The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

["Rocha Almeida, Jose /DZNE" <Jose.Almeida AT dzne.de>]

Dear DFN colleagues,

Can you please provide me a one-time token, so I can test myself the access 
to Eduroam Admin portal?


Best regards, 

Jose Almeida 
IT Core & Central Systems 

Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE) 
Venusberg-Campus 1/99 
53127 Bonn 
Mail: jose.almeida AT dzne.de <mailto:jose.almeida AT dzne.de> 
Tel: 0228 43302 672 
Web: www.dzne.de <http://www.dzne.de/> 


********************************* 
Vorstand: Prof. Pierluigi Nicotera, MD PhD (Vorstandsvorsitzender und 
Wissenschaftlicher Vorstand) 
und Dr. Sabine Helling-Moegen, LL.M. (Administrativer Vorstand). 
Das DZNE ist im Vereinsregister des Amtsgerichts Bonn eingetragen (VR 9021). 




On 22.01.24, 17:31, "Khan, Emrose /DZNE" <Emrose.Khan AT dzne.de 
<mailto:Emrose.Khan AT dzne.de>> wrote:


Dear Team,


We are waiting for your update. 


Best regards,


Md Ali Emrose Khan
Network & Cyber Security Engineer


Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE)
Venusberg-Campus 1/99 
53127 Bonn 
Mail: Emrose.Khan AT dzne.de <mailto:Emrose.Khan AT dzne.de>
Web: www.dzne.de 




*********************************
Vorstand: Prof. Pierluigi Nicotera, MD PhD (Vorstandsvorsitzender und 
Wissenschaftlicher Vorstand)
und Dr. Sabine Helling-Moegen, LL.M. (Administrativer Vorstand).
Das DZNE ist im Vereinsregister des Amtsgerichts Bonn eingetragen (VR 9021).


-----Original Message-----
From: Khan, Emrose /DZNE 
Sent: Thursday, January 18, 2024 12:33 PM
To: 'DFN eduroam' <eduroam AT dfn.de <mailto:eduroam AT dfn.de>>; Alam, Nahid /DZNE 
<Nahid.Alam AT DZNE.DE <mailto:Nahid.Alam AT DZNE.DE>>
Cc: Uysal, Cueneyt /DZNE <Cueneyt.Uysal AT dzne.de 
<mailto:Cueneyt.Uysal AT dzne.de>>; Hakimi, Hasibullah /DZNE 
<Hasibullah.Hakimi AT dzne.de <mailto:Hasibullah.Hakimi AT dzne.de>>; Rocha 
Almeida, Jose /DZNE <Jose.Almeida AT dzne.de <mailto:Jose.Almeida AT dzne.de>>; 
Baracchi, Laura /DZNE <Laura.Baracchi AT dzne.de 
<mailto:Laura.Baracchi AT dzne.de>>; Martin Stanislav <ms AT uakom.sk 
<mailto:ms AT uakom.sk>>; cat-users AT lists.geant.org 
<mailto:cat-users AT lists.geant.org>
Subject: RE: [WARNING: ATTACHMENT(S) MAY CONTAIN MALWARE]Re: 
[DFN#2024011710000984] [[cat-users]] Eduroam certificate renewal


Dear DFN Team,


We are currently experiencing difficulties accessing the eduroam CAT admin 
portal and are unable to log in.


Could you please assist us by providing a one-time token that would enable us 
to access the admin profile promptly? Your prompt attention to this matter is 
highly appreciated, and we look forward to resolving this issue swiftly.


Thank you for your cooperation.


Best regards,


Md Ali Emrose Khan
Network & Cyber Security Engineer


Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE)
Venusberg-Campus 1/99 
53127 Bonn 
Mail: Emrose.Khan AT dzne.de <mailto:Emrose.Khan AT dzne.de>
Web: www.dzne.de 




*********************************
Vorstand: Prof. Pierluigi Nicotera, MD PhD (Vorstandsvorsitzender und 
Wissenschaftlicher Vorstand)
und Dr. Sabine Helling-Moegen, LL.M. (Administrativer Vorstand).
Das DZNE ist im Vereinsregister des Amtsgerichts Bonn eingetragen (VR 9021).


