SlideShare a Scribd company logo

Adding OpenRoaming to existing IDP and roaming federation service

Radiator Software, profile picture
Radiator Software

This document discusses Radiator Software's experience adding OpenRoaming to their existing roam.fi Wi-Fi roaming federation and Radiator Auth.Fi enterprise Wi-Fi identity provider service. It took approximately 22.5 hours of work time to configure both the identity provider and roaming service for OpenRoaming. The process involved adding new Radiator instances for identity provider and roaming functionality and configuring RADIUS attributes and certificates. Next steps include encouraging more organizations to try OpenRoaming and gradually transitioning to RADIUS over TLS connections.

Technology
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Adding OpenRoaming to existing IdP and roaming federation service first deployment experiences
Radiator Software: Who we are? ● One of the few commercial RADIUS, RADSEC, Diameter, TACACS+ software vendors – Radiator ● SIM authentication (with IMSI privacy), Policy&Charging and other operator oriented extension packs for Radiator ● Small scale RADIUS, Wi-Fi Roaming as a Service service provider (Radiator Auth.Fi, roam.fi, eduroam Finland (since 2004) etc.) ● In March 2023 it will be 25 years from the first release of Radiator
Adding OpenRoaming to … ● roam.fi regional Wi-Fi roaming federation service ● Radiator Auth.Fi – Enterprise Wi-Fi IdP as a service ● The first deployment experiences
roam.fi Regional Wi-Fi roaming service
Roam.fi – regional Wi-Fi roaming federation ● Started in 2006 as a Langaton Tampere (Wireless Tampere) Wi-Fi community network ● Based on eduroam architecture and technology, but open for all ● Centralised RADIUS hierarchy with each organisation joining with their own Wi-Fi network and RADIUS server ● Rebranded as roam.fi when the roaming coverage expanded outside Tampere and neighbouring cities to Finnish cities like Seinäjoki and Vaasa. ● Nowadays used actively especially in Tampere Region for education, municipal work, guests, tourists, university people etc.
Radiator Auth.Fi Enterprise Wi-Fi as a service Redundant roam.fi RADIUS service in public cloud Roam.Fi Architecture Tampere University RADIUS Other customers connecting via RADIUS, e.g. City of Seinäjoki, Seinäjoki education etc. Default RADIUS route for all roam.fi members, but no own default RADIUS route RADIUS RADIUS RADIUS RADIUS Customers are used to connect via RADIUS, getting them to use RadSec will not happen very quickly and easily. One question is that should RADIUS connections be allowed and do we need to send Accounting for Settlement-Free OpenRoaming.
Radiator Auth.Fi Enterprise Wi-Fi as a service Redundant roam.fi RADIUS service in public cloud Adding OpenRoaming to Roam.Fi Tampere University RADIUS Other customers connecting via RADIUS, e.g. City of Seinäjoki, Seinäjoki education etc. RADIUS RADIUS RADIUS RADIUS Adding OpenRoaming to Roam.Fi was as simple as adding two more Radiator processes and setting them as roam.fi’s default RADIUS route for unknown realms. Now any roam.fi member can try OpenRoaming just by adding OpenRoaming Settlement-Free RCOIs to their Wi-Fi network beacon advertisement. OpenRoaming roaming partners OpenRoaming roaming partners
Next steps ● Getting the largest roam.fi organisations to try OpenRoaming and broadcast OpenRoaming RCOIs ● Convince the organisations to take OpenRoaming into production => make it a roam.fi production service ● Switching gradually to RadSec connections with organisations that can deploy it ● Some minor configuration for RADIUS attributes, certificate CRLs, 3gppnetwork.org realm
Radiator Auth.Fi Enterprise Wi-Fi IdP as a Service
Radiator Auth.Fi Radiator Auth.Fi is a RADIUS based Wi-Fi authentication cloud service for authenticating network users and guests. It provides a RADIUS based user authentication as a service mainly for Wi-Fi, but can be used also for wired 802.1X or even RADIUS based VPN authentication. Entry requirement is a RADIUS capable Wi-Fi controller and access points – no new hardware is needed for enterprise-level WPA2/WPA3 security for your company Wi-Fi. Radiator Auth.Fi includes RADIUS servers, but can also be integrated with customer RADIUS servers for additional control. Subscription based service is delivered from the Google Cloud. Regional service endpoints are added based on demand. Radiator Auth.Fi is designed to work with RADIUS roaming federations such as eduroam and govroam. Optional add-ons include client certificate authentication and self-service guest access solution and roaming federation integrations.
Radiator Auth.Fi for… Employees, contractors, regular users of organisation Wi-Fi Organisation’s guest Wi-Fi users Roaming users
Secured WPA2/WPA3 Enterprise Wi-Fi access
Certificate provisioning and authentication
Roaming with Radiator Auth.Fi Roaming was done bases on the Wi-Fi network name (SSID, e.g. roam.fi, eduroam)
OpenRoaming Roaming with Radiator Auth.Fi Inbound RadSec Radiator instance with Kyrio certificates was added for IdP functionality Roam.fi federation top-level Outbound RadSec Radiator instance was used for OpenRoaming connection Providing a Radiator Auth.Fi customer OpenRoaming IdP only requires enabling it in the service and adding NAPTR record to customer DNS domain. “Available now”, only minor RADIUS attribute and Kyrio certificate CRL and 3gppnetwork.org realm configuration pending.
How long did it take? ● ~22.5h in work time so far for both IdP and roaming service, but more as calendar time ● Configuration guides helped a lot and a guide is under work for Radiator as well => next deployment will require less work time ● Most of the calendar time was spent in waiting for Radiator Software to get verified by Kyrio and the delivery of certificates needed.
Thank you. Questions, Comments? Follow Radiator Software for more information… Radiator Software blog: https://blog.radiatorsoftware.com/ Twitter: https://twitter.com/RadiatorAAA Slideshare: https://slideshare.net/radiatorsoftware/ Bookings for conference calls: https://radiatorsoftware.com/contact/ / info@radiatorsoftware.com
Meet us in London 7th - 9th of November 2022 Karri Huhtanen and Heikki Vatiainen will be attending IETF 115 in London, UK on the 7th of November, but we stay in London for additional days to meet new, existing and interested customers, partners and companies. Please, contact us if you want to meet: firstname.surname@radiatorsoftware.com sales@radiatorsoftware.com

