The eduroam AU AdminTool web application provides an interface for administrators of national federation member institutions to maintain the data that is necessary for participating in the national and global eduroam federation.
Administrators log in using SAML authentication, predominantly via the Australian Access Federation (AAF). Institutions either are participants of the AAF, have their own SAML IdP trusted by AARNet's Conext instance, or have accounts in the AAF Virtual Home Organisation (VHO).
Authentication and authorization is carried out through the Shibboleth SP component of the eduroam AU AdminTool.
The following attributes are required for institutional administrators and must be released by their home IdP to the AdminTool SP:
|eduPersonPrincipalName||Provides a string that uniquely identifies an administrator in the management application.|
|The e-mail address (one or more) of the administrator. It is used for notifications from the management application. It may also be used for further communication, with prior consent.|
|givenName (optional)||The person's first name.|
|sn (optional)||The person's last name.|
Once attribute release is setup properly an administrator can login to the management application.
After the first login, administrators are asked to associate their account with the institution they want to manage. Their choice must then be ratified by the the eduroam AU National Roaming Operator administrator of the eduroam AU AdminTool. Following that, they will be notified through e-mail and they will then be able to start using the management application.
In addition to communicating institutional deployment information to the NRO and eduroam users, a subset of the data provided by administrators through the management application is made available to the global database for publication on the global eduroam website, to configure the eduroam Configuration Assistant Tool, and for use by the eduroam Companion mobile application. The XML files generated for this purpose are not publicly accessible as they contain personal contact information of institutional eduroam administrators.