Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] CAT 2.0.4 released and to be deployed on cat.eduroam.org tomorrow geteduroam

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] CAT 2.0.4 released and to be deployed on cat.eduroam.org tomorrow geteduroam


Chronological Thread 
  • From: Tomasz Wolniewicz <twoln AT umk.pl>
  • To: cat-users AT lists.geant.org
  • Subject: Re: [[cat-users]] CAT 2.0.4 released and to be deployed on cat.eduroam.org tomorrow geteduroam
  • Date: Wed, 24 Feb 2021 20:50:18 +0100
  • Dkim-filter: OpenDKIM Filter v2.11.0 outgoing.umk.pl BDEB92006A


W dniu 24.02.2021 o 20:04, Arthur Petrosyan pisze:

Dear Colleagues,

Is it expected that all current CAT profiles will work "out-of-box" with geteduroam ?

Yes.

geteduroam can work in two ways. The first is to simply install CAT profiles either by selecting one from the internal institutions list (obtained from CAT) or by "running" the downloaded profile with the the app. The second is a part of a user provisioning system, where the users need to login to the geteduroam service and be provided with an individual configuration profile contacting a personal certificate. 

At the moment we are only talking of replacing eduroamCAT app therefore no additional CAT configuration is needed, The networking APIs on Android are changing and eduroamCAT is no longer maintained therefore the replacement for the newer systems is simply required.

I hope that the geteduroam developers will be able to provide more details.

Cheers

Tomasz


At geteduroam FAQ (https://www.geteduroam.app/about/faq/) under "How does the geteduroam app know of participating IdPs" question it is mentioned:
"geteduroam uses CAT for the institution list. A CAT profile can be marked as an geteduroam profile with a server URL, which then will cause the app to initiate a flow to obtain a client certificate instead of configuring a TTLS/PEAP profile."

And under "Creating a geteduroam profile in CAT" (https://www.geteduroam.app/idp/cat) it is mentioned that
each CAT profile should be specifically configured to be used by geteduroam app.

Did you test what happens if CAT profile is not reconfigured for geteduroam (which I think is the case for many profiles now) ?

I doubt that fact "Android devices now point to the geteduroam app rather then the legacy eduroamCAT"
may result in crashing android config.

Since geteduroam requires profile-specific configuration,
it might be better for now to have each profile owner to choose if they want
"Android devices to point to the geteduroam app rather then the legacy eduroamCAT" or not

-- 
Regards,
Arthur Petrosyan

| Dr. Arthur Petrosyan
| --------------------------------------------------------
| Senior Scientific Researcher, Head of Network and Cloud Services Direction,
| Deputy Head of Computational and Cognitive Networks Department at the
| Institute for Informatics and Automation Problems /IIAP/
| National Academy of Sciences of Armenia /NAS RA/,
| Academic Scientific Research Computer Network of Armenia /ASNET-AM/
| HTTP://www.asnet.am/   E-mail: arthur AT sci.am
| Phone:  +37410 526742  Fax:    +37410 569281
| --------------------------------------------------------



2021-02-24 22:09, Daniele Albrizio пишет:


On 24/02/21 18:19, Tomasz Wolniewicz wrote:
....

The modern Android devices now point to the geteduroam app rather then the legacy eduroamCAT

Are you sure? Did you already thoroughly test this app on different mobile devices?

We thought geteduroam was in a pre-release state since we experienced a weird interaction with other phone apps that lead to phonebook icons overwriting.

Reproducible on at least these smartphones

Samsung Galaxy A71 SM-A715F Android 10

Samsung Galaxy A40 SM-A405FN Android 10

Please find screenshots attached.


Problem arises upon app installation and disappears on app uninstall.


Cheers

Tomasz Wolniewicz


W dniu 24.02.2021 o 16:56, Stefan Winter pisze:

Hello!


It's been little while since our last update of eduroam CAT. A number of small bug fixes accumulated over time, and there are a few "mini" features that deserve cutting a release 2.0.4.


The notable features are:

  • [FEATURE #1] The system now sends out notification/alert mails if a significantly security relevant parameter was changed. The mails go to the NRO admin. Significant changes are:
    - change of institution name
    - addition of a new root CA (with more prominent WARNING if the new CA has the same DN as an existing one)
    - addition of a new acceptable server name
  • [FEATURE #2] support negotiation of TLS versions higher than 1.0 while still rejecting SSL2 and SSL3
  • [FEATURE #3] realm reachability checks now produce a WARNING level message if the EAP server does not support TLS1.2 or higher
  • [FEATURE #4] check whether SRV-discovered hostname and certificate hostname match


Also, we are happy to add a new translated language: welcome, Română (Romanian).


You can find the tarball on GitHub as usual ( https://github.com/GEANT/CAT/releases/download/v2.0.4/CAT-2.0.4.tar.bz2 ) but for most of you the most interesting question is probably when the new code will be deployed on https://cat.eduroam.org.


We have reserved a maintenance slot for that tomorrow, 1300 CET. The expected downtime is in the seconds range, so you would be particularly unlucky to notice at all.


As usual, if you notice new buggy behaviour of any sorts after the update, please let us know.


Greetings,


Stefan Winter

-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uniwersteckie Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika        Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750                  tel kom.: +48-693-032-576
-- 
-------------------------------------------
Daniele Albrizio
Università degli Studi di Trieste | University of Trieste
Ufficio Reti di Ateneo | University Networks Office
Via Alfonso Valerio 12 - 34127 Trieste (Italy)
daniele.albrizio AT units.it
Tel. | Ph. +39 040 558 3319

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users
-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uniwersteckie Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika        Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750                  tel kom.: +48-693-032-576

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME




Archive powered by MHonArc 2.6.19.

Top of Page