More Related Content

PDF
openroaming-and-capport-2023-01-30.pdf
Radiator Software
 
PDF
OpenRoaming and CapPort
Karri Huhtanen
 
PDF
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Software
 
PDF
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Karri Huhtanen
 
PDF
OpenRoaming -- Wi-Fi Roaming for All
Radiator Software
 
PDF
OpenRoaming -- Wi-Fi Roaming for All
Karri Huhtanen
 
PDF
OpenRoaming- A Global Wi-Fi Roaming Enabler
Hughes Systique Corporation
 
PDF
Wi-Fi Roaming Security and Privacy
Karri Huhtanen
 
openroaming-and-capport-2023-01-30.pdf
Radiator Software
 
OpenRoaming and CapPort
Karri Huhtanen
 
Radiator Portfolio Updates webinar, 8th and 10th of March 2022
Radiator Software
 
Beyond eduroam: Combining eduroam, (5G) SIM authentication and OpenRoaming
Karri Huhtanen
 
OpenRoaming -- Wi-Fi Roaming for All
Radiator Software
 
OpenRoaming -- Wi-Fi Roaming for All
Karri Huhtanen
 
OpenRoaming- A Global Wi-Fi Roaming Enabler
Hughes Systique Corporation
 
Wi-Fi Roaming Security and Privacy
Karri Huhtanen
 

Similar to Adding OpenRoaming to existing IDP and roaming federation service (15)

PDF
Future wireless - open roaming
Jisc
 
PDF
Building secure, privacy aware, quality Wi-Fi coverage via cooperation
Karri Huhtanen
 
