...
A user requesting access will be sent an email with detailed instructions on how to redeem the invitation token. It should be noted that the eduroam web authentication proxy requires a number of user attributes (predominantly the email address) to correlate the token with the user in question. If the AAI system in use does not reveal enough attributes, the account can still be given administrator privileges; but this requires manual processing by eduroam OT then and takes longer than the automatic self-service registration. Please consider revealing the AAI attributes for real name and for email address if possible.
Common authentication problems
...
The eduroam web authentication proxy allows for federated login - users are redirected to their Identity Provider, which authenticates the user and sends an assertion about the user back to the proxy.
This involves the protocol SAML and is an operation in which multiple administrative domains are touched. This leads to a number of breakpoints where the authentication process can fail. The most common such problems are listed below, including suggestions on how to solve or work around them.:
- No metadata found [IdP-side error, reported on IdP login page]
...
- Missing attributes for unique identifier [IdP-side error, reported on eduroam authentication proxy]
...
- Wrong attribute format for unique identifier [IdP-side error, reported on eduroam authentication proxy]
...