The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> Thanks for getting back to me, as far as I know, our Xaverian College was 
> only recently created as part of our application process and initial set 
> up.>
> I'm a bit stuck in the middle, as I have a consultant engineer setting this 
> up for me, who just wants access to the CAT. He has performed eduroam tests 
> against our NPS server which all checked out

Like my colleagues from UK Fed already hinted: you(he can always click
on the tab "Social Networks" and use one of those sources of identity if
there's no fitting one in eduGAIN.

If your entry in eduServ/UK Fed/eduGAIN is not functional right now, it
might take some time to get it to working state. If your eduroam things
are not to be blocked by that external dependency, the social network
login option is your best workaround.

> What is eduGAIN?

It's like eduroam, but for web applications rather than for network
access: you get privileged access to resources on /websites/ based on an
identity verification by your /home organisation/ (via a redirect to a
web page of that home organisation). That requires a working redirection
endpoint in your home organisation though; which is not the case for
Xaverian and it is where you are stuck right now.

Or, if you prefer a different way of explaining it: it's like the UK
Federation, but scaled up to world-wide scale.

Greetings,

Stefan Winter

> 
> Cheers,
> Martyn
> 
> -----Original Message-----
> From: Stefan Winter 
> [mailto:stefan.winter AT restena.lu]
> Sent: 31 August 2017 15:01
> To: Jon Agland 
> <Jon.Agland AT jisc.ac.uk>;
>  Martyn Bratt 
> <m.bratt AT xaverian.ac.uk>;
>  
> cat-users AT lists.geant.org
> Cc: UK Federation (Jisc) 
> <service.ukfederation AT jisc.ac.uk>
> Subject: Re: [[cat-users]] FW: eduroam CAT authentication (Ref:IN:00216824)
> 
> Hi,
> 
> Martyn, I work on the CAT side of things. I didn't see a need to get 
> involved since you are in good hands at the UK Federation:
> 
> There is something wrong with the entry called "Xaverian College".
> 
> The problem is not with CAT, and we can't do anything to fix it. It's on 
> the end of the conversation that should ask you for your username and 
> password at Xaverian, but doesn't. For reasons UK Fed understands much 
> better than I do, that broken place is on a server called 
> "login.openathens.net". And that's all I know.
> 
> Folks from UK Fed are investigating why this entry is there, why it's 
> defunct, and whether it maybe is obsolete and shouldn't be there in the 
> first place. I'll be happy to read about their conclusions, if any.
> 
> The only thing I can say is: many other Identity Providers from that very 
> long list of universities in the eduGAIN list work just fine, so we clearly 
> don't seem to have an issue on our side.
> 
> As for United ID: they are listed on the eduGAIN pane, and when I click 
> there I get a username/password prompt rather than an error page, so things 
> look good. At least, much better than at Xaverian anyway :-) I obviously 
> can't say for sure if the login with United ID would actually work because 
> I don't have an account there to try with.
> 
> Greetings,
> 
> Stefan Winter
> 
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
> la Recherche 2, avenue de l'Université
> L-4365 Esch-sur-Alzette
> 
> Tel: +352 424409 1
> Fax: +352 422473
> 
> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the 
> recipient's key is known to me
> 
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
> 
> Hello Martyn,
> 
>> I have to say, I'm a bit lost! Is this a user group email?
> 
> The eduroam CAT team usually respond to enquiries on this list, but
> there are few lurkers on this list such as myself :)
> 
>> I get taken to a page that says’ “Oops
>> something went wrong, there’s nothing here” unlike other
>> organisations who appear to get a log in prompt.
> 
> That's what I meant by your SAML IdP (Identity provider) registered via
> Eduserv is no longer working.  I suspect it's a red-herring and we in
> the UK federation team need to work to remove this legacy registration.
>  Unless you know you have services from Eduserv that should be working?
> 
>> I'd very much like to get this working rather than going the route of
>> social media, am I speaking to the right people now, to get this
>> resolved?
> 
> If you wanted to register a different SAML IdP within the UK federation
> (and therefore eduGAIN), then you would need a SAML IdP e.g. Shibboleth
