The installation program is a CAT installer like usual, with the addition of a client certificate which is protected by the import password that is displayed on the screen. The addition of the import password provides a basic safeguard against credential sharing. Other safeguards (which could replace this UI-intensive step) such as maximum amount of MAC addresses are under consideration. Please report how well the import password method works for your users.
The installer sets up everything. The user should not need to interact with his operating system at all (at least, not any more than with other eduroam accounts).
Installer visibility on the user download page
If you have any questions about the eduroam Managed IdP website, please contact your eduroam National Roaming Operator first. They can escalate questions to the development team if need be. If you have questions about the underlying software, don't hesitate to ask on the mailing list email@example.com . If possible, please subscribe to the list before posting; this guarantees that you'll get replies even if someone forgets a "reply to all", and also ensures that your post doesn't accidently get classified as spam and discarded.
Inputs from External Testing
- Android support is paramount
The product is much less useful without Android support due to the very high market share of Android devices. Work is ongoing to secure a development contract to retrofit the required capabilities to the eduroam CAT Android app.
- Proper support for UDP fragmentation required
Some testers reported problems with Windows 10 devices (but not on other OSes). Windows does not limit the size of its EAP fragments while other supplicants do; so to make Windows machines authenticate, the entire RADIUS path (including SP network) needs to be able to handle UDP fragmentation.
- Small bugs
- Windows installer shows "EMAIL / WWW support" text even if not configured by the admin. Notified TW.