geteduroam - Re: letswifi-portal modifications

Subject: An open discussion list for topics related to the geteduroam service

List archive

Re: letswifi-portal modifications

From: Christian Mittring <christian.mittring AT rz.uni-augsburg.de>
To: Jørn Åne de Jong <jornane.dejong AT surf.nl>, geteduroam AT lists.geant.org
Subject: Re: letswifi-portal modifications
Date: Mon, 2 Jun 2025 15:52:55 +0200

Hello Jørn,

> Great to hear! We can add the German translations you provided, is there
> a name/e-mail I can credit in the Git commit? Note that this will be
> immutable public information.

No need to add any credits from our side ;)
If needed you can use:
University of Augsburg <service AT rz.uni-augsburg.de>

I also added a updated translation.

> That's an interesting thought, I hadn't thought about that. Just so that
> I understand the question, you want to define some date ranges (April
> 01~07 and October 01~07) and you want the expiry to fall somewhere
> within the next timeslot?

Yes exactly, I do it at the moment by editing the validity field in the realms config:

'validity' => (int)round((((strtotime("now")>strtotime("01 October"))?(strtotime('+1 year', strtotime("01 April")) - strtotime("now")):((strtotime("now")>strtotime("01 April"))?(strtotime("01 October") - strtotime("now")):(strtotime("01 April") - strtotime("now"))))/ 86400)+ rand(10,30)),

(expression has some fixes) I think this is fine so far for us.

---
We also found a issue with the Android App downloaded from the Play Store. The App shows "no valid EAP Provider found".
Is there a compability issue with the beta portal?

---
With Ubuntu there seems to be a a missing value in the NetworkManager.
The "Identity filed" is empty and highligted red. If certificate CN is inserted into the Identity field connection is working fine.

Thanks

Christian Mittring

Universität Augsburg
Rechenzentrum
86135 Augsburg

Telefon 0821/598-2042
christian.mittring AT rz.uni-augsburg.de
https://www.rz.uni-augsburg.de

Am 30.05.2025 um 12:33 schrieb Jørn Åne de Jong (via geteduroam Mailing List):

On 30/05/2025 09:04, Christian Mittring wrote:

Hello Jørn,

in the last weeks we setup our radius server so I could start with first tests using the geteduroam portal and apps on real clients.

Everything is working great.

All-in-all I am verry happy with the beta branch portal.
We also started to translate it into german (the neccessary file is attached feel free to add it to your git repo), built our own branding, and did some color changes to the dark profile (it was too dark for us;) ).

Great to hear! We can add the German translations you provided, is there a name/e-mail I can credit in the Git commit? Note that this will be immutable public information.

***
--bg-color: #333333;
--text-color: #dcdcdc;
--highlight-bg-color: #444444;
***

I saw the Github issue and I have made the colours a bit brighter, it should be easier on the eyes now. But the colours you proposed seemed a bit too light and gray for me so it's still darker than what you proposed. It's up to you what you choose. :)

https://github.com/geteduroam/letswifi-portal/ issues/42#issuecomment-2917297148

If all our next client-tests are successful, we would go live with the portal at end of july.

Will the code to generate a CRL be available until july?
The Admin Portal would be a nice to have but is not necessary for us.

Yes, the code to generate the CRL is already completed, what's left is the access control mechanism and the CLI. I'm not sure I'll get it done in time before TNC but I'll have it done before July.

We are also sturggling to get a proper certificate lifetime for the certificates (especially for students).
We thought about renewing every semester (+ some random days to balance out the renewing process). Is it possible to instert such a certificate lifetime, like:

$delta2 = round((((strtotime("now")>strtotime("01 October"))? (strtotime('+one year', strtotime("01 April")) - strtotime("now")): ((strtotime("now")>strtotime("01 April"))?(strtotime("01 October") - strtotime("now")):(strtotime("01 October") - strtotime("now"))))/ 86400) + rand(10,30)); //Counting days to 01 April or 01 October (if now > 01 April) or 01 April of next year (if now > 01 October)

That's an interesting thought, I hadn't thought about that. Just so that I understand the question, you want to define some date ranges (April 01~07 and October 01~07) and you want the expiry to fall somewhere within the next timeslot? I'll add it to our ideas list, there might be other orgs interested in this as well, but I think it won't be done this year.

