The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

One of the schools that uses CAT in our US federation asked me if it would be possible

for CAT to automatically fill the REALM (or at least check for its absence and warn the user) when users enter their credentials.

It doesn't have to automatically add the REALM but it could at least check for the existence of a structure of the form

*@*

We were thinking about this during the design phase of the tool. The issue with this is the inner identity does NOT have to contain any realm portion at all. The realm is only required in the outer identity to route the request to the IdP. There are no required naming conventions for the inner identity.

I guess that probably many IdPs conflate these two independent names and do use the same realm in inner. But for those who don't (e.g. using a Windows DOMAIN\\user  or "joe%accounting" or just "johndoe" without any qualifier), it would be a rather undue interference from the tool's side to throw a "Hey, are you sure you didn't forget an @ there?" in the user's face when the situation simply doesn't warrant it.

We could try to make this configurable somewhat, but since there's no required convention on the format, this could be a bit messy... at best, I could imagine a config item "Prefill username with" and then those with a DOMAIN could do "MYDOMAIN\\" and others with a strange suffix construct would do "%accounting". It would still be up to the user to have the intelligence to put his username after vs. before what's prefilled - placing the cursor at a specific point in the UI is really rather hard, I would think.

BTW... will you add the LOGOUT button on the admin interface?

As Tomasz noted, already implemented for the upcoming 1.1.  :-)

Greetings,

Stefan Winter

Thanks,

A bientôt,

Philippe

 

Philippe Hanset

www.anyroam.net