Library items tagged:

Released 1st April 2021 Updated 16th April 2021 This advisory applies to all organisations providing a Home (IdP) service who wish to support users on Android 11 devices. A number of issues have arisen simultaneously which have resulted in a complex situation which requires a careful response from member organisations to avoid user disappointment. The recommended actions are summarised at the bottom of this page. Contents:
May 2016 - 10/05/2016 This advisory applies to any member organisation that operates an ORPS that is configured to send RADIUS accounting packets to the NRPS. Originator: Edward Wincott Scope
Buried in the historic mail archives (and likely in some older eduroam documentation) are advisories concerning the type of RADIUS certificate that eduroam(UK) participants should be using.  Basically, do not use MD5 certificates. For some time now, MD5 has been deprecated and over the past few years Operating Systems have been dropping support for such certificates. e.g.  (since iOS 5 MD5 certs are only valid for CA certs not server certs)
Announcement regarding Windows Mobile 8 and 802.1X authentication with certificate validation Best practice is that clients must be configured to trust/verify the CA that signsthe RADIUS server that presents during an 802.1X authentication - a major securitypin for eduroam is this trust/check. It has been noted that Windows Mobile 8 (WM8) devices would not authenticate the userif this 'verify' option was chosen.
Status-Server (RADIUS Code Type 12 packet) uses RFC 5997 - - to deliver a method of one RADIUS server or client to know the status of an upstream or downstream server. 
eduroam(UK) Advisory: EAP server certificate considerations (July 2020)
Introduction With the introduction of iOS 14 and Android 11, MAC address randomisation will become more prevalent and will have some implications for our eduroam(UK) members.  History Starting with iOS 8 and Android 8 mobile device operating system vendors started using randomised MAC addresses while scanning for wireless networks. These pre-association MAC addresses were random at every sweep. This was a step towards ensuring user devices could scan for wireless networks without being tracked.
Click on item and scroll down to the selected content at the bottom of the page. Advisory: Android 11 configuration issues, geteduroam, server certificates   Advisory: Implications of MAC address randomisation on eduroam(UK) members (Nov 2020)
Created: 09/09/2020 Last Reviewed: 24/09/2020 This statement applies to web site which is the management portal for subscriber organisations to the Jisc eduroam Visitor Access service.