Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] Eduroam authentication tests from the website. - Brazilian Federation -

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Eduroam authentication tests from the website. - Brazilian Federation -


Chronological Thread 
    < Chronological >      < Thread >
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Andre Forigato <andre.forigato AT rnp.br>, cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] Eduroam authentication tests from the website. - Brazilian Federation -
  • Date: Fri, 14 Dec 2018 08:42:23 +0100
  • Autocrypt: addr=stefan.winter AT restena.lu; prefer-encrypt=mutual; keydata= mQINBFIplEwBEADTSz+DS8nio+RSvfSLLfaOnCGi1nqpn8Pb1laVUyEvnAAzZ5jemiS88Gxf iDH6hUGlWzcaW0hCfUHGiohr485adbjxRksPngWgAt/1bRxpifsW3zObFjgog01WWQV5Sihl wc4zr8zvYbFA5BJZ6YdkR9C5J015riv5OS30WTjA65SSXgYrb7zJWPwmegTFwE093uBFvC39 waz3xYpVu5j87nO6w2MVQt/8sY2/2BFPEq+xfOajl18UEwc7w8SCgnZdlVNcmEK4UBvJuwS/ 1lsR2JeQa8Gu1EDxC7PRgMgNXsDSWnnBe9aVmfG54+6ILe1QH2dwk9sPBQT5w2+vjijrb3Dv 9ur+1kN+TNU2XE436jVpnnY/3OsLdix30STQn4Q/XOm7YoVMeDwwviefilRxzK0dXA+wKj92 T68Od82CFxuZqPAgBCVmWfQM91iK9piqFK+QP+R3vF6+NGDBdwbe68iVKs0v5L8XmbxBQndj pmo+lo2asmBR2TAIfZHaKdgtBw13u3GPVVKlg/Mpko8ki9JOSem2aFyi3kQEVKptWgXT3POl 97DWJzsR5VyKz6GOx9kJAEISRyLZwm0wqh8+9LCza5oeIKW381lzq1b9x30vOh8CBSQQJ+cG 9ko0yPHAj7Suw2TmPXx1qMctmE6Ahq82ZW30SljdZby8WQuR2wARAQABtDxTdGVmYW4gV2lu dGVyIChSRVNURU5BIGtleSAyMDEzKykgPHN0ZWZhbi53aW50ZXJAcmVzdGVuYS5sdT6JAjkE EwECACMFAlIplEwCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDA3mo1ijncZj7/ D/99hVS+mJr8dSPCaDaUFFxBiT2eI1LoR8VKEerTCRw5BsdL6pN2eRJZ9NmsqWo1ynWVHEzO 91bNZ+oZGgyoNohcBAI7p+r0qUTzkyqwdZO4kMm0pqKoM9xkP3tf2mjGujKjOz4Y7S7wnz2Z FokeUsecoRVJF/++/qHnmeWLn44J1HUKLHYCjMu+QXGOgGXgz024jQ5eUrnPwzNp0Z90AFVH lWC+bymty/ToIUUCQqS5Ff0jzdWLd8U695OG9iGvjBQT1LdEjsfbAwuKV5UcnpxNqUpUwKa5 9hdX5/2cMZP07FI1UXwnBlxa8rJfdb13FLjSKX4vUUHedYUZMjMPgcwl1a+zGE22lHiSQWgP 