Home » eduroam Setup

eduroam Setup

Enabling Anonymous Outer Identity with eduroam CAT and NPS

Introduction Best practices suggest that eduroam be deployed at an organization using eduroam CAT profiles. eduroam CAT profiles ensure that users are protected against rogue wi-fi hotspots accessing usernames and passwords. The eduroam CAT tool available for administrator at cat.eduroam.org. The eduroam Configuration Assistant Tool (CAT) has been developed to help organizations offering their users […]

blog arrowDate: February 5, 2020

eduroam Security Best Practices

Security is not a thing, but a practice. We strongly recommend that each organization participating in eduroam adopt the following eduroam security best practices: Use RADIUS server certificates to enable a secure connection between the server and user devices. Create a CAT (Configuration Assistant Tool) Profile for your organization using cat.eduroam.org to offer a security-first […]

blog arrowDate: February 5, 2020

eduroam Capacity Considerations

Overview Capacity planning for eduroam is no different than any other wireless infrastructure capacity planning exercise. We recommend consulting guidelines from your hardware and infrastructure provider. IP Space For IP space planning, expect that your largest audience may carry on average 2-2.5 devices per person, each requiring an address.  A single class C may not […]

blog arrowDate: November 2, 2017

Enabling eduroam Configuration Assistant Tool (cat.eduroam.org)

Introduction The service to help users configure eduroam security is called the ‘Configuration Assistant Tool’ or ‘CAT’ for short. As a part of the eduroam onboarding process, your institution’s Primary Technical Contact will have been provided an invitation to access the cat.eduroam.org site.  Technical instructions to configure the CAT Profile for your institution can be […]

blog arrowDate: October 20, 2017

Recommended RADIUS Platforms and Tools

To offer eduroam, institutions must have one or more RADIUS servers that can be used as their IdP to authenticate local users and proxy requests of visitors to the Canadian Federation-Level RADIUS servers. CANARIE does not prescribe which vendor’s RADIUS server a participant should use. To avoid duplication, CAF recommends the following for RADIUS platforms:: […]

blog arrowDate: April 20, 2017

Firewall and IP address recommendations

The table below summarizes the IP addresses and ports associated with the Canadian Federation-Level RADIUS servers (FLRs) for eduroam, and monitoring of IdP status for Federated Identity Management (FIM). CANARIE operates additional monitoring and operational tools for CAF services.  Participants are encouraged to use these tools and permit access to CANARIE on the listed ports […]

blog arrowDate: April 17, 2017

Recommendations about Certificates

Ultimately, it is up to the CAF participant to determine which type of certificate is preferred. Since self-signed certificates are free, can be valid for up to 10 years, and help mitigate Rogue APs, CANARIE recommends them over commercial certificates. Additional considerations: The impact of certificate type comes into play only during the first time […]

blog arrowDate: March 20, 2017

eduroam Service Quality Obligations

General Principles eduroam use for the mobile user should be familiar and seamless whether they are at their home institution or at another eduroam-enabled site.  It should complete the authentication process and once signed on allow internet access with as little filtering as possible[1]. If any port filtering occurs, the acceptable minimal set of ports […]

blog arrowDate: March 15, 2017

How eduroam uses your domain as a Realm

eduroam uses the ‘@realm.ca’ as the way to route the authentication requests.  This realm is also used as a scope for CAF FIM (Federated Identity Management or Federated Single Sign On) and is the domain for which your institution is trusted to manage. A participant should have only one domain for their identity set in […]

blog arrowDate: February 20, 2017

eduroam Provisioning Considerations

Mass Device Configuration with eduroam Configuration Assistant Tool (CAT) Whether you have only a few users or thousands, we recommend using the cat.eduroam.org Configuration Assistant Tool (CAT). This highly flexible tool supports all major devices and will help deploy your wireless profiles to your population at large.  For more on eduroam CAT please see visit cat.eduroam.org. […]

blog arrowDate: January 26, 2017