It is important that end-user devices are configured to authenticate their home institution RADIUS server.
If this doesn’t happen e.g. if authentication is manually turned off in the end-user device configuration, or a user doesn’t check certificate details when asked to validate a newly seen certificate, then the user is at risk of having their eduroam session or credentials (if using PAP authentication) compromised by a ‘rogue’ access point/RADIUS server.
In order to assist institutions in standardising ‘best practice’ end-device configuration, the eduroam Global Operations Team hosts an “eduroam Configuration Assistant Tool” (CAT).
The eduroam CAT obtains the majority of institutional eduroam deployment data from the Global eduroam database, which in turn is populated based on information entered into the eduroam AU AdminTool, however it does require some configuration by institutional eduroam administrators (e.g. institutional RADIUS server certificate).
There are 3 target user groups for eduroam CAT, with usage guides for end-users and institutional admininistrators linked below:
Please refer to the linked documents for further information.