Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:services:network_services:eduroam:android [2019/02/12 08:00]
tkoerme
en:services:network_services:eduroam:android [2019/06/28 11:30] (current)
0spohl
Line 1: Line 1:
-====== eduroam mit Android =====+====== eduroam mit Android ​(4.4.4+)===== 
 +**In order to ensure a secure eduroam configuration,​ it is strongly recommended that you set up eduroam via the CAT app using the configuration wizard (CAT tool)!**
  
-**Hint:** \\ +**Notice when changing the password of your GWDG account:** \\ 
-If you change your password for your GWDG account after setting up the eduroam profile, the password must also be changed on your Android device. ​ +If you change your password for your GWDG account after setting up the eduroam profile, the password must also be changed on your Android device. Otherwise the network connection cannot be established.
-Otherwise the network connection cannot be established.+
  
-===== Setting up the eduroam ​WLAN with the CAT tool =====+===== Setting up the eduroam with the CAT tool =====
  
-The configuration wizard (CAT app) is required to ensure secure configuration. This can be obtained from the [[https://​play.google.com/​store/​apps/​details?​id=uk.ac.swansea.eduroamcat|Google PlayStore]]. ​+1. The configuration wizard (CAT app) is required to ensure secure configuration. This can be obtained from the [[https://​play.google.com/​store/​apps/​details?​id=uk.ac.swansea.eduroamcat|Google PlayStore]]. ​
 Please pay attention to the provider information "​GÉANT Association"​. Alternatively,​ you can download [[https://​cat.eduroam.org/​eduroamCAT-stable.apk|APK]] directly from DFN.  Please pay attention to the provider information "​GÉANT Association"​. Alternatively,​ you can download [[https://​cat.eduroam.org/​eduroamCAT-stable.apk|APK]] directly from DFN. 
  
-After you have installed the "​eduroamCAT App", open the app and select the eduroam profile ​for the **University of Göttingen and GWDG**. If your institute ​has set up its own profile file on the "​GÉANT Association"​ page, use it.+2. After you have installed the "​eduroamCAT App", open the app and select the eduroam profile ​of your institute. Employees and students of the University of Goettingen please choose ​**University of Goettingen**. Users with a GWDG account please select **GWDG Goettingen**. If your institution ​has set up its own profile file on the "​GÉANT Association"​ page, please ​use it. 
  
-1.1. If the location service is activated in your telephone ​and you are currently in Goettingen, the **University of Göttingen ​and GWDG** ​should be displayed ​on the start page  +3.1. If the location service is activated in your phone and you are currently in Goettingen, ​you should see the **University of Goettingen** ​and the **GWDG Goettingen** under "​Configurations in the Surroundings" ​on the start page of the app. Alternatively,​ you can enter the **University of Goettingen** or the **GWDG ​Goettingen** in the app on the start page via "​Manual Search"​. Users with a GWDG account should then select **GWDG Goettingen**. A summary of the configuration file will now appear. To install, click on the "​Install"​ button
-of the app under "​Nearby Configs"​Please use this button to download and install ​the profile via the user group **Universität Göttingen und GWDG**.+
  
-{{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_01.jpg?300 |}}+{{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_15.jpg?300 |}}
  
-{{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_03.jpg?300 |}}+{{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_08.jpg?300 |}}
  
-1.2. Alternatively,​ you can enter "GWDG Goettingen"​ in the app on the start page via "​Manual Search"​ in order to download and install the profile file via the  +3.2. Another possibility is to download the profile file from the download page via a direct link [[https://​cat.eduroam.org/​| here]].  
-organisation **GWDG Göttingen** and further via the user group **Universität Göttingen und GWDG**.  +After downloading via the button, select your institute from the "​Organisation"​ menu. For eduroam users with a GWDG account, the organization is called **GWDG Göttingen**. Then use the button to select the desired Android version. ​
- +
-{{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_00.jpg?​300 |}} +
- +
-{{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_03.jpg?​300 |}} +
- +
-1.3. Another possibility is to download the profile file from the download page via a direct link [[https://​cat.eduroam.org/​?idp=5055| here]].  +
-After downloading via the button, select your institute from the "​Organisation"​ menu. For eduroam users with a GWDG account, the organization is called **GWDG Göttingen**. Then select ​the user group **Universität Göttingen und GWDG** and the desired Android version ​via the lower button.+
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_07.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_07.jpg?​300 |}}
Line 34: Line 26:
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_03.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_03.jpg?​300 |}}
- 
-2. Now confirm the message with "​Weiter"​. 
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_04.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_04.jpg?​300 |}}
- 
-3. Now press "​DOWNLOAD"​. 
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_05.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_05.jpg?​300 |}}
- 
-4. Then select "​OPEN"​. 
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_06.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_06.jpg?​300 |}}
- 
-5. A summary of the configuration file opens. Now press the "​Install"​ button. 
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_08.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_08.jpg?​300 |}}
  
