The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Tomasz Wolniewicz <twoln AT umk.pl>]

Hi,

W dniu 2017-03-03 o 07:51, Stefan Winter pisze:
> Hello,
>
>> For us, in one example a person moves from an institution that is also
>> an eduroam IdP, to our campus-- either as a student or faculty or staff
>> member.  Their old credentials are invalid and they use CAT to install
>> our profile.  Are you saying that the old profile will not be removed
>> because it has a different UUID?
> Well, the fact that he gets another credential from doesn't
> automatically mean his old credential goes away - they could both be
> valid; and it would be undue to generously delete it from our side.
However this deletion is exactly what is happening in the Linux and
Windows cases thus we are not consistent here.
Probably we should decide which is the proper way.

Tomasz

>
> The UUID is calculated based on five inputs
>
> - a constant prefix
> - the consortium name ("eduroam")
> - the country idenfifier (e.g. "US")
> - the institution name (in the user's locale at download time)
> - the profile name (in the user's locale at download time)
>
> So, different IdPs get a different UUID. And yes, then macOS / iOS
> install both.
>
> I don't think there's a feature to request or a bug to fix in that case.
> It's allowed for a human to have more than one eduroam account, and we
> don't know if the previous one expired or not, and if it maybe has a
> reason for continued existence. So there's no deletion action to take
> just because another IdP's credential is added.
>
>> In another case, we change a configuration in our CAT profile because we
>> need to modify our trusted root CA / intermediate CA / server CA.  Does
>> this then generate a new UUID and therefore would not remove the old
>> profile if re-installed?
> No, as you can see from the above explanation, that condition keeps the
> UUID (unless you also change inst name or profile name at the same time).
>
> There is the remote possibility that you have inst or profile names in
> different languages, and that a user installed the profile once in one
> locale and once in another. Can we assume that this is not the situation
> we are looking at?
>
>> I believe I've seen what UDel reports regarding macOS and iOS.  I can do
>> some testing and provide more info.
> Please do test against the CA change. This is meant to maintain the same
> PayloadUUID and overwrite old settings. If it does not, then we're
> looking at bugland.
>
> It might help to send me two profiles off-list, old vs. new.
>
> Greetings,
>
> Stefan Winter
>

-- 
Tomasz Wolniewicz    
          
twoln AT umk.pl
        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME