The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> I am forwarding a question / request form on of our institutions.
> When enabling anonymous outer ID, is it possible to include realm
> "anonymous AT myorg.no"
>  and let this be mirrored in the profiles?
> At present only "anonymous" is transferred to Win clients.
> 
> We have seen the footnote that the suffix is derived from the username
> input, but can this be changed? Or is it a good reason for this "feature"?

Welcome to the mysterious world of Windows :-)

It's the way how Microsoft designed the "anonymous" configuration. Also
if you configure this interactively, the string field is supposed to
contain only the local part of the username, i.e. anonymous. The realm
part of it gets constructed during the login, when the user enters the
realm himself.

I always found that ... odd .. to say the least, but we have to work
with what we have here. If you inspect the packets during
authentication, you'll see that the right construct of anonID@inputrealm
is chosen by Windows.

Glad to see that someone actually read my footnote text. I thought it's
way too easy to overlook :-)

Greetings,

Stefan Winter

> 
> Mvh
> Tom Myren
> UNINETT AS - 7465 Trondheim, tlf. 73 55 79 00 - fax 73 55 79 01
> Direkte innvalg 73 55 79 14 - mobil 92600199
> http://www.uninett.no
> 
> 
> 
> -------- Original Message --------
> Subject:      Re: Tilgang til http://cat-test.eduroam.org/admin/
> Date:         Wed, 08 May 2013 12:11:08 +0200
> From:         Øystein Gyland 
> <oystegy AT usit.uio.no>
> To:   Tom Ivar Myren 
> <tom.myren AT uninett.no>
> 
> 
> 
> On 05/08/2013 11:52 AM, Tom Ivar Myren wrote:
> 
>>> Under «Device compatiblity matrix for 
>>> eduroam AT uio.no
>>>  of Universitetet
>>> i Oslo» står det en fotnote for alle Windows-variantene:
>>>
>>> «Anonymous identities do not use the realm as specified in the profile
>>> - it is derived from the suffix of the user's username input instead»
>> Det betyr at sluttbruker må angi realm i brukernavnet når de første gang
>> oppgir dette. Om man ikke benytter anonym identitet vil det som er
>> oppgitt i realm automatisk bli benyttet.
>> Jeg har ikke spesifikt tetstet dette...
> 
> På min Win7-maskin så blir ytre identitet «anonymous» (uten @uio.no), 
> selvom jeg satt opp profilen med 
> «anonymous AT uio.no»
>  som ytre identitet.
> 
> Vi sliter litt med at folk oppgir brukernavnet sitt uten @uio.no, hvis 
> vi kunne ha fått satt opp en profil med 
> «anonymous AT uio.no»
>  som ytre 
> identitet hadde det vært gull. (Det er altså kun Windows-variantene som 
> har denne begrensningen såvidt jeg kan se).
> 
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

Attachment: signature.asc
Description: OpenPGP digital signature