-6. Confirm with "​Yes"​ that you want to install the profile.+4. Confirm with "​Yes"​ that you want to install the profile.
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_09.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_09.jpg?​300 |}}
  
-7. Then enter your [[en:​services:​network_services:​eduroam:#​username|username]] and password. Then continue with "​Install"​. ​+5. Then enter your e-mail address and password. Use the e-mail address according to the [[en:​services:​network_services:​eduroam:#​username|table Username]] in the Username section of this article Then continue with "​Install"​. ​
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_10.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_10.jpg?​300 |}}
  
-8. Finally, the device settings for the installed profile are displayed. ​+6. Finally, the device settings for the installed profile are displayed. ​
  
 {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_11.jpg?​300 |}} {{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_11.jpg?​300 |}}
  
-READY! +Please **do not delete** the eduroam CAT-Tool after completing the installation,​ otherwise the eduroam profile will also be deleted!
  
 =====Manual eduroam configuration===== =====Manual eduroam configuration=====
  
 <WRAP center round important 80%> <WRAP center round important 80%>
-Please use the CAT-App , Android can not be configured ​manually for optimal ​connection ​security.+**Please use the CAT-App ​to ensure a secure configuration!** 
 +</​WRAP>​ 
 + 
 +Only perform the manual configuration if it is not possible to configure an eduroam connection using  
 +[[de:​services:​network_services:​eduroam:​android| CAT (Configuration Assistant Tool)]]. These instructions show how to configure the Android OS release mobile device settings to establish eduroam connection manually.  
 + 
 +====Instructions for installing the root certificate for WLAN use==== 
 +In order to establish a secure connection with eduroamit is necessary to have the root certificate loaded and installed. Although the certificate is already included in Android, it is used by default only for VPN and applications,​ but not for Wi-Fi. For this purpose it must be reinstalled. Make sure you have set up an Internet connection by going to the Settings under "​Wireless & networks"​ and selecting "​Wi-Fi"​ or "​Mobile data". Please note cellular data may cause additional costs depending on your provider.  
 + 
 +**Download certificate** \\ 
 +You can download the current root certificate for „T-Telesec Global Root Class 2“ (valid until Oktober 1, 2033) using following [[https://​pki.pca.dfn.de/​dfn-ca-global-g2/​pub/​cacert/​rootcert.crt | link]] and then install it on your device. 
 + 
 +A link is also available at [[http://​android.gwdg.de| android.gwdg.de]] in the category "​Schnellzugriff"​ -> "​Root-Zertifikat herunterladen"​. 
 +Alternatively,​ you can first download * .crt file to your PC and then transfer the file using e.g. USB cable to your Android device. 
 + 
 +**Install certificate** \\ 
 +Now you are ready to install the CA certificate on your device. Go to the download folder in the file manager (Explorer) and tap the certificate file. If you have no screenlock set so far, you will be prompted to set up a trusted screenlock for your device. The system will redirect you to the device'​s security settings for setting up a screenlock. In the "Name the Certificate"​ dialog, you assign a name to the certificate. For the eduroam connection, select **Wi-Fi** or **WLAN**. For apps and VPN connections,​ select **VPN and Apps**. Finally, tap **OK**. 
 + 
 +{{ :​en:​services:​network_services:​eduroam:​android:​ca_certificate.png?​200 |}} 
 + 
 +**CA certificate Installation using Barcode Scanner** \\ 
 +Select the QR Scanner or Barcode Scanner App from your device. If you do not have a Barcode scanner on your device, you can install it via Play Store. Scan one of the following QR codes and open the detected link in browser. 
 +|[[https://​www.pki.dfn.de/​fileadmin/​PKI/​zertifikate/​T-TeleSec_GlobalRoot_Class_2.crt| T-Telesec Global Root Class 2]]| \\ 
 +{{:​de:​services:​network_services:​eduroam:​android:​telekom-root-zertifikat.png?​200|}} | 
 + 
 + 
 +Install the certificate file by choosing the name and purpose. After confirming your entries, you will receive a pop-up message indicating that the certificate has been successfully installed. 
 + 
 +===Note when deleting a WLAN profile=== 
 +The root certificate must be reinstalled after deleting a wireless profile that used the certificate. Please note that for some Android devices it is not possible to reuse a name that has already been assigned. If necessary, delete an existing eduroam Wi-Fi profile in order to properly configure the certificate verification. To delete or edit a Wi-Fi profile, tap and hold on the existing Wi-Fi profile and select the option to remove from the context menu.  
 + 
 +{{  :​en:​services:​network_services:​eduroam:​android:​android_eduroam-install_eng_13.jpg?​200 ​ |}} 
 + 
 +==== Manual eduroam configuration guide ==== 