-----Original Message-----
From: DFN eduroam <eduroam AT dfn.de <mailto:eduroam AT dfn.de>> 
Sent: Wednesday, January 17, 2024 1:15 PM
To: Alam, Nahid /DZNE <Nahid.Alam AT DZNE.DE <mailto:Nahid.Alam AT DZNE.DE>>
Cc: Uysal, Cueneyt /DZNE <Cueneyt.Uysal AT dzne.de 
<mailto:Cueneyt.Uysal AT dzne.de>>; Khan, Emrose /DZNE <Emrose.Khan AT dzne.de 
<mailto:Emrose.Khan AT dzne.de>>; Hakimi, Hasibullah /DZNE 
<Hasibullah.Hakimi AT dzne.de <mailto:Hasibullah.Hakimi AT dzne.de>>; Rocha 
Almeida, Jose /DZNE <Jose.Almeida AT dzne.de <mailto:Jose.Almeida AT dzne.de>>; 
Baracchi, Laura /DZNE <Laura.Baracchi AT dzne.de 
<mailto:Laura.Baracchi AT dzne.de>>; Martin Stanislav <ms AT uakom.sk 
<mailto:ms AT uakom.sk>>; cat-users AT lists.geant.org 
<mailto:cat-users AT lists.geant.org>
Subject: [WARNING: ATTACHMENT(S) MAY CONTAIN MALWARE]Re: 
[DFN#2024011710000984] [[cat-users]] Eduroam certificate renewal


Dear Alam Nahid /DZNE!


please send an s/mime signed e-mail to eduroam AT dfn.de <mailto:eduroam AT dfn.de>.
Please use a user certificate from the TCS PKI (GÉANT, Sectigo) in order 
to sign your e-mail.


You will then receive an encrypted e-mail containing the registration token 
for admin access to eduroam CAT. 


Best regards,
Ralf Paffrath


17.01.2024 11:05 - Alam Nahid /DZNE schrieb:


