user enters user a ID and password. Network access
is granted to the client terminal when the accept pages are displayed.
Network access is denied when closing the browser.
Function and Requirements
The Opengate system functions as a gateway between terminals and the
network. The system filters packets passing through the Opengate gateway.
Only a Web browser is required for the terminal. For the gateway, a Web
server and firewall software are required. At present, Opengate is being
developed on a FreeBSD system, using ipfw as the firewall software.
Opengate can communicate with many authentication methods, such as FTP,
POP3, POP3S, FTPS, RADIUS, LDAP, PAM, Shibboleth, HttpBasic. Opengate is
loaded as CGI, sends an Ajax script to the terminal, and watches the
existence of the terminal.
Flow
-
By default, the gateway firewall is
closed.
- A user tries to access some web site through the gateway.
- The gateway steals the packet and sends back the authentication page.
- The server process - loaded as CGI - accepts the user information.
The process authenticates the user and opens the firewall for the
requesting terminal.
- The process sends an Ajax script to the terminal and sets up a TCP
connection to watch the existence of the terminal (~ Comet).
- If above watching fails, the process closes the firewall after a set
time, a MAC address change or if no packets are exchanged in a set time
frame.
- Periodically, the process performs message exchanges with the
terminal.
- The process closes the firewall when the TCP connection is closed.
- Server process records usage log when opening and closing the
firewall.
Features
-
Simple User Interface: Opengate uses the clients
web browser for GUI interaction.
-
Broad Applicability: Opengate works
independent of client OS's such as Windows, Windows Ce, Mac OS, Linux,
etc. Opengate is compatible with various connection technologies such
as wireless LANs, network outlets, and open service terminals.
-
Real Time: Because Opengate employs
an Ajax script for checking terminal status, user disconnection can be
detected in real time without extra software.
-
Low Maintenance Costs: Opengate authenticates users by using
your existing FTP, POP,RADIUS,LDAP servers. Opengate requires no setup
procedure for the client terminals.
Publications
- "Opengate": A Gateway System Which Can Authenticate And Record Users
(In Japanese), K. Watanabe, H. Eto, S. Tadaki, and Y. Watanabe, IPSJ SIG
Notes IN99-95, TM99-61,OFS99-48, 43-48(2000) . PDF
- Introduction to Opengate: a network authentication system (In
Japanese), Y. Watanabe, Annual report of Computer and Network Center,
Saga University, No.1, pp.29-32(2001)PDF
- A User Authentication Gateway System With Simple User Interface, Low
Administration Cost And Wide Applicability (In Japanese), Y. Watanabe,
K. Watanabe, H. Eto, and S. Tadaki, IPSJ Journal, Vol.42, No.12,
pp.2802-2809(2001)PDF (Notice)
- An Authentication System for Public and Mobile Terminals and Its
Operation with Diskless Boot Mechanism (In Japanese), S. Tadaki, H. Eto,
K. Watanabe, Y. Watanabe, Journal for Academic Computing and Networking,
No. 5, pp.15-20 (2001)PDF
- Usage of educational LAN (In Japanese), K. Watanabe, Annual report of
Computer and Network Center, Saga University, No.2, pp.67-70(2002)PDF
- Usage of wireless campus LAN (In Japanese), K. Watanabe, Annual report
of Computer and Network Center, Saga University, No.2, pp.71-76(2002)PDF
- Toward new information infrastructure for education - Campus wide open
network based on an authentication system(In Japanese), H. Eto, S.
Tadaki, K. Watanabe, Y. Watanabe, Journal for Academic Computing and
Networking, No.6, pp.13-20(2002)PDF
- Management of a network including mobile terminals - Practice of
Opengate in Saga University(In Japanese), S. Tadaki, H. Eto, K.
Watanabe, Y. Watanabe, IPSJ Symposium Series , Vol.2004 No.3, pp.85-90
(2004) PDF.
- Implementation of IPv6 Functions for Opengate(In Japanese), K. Eguchi,
K. Watanabe, IPSJ SIG Notes 004-DSM-36, pp. 7-12(2005.3)PDF
- Implementation and operation of large scale network for users' mobile
computers by Opengate (In Japanese), S. Tadaki, H. Eto, K. Watanabe, Y.
Watanabe, IPSJ Journal, Vol.46, No.4, pp.922-929(2005.4)PDF
(Notice).
- Development of network authentication system using Java Servlet(In
Japanese), T. Nomura, S. Tobo, Y. Watanabe, K. Watanabe, H. Eto, S.
Tadaki, Journal for Academic Computing and Networking, No.9,
pp.85-89(2005.9)PDF
- Development of Opengate client by Java(In Japanese), K. Manabe, K.
Eguchi, K. Watanabe, Journal for Academic Computing and Networking,
No.9, pp.91-94(2005.9)PDF.