> deployed.  Further details on the UK federation can be found here.
> 
> https://www.ukfederation.org.uk/content/Documents/FedSupport
> 
> If you are just trying to gain access to CAT, then I suspect deploying
> a SAML IdP is not really want you want to do right now.
> 
> You might be better to just setup a single social media account e.g.
> Google for your IT team or to register for an account from United ID.
> 
> https://unitedid.org/
> 
> -- Can anyone else on the list verify if United ID works with eduroam
> CAT, it *should* do as far as I can see?
> 
> Cheers,
> 
> Jon
> 
> --
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT
> 
> No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower
> Hill, Bristol, BS2 0JA. T 0203 697 5800.
> 
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
> limited by guarantee which is registered in England under company
> number 2881024, VAT number GB 197 0632 86. The registered office is:
> One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
> 
> 
> On Thu, 2017-08-31 at 13:12 +0000, Martyn Bratt wrote:
>> Hi Jon,
>>
>> I have to say, I'm a bit lost! Is this a user group email?
>>
>> I just replied to an email from Alan Buxey, explaining that I
>> received my CAT invite initiated from the UK eduroam server, with a
>> token valid for 24 hours. I clicked the link and was taken to a page
>> with a list of all the various organisation using the service. I
>> searched out Xaverian College and clicked on it, it then reordered
>> itself at the top of the list with a heart next to it. When I click
>> on the Xaverian hyperlink, I get taken to a page that says’ “Oops
>> something went wrong, there’s nothing here” unlike other
>> organisations who appear to get a log in prompt.
>>
>> I'd very much like to get this working rather than going the route of
>> social media, am I speaking to the right people now, to get this
>> resolved?
>>
>> Cheers,
>> Martyn
>>
>>
>>
>> -----Original Message-----
>> From: Jon Agland 
>> [mailto:Jon.Agland AT jisc.ac.uk]
>> Sent: 31 August 2017 14:06
>> To: Martyn Bratt 
>> <m.bratt AT xaverian.ac.uk>;
>>  
>> cat-users AT lists.geant.org
>> Subject: Re: [[cat-users]] FW: eduroam CAT authentication
>> (Ref:IN:00216824)
>>
>> Hello Martyn,
>>
>> This is Jon Agland from the UK federation team at Jisc.
>>
>> As I understand it, eduroam CAT requires you as an admin to login
>> using
>> an existing authentication system, following the token link which the
>> eduroam (UK) team (Nik at Loughborough) will have provided.
>>
>> One of those options is federated access via eduGAIN and by virtue
>> the
>> UK federation as a member federation of eduGAIN.  I see that you have
>> a
>> SAML IdP (Identity provider) registered via eduserv for "Xaverian
>> College" in the UK federation, but it doesn't appear to be
>> functioning
>> [I'll follow this up elsewhere as I suspect it's no longer
>> used/available, but if it should be working then speak to Eduserv
>> and/or us on the UK federation team - 
>> service AT ukfederation.org.uk
>>  ]
>>
>> I believe there are other "Social Media" options available for access
>> to eduroam CAT (Facebook, Google, Linkedin, Twitter), so maybe that's
>> your best route in this case?
>>
>> Hope this helps!
>>
>> Cheers,
>>
>> Jon
>>
>>
>> Jon Agland
>> Principal UK federation technical support specialist
>> Jisc
>> T 02038198207
>> M 07443984222
>> Skype jon_agland
>> Twitter @jon_agland
>> Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
>>
>> jisc.ac.uk
>> ukfederation.org.uk
>>
>> Jisc is a registered charity (number 1149740) and a company limited
>> by
>> guarantee which is registered in England under Company No. 5747339,
>> VAT
>>
>> No. GB 197 0632 86. Jisc’s registered office is: One Castlepark,
>> Tower
>> Hill, Bristol, BS2 0JA. T 0203 697 5800.
>>
>> Jisc Services Limited is a wholly owned Jisc subsidiary and a company
>> limited by guarantee which is registered in England under company
>> number 2881024, VAT number GB 197 0632 86. The registered office is:
>> One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>>
>>
>> On Thu, 2017-08-31 at 08:46 +0000, Martyn Bratt wrote:
>>>
>>> Hi,
>>>
>>> I have been redirected here for support. I have an engineer
>>> contracted to help us implement EduRoam, and we have drawn a blank
>>> between us with reference to the SAML requirement mentioned by Nik
>>> Mitev at Loughborough below?
>>>
>>> Any advice or information would be welcomed!
>>>
>>> Any thanks in advance
>>>
>>> Martyn
>>>
>>> -----Original Message-----