> Dear Support Team,
> 
> We have lost admin access to the eduroam CAT portal DFN [1]. Can you please 
> let us
> know how can we get back admin access to the eduroam CAT admin portal ?
> 
> Is it the correct link to login eduroam CAT admin portal for DZNE ?
> https://idp.dzne.de/idp/profile/SAML2/Redirect/SSO?execution=e1s2 
> <https://idp.dzne.de/idp/profile/SAML2/Redirect/SSO?execution=e1s2>
> 
> 
> By going through the below link eduroam CAT admin guide we can find the 
> below step
> to replace new certificate.
> 
> https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators
>  
> <https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators>
> 
> 
> Replacing the RADIUS server root CA certificate:
> 
> When your RADIUS server's root CA certificate is about to expire and you 
> need to
> replace it with a new one, the new CA certificate needs to be communicated 
> to all
> your users' devices. The procedure to achieve this is as follows:
> 
> 1. Create a new “migration” eduroam profile in eduroam CAT, containing both 
> the
> current and new root CA certificates. All previous eduroam CAT profiles 
> should be
> deleted to avoid them being used. (Caveat: this new profile will not work as
> intended for Android < 7.1 devices).
> 
> 2. Require all new and existing end-users to download the “migration” 
> profile.
> Their devices, except for Android < 7.1, will then be capable of trusting 
> both the
> current and the new CA, and will accept server certificates from either CA.
> 
> 3. Once you are confident that all end-user devices have the “migration” 
> profile
> installed, apply the new server certificate on the Radius server(s). 
> Ideally, the
> host name in the certificate CN/subjectAltNames should be identical to the 
> old
> server certificate. (Caveat: Android < 7.1 devices configured with the old 
> root CA
> will now no longer be able to authenticate, they will need to install a new
> profile containing just the new root CA).
> 
> 4. Create a new “permanent” eduroam profile in eduroam CAT, containing only 
> the
> new root CA certificate. Delete the “migration” eduroam profile.
> 
> 5. Require all existing Android < 7.1 users, and all new users, to download 
> the
> new profile.
> 
> 
> Thanking you,
> 
> Khandakar Nahid Alam
> Network & Cyber Security Engineer
> 
> Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE)
> Venusberg-Campus 1/99 
> 53127 Bonn 
> Mail: nahid.alam AT dzne.de <mailto:nahid.alam AT dzne.de>
> Web: www.dzne.de 
> 
> 
> *********************************
> Vorstand: Prof. Pierluigi Nicotera, MD PhD (Vorstandsvorsitzender und
> Wissenschaftlicher Vorstand)
> und Dr. Sabine Helling-Moegen, LL.M. (Administrativer Vorstand).
> Das DZNE ist im Vereinsregister des Amtsgerichts Bonn eingetragen (VR 9021).
> 
> 
> -----Original Message-----
> From: Martin Stanislav <ms AT uakom.sk <mailto:ms AT uakom.sk>> 
> Sent: Wednesday, January 17, 2024 10:26 AM
> To: Alam, Nahid /DZNE <Nahid.Alam AT DZNE.DE <mailto:Nahid.Alam AT DZNE.DE>>
> Cc: cat-users AT lists.geant.org <mailto:cat-users AT lists.geant.org>; Uysal, 
> Cueneyt /DZNE <Cueneyt.Uysal AT dzne.de <mailto:Cueneyt.Uysal AT dzne.de>>; Khan,
> Emrose /DZNE <Emrose.Khan AT dzne.de <mailto:Emrose.Khan AT dzne.de>>; Hakimi, 
> Hasibullah /DZNE
> <Hasibullah.Hakimi AT dzne.de <mailto:Hasibullah.Hakimi AT dzne.de>>; 
> eduroam AT dfn.de <mailto:eduroam AT dfn.de>; Rocha Almeida, Jose /DZNE
> <Jose.Almeida AT dzne.de <mailto:Jose.Almeida AT dzne.de>>; Baracchi, Laura /DZNE 
> <Laura.Baracchi AT dzne.de <mailto:Laura.Baracchi AT dzne.de>>
> Subject: Re: [[cat-users]] Eduroam certificate renewal
> 
> CAUTION: This email originated from outside of DZNE. Do not click links or 
> open
> attachments unless you recognize the sender and know the content is safe.
> ACHTUNG: Dies ist eine externe E-Mail, bitte seien Sie vorsichtig beim 
> Anklicken
> von Links oder Öffnen von Anhängen
> 
> 
> Dear Alam,
> 
> Your org. needs to adjust its profile(s) on eduroam CAT portal [1] in case 
> it's
> about to change the root CA used to issue a replacement EAP server 
> certificate.
> Ideally add the new root CA to the published configuration profiles long 
> enough
> before introducing the changes in the AAA infrustucture on your RADIUS 
> server (a
> fair share of client devices accept multipe root CA in their supplicant 
> setup
> nowadays).
