with the eduroam Configuration Assistant Tool (CAT)
What is CAT?
eduroam CAT is the eduroam Configuration Assistant Tool. Its purpose is to support you, an eduroam Identity Provider administrator, by allowing you to generate customised eduroam installers for various platforms. The customisation includes your IdP’s name, location and logo, contact details for your helpdesk, and of course the RADIUS settings which users need to uniquely identify your IdP when roaming. The installers can be produced in many languages; that way, you can even offer your users an installer in their native language! Further to that, eduroam CAT can also assist you in debugging your own RADIUS setup by comparing your inputs to the actual behaviour of your setup in the eduroam infrastructure.
I would like to…
Setup CAT at my organization
Find resources to promote CAT to our staff and students
Learn about Monitoring + Enforcement of CAT
FAQ
How do I secure eduroam on my device?
You must install the eduroam Configuration Assistant Tool (CAT) to maximize the security of your eduroam connection. CAT is a critical configuration component that optimizes the security settings on your device to encrypt your eduroam authentication. It protects you from risks associated with public Wi-Fi hotspots, including man-in-the-middle attacks that result in snooping and data capture.
Email [email protected] to request access to the eduroam CAT configuration portal.
Your institution’s primary technical contact will be provided an invitation to access the cat.eduroam.org site. Technical instructions to configure the CAT profile for your institution can be found here.
Information required to complete the configuration will be sent to you, including guidance on how to monitor usage and techniques for enforcement.
The CAF team can help you through the CAT implementation process.
Send your questions to [email protected] and/or contact us via Slack #eduroam-cat-profile.
Why is enabling Anonymous Outer Identity important?
eduroam CAT profiles ensure that users are protected against rogue wi-fi hotspots accessing usernames and passwords.
The eduroam CAT tool is available for administrator at cat.eduroam.org. The eduroam Configuration Assistant Tool (CAT) has been developed to help organizations offering their users eduroam access. The tool builds customised installers for a range of popular PC and smartphone platforms and enhances the security for the end user.
How do I mitigate an Evil-twin EAP Hammer Attack in eduroam?
We strongly recommend that institutions participating in the Canadian Access Federation have a security (Configuration Assistant Tool, or CAT) profile with the ‘Enable Anonymous Outer Identity’1 option selected and that they use this tool, as noted in the implementation documentation, to install eduroam on all user devices.
This tool ensures that all devices are using the correct security certificate and will prevent username compromise.
Email [email protected] to request access to the eduroam CAT configuration portal.
Your institution’s primary technical contact will be provided an invitation to access the cat.eduroam.org site. Technical instructions to configure the CAT profile for your institution can be found here.
Information required to complete the configuration will be sent to you, including guidance on how to monitor usage and techniques for enforcement.
The CAF team can help you through the CAT implementation process.
Send your questions to [email protected] and/or contact us via Slack #eduroam-cat-profile.
Best practices suggest that eduroam be deployed at an organization using eduroam CAT profiles. eduroam CAT profiles ensure that users are protected against rogue wi-fi hotspots accessing usernames and passwords.
The eduroam CAT tool is available for administrator at cat.eduroam.org. The eduroam Configuration Assistant Tool (CAT) has been developed to help organizations offering their users eduroam access. The tool builds customised installers for a range of popular PC and smartphone platforms and enhances the security for the end user.
This document specifically touches on the use of anonymous outer IDs with CAT profiles and the configuration required to use anonymous outer IDs with Microsoft’s Network Policy Server (NPS). For complete information on these topics see vendor product documentation.
Please use the unique outer identity assigned to each organization by the Canadian Access Federation. CAF will use the unique outer identity to determine if systems have a legitimate CAT profile installed. If you do not know your assigned outer ID, please request it by sending an email to [email protected].
