The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Johnson, Christopher" <cbjohns AT ilstu.edu>]

Something to keep your eye on. User experience has a chance of improving in the future with the adoption of the new Captive Portal Standards (RFC8910 and RFC8908) – where captive portal is communicate through DHCP Option 114 – and Captive Portal status is communicated to the Client via API Server. Currently support by iOS 14, macOS, and Android 12. It definitely is showing promise is minor testing was able to do with Android. We’ve heard that our captive-portal/radius server will support the new standard in 6.11. OpenNDS currently support this - https://github.com/openNDS/openNDS [Open CPI].

 

Android 11/12 - developer.android.com/about/versions/11/features/...
iOS 14+ - developer.apple.com/news/?id=q78sq5rv

 

https://capport.net/

https://datatracker.ietf.org/doc/html/rfc8910

https://datatracker.ietf.org/doc/html/rfc8908

 

From: cat-users-request AT lists.geant.org <cat-users-request AT lists.geant.org> On Behalf Of Eleanor Coultish
Sent: Friday, July 15, 2022 10:34 AM
To: cat-users AT lists.geant.org
Subject: [[cat-users]] Onboarding/setup ssid

 

This message originated from outside of the Illinois State University email system. Learn why this is important

Hi,

 

Apologies for cross posting with one of the Jisc groups but I thought people on here might have some additional feedback. I'm looking at improving the user experience of our onboarding/setup ssid and have hit a few issues so I was wondering how other institutions implement this.

 

I envisaged a user would connect to our setup ssid which most devices automatically detect as a captive portal and redirect the user to a 'sign-in' setup page. This page is an information page of how to connect with a link to the eduroam cat tool so that users can configure their devices to connect to eduroam. The ssid has an allow/white list to various websites to give users access to the tools required to configure their devices. These are the problems I've hit so far with this:

Apple:
Apple devices check for connectivity to captive.apple.com and when they can't reach that they fire up the CNA (Captive Network Assistant). This doesn't have full browser capability and doesn't allow a user to download the mobile config file that's required to configure their device. Has anyone found a way around this? The only solution I've found is that I can bypass CNA on the captive portal (Aruba) which means the user has to open a web browser the navigate to the setup page.

 

Android:

To enable download of the geteduroam app from Google Play I have to whitelist www.google.com. With that url in the whitelist Android thinks it has Internet access so doesn't redirect to the captive portal to display the 'sign-in' setup page. Again the user would have to open a web browser and browse to the setup page.

 

My thinking was that the automatic redirect was a better user experience. Am I fighting a losing battle trying to use the automatic detection of the captive portal to direct users to a setup page for onboarding? Should I just whitelist the url's that detect this and recommend going through the browser? I'm interested in how other institutions have this set up and what the user experience is?

 

Thanks,

Eleanor Coultish
Network Operations Manager

 

IT Services

Directorate of Technology, Estates and Facilities
University of York | Heslington | York | YO10 5DD
+ 44 (0)1904 328467

EMAIL DISCLAIMER http://www.york.ac.uk/docs/disclaimer/email.htm

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users