Home » Identity and Access Management: CAF » CAF Support

CAF Support

Network Operations Centre

For network outages and scheduled maintenance please visit our Network Support page.

Troubleshooting for Administrators

planet with links to every country

Canadian Access Federation (CAF) is a member of eduroam, the global Wi-Fi federation available in more than 65 countries.

To connect your institution to eduroam, you need to:

  • configure your 802.11 wireless infrastructure to enable the “eduroam” SSID with WPA2/AES encryption and 802.1X authentication (typically using PEAP or EAP-TTLS)
  • integrate with your identity management infrastructure
  • create a public support web page, and
  • RADIUS proxy your .ca domain between your institution and the eduroam operator
  1. Problem: eduroam works on-site, but users who leave your site fail to sign on to eduroam when traveling.
    Recommendation: Ensure the authentication for the eduroam SSID fails for ‘bare’ netiIDs. Even though it may appear convenient to accept a bare netID as a valid authentication locally (i.e., no realm/domain after the @ sign of the user), this creates a false positive for eduroam operations locally and abroad will always fail since the realm hint on where to route the bare netID is absent.
  2. Problem: Central RADIUS server appears unreachable
    Recommendation: Make sure your firewall rules are current for your port and IP space. If you NAT the addresses for your RADIUS server(s) you need to provide the NAT’d addresses to CANARIE. RADIUS authentication travels over UDP, and failures at the recipient end sometimes appear as failures local to the institution. This is due to the fact that the endpoint on the proxying target fails to respond or there is a certificate mismatch or the end user fails to accept the certificate being offered.
  3. Problem: End user is only able to log into eduroam if “Check SSL certificate validity” is disabled on the Windows platform.
    Recommendation: This is a sign that the SSL certificate configuration on the RADIUS environment is not 100% properly configured. This should be fixed immediately

eduroam Documentation

All eduroam documentation is available at www.eduroam.org.

Related Resources

View technical documentation and access message boards: collaboration.canarie.ca/elgg/groups/profile/180/caf