cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: tmuope-center AT tmu.ac.jp
- Cc: 'Stefan Paetow' <Stefan.Paetow AT jisc.ac.uk>, cat-users AT lists.geant.org
- Subject: Re: [[cat-users]] How do I check the version of CAT
- Date: Fri, 13 Jan 2023 07:41:16 +0100
Hello,
Thank you for answer.
I understand that there was no update to the CAT tool around December 19,
2022.
I would like to change the question,
can you think of any reason why my iphone with CAT tools could not connect
EAP-TLS to Eduroam?
Also, after uninstalling the CAT tool on the same iPhone,
I was able to connect to Eduroam without any problems.
The CAT tools were installed with the following settings.
Organisation: Federated ID Service
User group: Member Certificate Profile
Installer :Apple device
Device Version: iPhone iOS 16.1
There are many reasons why an eduroam connection might fail to authenticate. All of those are best diagnosed in real-time when the issue is surfacing.
All I can see *now* with real-time diagnosis on the realm used by Federated ID Service is that everything is in order.
If the profile worked without the profile being installed (i.e. you only had the EAP-TLS client certificate on the device) then this hints to a server certificate problem - the installed profile checks the identity of the server you connect to for authentication, and will abort if it finds something wrong. If you connect "just like that", i.e. without profile, just tapping on the network name, the server side check is reduced to trivial "do you like this certificate?" pop-up, which users often click through without thinking. Which means that they might be connecting to a rogue network pretending to be eduroam, rather than the real network.
In hindsight, there is certainly nothing we can do here - the *installation* of the eduroam settings apparently worked all the time; and that alone is the purpose and scope of this mailing list.
Any operational questions beyond that should be asked to the IdP in question - Federated ID Service - and should best be asked while the problem actually manifests.
Greetings,
Stefan Winter
--
This email may contain information for limited distribution only, please
treat accordingly.
Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
- Re: [[cat-users]] How do I check the version of CAT, Stefan Winter, 01/09/2023
- RE: [[cat-users]] How do I check the version of CAT, tmuope-center, 01/10/2023
- Re: [[cat-users]] How do I check the version of CAT, Stefan Winter, 01/10/2023
- Re: [[cat-users]] How do I check the version of CAT, Stefan Winter, 01/10/2023
- RE: [[cat-users]] How do I check the version of CAT, tmuope-center, 01/11/2023
- Re: [[cat-users]] How do I check the version of CAT, Stefan Winter, 01/11/2023
- RE: [[cat-users]] How do I check the version of CAT, tmuope-center, 01/12/2023
- Re: [[cat-users]] How do I check the version of CAT, Stefan Winter, 01/13/2023
- RE: [[cat-users]] How do I check the version of CAT, tmuope-center, 01/12/2023
- Re: [[cat-users]] How do I check the version of CAT, Stefan Winter, 01/11/2023
- RE: [[cat-users]] How do I check the version of CAT, tmuope-center, 01/11/2023
- RE: [[cat-users]] How do I check the version of CAT, tmuope-center, 01/10/2023
Archive powered by MHonArc 2.6.19.