An eduroam SP (Service Provider) offers eduroam WiFi to provide secure Internet access to users from the global eduroam community.

An organisation seeking to become an eduroam SP will undergo an approval process. This will take into account factors relating to the quality of service that would be provided to eduroam users, such as bandwidth capacity.

eduroam SP Architectures

The SP architecture will depend on various factors, including whether the SP also acts as an IdP.

eduroam SP + IdP

Where an eduroam SP also acts as an eduroam IdP, an option available only to organisations in the academic & research sector, their WiFi service will typically authenticate via the Radius servers that provide the IdP role. The IP addresses of these Radius servers are provided when joing the service, as described in the sections below.

Public eduroam SP

An organisation which is not a client of HEAnet services, or which is not otherwise involved in the academic sector, may become a public eduroam SP.

A public eduroam SP might require additional supports in order to join the service, as described under: Public eduroam SP Architectures

eduroam SP Obligations

The implementation of an SP service requires the SP to:
  • Engage with HEAnet to join eduroam.
  • Provide static/permanent public IP address of at least one, and preferably two, Radius servers. For those acting as a public eduroam SP, the IP address(es) will typically be of a WiFi controller(s).
  • Configure WiFi equipment as follows:
    • Support 802.1x, so that per-user authentication is enforced.
    • Broadcast an SSID of eduroam (note that SSIDs are case sensitive)
    • Use encryption of WPA2/AES only, TKIP must not be used.
    • Enable Internet access for authenticated users without requiring user interaction. This precludes the use of such things as a splash page, registration page, non-transparent web proxy, walled garden, etc.

More generally, the SP must:
  • Engage with HEAnet to join eduroam.
  • Read the Irish eduroam policy and satisfy themselves that they can comply with its requirements.
  • Retain their DHCP, and Radius, logs as per the policy.
  • Add an eduroam SP web page to their public website. It must provide general details about their eduroam WiFi service for visitors (e.g. do they filter traffic, do they support IPv6). Contact HEAnet for further details.

Information Required From eduroam SP

Following successful testing of the eduroam WiFi service, the SP must provide the following information in order to be officially registered as an eduroam SP:
  • Postal address of the SP.
  • Contact details for local IT support/Helpdesk for eduroam visitors, to include: role name, email address, phone number.
  • The URL of the eduroam SP web page mentioned above.
  • For each eduroam hotspot:
    • Contact details (role name, email address, phone number), if different to those above.
    • Postal address of the hotspot location.
    • Geographical coordinates of the hotspot location.
    • Approximate number of WiFi APs offering eduroam.
    • Is eduroam user traffic filtered/port-restricted?: Yes/No
    • Is eduroam user traffic transparently proxied?: Yes/No
    • Is NAT applied to eduroam user traffic?: Yes/No
    • Is IPv6 offered to eduroam users?: Yes/No