...
That's all - the CAT then proceeds to a sanity check of the things you have configured and will tell you about any things which need fixing, it any. You are then transported to the Institution dashboard - from where you can continue to download your installers, change institution or profile details, perform sanity checks and more.
Optional: OpenRoaming support
OpenRoaming is a Wi-Fi roaming consortium independent from eduroam, but using similar underlying technologies. eduroam has created infrastructure that allows eduroam IdPs to enable their end-users for joining OpenRoaming hotspots. This
- has to be enabled by your NRO for your country or region
- is entirely optional for you as an IdP
- requires actual work in your own domain's DNS setup to function correctly
- is currently in its early days and functionality varies between EAP types and operating systems
General information and details about the setup can be found at Roaming on Passpoint-based network infrastructure (incl. OpenRoaming) (notably the "eduroam IdP" section there). Only the CAT-specific steps are described below:
Enabling OpenRoaming with CAT 2.1+
Starting with version 2.1, the eduroam onboarding toolset (eduroam CAT and eduroam Managed IdP) integrates Passpoint network definitions in general, and OpenRoaming settings in particular, in its standard workflow. You can enable OpenRoaming by setting the option of that name in the "Media Properties" section:
If you do not see this option, then your National Roaming Operator (NRO) did not enable the functionality in their country or region yet. Please speak to your NRO in that case.
This option can have one out of four states. This is due to two choices you have to make about OpenRoaming inclusion into installers:
1) Do you want to give every end user the choice to decide whether they want to join OpenRoaming networks?
2) Do you inform your end users about the OpenRoaming Terms and Conditions yourself out-of-band, or should this be done by CAT?
Unsurprisingly, this maps to the four choices and end-user download interface:
| Option Value | Meaning | End-User download interface |
|---|---|---|
| Ask User | User is asked to make a choice; OpenRoaming Terms and Conditions have to be acknowledged during the download process | two buttons and a "Accept T&C" checkbox |
| Ask User; T&C Pre-Agreed | User is asked to make a choice; no need to acknowledge OpenRoaming Terms and Conditions explicitly because this has been done by the IdP | two buttons ("eduroam" and "eduroam and OpenRoaming") |
| Always | All users always gets an eduroam + OpenRoaming installer, but have to acknowledge the OpenRoaming Terms and Conditions during the download process | one button and a "Accept T&C" checkbox |
| Always; T&C Pre-Agreed | All users always get an eduroam + OpenRoaming installer, no need to acknowledge OpenRoaming Terms and Conditions because this has been done by the IdP | one button ("eduroam and OpenRoaming") |
| (not set) | no OpenRoaming, just eduroam | one button ("eduroam") |
Technical ability to support OpenRoaming in installers
Support is currently limited to the following operating systems:
| OS family | Notes |
|---|---|
| Windows 10+ | Depends on chipset and driver capabilities. If not supported, OpenRoaming will be silently ignored during installation. |
| Apple | CAT native installer (mobileconfig): only works for PEAP and EAP-TLS. The password prompt for OpenRoaming during install is "ugly": geteduroam installer, TTLS support is possible (see extra explanation about geteduroam limits below) |
| Android 8+ | OpenRoaming availability depends on vendor build and chipset support. |
| Android 11+ | supported |
Note on geteduroam on Android: the in-app workflow only installs OpenRoaming if one the "Always" variants has been selected. If "Ask user" has been selected, geteduroam in-app workflow will only install eduroam, not OpenRoaming. "Ask user" works by downloading the Android installer from the end-user download interface of CAT and an "Open with ... geteduroam" (known as 'side-loading' in geteduroam).
Generating installers for my users
...