 +**Please note that the menu navigation of different Android devices (depending on the manufacturer) may differ slightly.** 
 + 
 +If you are in the reception area of the eduroam WLAN network, tap -> **Settings** → **Connections** → **Wi-Fi** to select the **eduroam** network. To display the available networks, your Wi-Fi must be activated. In a new window, you will be prompted to enter the **eduroam configuration parameters** (see [[en:​services:​network_services:​eduroam:​android:#​eduroam_configuration_table| eduroam configuration table]]).  
 + 
 +The screenshot for the network settings shows the login data for a GWDG account as an example.  
 +As "​Identity"​ enter your username according to the table in the section [[en:​services:​network_services:​eduroam:#​username|Username]].  
 +Please enter **eduroam@gwdg.de** as "​Anonymous identity"​. Some Android devices expect the domain to be entered. Please enter **eduroam.gwdg.de** here. Once the correct information has been entered and confirmed, the connection to the eduroam Wi-Fi network is established permanently.  
 + 
 +{{ :​en:​services:​network_services:​eduroam:​android_eduroam-install_eng_12.jpg?​200 |}} 
 + 
 +If you are out of range of the eduroam Wi-Fi network, you can set up eduroam ​manually ​via -> **Settings** → **Connections** → **Wi-Fi** → **Add network**. ​ In the window that opens, you will be asked to enter the  
 + ​[[en:​services:​network_services:​eduroam:​android:#​eduroam_configuration_table| eduroam configuration parameters]] (see also the screenshot ​for the network settings). 
 + 
 +{{ :​en:​services:​network_services:​eduroam:​android:​android_eduroam-install_eng_14.jpg?​200 |}} 
 + 
 +==== eduroam configuration table==== 
 +| **Network name** \\ (please type in using lowercase) ​       | eduroam ​                                                        ​| ​                                                                                                                                                                                                                 
 +| **Security** ​                                                                         | 802.1x EAP                                                    | 
 +| **EAP Method** ​                                                                  | PEAP                                                             | 
 +| **Phase 2-Authentifizierung** ​                                             | MSCHAPV2 ​                                                  | 
 +| ** CA certificate** \\ (see [[|Root certificate]]) ​                      | T-Telesec Global Root Class 2 \\ (valid until Oktober 1, 2033)  | 
 +| ** Identity** \\  (see section [[https://​info.gwdg.de/​docs/​doku.php?​id=en:​services:​network_services:​eduroam:​start#​username| Username]]) ​ | your username ​                                                  | 
 +| ** Anonymous identity** \\            | eduroam@gwdg.de ​                                      | 
 +| **Password** ​                                                                                                                    | The same password as you use for logging into the GWDG portal. You can tick "Show password"​ checkbox, if you wish to check the password is entered correctly. ​                                                                  || 
 + 
 + 
 +=====Update the Wi-Fi password after changing the GWDG account password===== 
 +**Note:** Update your WiFi password on your Android device after changing password for your account. If you have changed the password or entered an incorrect one, an "​authentication problem"​ will occur. To do this, navigate to "​eduroam"​ as described above. 
 +Tap and hold the saved network eduroam to delete or change ​connection ​settings. Select "​Manage network settings"​. 
 + 
 + 
 + 
 +=====Storage of the Wi-Fi password ===== 
 + 
 +Android devices offer the backup of data at Google. This allows extensive personal data, including the WLAN password, to be stored unencrypted on Google servers. This function is activated by default in a Google account that has been set up.  
 + 
 +According to the university'​s password policy, passwords may not be passed on to third parties. Therefore this option must not be activated when using the GWDG identifier for eduroam. You can deactivate this option in the Anroid settings.  
 + 
 +  
 +<WRAP center round important 85%> 
 +According to  [[http://​www.uni-goettingen.de/​de/​59845.html | the university'​s password policy]] , passwords may not be passed on to third parties. Therefore this option must not be activated when using the GWDG identifier for eduroam. You can deactivate this option in the Anroid settings
 </​WRAP>​ </​WRAP>​
  
 +As an alternative backup solution can be e.g. the App Helium may be used (check German article in “GWDG-Nachrichten” [[https://​www.gwdg.de/​documents/​20182/​27257/​GN_03-2015_www.pdf#​10| Helium Backup für Android]] ). The App Helium does not require system route and can backup data encrypted. ​