The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hello,

> As you notice for all Windows assistant (see footnote 1 on the webpage
> of profiles), the realm of the outer identity is not correcty applied
> from the profile :
> 
> "Anonymous identities do not use the realm as specified in the profile -
> it is derived from the suffix of the user's username input instead."

Somebody actually read the footnote! I can't believe it! :-) Thanks for
the thorough read. Just like you observe below:

> This seems to be a limitation of Windows system which does not support
> the character @ in the outer identity (at least under the network
> connection GUI).

This is indeed intentional; the guys at Microsoft thought it's a good
idea not to allow typing a realm for the outer ID.

It's not a bug in the sense that the @ character is broken in that input
field - it's a feature: Microsoft really does not want a realm to be
typed. If your actual username contains a realm, it will be extracted
from the inner username and appended as a realm to outer. If your inner
username does not contain a realm, the input from the outer ID field is
used as-is.

> Is there anyway to fix it by concatenating the realm provided by CAT and
> the inner username during the installation process ?

No. The spec does not allow explicit configuration of realms for outer
IDs; trying to smuggle it in are blocked.

Greetings,

Stefan Winter

-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature