eduroam technical information

On this page you will find technical details on eduroam, guide for connecting (in Swedish), and eduroam resources.

Parameters

The following parameters must be exchanged with Skolfederation for eduroam connected organizations:

Administrative parameters

  • Organization name
  • Domain name
  • Technical contact person (name and email address)
  • Administrative contact person (name and email address)
  • Email address for abuse related matters

Technical parameters

  • Protocol (RADIUS/RADSEC)
  • Name and IP addresses of connected servers
  • Mutually shared secret (RADIUS) or certificate (RADSEC)

The shared secred is provided by Skolfederation to the technical contact in agreement. If certificate is used the exchange is performed correspondingly.

RADIUS/RADSEC servers

Servers:

For RADIUS, use port 1812 (UDP)
For RADSEC, use port 2083 (TCP)

RADSEC certificate

Certificate file is found here: https://skolfederation.se/app/uploads/2021/10/eduroam-skolfederation-v2-1.crt

eduroam-skolfederation-v2-1.crt

-----BEGIN CERTIFICATE-----
MIIGFTCCA/2gAwIBAgIJANFyJ3HDEqw+MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
VQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0x
FzAVBgNVBAoMDlNrb2xmZWRlcmF0aW9uMSkwJwYDVQQDDCByYWRpdXMuZWR1cm9h
bS5za29sZmVkZXJhdGlvbi5zZTElMCMGCSqGSIb3DQEJARYWaW5mb0Bza29sZmVk
ZXJhdGlvbi5zZTAeFw0yMTA5MjgxMDQ5MDlaFw0zMTA5MjYxMDQ5MDlaMIGgMQsw
CQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hv
bG0xFzAVBgNVBAoMDlNrb2xmZWRlcmF0aW9uMSkwJwYDVQQDDCByYWRpdXMuZWR1
cm9hbS5za29sZmVkZXJhdGlvbi5zZTElMCMGCSqGSIb3DQEJARYWaW5mb0Bza29s
ZmVkZXJhdGlvbi5zZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMej
axUv2VuYvwELE3gxfPYHTxUn2LRtMa4p87n8bX3UsU2kiud/15fJt6x26RH1TSn1
l+LETa+EUI0DKYapmlt0uMZO9zLRK+HvvdT5M0xEVeN7CAEROvIDBBHcQPaDvm1C
Xb1Kuj0mrF92p99hJvr9ZZNaZ7YbNVeD+CAY1FKjiHHtyzBr+8Zzwq0Q7iPMj/uY
JR3YS1uwdjpcL6mhXpzgPVmK/F82bK0AipB4FdL5qWFWWCaILEqO6jnm8fbRtvJO
bnPDRHzvnQ1UhK2Jy9bngfZofvgT661hcIfFn+syj47OuYC5YoDp4XoCa74tHo4D
vh6ZHvY3/vEI0I4Maj8kLE6kU4ck53DzuAaLL/ZD7Rri3HpOZVchPVTGCG/CH5i0
RphiIc6kXjaUJVoB3xUBPM2EBD3QS4UQTLm3KgQ6xJEKGEDYV5fWkHVmDKoJbsIF
g0UJJ3bONW1EDYqYB0KSfjruumWLQ47eybgX0M61BlEfJBvZXQJroyQTNw/qt0ae
Ek1oEuByPbNY73LvvizJNNoS3Ql3A1EonBhti2l6bxd+fd+SJaBbJ5Il7YOdk1cw
a8bEe9g6P0GhnoxL6ESaf0hjj6FquWZJm3VaiFu/PdVI4/lLCxaKlTFGFPwT38Ps
Kx1j3ng0MOuK6eG9wgzmBqyg17B7NFLQLTZqotZxAgMBAAGjUDBOMB0GA1UdDgQW
BBTtkncImc0NGbKTSLRVBAvKDVf5PjAfBgNVHSMEGDAWgBTtkncImc0NGbKTSLRV
BAvKDVf5PjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCQp3L3+ged
xWyKJAWErkpciuYTX6d/xuJVAQy23jzYSAVnfq0QwgeIzuKZ1sKEl+a1UiLkzN82
fULQ0/sILPHoU8v+wr9AYHdJiwpFGdeuxOv5QGTGqblRZlSTeuuo/VuriEhUSKi+
afpObwJHKZmnixmhSMgEXeO0Ft0lBWrvxsYN2n9MzJPV0OrspLvr0AhkjzJAs/7m
uxPIyuFss2sCPiRT4YSTVAIWkPutxTLQeoFsl2oUHNVGVkPrxWhv3fZo85/tAdFS
+mBrNzc19lLK0TvOOCpvDsREQpA6vipormxPKhvyfPGCrBuGzbTnjZ5/MtbWPXyS
FIFNjS486EiGWsSl382O+my8pJsOADpurzj5sjNGC1vl8IzWgsU6LU66AeFI+4xo
6ubv5izHvG2IqPdzGbM2UDU+k+nN/m3bdzoQN7ZFSK8TThSjTBB9zG7jGQjQRKNn
akP+VcdDqJFV/YuWpYMYNgEbQBCs+dKEU5W9STSqjQ+ZhpsJXBq7L8Phmbg5Qxf3
1PKibXiMO7TYRfovIakLw0D8VNMGM/bhLCxI9vPr/mhCUM+S2U6+pSaOVaZtDi0o
2cJ/BG8DIpFx5ejInDe3WVDGLvt3HuFCLlkMsUXAhvrUJlrmUi6BVyI3by2FiBsv
kzlKajVgtanlx0N1AHKDksppk8FEgHO+kw==
-----END CERTIFICATE-----

SHA-256 fingerprint:
9C:CD:45:03:F7:6A:E0:DA:C0:87:A1:DF:66:66:F5:52:5D:89:65:79:25:1C:E8:74:93:57:8A:82:C9:A0:A3:A7

Acceptance test and connecting

Before the test connection may be put in production an acceptance test must be performed. How the acceptance test is performed depends on if the organization is connecting as eduroam SP and/or IdP.

Connecting eduroam SP

To connect an eduroam SP the connecting organization configures their RADIUS servers with Skolfederation parameters.

The connecting organization is responsible for filtering any harmful attributes in RADIUS responses, such as VLAN- and role allocation.

After configuration a temporary test account is obtained. When Skolfederation and the connecting organization have confirmed successful authentication, and that the network function fulfills the eduroam Policy Service Definition, the systems may be put into production.

Connecting eduroam IdP

To connect an eduroam IdP the connecting organization configures their RADIUS servers to respond to calls from Skolfederation. Connected IdP must fulfill the requirements set in SWAMID eduroam Technology Profile v1.0.

After configuration connecting organization should perform a test of the function. This is performed easiest by testing the connection at another connected eduroam SP.

Resources

Guide

Here you can find a guide containing information and considerations on connecting (in Swedish):

https://skolfederation.se/app/uploads/2014/04/eduroam-v%C3%A4gledning.pdf

Summarized experiences in connecting to eduroam

Linköping municipality shares their experiences in connecting to eduroam in the below document (in Swedish):

https://skolfederation.se/app/uploads/2014/02/Link%C3%B6pings-kommun-Erfarenheter-inf%C3%B6rande-av-eduroam1.pdf

External resources


  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.