On this page you will find technical details on eduroam, guide for connecting (in Swedish), and eduroam resources. |
Parameters
The following parameters must be exchanged with Skolfederation for eduroam connected organizations:
Administrative parameters
- Organization name
- Domain name
- Technical contact person (name and email address)
- Administrative contact person (name and email address)
- Email address for abuse related matters
Technical parameters
- Protocol (RADIUS/RADSEC)
- Name and IP addresses of connected servers
- Mutually shared secret (RADIUS) or certificate (RADSEC)
The shared secred is provided by Skolfederation to the technical contact in agreement. If certificate is used the exchange is performed correspondingly.
RADIUS/RADSEC servers
Servers:
For RADIUS, use port 1812 (UDP)
For RADSEC, use port 2083 (TCP)
RADSEC certificate
Certificate file is found here: https://skolfederation.se/app/uploads/2021/10/eduroam-skolfederation-v2-1.crt
eduroam-skolfederation-v2-1.crt
-----BEGIN CERTIFICATE----- MIIGFTCCA/2gAwIBAgIJANFyJ3HDEqw+MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD VQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0x FzAVBgNVBAoMDlNrb2xmZWRlcmF0aW9uMSkwJwYDVQQDDCByYWRpdXMuZWR1cm9h bS5za29sZmVkZXJhdGlvbi5zZTElMCMGCSqGSIb3DQEJARYWaW5mb0Bza29sZmVk ZXJhdGlvbi5zZTAeFw0yMTA5MjgxMDQ5MDlaFw0zMTA5MjYxMDQ5MDlaMIGgMQsw CQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hv bG0xFzAVBgNVBAoMDlNrb2xmZWRlcmF0aW9uMSkwJwYDVQQDDCByYWRpdXMuZWR1 cm9hbS5za29sZmVkZXJhdGlvbi5zZTElMCMGCSqGSIb3DQEJARYWaW5mb0Bza29s ZmVkZXJhdGlvbi5zZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMej axUv2VuYvwELE3gxfPYHTxUn2LRtMa4p87n8bX3UsU2kiud/15fJt6x26RH1TSn1 l+LETa+EUI0DKYapmlt0uMZO9zLRK+HvvdT5M0xEVeN7CAEROvIDBBHcQPaDvm1C Xb1Kuj0mrF92p99hJvr9ZZNaZ7YbNVeD+CAY1FKjiHHtyzBr+8Zzwq0Q7iPMj/uY JR3YS1uwdjpcL6mhXpzgPVmK/F82bK0AipB4FdL5qWFWWCaILEqO6jnm8fbRtvJO bnPDRHzvnQ1UhK2Jy9bngfZofvgT661hcIfFn+syj47OuYC5YoDp4XoCa74tHo4D vh6ZHvY3/vEI0I4Maj8kLE6kU4ck53DzuAaLL/ZD7Rri3HpOZVchPVTGCG/CH5i0 RphiIc6kXjaUJVoB3xUBPM2EBD3QS4UQTLm3KgQ6xJEKGEDYV5fWkHVmDKoJbsIF g0UJJ3bONW1EDYqYB0KSfjruumWLQ47eybgX0M61BlEfJBvZXQJroyQTNw/qt0ae Ek1oEuByPbNY73LvvizJNNoS3Ql3A1EonBhti2l6bxd+fd+SJaBbJ5Il7YOdk1cw a8bEe9g6P0GhnoxL6ESaf0hjj6FquWZJm3VaiFu/PdVI4/lLCxaKlTFGFPwT38Ps Kx1j3ng0MOuK6eG9wgzmBqyg17B7NFLQLTZqotZxAgMBAAGjUDBOMB0GA1UdDgQW BBTtkncImc0NGbKTSLRVBAvKDVf5PjAfBgNVHSMEGDAWgBTtkncImc0NGbKTSLRV BAvKDVf5PjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCQp3L3+ged xWyKJAWErkpciuYTX6d/xuJVAQy23jzYSAVnfq0QwgeIzuKZ1sKEl+a1UiLkzN82 fULQ0/sILPHoU8v+wr9AYHdJiwpFGdeuxOv5QGTGqblRZlSTeuuo/VuriEhUSKi+ afpObwJHKZmnixmhSMgEXeO0Ft0lBWrvxsYN2n9MzJPV0OrspLvr0AhkjzJAs/7m uxPIyuFss2sCPiRT4YSTVAIWkPutxTLQeoFsl2oUHNVGVkPrxWhv3fZo85/tAdFS +mBrNzc19lLK0TvOOCpvDsREQpA6vipormxPKhvyfPGCrBuGzbTnjZ5/MtbWPXyS FIFNjS486EiGWsSl382O+my8pJsOADpurzj5sjNGC1vl8IzWgsU6LU66AeFI+4xo 6ubv5izHvG2IqPdzGbM2UDU+k+nN/m3bdzoQN7ZFSK8TThSjTBB9zG7jGQjQRKNn akP+VcdDqJFV/YuWpYMYNgEbQBCs+dKEU5W9STSqjQ+ZhpsJXBq7L8Phmbg5Qxf3 1PKibXiMO7TYRfovIakLw0D8VNMGM/bhLCxI9vPr/mhCUM+S2U6+pSaOVaZtDi0o 2cJ/BG8DIpFx5ejInDe3WVDGLvt3HuFCLlkMsUXAhvrUJlrmUi6BVyI3by2FiBsv kzlKajVgtanlx0N1AHKDksppk8FEgHO+kw== -----END CERTIFICATE-----
|
SHA- 256 fingerprint: 9C:CD:45:03:F7:6A:E0:DA:C0:87:A1:DF:66:66:F5:52:5D:89:65:79:25:1C:E8:74:93:57:8A:82:C9:A0:A3:A7
|
Acceptance test and connecting
Before the test connection may be put in production an acceptance test must be performed. How the acceptance test is performed depends on if the organization is connecting as eduroam SP and/or IdP.
Connecting eduroam SP
To connect an eduroam SP the connecting organization configures their RADIUS servers with Skolfederation parameters.
The connecting organization is responsible for filtering any harmful attributes in RADIUS responses, such as VLAN- and role allocation.
After configuration a temporary test account is obtained. When Skolfederation and the connecting organization have confirmed successful authentication, and that the network function fulfills the eduroam Policy Service Definition, the systems may be put into production.
Connecting eduroam IdP
To connect an eduroam IdP the connecting organization configures their RADIUS servers to respond to calls from Skolfederation. Connected IdP must fulfill the requirements set in SWAMID eduroam Technology Profile v1.0.
After configuration connecting organization should perform a test of the function. This is performed easiest by testing the connection at another connected eduroam SP.
Resources
Guide
Here you can find a guide containing information and considerations on connecting (in Swedish):
https://skolfederation.se/app/uploads/2014/04/eduroam-v%C3%A4gledning.pdf
Summarized experiences in connecting to eduroam
Linköping municipality shares their experiences in connecting to eduroam in the below document (in Swedish):
https://skolfederation.se/app/uploads/2014/02/Link%C3%B6pings-kommun-Erfarenheter-inf%C3%B6rande-av-eduroam1.pdf
External resources