The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tom Ivar Myren <tom.myren AT uninett.no>]

> 14. feb. 2017 kl. 14.37 skrev Stefan Winter 
> <stefan.winter AT restena.lu>:
> 
> Hi,
> 
>> ummm..okay. so, this is documented...just need to give access to 
>> cat.eduroam.org (A record, AAAA
>> coming...) - but for Android you also need the google play store access - 
>> which is a rather large
>> and changing list.....  and *then* there are some other issues
>> 
>> 
>> 1) some federations dont use car.eduroam.org - they use their own version 
>> of CAT - so you will need
>> to poke holes for those too (and I dont recally there being a directory of 
>> those instances....)
>> 
>> 2) some sites dont allow their profiles to be downloaded from CAT - they 
>> keep their own profiles
>> locally (so that, for example, they are known/tested and any change to CAT 
>> doesnt mean that their
>> users are now all getting untested profiles with new features.....) so 
>> those would also have to be allowed
> 
> not to forget 3)
> CRL and OCSP hosts to validate the HTTPS certificate on cat.eduroam.org.
> 
> Stefan
> 
> 
Thanks for your feedback. 
The case here was an institution that wants to convert from having profiles 
stored on local server to using CAT directly. 
Using ACL’s with ip addresses will of course be a challenge.  

And we can see CAT now do have ipv6 :-) 

/Tom