Subject: An open discussion list for topics related to the geteduroam service
List archive
- From: James Potter <Jim.Potter AT jisc.ac.uk>
- To: "geteduroam AT lists.geant.org" <geteduroam AT lists.geant.org>
- Subject: eap-config format supported by geteduroam
- Date: Thu, 20 Jun 2024 08:07:20 +0000
- Accept-language: en-GB, en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jisc.ac.uk; dmarc=pass action=none header.from=jisc.ac.uk; dkim=pass header.d=jisc.ac.uk; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=n32v0ZcqdM70r3PK+yAt+sm3XWV2pvadsk0iOGXIADo=; b=itFr3jFnYv3Hy/2Od6rs8/LvP02vsbIUinKKCCR0mKKD2ZBcUBS8e0BqT2Xmg9e4m6XE8H/zmwGTcDXviMdFw1IHMlBV6uyVTdX8H/Tbyas1gBVdlSdiicQN05Hm0zhsH64DIPFd12ES1eM7FnfTwn5GlT5Ym3fSxEALrOD0sJUyC1REMh4csNq1CFnsm3DVkmQwxfsbArDRJmdf++96RbkC0Ckkh6B2pjEDzjlD7woAuIckWxTlR9p7iDMTPDgxGeFfH9L9tLNY2WtXtYSecCAzUfP7Oi2OWEeDMFg2bxgCsNAXerXsDwh2R3nepS+YWopMg5bJwNvCKvwa43rdsw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=au34Qe6NZHZjDUXIf3Ap/leg4v1BgDlhYUtLOtW/suUQUa6pi109h0vnPKIVzb6+H3EFqSFJJ1DHYV0kJ7hwmYlIUKmeSXWv9CWWJpibFvvGsU2vq0Pq1MnHZ4FxuuHGV75Wpsmy/s2TmvCFhYdZda1tXV+raK0ziBBZRuB3m5W8sOijk27inymWlJ006XxlRlll+LMY/wO6ZesIKIYmAFcQ+Xbh7Ge0sSfmaGXDB6CgUYMPtD15wunWaexAWLOBhehHZifnrxdMwoakWTYFX+Nuh/91g/KoYYEEgIDYOdDcNX3GgSp4UNY5K6RFlTek+DFd2kDclK5bipTexIOiPg==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=jisc.ac.uk;
- Msip_labels: MSIP_Label_23fbfc4d-4f2b-405b-9635-512bd5247bcf_ActionId=8bf3b72d-0808-4d9e-b982-260cf96495dd;MSIP_Label_23fbfc4d-4f2b-405b-9635-512bd5247bcf_ContentBits=0;MSIP_Label_23fbfc4d-4f2b-405b-9635-512bd5247bcf_Enabled=true;MSIP_Label_23fbfc4d-4f2b-405b-9635-512bd5247bcf_Method=Privileged;MSIP_Label_23fbfc4d-4f2b-405b-9635-512bd5247bcf_Name=Confidential - External;MSIP_Label_23fbfc4d-4f2b-405b-9635-512bd5247bcf_SetDate=2024-06-20T08:07:19Z;MSIP_Label_23fbfc4d-4f2b-405b-9635-512bd5247bcf_SiteId=48f9394d-8a14-4d27-82a6-f35f12361205;
- Sensitivity: company-confidential
|
Hi all,
I’ve created a service which creates customised eap-config files, the plan is that users download them, they open in geteduroam + set up the wifi profile, but I’m having issues with getting geteduroam to accept the config (it says “Not a valid eap-config file” at the moment). I’ve started with a config from eduroam CAT and added custom ClientSideCredential subelements.
So I’ve taken inspiration from https://datatracker.ietf.org/doc/html/draft-winter-opsawg-eap-metadata-02#section-2.2.2.3 for what I should be including, but have some queries:
<ClientSideCredential> <AnonymousIdentity>jim AT ti.dev.ja.net</AnonymousIdentity> <UserName>jim AT ti.dev.ja.net</UserName> <allow-save>true</allow-save> <ClientCertificate> SOME BASE64 </ClientCertificate> <Passphrase>asdfqwerqwer</Passphrase> </ClientSideCredential>
Are these the correct subelements? And what form should the ClientCertificate take? I’ve tried cert pem + encrypted private key (crashes) and Base64 encoded pkcs12 (complains, not a valid eap-config file)
I’m having trouble deducing this from the app source code – any hints here would be great.
