You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

eduroam CAT: Purpose and scope

eduroam CAT is the eduroam Configuration Assistant Tool. Its purpose is to allow authorised eduroam Identity Providers to generate customised eduroam installers for various platforms, and to debug their RADIUS setup.

eduroam is organised in national federations. A federation administrator works at the eduroam National Roaming Operator (NRO) and accredits new eduroam IdPs, changes IdP details, or deprovisions eduroam IdPs. The primary vehicle for this is not eduroam CAT, but the official eduroam database, which contains all registered IdPs and their contact details.

An eduroam federation administrator can invite his IdPs to make use of the eduroam CAT if he wishes to; enabling or disabling IdPs for eduroam CAT is done inside the eduroam CAT administration interface. This interface does not replace an NROs internal customer relationship management system; in particular, CAT does not export data into the official eduroam database; it only consumes data from that database. An NRO is still required to maintain records of all its IdPs and SPs on its own, and to export the corresponding data to the official eduroam database.

Managing my federation

For users with the federation management privilege, eduroam CAT provides a dedicated web interface which allows federation administrators to

  • invite a new IdP to use eduroam CAT
  • add new representatives to existing IdPs
  • delete representatives of existing IdPs
  • take control over an IdP
  • manage the relationship between an IdP in eduroam CAT vs. an IdP in the official eduroam database

All of these functions are accessible after logging into eduroam CAT with an account with the federation operator privilege. With such a user account, a new button will be displayed in the personal overview page: "Click here to manage your federations". NB: if you are a federation administrator, but do not have a privileged account yet, please see the guide to eduroam Operations Support Services for federation administrators (link follows).

After clicking the button, an overview of the federation occurs, with entry points for the tasks mentioned above.

Invite a new IdP to use eduroam CAT

The button on the lower end of the page allows you to send an invitation to use eduroam CAT to an IdP in your federation. This can either be an IdP which is already in production (i.e. already listed in the official eduroam database with at least the "IdP" role) or it can be a new institution which is still in a bootstrapping phase (i.e. not yet registered in the official eduroam database).

After clicking the button, the following window will appear, which allows to take the required actions:

You can either select an institution which is already listed in the eduroam database ("Existing IdP") or you can instead use the "New IdP" row to enter an institution name and federation by hand.

In both cases, you need to enter the email address to send the invitation to. Before actually sending the invitation, keep in mind that the invitation token for the IdP admin will only be valid for 24h; and that the token can only be consumed once. It is thus wise to check that the mail address is going to be read in the next business day; and that tokens sent to a mailing list will only be valid for the first person who redeems the invitation token. It may be a good idea to use personal email addresses only.

 

 

  • No labels