In the meantime you can modify src/letswifi/credential/ certificatecredentialissuer.php to add the functionality yourself.

We also realized the Windows App is generating a wifi config not only for eduroam but for uin-augsburg.de, too? Even if it is not configured.
Is this intended?

I think this is the Passpoint profile? It's created due to the "oid" field in the network in letswifi.conf.php.

<?php declare( strict_types=1 );

/*
* This file is part of letswifi; a system for easy 802.1x device enrollment
*
* Copyright: Jørn Åne de Jong <jorn.dejong AT letswifi.eu>
* Copyright: Paul Dekkers, SURF <paul.dekkers AT surf.nl>
* SPDX-License-Identifier: BSD-3-Clause
*/

return [
'de-DE' => 'Deutsch',

// Pages showing apps and profiles for different platforms
'If you cannot use the official app, you can download an installation
profile for manual installation.' => 'Keine kompatible App verfügbar?',
'There is no app available for %s.' => 'Es steht keine App für
%s zur Verfügung.',
'Download an installation profile for manual installation.' => 'Ein
Profil für die manuelle Konfiguration herunterladen.',
'Other options' => 'Weitere Optionen',
'Options for professional users' => 'Erweiterte Optionen',
'Options for other platforms and professional users' => 'Andere
Platformen und erweiterte Optionen',
'Generate a certificate for manual use' => 'Ein Zertifikat für
manuelle Konfiguration erzeugen',

// base.twig
'Language' => 'Sprache',
'Account' => 'Account',
'Login' => 'Anmelden',
'Logout' => 'Abmelden',
'Account information' => 'Profil',

// start.twig
'Welcome to %1$s at %2$s' => 'Willkommen im %1$s Portal der %2$s',
'To use %1$s at %2$s, download the app or profile for your device
below.' => 'Um mit der Einrichtung von %1$s an der %2$s zu beginnen, laden
Sie die passende App für Ihr Gerät herunter:',
'Download the %s app to configure your device.' => 'Die passende App
für %s herunterladen.',
'View apps and profiles for all platforms' => 'Alle Systeme und
Optionen anzeigen',
'login required' => 'Anmeldung erfoderlich',

// app.twig
'Apps' => 'Apps',
'All installer apps' => 'Anwendungen für alle Platformen',

// realm-picker.twig
'Realm' => 'Realm',

// profile-download.twig
'Profile download' => 'Profil herunterladen',
'Download %s profile' => 'Download %s Profil',
'Download starting' => 'Der Download beginnt in kürze...',
'Download not starting?' => 'Download startet nicht?',
'Start download' => 'Download starten',
'Use passphrase when prompted:' => 'Wird während der Installation ein
Passwort verlangt, geben Sie folgendes ein:',

// profile-advanced.twig
'Download the app' => 'Die App herunterladen',
'We recommend that you use the app' => 'Für eine komfortable
Einrichtung empfehlen wir die Nuztung der offiziellen geteduroam-App',
'Manual advanced profile creation' => 'Manuelle, erweiterte
Profilerstellung',
'Manual certificate creation' => "Zertifikat manuell erzeugen",
'Create configuration profile' => 'Konfigurationsprofil erzeugen',
'Alternatively, you can use a configuration profile' => 'Für
(noch) nicht durch die App unterstützte Systeme, oder für Experten
kann alternativ auch ein Konfigurationsprofil erzeugt werden.',
'Encryption' => 'Verschlüsselung',
'When encrypting you need a passphrase when installing' => 'Um Ihr
Konfiugrationsprofil zu verschlüsseln geben Sie im Folgenden bitte eine
Passphrase ein.',
'Passphrase is only needed during installation' => 'Die Passphrase
wird nach der erfolgten Installation nicht mehr benötigt.',
'Use the feature depending encryption support on your system' =>
'Soll die eduroam CAT App verwendet werden ist eine Passphrase zwingend
erforderlich. Für andere Konfigurationsmethoden & Plattformen achten Sie
auf die ensprechende Kompatibilität und überspringeng ggf. diese
Option.',
'Enter passphrase for encryption' => 'Passphrase zur
Verschlüsselung:',
'advanced' => 'erweitert',
'optional' => 'optional',

