Under the Patronage of HRH Prince Al Hassan bin Talal

The 1st International Conference on Open Source Software Computing (OSSCOM 2015)

You are here

Workshop on Joining Eduroam and Identity Federation details

- Venue: Talal Abu-Ghazaleh University (TAGI-UNI)

- Date(s): 8-10 September 2015

- Time: 8:30 - 17:00

- By:

  • Michal Prochazka





    Received his M.Sc. degree from the Masaryk University in Brno in 2009. He works at Masaryk University and CESNET mainly focusing on IT security and identity and access management area. In security area the major focus is targeted on authentication methods in distributed environments.
    Issue of federated identity and the concept of identity federations is one of his major scope within the identity management area. For three years he has been leading project Perun -- identity and access management system. He is also involved in several projects like CHAIN-REDS, MAGIC, ELIXIR and EGI. In last two projects he is a member of AAI task forces. He was helping with building the eduroam and the identity provider on Masaryk University.

  • Jan Oppolzer





    Jan Oppolzer received his bachelor's degree in electrical engineering and master's degree in telecommunications engineering from Czech Technical University in Prague. He currently works for Network Identity Department at CESNET as a member of Authentication and Authorization Infrastructure team. Among his responsibilities are running Shibboleth IdP for CESNET, operating Czech academic identity federation eduID.cz including technical support for members and developing web-based federation metadata tool to allow easy and user-friendly metadata management. He is also a steering group delegate in international interfederation called eduGAIN and a REFEDS member.

- Accomodation:

- Introduction:

The Arab States Research and Education Network in cooperation with German Jordanian University, MAGIC Project and EUMEDCONENCT3 Project will conduct a workshop dedicated for staff of National Research and Education Networks (NRENs) and Universities on:

  • eduroam: is the secure, world-wide roaming access service that allows any user from an eduroam participating site to get network access at any institution connected to eduroam.
  • Federated Access: effective and secure management of authentication and identity information to build a trusted environment where users can be identified electronically using a single identity to login and access variety of available resources and applications worldwide.
  • eduGAIN: is a service that interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community.

- Program:

 First day: eduroam

1.eduroam description

    From federation-level RADIUS server operator point of view
    From institution point of view

2. eduroam deployment

    FreeRADIUS server
    Federation-level RADIUS server
    Institutional RADIUS server

Second day: Identity Federations

1. understand how identity federation works

     From federation operator point of view
     From institution point of view

2. Federation operator

    Metadata mgmt

3. Identity provider deployment

    Shibboleth v3 IdP
    Connecting to the federation

4. eduGAIN

    How to connect

Third day: Policies

1. eduroam

    Brief description
    eduroam complience statement
    European eduroam Confederation Policy Declaration

2. Identity Federation

    Brief description
    Identity Federation Policy
    Metadata Registration Practice Statement (MRPS)

3. eduGAIN

    Brief description
    eduGAIN Policy Framework Constitution
    eduGAIN Policy Framework Policy Declaration

- Outcomes of the workshop:

Participants will have a working RADIUS and a Shibboleth server. They will be able to technically connect NREN and institution to the eduroam infrastructure. They will be able to connect institutional identity provider to the national identity federation and to eduGAIN.

Participants will have an overview of eduroam, identity federations and eduGAIN. They will be able to prepare policies and agreements which can be signed with GEANT representatives. Agreements will be signed and announced during ASREN's annual conference e-AGE 2015 in Morocco 10-11 December 2015.

- Who should attend:

  • head of IT from NREN
  • head of IT departments from institutions
  • IT administrators
  • NREN IT administrators

- Prerequisite:

  • knowledge of local legislation concerning privacy issues
  • skills in OS administration (Windows/Linux)
  • basic knowledge of PKI (Public Key Infrastructure)

- Required equipment:

First and Second day:

  • Machine with public IP and DNS hostname located at the institution and root/administrator privileges for that machine
  • Valid and trusted X.509 certificate for the machine (will be used for SSL connections)
  • Notebook
  • VirtualBox installed on the notebook for those who will not have machine at institution ready

Third day:

  • Nothing

- Registration Fees:

  • ASREN non-Members: 200 Euro
  • ASREN Members: 100 Euro

- Registration: click here