I’ve attached the eap-config I’m working with (cert + passphrase work but are revoked)
Thanks,
Jim Potter Jisc
|
<EAPIdentityProviderList
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:noNamespaceSchemaLocation="eap-metadata.xsd">
<EAPIdentityProvider version="1" lang="en" ID="ti.dev.ja.net"
namespace="urn:RFC4282:realm">
<AuthenticationMethods>
<AuthenticationMethod>
<EAPMethod>
<Type>13</Type>
</EAPMethod>
<ServerSideCredential>
<CA format="X.509" encoding="base64">
MIIG5TCCBM2gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYcxCzAJBgNVBAYTAkdC
MRAwDgYDVQQIDAdFbmdsYW5kMRAwDgYDVQQHDAdCcmlzdG9sMQ0wCwYDVQQKDARK
aXNjMRkwFwYDVQQDDBBjYS50aS5kZXYuamEubmV0MSowKAYJKoZIhvcNAQkBFht0
cnVzdGFuZGlkZW50aXR5QGppc2MuYWMudWswHhcNMjQwNDE1MjAzOTQwWhcNMjYw
NDE1MjAzOTQwWjCBjDELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxEDAO
BgNVBAcMB0JyaXN0b2wxDTALBgNVBAoMBEppc2MxHjAcBgNVBAMMFWVkdXJvYW0u
dGkuZGV2LmphLm5ldDEqMCgGCSqGSIb3DQEJARYbdHJ1c3RhbmRpZGVudGl0eUBq
aXNjLmFjLnVrMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2W58xtN
spm6brbH0cgHzL/YFobLnG4mhD8rcWdDyZgikNe8WFgecA9JpNb3p4GKWykDPUtF
0/J1WMEl6ei3mnFZBheiQQtvKq+4D3sQ1xuCTmamjvfzqevFAFIcGkwwd9zI3/pZ
jm5F9iyCh09ar49PycbXvrrbpjsofKLHV/aAReF7HVC0wvGEV/bvrYpPM1bExOsE
Ww5BWZRAtYT6bFEuSOccgrYY7U4q8tS6FS8w1w30cKU9SIg5FoLX6lvRHhcXJyOC
LRQZB0MqWMAazmMLQJPVuYjourCEjeuEXAN0Bv5MVi23xfdUtyxB8RJsnBMZMyQU
E9CTgmnM5vpqLT9yofj4Lpgwx9/zccZQavvqqyiynA0NeRI+gsLR4BC5072UqgOf
n6GS240yf7919L9Wqs0z7Ue/XGHolHyS5YeE0QItkQ6H3AH0pLfTOg5KjfR9eGOA
XzKfXZRh9oSXP7pqTHcs5Md71V6tsceD7rjUNP9SKCHmHJYR3wpfngruRMGDQA7B
ZbSQevVComSK0VeNbsmD4gbX7RVw7K8vogTU8onRVflUsaH4FJxR2SO/9yhxLj1h
DRi0ClsudfwH4msxEkhlFTaw2vrNR2zVrlh/i6W7+/XV7PpPZ4IcfDLaD8twVHUC
C2N5PPguWQWfrMwSgNvwpI2Vlad7MT+aHicCAwEAAaOCAVIwggFOMAkGA1UdEwQC
MAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdl
bmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNhKihboWLNhCeHU
cEp+abJSijFBMIG0BgNVHSMEgawwgamAFInKzlzp2DtFY3OC8ZrYSKbN9H5DoYGN
pIGKMIGHMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5nbGFuZDEQMA4GA1UEBwwH
QnJpc3RvbDENMAsGA1UECgwESmlzYzEZMBcGA1UEAwwQY2EudGkuZGV2LmphLm5l