// error.twig
'An error occurred' => 'Ein Fehler ist aufgetreten',
'Debug info' => 'Detaillierter Fehlerbericht (Debugging aktiv)',
'Contact helpdesk' => 'Für Unterstützung wenden Sie sich
bitte an den Support.',

// me.twig
'User ID' => 'Benutzername',
'Affiliations' => 'Zugangsprofile',
'User information is not stored after you log out.' =>
'Benutzerinformationen werden nach dem Abmelden nicht gespeichert',
'User ID is connected to credentials while they are valid and short
time thereafter.' => 'Der Benutzername ist mit den Zertifikaten nur
während Ihrer Laufzeit (und kurze Zeit dannach) verknüpft.',
'Available realms' => 'Verfügbare Zugangsgruppen',
'No realms available' => 'Keine Zugangsgruppe verfügbar',
'Authorised applications' => 'Berechtigte Apps',
'No authorised applications' => 'Keine derzeit berechtigte App',
'Client ID' => 'Benutzername',
'Issued' => 'Ausgestellt',
'Expires' => 'Läuft ab',
'Revoke' => 'Widerrufen',
'Credentials' => 'Zertifikate/Profile',
'Credential' => 'Zertifikat/Profil',
'No credentials' => 'Kein Zertifikat/Profil',

// authorize.twig
'Authorize %s' => '%s Autorisieren',
'Do you want to issue a pseudo-credential?' => 'Mit Ihren
Zugangsdaten ein Profil für das WLAN-Netzwerk erzeugen und das
Gerät verbinden?',
'Approve' => 'Zustimmen',
'Why is this needed?' => 'Warum ist das notwendig?',
'Requiring a manual step prevents automated enrollment.' => 'Mit der
Zustimmung gestatten Sie der Anwendung für Sie ein Zertifikat/Profil
abzurufen. (Die Anforderung zur Zustimmung verhindert einen automatisierten
Mehrfachabruf)',
'Select your user realm' => 'Bitte wählen Sie Ihr
gewünschtes Zugangsprofil',
'Continue' => 'Fortfahren',

'apple-mobileconfig instructions' => 'Nach dem Download muss das
Profil über die Systemeinstellungen installiert werden.
Folgen Sie nach dem Öffnen den Benachrichtigungen oder wechseln in den
Systemeinstellungen zu Allgemein >
Geräteverwaltung > Heruntergeladene Profile und starten die
Installation über einen Doppelklick.',
'google-onc instructions' => 'Nach dem Download der Profildatei
folgende URL aufrufen: <a href="chrome://network">chrome://network</a>.
Anschließend die Option Import ONC
file wählen. Die Einrichtung ist abgeschlossen - Es erfolgt keine Bestätigung!',

// filenames for localised store badges
'Download from the Microsoft Store' => 'Aus dem Microsoft Store
laden',
'en-us%%20%s.svg' => 'en-us%%20%s.svg',

'Get it on F-Droid' => 'Aus dem F-Droid Store laden',
'get-it-on-en.svg' => 'get-it-on-en.svg',

'Download on the App Store' => 'Aus dem App Store laden',
'Download_on_the_App_Store_Badge_US-UK_RGB_blk_092917.svg' =>
'Download_on_the_App_Store_Badge_US-UK_RGB_blk_092917.svg',

'Get it on Google Play' => 'Aus dem Google Play Store laden',
'Google_Play_Store_badge_EN.svg' => 'Google_Play_Store_badge_EN.svg',

];

Re: letswifi-portal modifications, Christian Mittring, 06/02/2025
- Re: letswifi-portal modifications, Jørn Åne de Jong, 06/02/2025
  - Re: letswifi-portal modifications, Christian Mittring, 06/02/2025
    - Re: letswifi-portal modifications, Jørn Åne de Jong, 06/02/2025
      - Re: letswifi-portal modifications, Christian Mittring, 06/03/2025
        
        Re: letswifi-portal modifications, Christian Mittring, 06/04/2025
        
        Re: letswifi-portal modifications, Jørn Åne de Jong, 06/04/2025
        
        Re: letswifi-portal modifications, Christian Mittring, 06/10/2025
        
        Re: letswifi-portal modifications, Jørn Åne de Jong, 06/10/2025

List archive

Re: letswifi-portal modifications