8QLA/W3BLsi22ERCEPZBfexOeOtaWIItDIz18fIaQoMDoRPshzar0JI2CzLYsyeKySAtYJEH FVoLmMvhkwzBmgqA/BEswUA67CfCr1jFHRXdpmWM7YkyAmMa9q6LwquWKS5+MXlUXe/3oZUc gpw/T9Uuy3Jo3RdS7B3jFcWaVr6KsO/A9u1gr/aYn5M+iJTQSj4vzqtkQaJTpSspRZoKa66H Zt3IwSYiDiYZqtM83ynuj9kjnZzGfnuTaNIi996q6Mptr33mOzIE1wmMqnJYwTr3EcNtf483 q/qrJwh5ES8Q9xY7aat/ZcSl8fKubW4TlfVr8bkCDQRSKZRMARAAvBPpn7FQq7LQ5glohtbL 6XIEo1U4X67S0TzUYieENSWSVYuWYIhCBldmWdmH8Bpj/qHeqdon7v+SLtR4WngzMR9toupK cFfHnbP9kpazTSB2ySHxXWGX1gJOpPXdCcg9iveKBHEsDn00ThTcPsvtXpnnzET16pXIvOXO 0bxTmVZ4INIF1SWgvYma/g8kBbgXLpkj8tOywBqFiiYPEZlDeCxDHiMgUDh6olda9K/0TZFT dMPUgjKuubfAeaDNCOrVt4RjmFOaRLikcZocmgJhm3z/j25x7/mnNu+0di1H/S67YGQJ+pqC FInzIXDx7aRW2+JCiqsY2X3xOPWZZzjyis5SNnfOcPH3gt2hYz1fy+thsBGf4NgCN01JRqIJ 2/MOQCgUdwh+9l8xqaJvCkUHM4hVh4W62MAe1u7UEqQbvvNEqxM5034vcvlE+/LRkrDCspw+ 2YJ9QyroLerVRwW5DVleP8Ifi8VB3yD80nqXYs9aqRy0BkDNIQ43ERhESMt8dJqrNkxgC6pe mZrhNwyDh+hy2kPNGQh/iBpdKuH1o3E24TIZoV2v3YHvzob7aAYHddE/PofAXhJW7I9mAs+H dWDmnI8ckuPDFpFH+Y/BFGvEXgcnJAJ1wEvf+4LuiIi0MHjR4EWFn9vvoFDAIqD10h3FSd3D 59HGtdSsNn4XaCsAEQEAAYkCHwQYAQIACQUCUimUTAIbDAAKCRDA3mo1ijncZhBtEACL036d djc5pFoYIdoUY1vT8SMXJNquewCnL1quDADzqDZFU5GNlQEy10krSfBwlTb9ahTtE0JFrOdZ wUZtoa1Pgfr8nU6KOgrXPHbNjS/9dyc5CwGVVIpOavIm2CsMVDJ9LCF/NT+u/t1k6eGfHhPV l3dUQyDa/lzc1chKUIVQYQkFmr0A/iXP+29lFCaI+IeyU0bSdZhezDwUROn5vEx+fiPZyHDS hCb+BxJv/o2LQp9JHenCiSbO+ioRZdxgbWfoKBuXOfmSStqMWXas/gZ5vS3xq72LNtKPRxgp jX3P8Zml1XDqpcBau7eK75VKE0Yd06YxnUIsbcEzInUc3uzW/u0DFpXYkMJb0XIvJyUt5yYP KfV13N8kSkPi5pLxm8yuftXMzfgeFMR7nafY3glTVj/TxElzg6xeZNqfC2ZjIbBtZg9ylHU8 u8wwB+dX282crs0R3N9A064C71/cXlBqcjzjlKH2NUIWGxr+od3TXFIFjszSU3NgMPKrWNhF LLwS81MpbkOe73s6aDhS8RDyNucoxtKXriLR+4Xiu4+pyj5ukYP1JqpB3ZobY/XZgCnJMye+ 7xeTpIDJ1LPORxM3NNAElyb26lxAK2P+km+EpI0Zzz6rNSCfg5jYQ474+e/GBgaSG4MlaPoZ +XAfN46u1Xjjv1/AkkA4IA6m5zP5og==
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Hello,

