Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: document order of userID attributes (as shared by Dubravko on Slack)

...

Step 2: How to log into eduroam CAT?

When clicking on the Administration interface linkUnder the Manage Tab, go into eduroam admin access, you will be automatically sent to the eduroam Support Services' federated login service. This login service does not work with site-specific usernames and passwords; , instead you are presented with a list of sources of identity. Choose any organization that you have an account with:

 * eduGAIN: many universities across Europe have already joined the educational Global Authorisation INfrastructure - if your organization is among them, click on that institution and authenticate with your home organization's usual web login credentialsclick on that institution and authenticate with your home organization's usual web login credentials. 

  • Attributes needed for an R&E federated sign in to eduroam CAT may be one of the following:
    • eduPersonTargetedID, Subject-id, Pairwise-id.
    • All three are accepted, with no one attribute preferred over another at this time.
    • The attributes are checked for presence (and used when a value is found) in this order: eduPersonTargetedID, pairwise-id, subject-id.
    • For guidance on enabling these attribute(s) released or transitioning from one unique identifier to another should consult with your National Roaming Operator and/or IdP software provider. 


 * Experimental: some institutions are in the process of joining eduGAIN, but are not production-level members; if that is the case for your institution, you might find your institution's authentication service in this Experimental list

...

OpenRoaming is a Wi-Fi roaming consortium independent from eduroam, but using similar underlying technologies. You can find more details about this consortium and eduroam's interaction, and information for eduroam end users.

eduroam has created infrastructure that allows eduroam IdPs to enable their end-users for joining OpenRoaming hotspots. This

...

General information and details about the technical setup can be found at Roaming on Passpoint-based network infrastructure (incl. OpenRoaming) (notably the "eduroam IdP" section there). Only the CAT-specific steps are described below:

...

These checks can be repeated any time using the "Check Realm Reachability" button (see "Verifying my RADIUS Setup" below). The check page has a new tab for the OpenRoaming checks:

...

OS familyNotes
Windows 10+Depends on chipset and driver capabilities. If not supported, OpenRoaming will be silently ignored during installation.
AppleCAT native installer (mobileconfig): only works for PEAP and EAP-TLS. The password prompt for OpenRoaming during install is "ugly": geteduroam installer, TTLS support is possible (see extra explanation about geteduroam limits below)
Android 8+OpenRoaming availability depends on vendor build and chipset support.
Android 11+supported

Note on geteduroam on Androidand user choice: the in-app workflow only installs OpenRoaming if one the "Always" variants has been selected. If "Ask user" has been selected, geteduroam in-app workflow will only install eduroam, not OpenRoaming. "Ask user" will soon work (2.1.1 or as a hotifx) by downloading the Android installer from the end-user download interface of CAT and an "Open with ... geteduroam" (known as 'side-loading' in geteduroam).

...