dDEqMCgGCSqGSIb3DQEJARYbdHJ1c3RhbmRpZGVudGl0eUBqaXNjLmFjLnVrggEB
MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0B
AQsFAAOCAgEAENKb7xB6bD9VduoxZ9l+QeFBC7BR1b7XhTHsoIgZWdbwYlIFsfBL
EEG5gNgrQ4j4z+nBQ+0Grmhmo7Fxotx375KtCBn8IhQWgEUmkK8Z8jG0XaZUzZEe
FJ2QUY6SLEShbKxODU4FuJr1PYsWXTAkL53tvTEbgXF9VX3Z8keMxET//TkcouK+
Q9KNuOscBxYjXVdzIKaPBbrtn4xyEV5lut5rbkUiuerhtr3kXZn+6dWOMH92y3r7
kTSC2IuVUqELMwcInioK08pWRhRjVIov7JAMD0HxBtZYGwKXYI2jEEbBA1kRXXBd
nf7OsF4OmZ0rfaLL0MPXhlcRlt1Y9+XVeShbehrve2RwqNRHVdQdUmuwgEOkfIgF
3MvXw/BgTVh/DB6eZvmxtNiXySIOwDehFGAop7JkbpcjZteq15j81HHjDF8j8xrl
8WawPAai8ZeUy8cYLjgfgsxJEUH4RVFwiVp0wJgx+oBAgEpIsEJmFIW6xJZvLuSV
Nx0AOv1Uj9VzFY/0hSJxxU4HFTSEm/oUIw04p8PFb5WEOKoJA4xs5X+3EnmgLwtC
0CsOCXOUet2k1YsUYWRHhj2lKutOQglEjlmcbBrF8uY0vTA1B2/mcItzAHQX8Uc3
bo2d3w8/23BqqmREwUHdcet/YpTmU02cVgOM6cLb3lbQRem0J50XU6U= </CA>
<ServerID>eduroam.ti.dev.ja.net</ServerID>
</ServerSideCredential>
<ClientSideCredential>
<AnonymousIdentity>jim AT ti.dev.ja.net</AnonymousIdentity>
<UserName>jim AT ti.dev.ja.net</UserName>
<allow-save>true</allow-save>
<ClientCertificate>MIIK3AIBAzCCCqIGCSqGSIb3DQEHAaCCCpMEggqPMIIKizCCBUIGCSqGSIb3DQEHAaCCBTMEggUvMIIFKzCCBScGCyqGSIb3DQEMCgEDoIIE7zCCBOsGCiqGSIb3DQEJFgGgggTbBIIE1zCCBNMwggO7oAMCAQICBgGQNGDTNzANBgkqhkiG9w0BAQsFADBFMRMwEQYDVQQDDAplZHVyb2FtIENBMSEwHwYDVQQKDBhUcnVzdCBhbmQgaWRlbnRpdHkgKERldikxCzAJBgNVBAYTAkdCMB4XDTI0MDYyMDA2NDExOVoXDTI2MDYyMDA2NDExOVowdDETMBEGA1UEAwwKSmltIFBvdHRlcjEtMCsGA1UECwwkYmZlYjhkMDUtZTlmZS00MzhlLWE4NGEtYTYzM2I0MDkwMWZlMSEwHwYDVQQKDBhUcnVzdCBhbmQgaWRlbnRpdHkgKERldikxCzAJBgNVBAYTAkdCMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+GJ5vlSg+Y5w0E2FR5bk9hvo1UyFnd/6P7luB3ZtVQa5XhTii5NXpWwcEN9nhn+WjDGHO/hmUmbMuah1T0RsaRJ5kg3kjvyQzQUPbtr0Lsbc7TkrDkXF/aLnNgKNK0uV4icHwjMcsdpksaVV7nmRjk886zXQ9VnMZhqW7TfEJjJsWdpdXBWVwaNRLMAzly4UE4N5bmEl1SkzNeHlQxc42ksfR3DNHoOSmFJ7oBnzSqXlxpSFK30P6etkwh+DYYUAW8BFnOBKmaeYN9UatKWPuGuLwybuFprNNYbiNjWar0oT7Yrni43kX3cdeMJ5Y2/f8SaVJYqerDeOyTplwo2LQIDAQABo4IBmDCCAZQwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjAsBgNVHREEJTAjoCEGCisGAQQBgjcUAgOgEwwRamltQHRpLmRldi5qYS5uZXQwKQYDVR0OBCIEICj9o38nECR8tdkpLt7Uhp7KKaOEY8piByPDmvY7+vQRMH4GA1UdIwR3MHWAIAaShctdSa7f4P7i2VEROCSYN++LUKKMhGniixVkT7LYoUmkRzBFMRMwEQYDVQQDDAplZHVyb2FtIENBMSEwHwYDVQQKDBhUcnVzdCBhbmQgaWRlbnRpdHkgKERldikxCzAJBgNVBAYTAkdCggYBjhBaoNQwgZIGCCsGAQUFBwEBBIGFMIGCMFEGCCsGAQUFBzAChkVodHRwczovL2Zyb250aWxlLmNsb25ndXMuY29tL2FpYS83OGFkMTJhYS1kMmI1LTQyMGQtYTA0Mi1iMTNkZDIxMjNkMjcwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmV3MjEuY2xvbmd1cy5jb20vb2NzcDANBgkqhkiG9w0BAQsFAAOCAQEAmIV8tDvg2eFYSiqO1ZxnrwJzpjGENOM+yuL+od4O+nn/Lp8YsXJjqRbdup34wwM4ScdlWMjAua+U1+wTEXIEIjNMIe+1Th/Syyan9uRhnK5WcnZJEB6ia8qyLpXoWiOfoH8yNf2wh3vq7zUn2xHAKPDceOY2qvcjqW8fJG7r59kT2u8Ra0zCUWCjZygG2MntHIjz5vtlnM3tKJmpdy/1e2X49ax3LcZFqZaCp0rEqWaPLi+X8VAUWdgRblKQWjxqs7Xr9ItzHuRaSmC/uBZwCzUkt1lO6HT7bl1FFBxc8Ks3KPLccokOZWJFyUhWLXUq+6JZoChbjJoth5u3Wf7QQDElMCMGCSqGSIb3DQEJFTEWBBQ0Hi2/9lQuTWvxyANtHuEFteXx1TCCBUEGCSqGSIb3DQEHAaCCBTIEggUuMIIFKjCCBSYGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAhXZzjUGsRxKgICCAAEggTIz3F4oMH0R9Aal+wZun052IiBuRjV/eyLMGhr+Wg7/gF8xwaHpsgGob7IwJGgws75O1NcpPAUg98uKvsAZLWFhmAFiKiL1/1hySYejXeRBBNy+PhUM97oHcnB/QVeXlMwSw7RHs0HJsf/ex+7rWE3IPFskvfB7x5ye723oQnEghMOQQ2LMqCWj5eE2G8Eg59zhpq+E18o8+uHo/GOcOO8ELe3gJ9+Xi6qitbcMg5wm1X56Ry5KhmbAw2jwMm1uLkHjwj8wk5tsVyFxdfksL/RpVfbc5yhXui+76DCHrKY0HVT09f5nx0XtJH6e/foC+uNYF6r+6sel2F0YrLEalFQfLPv8tvzx9dCqEQmaBFetYf0VecASZ+kk6mKfarp22rRPPQwCgCijyYa6/Apw5k5l5P52oiZTI3+usXoKZjMWL0kNC661XtgJEoB62pXm+p3z96P9Pbx5gVqHzg7wAAjTRAYcJJzztiyD8XZw+qtducSKYslEg//fsPsCfPpzsgOSXzMw7E5gny3TL6KgCYKLLSr949mdTo9xFL5KMk4N3r1FW8wTOlWI0AEyGdH3oEOvT2uHOAAomC/xc02UrhxjPghhgeENwm4oq5EGG3Ocq5xSJ3pEvdg3+vxaVYFXUfsBrULdVQH7dyfxe1WZyw5wSzo/H/6OjgBDFsIIe+z8WebFnruGqXvkmVqNocgV0tDaAXPhj6xvb4O7WcLvMcJX47WQ7+gP+H29lGgrOGX/MDO3ifGql7L6TUVevo3h/RmGJf2nuxnrJQ0OVwkz+0bKdssBvYX3m0wN6snt/eaz6r3rSA1DZIdumD3WHUSrR3zik3+IK2+bk9XMHcdhaRoEPAWpgpUEPA/cOaM//QFU0uX+rx2cHY1tpS/E4Q/7GCkHH/+7hiOFCeRN3EibJ8EjGxaYejzlo4bDikWmiRo6G16McUKQ2D9KQDCRQ+nt722SilVymI8hzXWC/AOdMZhc7gdL8krlQj9hgbOEIExGqHwwWpMp4cwaW7NU/PDnqPQEMmaq1ipASNbm8GP8yR/Gi6XOvNFbTQbl3jwiUAoLj7NIrEXAmTpZNsLJSTtTwMdyvfhVpG3HPRoCHgFp2mh26rsad6u11rlMWK6kZ5LcD9MlPunGhWZz3gpjLlb+CdHca+FdX7Wc0KSaRdqWxFZ2LO/scJisdDmO9XV9g1EaEh+3DQRXpBNKhrMae9C8HsbHWZfxRVX3NQdZzb6APEsj2bkj95JY+ks7o9qxK+npjZkKrmRx7ttAPEiEQqTaqj7rISYxdp/TOX1iwIZdzr5m4JBbKczwe5q1abBvX9nyPvXETmU+tIzTHheRjwr1Ur7vCcdzyhNvbKzPQDORFS/twJFH9BsDL6JGPPJGsnOg53AzftBUvFWEVdLNsBwsYFbvOA8f1XApoXZ+4RkY7hVVOBSMKO3/ADP7UEoP8A4HIH1+TjQr8i1J18n0HvNsay65iUW+zzub2nM/5hglPxD2n0NB0UgOwlPH752XR522PlnjNHuCX/DJooP/dUzXyF8j4Wtib4GqtC8TeoAGUEhegC8ukXUbRfB6CHVYq6QvzNI3CrggUqBEoLNIfRbN4IYTO0K685QsV0IVabUF0i3zThH4VBHDykDMSUwIwYJKoZIhvcNAQkVMRYEFDQeLb/2VC5Na/HIA20e4QW15fHVMDEwITAJBgUrDgMCGgUABBSIfzTQdnkXEBIpa4nKZtvr+b53MgQIuN0oShI7coACAggA</ClientCertificate>
<Passphrase>zzyrdfnt</Passphrase>
</ClientSideCredential>
</AuthenticationMethod>
</AuthenticationMethods>
<CredentialApplicability>
<IEEE80211>
<SSID>eduroam</SSID>
<MinRSNProto>CCMP</MinRSNProto>
</IEEE80211>
<IEEE80211>
<ConsortiumOID>001bc50460</ConsortiumOID>
</IEEE80211>
</CredentialApplicability>
<ProviderInfo>
<DisplayName>ti.dev eduroam</DisplayName>
<ProviderLocation>
<Longitude>12.508827499999938</Longitude>
<Latitude>49.472766396414556</Latitude>
</ProviderLocation>
<Helpdesk/>
</ProviderInfo>
</EAPIdentityProvider>
</EAPIdentityProviderList>
- eap-config format supported by geteduroam, James Potter, 06/20/2024
- Re: eap-config format supported by geteduroam, Paul Dekkers, 06/20/2024
- RE: eap-config format supported by geteduroam, James Potter, 06/20/2024
- Re: eap-config format supported by geteduroam, Paul Dekkers, 06/20/2024
- RE: eap-config format supported by geteduroam, James Potter, 06/20/2024
- Re: eap-config format supported by geteduroam, Stefan Paetow, 06/20/2024
- Re: eap-config format supported by geteduroam, Jørn Åne de Jong, 06/23/2024
- Re: eap-config format supported by geteduroam, Stefan Paetow, 06/20/2024
- RE: eap-config format supported by geteduroam, James Potter, 06/20/2024
- Re: eap-config format supported by geteduroam, Paul Dekkers, 06/20/2024
Archive powered by MHonArc 2.6.24.