PDF
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Karri Huhtanen
 
PDF
SIM Authentication Architectures and Interfaces
Karri Huhtanen
 
PDF
Roam.fi Wireless Community - Timo Väliharju 2.6.2017
COSS
 
PDF
SIM Authentication Architectures and Interfaces
Radiator Software
 
PDF
Building city and nationwide Wi-Fi coverage via cooperation
Karri Huhtanen
 
PDF
Building Funet WLAN Roaming, eduroam Finland and Wireless Tampere
Karri Huhtanen
 
PDF
RADIUS in Action: Securing, Monitoring and Protecting Network Infrastructure
Radiator Software
 
PDF
RADIUS in Action: Securing, Monitoring and Protecting Network Infrastructure
Karri Huhtanen
 
PDF
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
Radiator Software
 
PPTX
Are you ready for 802.11ac?
Savvius, Inc
 
PDF
Wifi pricing
University Malaya
 
PDF
Performance Measurement 02
masteryoda
 
PPT
Rwf ppt
Arturas Jonkus
 
Future wireless - open roaming
Jisc
 
Building secure, privacy aware, quality Wi-Fi coverage via cooperation
Karri Huhtanen
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Karri Huhtanen
 
SIM Authentication Architectures and Interfaces
Karri Huhtanen
 
Roam.fi Wireless Community - Timo Väliharju 2.6.2017
COSS
 
SIM Authentication Architectures and Interfaces
Radiator Software
 
Building city and nationwide Wi-Fi coverage via cooperation
Karri Huhtanen
 
Building Funet WLAN Roaming, eduroam Finland and Wireless Tampere
Karri Huhtanen
 
RADIUS in Action: Securing, Monitoring and Protecting Network Infrastructure
Radiator Software
 
RADIUS in Action: Securing, Monitoring and Protecting Network Infrastructure
Karri Huhtanen
 
TNC19 Radiator Technical Workshop -- Using Radiator to ensure better SP/IdP c...
Radiator Software
 
Are you ready for 802.11ac?
Savvius, Inc
 
Wifi pricing
University Malaya
 
Performance Measurement 02
masteryoda
 
Rwf ppt
Arturas Jonkus
 
Ad

Recently uploaded (20)

PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
KodekX | Application Modernization Development
KodekX
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Cloud computing and distributed systems.
kkkkkhan
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Ad

Adding OpenRoaming to existing IDP and roaming federation service

  • 1. Adding OpenRoaming to existing IdP and roaming federation service first deployment experiences
  • 2. Radiator Software: Who we are? ● One of the few commercial RADIUS, RADSEC, Diameter, TACACS+ software vendors – Radiator ● SIM authentication (with IMSI privacy), Policy&Charging and other operator oriented extension packs for Radiator ● Small scale RADIUS, Wi-Fi Roaming as a Service service provider (Radiator Auth.Fi, roam.fi, eduroam Finland (since 2004) etc.) ● In March 2023 it will be 25 years from the first release of Radiator
  • 3. Adding OpenRoaming to … ● roam.fi regional Wi-Fi roaming federation service ● Radiator Auth.Fi – Enterprise Wi-Fi IdP as a service ● The first deployment experiences
  • 5. Roam.fi – regional Wi-Fi roaming federation ● Started in 2006 as a Langaton Tampere (Wireless Tampere) Wi-Fi community network ● Based on eduroam architecture and technology, but open for all ● Centralised RADIUS hierarchy with each organisation joining with their own Wi-Fi network and RADIUS server ● Rebranded as roam.fi when the roaming coverage expanded outside Tampere and neighbouring cities to Finnish cities like Seinäjoki and Vaasa. ● Nowadays used actively especially in Tampere Region for education, municipal work, guests, tourists, university people etc.
  • 6. Radiator Auth.Fi Enterprise Wi-Fi as a service Redundant roam.fi RADIUS service in public cloud Roam.Fi Architecture Tampere University RADIUS Other customers connecting via RADIUS, e.g. City of Seinäjoki, Seinäjoki education etc. Default RADIUS route for all roam.fi members, but no own default RADIUS route RADIUS RADIUS RADIUS RADIUS Customers are used to connect via RADIUS, getting them to use RadSec will not happen very quickly and easily. One question is that should RADIUS connections be allowed and do we need to send Accounting for Settlement-Free OpenRoaming.
  • 7. Radiator Auth.Fi Enterprise Wi-Fi as a service Redundant roam.fi RADIUS service in public cloud Adding OpenRoaming to Roam.Fi Tampere University RADIUS Other customers connecting via RADIUS, e.g. City of Seinäjoki, Seinäjoki education etc. RADIUS RADIUS RADIUS RADIUS Adding OpenRoaming to Roam.Fi was as simple as adding two more Radiator processes and setting them as roam.fi’s default RADIUS route for unknown realms. Now any roam.fi member can try OpenRoaming just by adding OpenRoaming Settlement-Free RCOIs to their Wi-Fi network beacon advertisement. OpenRoaming roaming partners OpenRoaming roaming partners
  • 8. Next steps ● Getting the largest roam.fi organisations to try OpenRoaming and broadcast OpenRoaming RCOIs ● Convince the organisations to take OpenRoaming into production => make it a roam.fi production service ● Switching gradually to RadSec connections with organisations that can deploy it ● Some minor configuration for RADIUS attributes, certificate CRLs, 3gppnetwork.org realm
  • 10. Radiator Auth.Fi Radiator Auth.Fi is a RADIUS based Wi-Fi authentication cloud service for authenticating network users and guests. It provides a RADIUS based user authentication as a service mainly for Wi-Fi, but can be used also for wired 802.1X or even RADIUS based VPN authentication. Entry requirement is a RADIUS capable Wi-Fi controller and access points – no new hardware is needed for enterprise-level WPA2/WPA3 security for your company Wi-Fi. Radiator Auth.Fi includes RADIUS servers, but can also be integrated with customer RADIUS servers for additional control. Subscription based service is delivered from the Google Cloud. Regional service endpoints are added based on demand. Radiator Auth.Fi is designed to work with RADIUS roaming federations such as eduroam and govroam. Optional add-ons include client certificate authentication and self-service guest access solution and roaming federation integrations.
  • 11. Radiator Auth.Fi for… Employees, contractors, regular users of organisation Wi-Fi Organisation’s guest Wi-Fi users Roaming users
  • 14. Roaming with Radiator Auth.Fi Roaming was done bases on the Wi-Fi network name (SSID, e.g. roam.fi, eduroam)
  • 15. OpenRoaming Roaming with Radiator Auth.Fi Inbound RadSec Radiator instance with Kyrio certificates was added for IdP functionality Roam.fi federation top-level Outbound RadSec Radiator instance was used for OpenRoaming connection Providing a Radiator Auth.Fi customer OpenRoaming IdP only requires enabling it in the service and adding NAPTR record to customer DNS domain. “Available now”, only minor RADIUS attribute and Kyrio certificate CRL and 3gppnetwork.org realm configuration pending.
  • 16. How long did it take? ● ~22.5h in work time so far for both IdP and roaming service, but more as calendar time ● Configuration guides helped a lot and a guide is under work for Radiator as well => next deployment will require less work time ● Most of the calendar time was spent in waiting for Radiator Software to get verified by Kyrio and the delivery of certificates needed.
  • 17. Thank you. Questions, Comments? Follow Radiator Software for more information… Radiator Software blog: https://blog.radiatorsoftware.com/ Twitter: https://twitter.com/RadiatorAAA Slideshare: https://slideshare.net/radiatorsoftware/ Bookings for conference calls: https://radiatorsoftware.com/contact/ / info@radiatorsoftware.com
  • 18. Meet us in London 7th - 9th of November 2022 Karri Huhtanen and Heikki Vatiainen will be attending IETF 115 in London, UK on the 7th of November, but we stay in London for additional days to meet new, existing and interested customers, partners and companies. Please, contact us if you want to meet: firstname.surname@radiatorsoftware.com sales@radiatorsoftware.com