cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Tomasz Wolniewicz <twoln AT umk.pl>
- To: Robert Mertling-Blake <rm29 AT soas.ac.uk>
- Cc: "cat-users AT geant.net" <cat-users AT geant.net>
- Subject: Re: [cat-users] this is not a problem but a request...
- Date: Sat, 2 Nov 2013 09:59:07 +0100
- List-archive: <https://mail.geant.net/mailman/private/cat-users/>
- List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>
Hi,
I would like to make sure that I understand correctly. You would suggest that for certain IdPs, the IdP selection would result in federated authentication and authorization and that the download would not be possible without authorization?
This should be doable if more people thought that this is the right approach. Out of curiosity, how do you separate users who are allowed to use eduroam? Would this be really done on per user basis or rather would it be that you allow certain groups. In the second case you could probably just define CAT profiles for the authorized groups and one for everyone else. This last one would then implement a redirect to your local page which would tell them to 'forget it'.
This would not prohibit people downloading other profiles, but they would receive plenty of warning that stuff will nit work for them.
Tomasz
-----
Tomasz Wolniewicz
One thing we've looked at is using shibboleth to pre-auth users before downloading apple mobileconfig profiles - one reason being that we were considering making sure that only people entitled to connect to eduroam could do so, and those that weren't were given an explanation rather than connection issues - we also used the login data to prepopulate the username field (concatenating in @realm) in the mobileconfig profile.
Never got round to implementation on the entitlement side, but the pre-populated username has worked a treat.
Rob
On 1 Nov 2013 16:34, "Tomasz Wolniewicz" <twoln AT umk.pl> wrote:Hi,
frankly I would be against filling in the realm automatically. This would only work in a limited number of situations, and I think that it would only confuse users that sometines they need the full identifier and sometimes the user part is enough.
Alerting the user about the missing '@' would be fine, though.
Tomasz
W dniu 01.11.2013, 21:04, Brian Epstein pisze:
Hi Philippe,>
This is a good idea.
On the same topic, one thing we noticed with the Windows tool is that
it didn't automatically fill in the domain. Would it be possible to
automatically input the realm specified in the CAT tool in that field
as well?
Many thanks,
ep
On 11/01/2013 02:29 PM, Philippe Hanset wrote:
> One of the schools that uses CAT in our US federation asked me if
> it would be possible for CAT to automatically fill the REALM (or at
> least check for its absence and warn the user) when users enter
> their credentials. It doesn't have to automatically add the REALM
> but it could at least check for the existence of a structure of the
> form *@*
> BTW... will you add the LOGOUT button on the admin interface?
> Thanks,
> A bient?t,
> Philippe
> Philippe Hanset www.anyroam.net <http://www.anyroam.net>
--
Tomasz Wolniewicz
twoln AT umk.pl http://www.umk.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication
Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
- [cat-users] this is not a problem but a request..., Philippe Hanset, 11/01/2013
- Re: [cat-users] this is not a problem but a request..., Brian Epstein, 11/01/2013
- Re: [cat-users] this is not a problem but a request..., Tomasz Wolniewicz, 11/01/2013
- Re: [cat-users] this is not a problem but a request..., Robert Mertling-Blake, 11/01/2013
- Re: [cat-users] this is not a problem but a request..., Tomasz Wolniewicz, 11/02/2013
- Re: [cat-users] this is not a problem but a request..., Robert Mertling-Blake, 11/01/2013
- Re: [cat-users] this is not a problem but a request..., Tomasz Wolniewicz, 11/01/2013
- Re: [cat-users] this is not a problem but a request..., Tomasz Wolniewicz, 11/01/2013
- Re: [cat-users] this is not a problem but a request..., Stefan Winter, 11/02/2013
- Re: [cat-users] this is not a problem but a request..., Tomasz Wolniewicz, 11/02/2013
- Re: [cat-users] this is not a problem but a request..., Andrea Delise, 11/04/2013
- Re: [cat-users] this is not a problem but a request..., Tomasz Wolniewicz, 11/04/2013
- Re: [cat-users] this is not a problem but a request..., Andrea Delise, 11/04/2013
- Re: [cat-users] this is not a problem but a request..., Tomasz Wolniewicz, 11/02/2013
- Re: [cat-users] this is not a problem but a request..., Mike Dixson, 11/04/2013
- Re: [cat-users] this is not a problem but a request..., Brian Epstein, 11/01/2013
Archive powered by MHonArc 2.6.19.