The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[James Potter <Jim.Potter AT jisc.ac.uk>]

Hi all,

 

I’m trying to get CAT working with eap-tls + client certs. I’ve got a pretty straightforward way of getting client certs installed into the cert store on BYOD devices, I’m just struggling to get the SSID profile to apply nicely.

 

My home service will take the SAN UPN of the certificate as the username, so ideally the user will be asked to install the CA, pick a client certificate from a list and that’s it – no need to enter a username.

 

I’ve got this working (connecting to eduroam with all the correct settings) if I set it up manually on Windows and Android; GetEduroam on windows is mostly right but Android just crashes when I select the CAT profile.

 

Here are sample profiles:

• Ti.dev EAP-TLS with specific outer: https://cat.eduroam.org/?idp=2492&profile="12193
• Ti.dev.ja.net TLS (no set outer): https://cat.eduroam.org/?idp=2492&profile="12320

(And various others under UK Federation tenancy)

 

Configs of the above are:

• Realm = ti.dev.ja.net
• CA file + SubjectCN both set correctly
• EAP-TLS only
• Enforce realm suffix + exact realm suffix both ticked

 

Profile ‘..with specific outer’ has an additional enable anonymous outer identity ticked,  value = tls

 

Testing (GetEduroam):

• With specific outer:

• Windows: Works (outer identity is from SAN UPN rather than prespecified outer I think?)
• Android: Crashes when I select profile

Without specific outer:

• Windows: works very nicely (gets username from SAN UPN?)
• Android: Crashes when I select profile

(I haven’t got a Mac or IOS to test here)

 

So – any top tips why Android is crashing (app just closes)? I’ve tried a bunch of variations in settings but get the same crash every time.

 

Any pointers here would be great

 

Thanks,

 

Jim

Jisc