...
- The contact information concerning the Identity Provider in the eduroam Operations Database needs to be complete and accurate, including at least email address, postal address and telephone number
- The Identity Provider must generate Chargeable-User-Identity attributes in authentication responses
The DNS zone for the Identity Provider's realm name must include a NAPTR record for their realm pointing to an eduroam OpenRoaming interchange proxy. The example below targets the general-purpose proxy operated by eduroam OT; the target host may be different for eduroam NROs who operate their own proxy:
realm.name. 43200 IN NAPTR 100 10 "s" "aaa+auth:radius.tls.tcp" "" _radsec._tcp.openroaming.eduroam.org.
- End user devices need to be provisioned with the pertinent settings to recognise OpenRoaming hotspots - see section "End-User Device Settings" below
- The end users themselves need to be made aware that they are bound by the OpenRoaming End-User Terms and Conditions whenever they connect to OpenRoaming hotspots.
When your user is actually roaming with OpenRoaming, this is visible is the RADIUS datagrams due to the RADIUS Attribute
Operator-Name = 4<string>where the string is the WBA Identifier of the organisation that operates the hotspot.
End-User Device Settings
Starting with version 2.0.3, the eduroam onboarding toolset (eduroam CAT and eduroam Managed IdP) automatically inject network definitions based on the eduroam Roaming Consortium Organisation identifiers (RCOI) on all platforms where this is possible. The platforms and their respective caveats are listed below.
...