Join the eduroam hierarchy
This page is for system administrators and explains how an institution can offer eduroam services to its users. If you are a user and your institution is already offering eduroam, refer to the connect page to start using eduroam.
There are two types of providers for eduroam. These are Service Provider and Identity Provider. Institutions typically are both, businesses are typically only Service Provider As a Service Provider, you offer eduroam on-premises. This allows students to automatically connect to the network and start using the internet. As an Identity Provider, you can maintain eduroam accounts that can be used among all Service Providers.
To join eduroam please read the rest of this page and the apropriate links. If you have any questions or would like to join, please contact us.
Becoming a service provider
Virtually anyone can become a service provider. Educational institutions are urged to do so, in order to give students and employees the full benefits of eduroam on-premises. Other parties are also encouraged to become service providers; having eduroam available is considered an advantage by students.
Becoming a service provider requires a registration in the national eduroam RADIUS server, which is subject to the national eduroam policy. Additionally, service providers are required to provide Sikt with an up-to-date list of service locations where the service provider offers eduroam. This can be done through edumanage for service providers that use Feide, or through firstname.lastname@example.org for other service providers. The service provider carries the sole responsibility for its infrastructure providing eduroam, Sikt can provide limited assistance, when resources to do so are available.
Becoming an identity provider
Only Norwegian institutions that are a member of Sikt AS can become identity provider in the Norwegian eduroam realm. Each identity provider is required to pay its share of the costs for external SP. This share is calculated based on the amount of potential users.
Becoming a service provider requires a registration in the national eduroam RADIUS server, which is subject to the national eduroam policy. All identity providers must provide Sikt with the following information:
- Amount of students and employees
- DNS-name and IPv4+IPv6 addresses of RADIUS servers
- Shared secret (sent via SMS)
- Contact details of technical personnell
The identity provider carries the sole responsibility for its infrastructure providing eduroam, Sikt can provide limited assistance, when resources to do so are available.
Configuring eduroam infrastructure
In order to connect to the national infrastructure,
your RADIUS server needs to be able to contact our RADIUS server.
Make sure you have provided Sikt with the correct hostnames and IP addresses,
both IPv4 and IPv6.
Also ensure that you are allowing traffic to and from our RADIUS servers,
ntlr3.eduroam.no (UDP 1812 and 1813).
For detailed technical information and examples, we refer you to
best practice documents
and Terena confluence pages
Utilities and debugging
CAT — Configuration Assistance Tool
CAT provides an easy way for users to configure their devices. IdPs are encouraged to join CAT, so that their users can configure their devices easily. The connect page on eduroam.no uses CAT as its backend. CAT can be accessed through Feide, but must be enabled per institution. Contact Feide support to enable logins at CAT. Alternatively, social login can be used.
Realmstatus helps identifying configuration problems with RADIUS servers. Once per night we try to contact your server, and check if it answers in the expected way. The results of this test are displayed on the realmstatus page.
We keep logs of users roaming via eduroam. Edudbg allows administrators of an identity provider to search these logs, in order to identify connection problems. Edudbg can only be used by institutions using Feide.
Service providers are required to provide Sikt (eduroam.no) with an up to date list of all service locations where eduroam is available. Edumanage makes this easy by providing service providers with a do-it-yourself interface for updating their service locations. Changes made in this system are immediately reflected on the eduroam websites. Edumanage can only be used by institutions using Feide. Institutions not using Feide can send updates via email@example.com.