>>> From: Carl Morgan 
>>> [mailto:Carl.Morgan AT euroele.com]
>>> Sent: 31 August 2017 09:43
>>> To: Martyn Bratt 
>>> <m.bratt AT xaverian.ac.uk>
>>> Subject: RE: eduroam CAT authentication (Ref:IN:00216824)
>>>
>>> This SAML requirement has stumped me Martyn.
>>>
>>> Might be worth contacting the CAT team to get some more info
>>>
>>>
>>> Carl Morgan
>>> Senior Network Engineer
>>>
>>> Tel
>>> (01865) 883300
>>> Fax
>>> (01865) 881656
>>> Mob
>>>
>>> Email
>>> Carl.Morgan AT euroele.com
>>> Web
>>> www.euroele.com
>>>
>>> Follow us on:
>>> This message may contain information and/or data that is
>>> confidential
>>> and legally privileged. It is intended solely for the addressee(s)
>>> only. If you are not the intended recipient you are notified that
>>> any
>>> use, publication, reproduction or dissemination is strictly
>>> prohibited and may violate certain laws.
>>> If you are not the intended recipient, please contact the sender by
>>> return e-mail and destroy this and all copies of this message
>>> and/or
>>> data. The content of this message has been scanned for viruses by
>>> MessageLabs.
>>> European Electronique Ltd, Forward House, Oakfields Ind. Est,
>>> Eynsham, Oxon, OX29 4TT, is registered in the United Kingdom with
>>> company registration number 1704440 and VAT registration number
>>> 834853016.
>>> -----Original Message-----
>>> From: Martyn Bratt 
>>> [mailto:m.bratt AT xaverian.ac.uk]
>>> Sent: 31 August 2017 09:38
>>> To: Carl Morgan 
>>> <Carl.Morgan AT euroele.com>
>>> Subject: FW: eduroam CAT authentication (Ref:IN:00216824)
>>>
>>> Hi Carl,
>>>
>>> I resorted to a different support channel and got this response
>>> from
>>> the same guy I emailed yesterday morning!?
>>>
>>> Are we sure our SAML instance is working fine? Whatever that may
>>> be?
>>> ? If so, then I will raise a support request with the mail address.
>>>
>>> Cheers,
>>> Martyn
>>>
>>> -----Original Message-----
>>> From: Nik Mitev 
>>> [mailto:nik.mitev AT jisc.ac.uk]
>>> Sent: 31 August 2017 09:24
>>> To: Martyn Bratt 
>>> <m.bratt AT xaverian.ac.uk>
>>> Cc: 
>>> tickets.service AT jisc.ac.uk;
>>>  
>>> jrs-support AT jisc.ac.uk
>>> Subject: Re: eduroam CAT authentication (Ref:IN:00216824)
>>>
>>> Hi Martyn,
>>>
>>> Jisc and the eduroam team at Loughborough don't develop or support
>>> the CAT tool - the official support channel for it is cat-users@lis
>>> ts
>>> .geant.org
>>>
>>> If you are positive your SAML instance is working fine, you should
>>> report the issue by emailing the above address.
>>>
>>> You can click on any other identity provider (e.g. Aalborg
>>> University) to see what one would normally get.
>>>
>>> Again, you can work around this by using one of the 'Social
>>> Networks'
>>> identity providers.
>>>
>>> Regards,
>>> Nik
>>>
>>> On 31/08/17 09:06, Jisc Remedyforce wrote:
>>>>
>>>>
>>>> Enquiry # (Ref:IN:00216824) with the following details has been
>>>> created:
>>>>
>>>> Subject: Form submission from: eduroam support request Open Date:
>>>> 31/08/2017 09:05 Caller Email: 
>>>> no-reply AT jisc.ac.uk
>>>>  Caller Name:
>>>> Jisc
>>>> Enquiry: Submitted on Thursday 31 August 2017, 09:04 Submitted by
>>>> anonymous user: 212.219.48.146 Submitted values are:
>>>>
>>>>     ==Your details==
>>>>       First name: Martyn
>>>>       Surname: Bratt
>>>>       Organisation: Xaverian College
>>>>       Email: 
>>>> m.bratt AT xaverian.ac.uk
>>>>       Work telephone: 01612492130
>>>>
>>>>
>>>>     ==Description of requested support==
>>>>       Message regarding the requested support:
>>>>       The engineer setting up our EduRoam membership emailed me
>>>> the
>>>>       night before last to say that EduRoam tests were now
>>>> working
>>>>       through our NPS server, and asked that I try the CAT
>>>>       configuration site. I tried this yesterday morning and I'm
>>>> still
>>>>       getting the "Nothing here" message?
>>>>
>>>>       Nik Mitev previously told me this was caused when federated
>>>>       access is not working as it should at Xaverian. Clicking
>>>> the
>>>>       college name should return a page where you can
>>>> authenticate
>>>>       using the college's federated access system. He suggested
>>>> we
>>>>       could either troubleshoot with whomever is administering
>>>> this
>>>> at
>>>>       your end, or use one of the listed social networks for
>>>>       authentication.
>>>>
>>>>       The engineer believes this federation issue is resolved as
>>>> per
>>>>       tests completed and asked whether JISC could offer any