I would appreciate if you would take that page down.

This tool is accessible to end users, who we inform NEVER to put their
eduroam credentials on a web site. There is even an advisory on the main
eduroam website from 2009(!) warning users to never do this:

https://www.eduroam.org/2009/02/03/warning-do-not-use-web-logins-for-eduroam/

Your tool also doesn't cover any security-relevant checks on the server
side (you do not ask for the expected server certificate details, and so
can't validate them).

There are tools to achieve this without compromising user passwords to a
third-party (and yes, your web server is a third-party compared to the
Identity Provider READIUS server, the only place where passwords belong).

- In the CAT admin area, there is a tool available only to
administrators where they themselves can enter a credential to be
tested. The tool advises the admins to only use test accounts for that
test ("Test realm reachability" -> "Live login test").

- In CAT user area, there is a new diagnostics tool which merely asks
the user for his *realm* (not an actual username, not a password) which
then does the same checks as the "Static connectivity test" in the admin
area, and informs the user if there is any reason to suspect that a
piece of roaming infrastructure or the IdP's server itself has failed.
The tool can be found on the start page under Help -> Diagnostics (it is
still under further development; expect more features to be added next
year).

Greetings,

Stefan Winter


Am 14.12.18 um 03:46 schrieb Andre Forigato:
> Hi,
>
>
> You can use the following url to test Eduroam authentication from the
> Brazilian Federation.
> Many people need this test to know if their institution is having problems
> or not in authenticating their users.
> Use inside and outside Brazil.
>
>
> https://eduroam-cp.rnp.br/eduroam-test/
>
>
> Authentication is secure, the only log we have is the IP of the machine
> that accessed the site for the tests.
>
>
> If you have suggestions feel free to give us your suggestions on improving
> the site.
>
> ----------
>
>
> Caros,
>
>
> Vocês podem utilizar a seguinte url para testar a autenticação Eduroam a
> partir da federação Brasileira.
> Muitas pessoas precisam deste teste para saber se sua instituição está com
> problemas ou não na autenticação de seus usuários.
> Utilize dentro e fora do Brasil.
>
>
> https://eduroam-cp.rnp.br/eduroam-test/
>
> A autenticação é segura, o único log(registro) que temos é o IP da máquina
> que acessou o site para os testes.
>
>
> Se tiverem sugestões fiquem a vontade para que eu possa melhorar o site.
>
>
> Abraços,
>
> Att,
> André Luis Forigato
> Analista de Tecnologia da Informação
> GTI - Gerência de Tecnologia da Informação - Diretoria de Engenharia e
> Redes
> RNP – Rede Nacional de Ensino e Pesquisa - http://www.rnp.br
> Tel: +55 (19) 3787-3300 - Voip (19) 1010-1101 andre.forigato AT rnp.br
> QR-CODE : http://qr.ai/q0wv6
>
> ----- Mensagem original -----
>> De: "Andre Forigato" <andre.forigato AT rnp.br>
>> Para: "Joaquim De Jesus Soares" <joaquim.soares AT ufra.edu.br>
>> Cc: cat-users AT lists.geant.org
>> Enviadas: Quinta-feira, 13 de dezembro de 2018 11:32:27
>> Assunto: Re: [[cat-users]] Reinstalação eduroam
>
>> Joaquim,
>>
>> A sua instituição não está cadastrada em http://eduroam.br/institution.xml
>>
>> Favor abrir chamado com sd AT rnp.br informando este problema para
>> analisarmos.
>>
>> Att,
>> André Luis Forigato
>> Analista de Tecnologia da Informação
>> GTI - Gerência de Tecnologia da Informação - Diretoria de Engenharia e
>> Redes
>> RNP – Rede Nacional de Ensino e Pesquisa - http://www.rnp.br
>> Tel: +55 (19) 3787-3300 - Voip (19) 1010-1101 andre.forigato AT rnp.br
>> QR-CODE : http://qr.ai/q0wv6
>>
>> ----- Mensagem original -----
>>> De: "Stefan Winter" <stefan.winter AT restena.lu>
>>> Para: "Joaquim De Jesus Soares" <joaquim.soares AT ufra.edu.br>,
>>> cat-users AT lists.geant.org
>>> Enviadas: Quinta-feira, 13 de dezembro de 2018 10:43:58
>>> Assunto: Re: [[cat-users]] Reinstalação eduroam
>>
>>> Hello,
>>>
>>>> to tentando fazer uma nova instalação do eduroam  no site a minha
>>>> instituição não ta cadastrada como devo proceder  ?
>>>>  no site diz " O que devo fazer para ter a minha instituição listada?
>>>> contact eduroam® administrators "   bme qual o telefone email de
>>>> contacto ???
>>>
>>> The message is actually "Contact eduroam® administrators within your
>>> organisation". That's why you are asking at the wrong spot here.
>>>
>>> We can't help you in identifying the person or department in your
>>> organisation which deals with IT in general or eduroam specifically. We
>>> obviously aren't in touch with them because our website doesn't know
>>> anything about them.
>>>
>>> Maybe browsing the university website and looking for an IT support of
>>> any kind might help.
>>>
>>> Greetings,
>>>
>>> Stefan Winter
>>>
>>> --
>>> Stefan WINTER
>>> Ingenieur de Recherche
>>> Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
>>> de la Recherche
>>> 2, avenue de l'Université
>>> L-4365 Esch-sur-Alzette
>>>
>>> Tel: +352 424409 1
>>> Fax: +352 422473
>>>
>>> PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
>>> recipient's key is known to me
>>>
>>> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
>> To unsubscribe, send this message:
>> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
>> Or use the following link:
>> https://lists.geant.org/sympa/sigrequest/cat-users
> To unsubscribe, send this message:
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link:
> https://lists.geant.org/sympa/sigrequest/cat-users
>


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0xC0DE6A358A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


Archive powered by MHonArc 2.6.19.

Top of Page