> This way the end users get a chance to setup their devices in a way that 
> reflects
> comming changes in the infrastructure.
> 
> Should you have lost admin acceess to the eduroam CAT portal DFN [1] is 
> your most
> likely point of contact to resume the access.
> 
> Kind regards,
> Martin
> 
> [1] A guide to eduroam CAT for IdP administrators 
> https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators
>  
> <https://wiki.geant.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+IdP+administrators>
> 
> [2] https://www2.dfn.de/dienstbeschreibungro 
> <https://www2.dfn.de/dienstbeschreibungro>
> 
> On Tue, Jan 16, 2024 at 05:13:59PM +0000, "Alam, Nahid /DZNE" wrote:
> > Dear Eduroam Support Team,
> >
> > Recently we renewed our ISE certificate and after that our eduroams user 
> > are facing connectivity issue using eduroam CAT Application, we 
> > discovered that the authentication process is being rejected from our 
> > ISE. ISE log is showing Certificate issue TSL error as below.
> >
> > [cid:image005.png AT 01DA48A7.B39A67B0]
> >
> > Possible Resolution Ensure that the ISE server certificate is trusted by 
> > the client, by configuring the supplicant with the CA certificate that 
> > signed the ISE server certificate. It is strongly recommended to not 
> > disable the server certificate validation on the client!
> >
> > Possible Root cause While trying to negotiate a TLS handshake with the 
> > client, ISE received an unexpected TLS alert message. This might be due 
> > to the supplicant not trusting the ISE server certificate for some 
> > reason. ISE treated the unexpected message as a sign that the client 
> > rejected the tunnel establishment.
> >
> > Note that user can connect eduroam service directly using their username 
> > and credential without eduroam CAT application. Upon inspecting the 
> > eduroam CAT application profile, it has come to our attention that a 
> > specific/old root certificate has been hardcoded for end users, and 
> > unfortunately, this certificate has expired. We need to edit this profile 
> > and set the correct updated certificate then end user will able to 
> > connect eduroam service using eduroam CAT application. However, the 
> > process of editing the application profile is currently unknown to us, 
> > and we are seeking your assistance in guiding us through the necessary 
> > steps. Your expertise and support in resolving this matter would be 
> > greatly appreciated.
> >
> >
> > End User eduroam CAT application profile settings which is hardcoded with 
> > old certificate is given below.
> >
> > [cid:image001.jpg AT 01DA4880.995EEDC0]
> >
> >
> >
> > Thanking you,
> >
> > Khandakar Nahid Alam
> > Network & Cyber Security Engineer
> >
> > Deutsches Zentrum für Neurodegenerative Erkrankungen e. V. (DZNE) 
> > Venusberg-Campus 1/99
> > 53127 Bonn
> > Mail: nahid.alam AT dzne.de 
> > <mailto:nahid.alam AT dzne.de><mailto:nahid.alam AT dzne.de 
> > <mailto:nahid.alam AT dzne.de>>
> > Web: www.dzne.de<http://www.dzne.de/> <http://www.dzne.de/&gt;>
> >
> > [signature_122933437]
> > *********************************
> > Vorstand: Prof. Pierluigi Nicotera, MD PhD (Vorstandsvorsitzender und 
> > Wissenschaftlicher Vorstand) und Dr. Sabine Helling-Moegen, LL.M. 
> > (Administrativer Vorstand).
> > Das DZNE ist im Vereinsregister des Amtsgerichts Bonn eingetragen (VR 
> > 9021).
> > To unsubscribe, send this message: 
> > mailto:sympa AT lists.geant.org 
> > <mailto:sympa AT lists.geant.org>?subject=unsubscribe%20cat-users
> > Or use the following link: 
> > https://lists.geant.org/sympa/sigrequest/cat-users 
> > <https://lists.geant.org/sympa/sigrequest/cat-users>
> 
> 
> 
> 
> 




Mit freundlichen Grüßen/Kind regards,
Ralf Paffrath


-- 
eduroam Technischer Support
E-Mail: eduroam AT dfn.de <mailto:eduroam AT dfn.de> | Fon: +49 30884299-9120 | 
Fax: +49 30884299-370 
__________________________________________________________________________________


DFN - Deutsches Forschungsnetz | German National Research and Education 
Network
Verein zur Förderung eines Deutschen Forschungsnetzes e.V.
Alexanderplatz 1 | 10178 Berlin
https://www.dfn.de/ <https://www.dfn.de/>


Vorstand: Prof. Dr.-Ing. Stefan Wesner | Prof. Dr. Helmut Reiser | Christian 
Zens
Geschäftsführung: Dr. Christian Grimm | Jochem Pattloch
VR AG Charlottenburg 7729 B | USt.-ID. DE 136623822

Attachment: smime.p7s
Description: S/MIME cryptographic signature