- Opengate and the LAN for terminals in Saga University (In Japanese),
Y. Watanabe, H. Eto, M.. Otani, K. Watanabe, S. Tadaki, jus Symposium,
Tottori University of Environmental Studies, 9.22(2005)PDF
(Trans. to English)
- Implementation of IPv6 functions for a network user authentication
system Opengate, Makoto Otani, Katsuhiko Eguchi,Hirofumi Eto,Kenzi
Watanabe, Shin-ichi Tadaki,Yoshiaki Watanabe, ACM SIGUCCS Fall
2005,Monterey,California,pp.283-286(2005.Nov.6-9)(In English). PDF
- Development of a network user authentication system for IPv4/IPv6 dual
stack network (In Japanese), Makoto Otani, Katsuhiko Eguchi and Kenzi
Watanabe, IPSJ Journal, Vol.47,No.4,pp.1146-1156(2006)PDF
(Notice)
- Improvement of the network user authentication system Opengate for
IPv4/IPv6 network (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi
Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes
2006-DSM-43, pp.19-24(2006.9)PDF
- Improvement and operation of the network user authentication system
Opengate (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe,
Shin-ichi Tadaki, Yoshiaki Watanabe, Journal for Academic Computing and
Networking, No.10, pp.97-102(2006.9)PDF
- Detection of client usage termination by using HTTP keep-alive (In
Japanese), Yoshiaki Watanabe, Kiyoshi Mase, JCEEE Kyushu 2006, Miyazaki
Univ., 2006.9.28, 09-1A-09(2006.9)PDF
- Development of the new Opengate capable of detecting usage termination
by HTTP Keep-Alive (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi
Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes
2007-DSM-44, pp.65-70 (2007.3.9).PDF
- Development and Operation of a Network Authentication System with
Detecting Usage Termination by Watching HTTP Connection (In Japanese),
Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki
Watanabe, Journal for Academic Computing and Networking,
No.11,pp.87-91,(2007.9.14).PDF
- Installation and Operation of New Opengate with Detecting Usage
Termination by Watching HTTP Connection (In Japanese), Makoto Otani,
Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ
SIG Notes 2007-DSM-47,pp.31-36,(2007.9.21).PDF
- Installation to the Authentication Network of UPKI Initiative Server
Certificate (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe,
Shin-ichi Tadaki, Yoshiaki Watanabe, Journal for Academic Computing and
Networking, No.12,pp.103-107,(2008.9.12).PDF
- Usage of the Name Resolution in Opengate (In Japanese), Makoto Otani,
Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ
SIG Notes 2008-IOT-3,p.55-p.60,(2008.9.19).PDF
- Single Sign-on with Opengate (In Japanese), Hirofumi Eto, Makoto
Otani, Kenzi Watanabe, Shin-ichi Tadaki, IPSJ SIG Notes
2009-IOT-4,p.259-p.264/IEICE Technical Report SITE2008-88,IA2008-111,
pp.259-264,(2009.3.6).PDF
- Development and Smooth Installation of a Network Authentication System
with Detecting Usage Termination by Watching HTTP Connection (In
Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki,
Yoshiaki Watanabe, IPSJ Journal, Vol.50, No.3, pp.1032-1042(2009.3)PDF
(Notice)
- Forced Display of Portal Site with Single Sign-On (In Japanese),
Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki
Watanabe, IPSJ SIG Notes 2009-IOT-5,pp.1-6,(2009.5.28).PDF
- Construction of the network based on a campus portal (In Japanese),
Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki
Watanabe, Journal for Academic Computing and Networking, No.13,
pp.135-139(2009.9)PDF
- Construction of the virtual network based on the portal site (In
Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki,
Yoshiaki Watanabe, Internet and Operation Technology Symposium(IOTS2009)
(2009.12.10)PDF
- Development of the Network User Authentication System Supporting
Single Sign-On (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi
Watanabe, Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ Journal,
Vol.51,No.3,pp.1031-1039(2010.3)PDF (Notice)).
- Operation of SSO-Opengate Using virtual machine (In Japanese), Makoto
Otani, Hirofumi Eto, Kenzi Watanabe, Shin-ichi Tadaki, Yoshiaki
Watanabe, IPSJ SIG Notes 2010-IOT-5 (2010.5.13).PDF
- Opengate on Cloud, Kenzi Watanabe, Makoto Otani, Shin-ichi Tadaki and
Yoshiaki Watanabe, The 26th IEEE International Conference on Advanced
Information Networking and Applications (AINA-2012), Fukuoka Institute
of Technology (FIT), Fukuoka, Japan (2012.03.28) PDF
- Development of Opengate capable of detecting usage termination
by WebSocket (In Japanese), Makoto Otani, Hirofumi Eto, Kenzi Watanabe,
Shin-ichi Tadaki, Yoshiaki Watanabe, IPSJ SIG Notes 2013-IOT-21, pp.1-5
(2013.05.10).PDF
Another System : OpengateM
OpengateM is a MAC address based network user authentication system. Refer
OpengateM Homepage
OpengateM Homepage
If you have any questions or advice regarding this page, please
send a message to the following address:
Yoshiaki Watanabe : watanaby(at)users.osdn.me
Makoto Otani : otani(at)cc.saga-u.ac.jp