Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The eduroam database is populated by parsing federation-provided metadata once every day. The data is expected on the main eduroam website of the federation, which is usually www.eduroam.TLD (where TLD is the country-code top-level domain of the federation); exceptions for the domain name exist.

The file files to populate for federation administrator contact information isare

http://www.eduroam.TLD/general/realm.xml
http://www.eduroam.TLD/general/ro.json

The contents of this the XML file and Json files are defined in the Schema and example XML/Json files exist at monitor.eduroam.org. New federations which provide their XML/Json file(s) for the first time should contact eduroam Operations so that their URL is added to the list of sources of information.

...

Federation operators in Europe should directly contact the GEANT mailing list of the eduroam Operations Team (eduroam-ot (attat) lists.geant.org) and request their access to the eduroam Operations Support Services. Federation operators outside Europe should send their request to their representative of the Global eduroam Governance Committee (GeGC), who will in turn contact the eduroam Operations Team.

...

A user requesting access will be sent an email with detailed instructions on how to redeem the invitation token. It should be noted that the eduroam web authentication proxy requires a number of user attributes (predominantly the email address) to correlate the token with the user in question. If the AAI system in use does not reveal enough attributes, the account can still be given administrator privileges; but this then requires manual processing by eduroam OT then and takes longer than the automatic self-service registration. Please consider revealing the AAI attributes for real name (displayName) and for email address (email), if possible.

Common authentication problems

...

The eduroam web authentication proxy allows for federated login - users are redirected to their Identity Provider, which authenticates the user and sends an assertion about the user back to the proxy.

This involves the protocol SAML and is an operation in which multiple administrative domains are touched. This leads to a number of breakpoints where the authentication process can fail. The most common such problems are listed below, including suggestions on how to solve or work around them.:

  • No metadata found [IdP-side error, reported on IdP login page]

...

  • Missing attributes for unique identifier [IdP-side error, reported on eduroam authentication proxy]

...

  • Wrong attribute format for unique identifier [IdP-side error, reported on eduroam authentication proxy]

...