>>>> insight,
>>>>       as he couldn't see why it doesn't work now?
>>>>
>>>>
>>>>     ==Contact preferences==
>>>>       Would you like a copy of your submission? Yes
>>>>       How would you like to be contacted? Email
>>>>       What is your preferred time to be contacted? AM
>>>>
>>>>
>>>>
>>>>
>>>> The results of this submission may be viewed at:
>>>> https://www.jisc.ac.uk/node/19784/submission/2237
>>>>
>>>> Jisc is a registered charity (number 1149740) and a company
>>>> limited
>>>> by guarantee which is registered in England under Company No.
>>>> 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One
>>>> Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>>>>
>>>> Jisc Services Limited is a wholly owned Jisc subsidiary and a
>>>> company limited by guarantee which is registered in England under
>>>> company number 2881024, VAT number GB 197 0632 86. The registered
>>>> office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203
>>>> 697
>>>> 5800.
>>>>
>>>> Link to details (Remedyforce login required):
>>>> https://bmcservicedesk.eu3.visual.force.com/apex/BMCServiceDesk__
>>>> Re
>>>> med
>>>> yforceConsole?record_id=a2jw0000007yehA&objectName=Incident__c
>>>>
>>> --
>>> Nik Mitev
>>> eduroam UK Technical Support, Jisc
>>> www.eduroam.uk
>>>
>>> When replying to this e-mail is it essential to preserve the
>>> (Ref:IN:xxxxxx) text in the subject line and to always use 'Reply
>>> All'
>>>
>>>
>>>
>>> ♻ Please consider the environment, do you really need to print this
>>> email?
>>>
>>> This message is for the named person's use only and is to be
>>> treated
>>> as confidential. Any views expressed in this message are those of
>>> the
>>> individual sender and do not necessarily represent those of
>>> Xaverian
>>> College. If you receive this message in error please immediately
>>> delete it, without forwarding, printing or copying it, and notify
>>> the
>>> sender.
>>>
>>> WARNING: The recipient should check this email and any attachments
>>> for the presence of malware. Xaverian College accepts no liability
>>> for any damage caused by any malware transmitted by this email.
>>>
>>> ♻ Please consider the environment, do you really need to print this
>>> email?
>>>
>>>
>>>
>>> ♻ Please consider the environment, do you really need to print this
>>> email?
>>>
>>> This message is for the named person's use only and is to be
>>> treated
>>> as confidential. Any views expressed in this message are those of
>>> the
>>> individual sender and do not necessarily represent those of
>>> Xaverian
>>> College. If you receive this message in error please immediately
>>> delete it, without forwarding, printing or copying it, and notify
>>> the
>>> sender.
>>>
>>> WARNING: The recipient should check this email and any attachments
>>> for the presence of malware. Xaverian College accepts no liability
>>> for any damage caused by any malware transmitted by this email.
>>> To unsubscribe, send this message: 
>>> mailto:sympa AT lists.geant.org?sub
>>> je
>>> ct=unsubscribe%20cat-users
>>> Or use the following link: https://lists.geant.org/sympa/sigrequest
>>> /c
>>> at-users
>>
>> ♻ Please consider the environment, do you really need to print this
>> email?
>>
>> This message is for the named person's use only and is to be treated
>> as confidential. Any views expressed in this message are those of the
>> individual sender and do not necessarily represent those of Xaverian
>> College. If you receive this message in error please immediately
>> delete it, without forwarding, printing or copying it, and notify the
>> sender.
>>
>> WARNING: The recipient should check this email and any attachments
>> for the presence of malware. Xaverian College accepts no liability
>> for any damage caused by any malware transmitted by this email.
> 
> 
> ♻ Please consider the environment, do you really need to print this email?
> 
> This message is for the named person's use only and is to be treated as 
> confidential. Any views expressed in this message are those of the 
> individual sender and do not necessarily represent those of Xaverian 
> College. If you receive this message in error please immediately delete it, 
> without forwarding, printing or copying it, and notify the sender.
> 
> WARNING: The recipient should check this email and any attachments for the 
> presence of malware. Xaverian College accepts no liability for any damage 
> caused by any malware transmitted by this email.
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature