Eduroam
eduroam
eduroam (Education Roaming)
Eduroam is a service that enables users traveling to different institutions to connect to the wireless network easily and securely, using the same login credentials from their home organization.
FAQ
FAQ SUPPORTO
Supporto utenti
Il supporto per eduroam è fornito dall'istituto di origine (ad esempio la tua università). È quindi necessario contattare l'helpdesk della tua organizzazione per assistenza nella configurazione dei tuoi dispositivi mobili (come laptop o smartphone).
Password dimenticata
Ci dispiace che tu abbia dimenticato la password. Le credenziali eduroam sono gestite dallo stesso istituto che ha generato il tuo account (ad esempio la tua università). Contatta l’helpdesk del tuo istituto di appartenenza per far cambiare o reimpostare la password.
Ho bisogno di un account edoroam
Le credenziali eduroam sono emesse dagli istituti di istruzione e ricerca partecipanti al servizio. Se il tuo istituto non supporta eduroam, rivolgiti al dipartimento IT del tuo ente di appartenenza per convincerli a unirsi a eduroam! Ecco la lista degli istituti partecipanti: https://www.servizi.garr.it/eduroam/utenti/istituti-aderenti
Guida alla configurazione di un dispositivo
È necessario contattare l’helpdesk del tuo istituto di appartenenza per ricevere assistenza. Molte organizzazioni mettono a disposizione una configurazione eduroam automatica tramite eduroam CAT. Verifica se trovi il tuo istituto tra quelli elencati.
Supporto agli istituti
Gli istituti che desiderano connettersi a eduroam e offrire l'accesso al proprio personale, agli studenti e ai ricercatori possono fare domanda seguendo questa procedura. Per eventuali richieste di informazioni è possibile scrivere a questo indirizzo: eduroam [at] garr.it.
FAQ SICUREZZA
eduroam è sicuro da usare?
eduRoam si basa sugli standard di crittografia e autenticazione più sicuri attualmente in vigore.
La sua sicurezza supera di gran lunga quella dei tipici hotspot commerciali.
eduRoam richiede l'uso di 802.1x che fornisce una crittografia end-to-end per garantire che le tue credenziali private siano disponibili solo per il tuo istituto di appartenenza (es. l’università). Ciò che conta davvero è il certificato usato dal tuo istituto di appartenenza, indipendentemente da chi gestisce l'infrastruttura.
Tieni presente, tuttavia, che quando navighi in Internet collegandoti da un hotspot eduroam, le misure di sicurezza locali di quell'hotspot si applicheranno anche a te. Ad esempio, le impostazioni del firewall nel luogo visitato potrebbero essere diverse da quelle della tua organizzazione e, come ospite, potresti avere accesso ad un numero di servizi ridotto.
eduroam utilizza un portale web per l'autenticazione
NO
Per eduRoam non sono considerati sicuri i meccanismi di autenticazione basati su portale web ( Web Portal, Captive Portal o Splash-Screen), anche se il sito web dovesse essere protetto da una connessione sicura HTTPS.
Cosa succede se una pagina web richiede il mio nome utente o la password?
eduroam non mostrerà mai una pagina web che richiede il tuo nome utente e/o password. Questo è un segno che qualcuno sta tentando di rubare la tua password: non utilizzare nessuna rete che ti chiede questo tipo di informazioni , anzi, ti invitiamo a segnalarcela a questo indirizzo: eduroam [at] garr.it.
Ho sentito dire che, in determinate circostanze, le mie credenziali universitaria possono essere rubate dagli aggressori. Di cosa si tratta?
Il modello di sicurezza in eduRoam è il risultato di uno studio ben approfondito. Le tue credenziali sono ben protette fintanto che il tuo dispositivo è configurato correttamente; in tal caso qualsiasi tipo di autenticazione utilizzato in eduRoam (PEAP, TTLS-PAP, EAP-TLS) sarà al sicuro.
Il tuo Identity Provider eduRoam (ad esempio la tua università) ti fornisce le istruzioni di installazione che consentono una configurazione corretta e sicura - la parte più critica è configurare il dispositivo affinché si fidi di una specifica autorità di certificazione (CA) e del nome del server dell’Identity Provider.
Molti Identity Provider di eduRoam forniscono programmi di installazione o file di configurazione che consentono di configurare il tuo dispositivo in modo sicuro, con un semplice processo in pochi click. Uno di questi è eduRoam CAT e l’app geteduroam controlla se il tuo istituto è tra quelli in elenco.
Utilizza i programmi di installazione e/o le istruzioni di configurazione fornite dal tuo Identity Provider eduRoam per essere al sicuro dagli attacchi.
Se non segui le istruzioni di configurazione, o nel caso improbabile che il tuo Identity Provider eduRoam non le fornisca, i dati dell'account che utilizzi per accedere a eduRoam sono a rischio di un attacco Man-in-the-Middle. Per gli Identity Provider eduRoam, non fornire istruzioni di configurazione sufficienti è contrario alla policy di partecipazione di eduRoam, per questo riceviamo volentieri eventuali segnalazioni di questi casi, a questo indirizzo: eduroam [at] garr.it.
Ci teniamo a precisare che questo tipo di problema non è specifico di eduRoam: qualsiasi rete wireless con autenticazione di tipo Enterprise, infatti, si trova nella stessa condizione.
eduroam (education roaming) is a wireless access service developed for the international research and education community.
Italian eduroam federation
The purpose of the Italian eduroam Federation is to facilitate access to theGARR network and other connected networks for mobile users (roaming users) from participating organizations (eduroam service).
The Federation is coordinated by Consortium GARR, which represents it to other federations and confederations. eduroam is a registered trademark of the GEANT Association - formerly TERENA,and stands for Educational Roaming. More information can be found at http://www.eduroam.org.
The core principles of the Italian eduroam Federation are as follows:
- Allow users from member institutions to access the GARR network (and connected networks) when visiting another participating organization. Access is provided through the host organization’s network infrastructure using their home institution’s login credentials, thanks to the eduroam service.
- Ensure the security of login credentials and the data exchanged by roaming users.
La Italian eduroam federation is a member of the European eduroam Confederation, whose rules have been signed by the GARR Consortium on behalf of the Federation.
The goal of the European eduroam Confederation is to extend internationally the services provided by national eduroam federations to their members, ensuring as much consistency as possible in usage rules while accommodating differences imposed by national regulations.
Peering with Non-Eduroam Federations
The Italian eduroam Federation can also establish peering agreements with other federations that are not part of the European eduroam Confederation but provide equivalent mobility services. In such cases, the Federation must define the peering policies to be adopted. These peering agreements do not extend to federations within the European eduroam Confederation and their related services.
Who can access eduroam?
IDENTITY E RESOURCE PROVIDER
Eduroam is available to all users from organizations that are part of the federation. It allows seamless wireless network access both within one’s home institution and at other participating organizations in Italy and around the world. Check if your institution is already a member and explore participating organizations worldwide by clicking the dropdown below.
Affiliated institutions
The INFO column displays the information and configuration pages for the service provided by your institution.
IdP and RP (Identity Provider and Resource Provider) - At these members of the eduroam federation, users can access the network using their eduroam credentials. Their users can also access the network with their eduroam credentials at all other members of the federation and confederation.
RP (Resource Provider) - At these members of the eduroam federation, users can access the network using their eduroam credentials, even though they do not provide eduroam credentials to their own users.
IDP (Identity Provider) - At these members of the eduroam federation, it is NOT possible to access the network using eduroam credentials. However, their users can access the network with their eduroam credentials at all other members of the federation and confederation.
IN PHASE OF ACTIVATION - Members in the process of activation.
To filter the results, enter the initials of your institution in the field. search
The service that allows users on the move to easily and securely access the wireless network
EDUROAM IN A NUTSHELL
eduroam (Education Roaming) is the service that allows users on the move to easily and securely access the wireless network at other organizations, using the same credentials provided by their home institution.
Students, professors, and researchers visiting an institution or organization that participates in eduroam can access the network from any mobile device and authenticate using the credentials they regularly use within their home organization.
How it works
Eduroam technology is based on the IEEE 802.1X standard and a hierarchy of RADIUS proxy servers, allowing any user from a participating institution to gain network access at any connected institution. Depending on the local policies of the visited institutions, eduroam participants may also have access to additional resources.
A Configuration Assistant Tool (CAT) has been developed to help organizations provide their users with access to eduroam. This tool, available for the most common platforms, allows you to configure your device quickly and easily.
Here you can find the configuration tool for institutions that have customized their eduroam profile. If it’s not available for your university or organization, you can consult the informational pages provided by your institution. Alternatively, you can contact your institution's Access Port Manager.
Is it secure?
eduroam is based on some of the most secure encryption and authentication standards currently available. Its security far exceeds that of typical commercial hotspots.
eduroam requires the use of the IEEE 802.1x standard, which provides end-to-end encryption to ensure that user credentials are only accessible by their home institution.
Moreover, user credentials are protected because eduroam does not share them with the site you are visiting; instead, they are forwarded to the user's home institution, where they can be verified and validated.
Unlike eduroam, authentication methods based on Web Portal, Captive Portal, and Splash Screens require you to trust their infrastructure when they receive your password in plain text, which would compromise the end-to-end encryption principles and security that eduroam offers.
eduroam will never display a web page asking for a username and/or password.
What are the benefits of eduroam for users?
The Wi-Fi roaming service eduroam is free for users, and once installed on your laptop, mobile phone, or other device, there’s no need to request temporary accounts or borrow someone else's credentials: simply turn on your device, and you should be online.
Where can I use eduroam?
Whether you are moving to campus or spending time studying or working at another research and educational institution, eduroam offers you seamless internet connectivity.
Over 10,000 hotspots are available at universities, research centers, academies, schools, and other research and educational institutions in more than 100 countries worldwide.
What about in Italy?
In Italy, eduroam is managed by the Italian eduroam Federation, coordinated by the GARR Consortium, which defines its usage rules and represents it in other federations and confederations.
What are the benefits of eduroam for institutions?
eduroam provides a single solution that meets all the mobility connectivity requirements of an institution, supporting both local users and visitors connecting to the local network, as well as users connecting to other participating networks.
Additionally, eduroam eliminates the need to provide temporary accounts, thus reducing administrative burdens, as students, staff, and researchers visiting another institution or country use the credentials provided by their home institution to access Wi-Fi services.
Identity e Resource Provider [IDP e RP]
- Identity Provider: Organizations that participate in the service by providing their users with the necessary credentials to access the network;
- Resource Provider: Organizations that participate in the service by providing the devices and network infrastructure that allow users to access the network.
Who and How
- Only institutions connected to the GARR network can join the Italian eduroam Federation as an Identity Provider (IDP) or as both Identity Provider (IDP) and Resource Provider (RP).
- Institutions, institutes, or organizations that ARE NOT connected to the GARR network can join the Italian eduroam Federation exclusively as a Resource Provider (RP).
Where and When
- If my institution is only an Identity Provider (IDP) of the eduroam federation, I will be able to connect to the Wi-Fi network of all national or international organizations that are Resource Providers (RP) of the eduroam Federation, but WILL NOT be able to do so within my own institution.
- If my institution is only a Resource Provider (RP) of the eduroam federation, all users from national and international organizations that are Identity Providers (IDP) of the eduroam federation, will be able to access the institution's Wi-Fi network.
- If my institution is both an Identity Provider (IDP) and a Resource Provider (RP) of the eduroam federation, I will be able to connect to the Wi-Fi network of my institution and all national or international organizations that are Resource Providers (RP) of the eduroam federation, and my institution will be able to grant access to all users from national and international organizations that are Identity Providers (IDP) of the eduroam federation.
Also check
- Check the map of Resource Providers (RP) and the locations where you can connect if your institution is an Identity Provider (IDP) of the eduroam federation.
- Check if your institution has joined eduroam and whether it is an IDP or RP (RP is also referred to as SP - Service Provider).
Administrative Procedures
- To join the Italian eduroam Federation as an Identity Provider (IDP) or Resource Provider (RP), or both, the same procedure outlined under "Joining Procedure" must be followed.
- Institutions, institutes, or organizations that ARE NOT connected to the GARR network can request to join only as a Resource Provider (RP).
All organizations connected to GARR can request to join the eduroam federation for free
ADMISSION PROCEDURE
Universities, research organizations, and all other scientific and academic institutions that wish to join eduroam and offer access to their staff, students, and researchers can apply for eduroam service membership by following the procedure outlined below.
How to Join
- Complete the Application Form attached to the Regulation of the Italian eduroam Federation following the instructions for completion;
- Appoint two Technical Contacts for the eduroam service, responsible for necessary interaction with GARR for the proper functioning of the service, and provide their names, contact information (phone, mobile, email) in the Application Form;
- Digitally sign the Application Form and send it via certified mail (PEC) to GARR at
garr@postecert.it . The form must be signed by the Legal Representative of the applying institution or by one of their delegates with the necessary authority (e.g., the Director of a Section/Institute in the case of an application from institutions with multiple locations such as CNR/ENEA/INFN, INAF, INGV, etc.).
Once approved, the application, countersigned by the Consortium GARR, will be sent back to the applying institution via PEC.
The data of the Technical Contact(s) provided by the institution through the application form will be processed by GARR for the purpose of providing the eduroam service.
What to do in case of a change in the eduroam Technical Contact
The Technical Contact is an important point of reference for interaction between GARR and the institution participating in the eduroam Service.
Therefore, it is the responsibility of the participating institution to promptly notify GARR of any change in the Technical Contact or update of their contact details.
The institution wishing to change its Technical Contact for the eduroam service must:
- Complete the Technical Contact Update Form in full;
- Digitally sign the Technical Contact Update Form and send it via email to
segreteria@garr.it . The form must be signed by the Legal Representative of the requesting institution or by one of their delegates with the necessary authority (e.g., the Director of a Section/Institute in the case of an application from institutions with multiple locations such as CNR/ENEA/INFN/INAF/INGV, etc.).
Upon receiving the request, GARR will update the Technical Contact information for the eduroam Service. The institution will be notified by email once the update has been made.
Acceptable Use Policy (AUP) and obligations of the participants
ACCESSO AI SERVIZI
The roaming network access service provided by the Federation is available to all end-users of member organizations, users from other federations that are part of the European eduroam Confederation, and other federations with which there is a peering agreement.
Federation members can restrict access to services provided to other federations if the policies practiced by those federations or some of their members cannot guarantee certain requirements set by Italian law or fail to meet the minimum security standards required by the Federation.
Participants in the Federation MUST inform the GARR Consortium of any access limitations they establish, as well as any changes to these limitations.
Federation members must make their Acceptable Use Policies (AUP) available to hosted users, who are required to comply with them and refrain from behaviors that violate them, even if allowed elsewhere.
Obligations of Participants
- Educate their users on respecting the AUPs of visited institutions and commit to resolving any issues caused by their users;
- Provide a secure authentication server;
- Inform guests about the methods and level of security offered;
- Guide users on how to use the service and avoid transferring technical support issues to other institutions;
- Keep logs of authentication sessions and network access;
- Report any security issues to their NREN and contribute to their resolution.
STATISTICS
source: GARR annual report 2023
NEWS from eduroam.org
For more information about the services or to request activation
eduroam configuration on Windows 7
To configure your Windows 7 device for eduroam, proceed as shown below.
eduroam configuration on Windows 10
To configure your Windowss 10 device for eduroam, proceed as shown below.
eduroam configuration on Mac OS X
To configure your Mac OS X device for eduroam, proceed as shown below.
eduroam configuration on Linux
To configure your Linux device for eduroam, proceed as shown below.
eduroam configuration on iphone
To configure your iPhone for eduroam, proceed as shown below.