Versions Compared

Old Version 1

changes.mady.by.user Stefan Winter

Saved on

compared with

New Version Current

changes.mady.by.user Stefan Winter

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

PAGE IS IN PREPARATION, NOT LIVE YET

NROs

eduroam Managed SP uses the same institution management workflows that eduroam CAT and eduroam Managed IdP use, see A guide to eduroam CAT 2.0 and eduroam Managed IdP for National Roaming Operator administrators.

...

This is all you have to do. The organisation's administrator will now get the sign-up token by email and can start using eduroam Managed SP. For reference, the invitation mail looks like this (click to enlarge):

Organisations (eduroam SPs)

Sign-Up

You have received an invitation mail from your eduroam National Roaming Operator. Please follow the link in the invitation and log into the system with a federated or social identity of your choice. Afterwards, you will be presented with a screen allowing you to set basic parameters about your organisation (such as name, logo, approximate geographic location). Most of these fields are optional.

Note
titleRemember to provide a helpdesk mail address!
The only required field is to set a Helpdesk Contact email address. Without a configured helpdesk address, you will not be able to to continue setting up your eduroam Managed SP!

Initial Configuration

At the end of this sign-up wizard, you are presented with your organisation overview in the system. This screen allows you to proceed to the eduroam Managed SP configuration details ("Manage SP functions"):

...

  • Custom Operator-Name: the system will always inject a RADIUS Attribute called "Operator-Name" for authentication requests originating from your hotspots. They are auto-generated and do not look pretty. If you have a DNS domain and want requests to be attributed to that domain, you can instead configure that here. Note: the string has to mandatorily start with the ASCII character for a printed "1" and then afterwards your DNS domain, like in the example "1my-own-operator-name.org"
  • VLAN tag for own users: If you wish, the system will assign authenticated users to a VLAN of your choice. It will only do so for users which are considered "your" users; roaming guests will not get a VLAN tag. If you happen to use also our eduroam Managed IdP offering, your IdP-side users are automatically considered "your" users. If not, or if you want to mark additional RADIUS realms as being your own, you need to use the third option.
  • Realm to be considered own users: the realms listed here will receive the VLAN tagging tagging mentioned for the previous option. Note that you do not need to type your eduroam Managed IdP realm here; we attribute that realm to your eduroam Managed SP deployment automatically. You only need this option for own, custom, additional realms that should receive the "home" VLAN tagging. By using the "Add new option" button, you can add as many realms as you like.

Usage

Once you have activated your deployment with the green "Activate" button above, you are ready! In your local Wi-Fi equipment, find the WPA-Enterprise (RADIUS) configuration options. There, you enter any of the RADIUS IP addresses, the matching RADIUS port number, and the RADIUS shared secret, as indicated. The rest of the Wi-Fi configuration is standard eduroam, like SSID=eduroam, WPA2/AES. And then, go ahead and try it out - eduroam users are now able to use your Wi-Fi network.

...