Existing Campus Wireless Authentication
Campus |
Wireless Authentication "Portal" |
Backend Authentication System |
Information Requested of Guest Users |
How Authorization Decision Is Made |
Do your IdP assert the "member of community" affiliation? If so, how is it defined? |
---|---|---|---|---|---|
UCB |
locally designed and supported web-based captive portal |
"CalNet": campus auth'n system based using Kerberos |
ephemeral login name and password, created by sponsor |
must be sponsored by a faculty or staff member |
|
UCD |
Aruba |
Kerberos |
Name, e-mail, phone, and password are required. Title, organization and address are also requested. The sponsor must login to access the registration page. |
Must be sponsored by a UCD faculty or staff member. The guest access is good for 7 days but may be renewed for up to 30 days. |
|
UCLA |
Web-based interface of Aruba wireless controllers; will migrate to locally developed web-based interface with Shibboleth implementation. New web interface communicates with controller via vendor provided API. |
RADIUS interface to UCLA Logon ID system |
Name, e-mail address, and phone number of guest and sponsor |
Faculty and staff may sponsor guest accounts via http://www.bol.ucla.edu/services/accounts/info/guest.html |
UCLA asserts eduPersonAffiliation and eduPersonScopedAffiliation values. Right now, we can assert member, affiliate, employee, and student. |
UCR |
Unencrypted: Cisco Webauth (with custom portal page), Encrypted: WPA2-Enterprise PAP |
RADIUS to LDAP (via IDEngines Appliance) |
Library guest users have unimpeded access; those who sponsor other guests must provide name, purpose, and lifetime of guest credentials. |
(Does this question refer only to guests?) Anyone may use library guest wireless; other guests must be sponsored by faculty or computing staff; all other campus affiliates have access. |
|
UCSD |
|
|
|
|
|
UCSC |
Unencrypted: Clean Access capture portal. Planning to migrate to a new lightweight WAP solution in a few months that may replace Clean Access. |
Unencrypted: RADIUS to Kerberos |
Unencrypted: Portal Guest button offers limited functionality to wireless. Divisions/Users may request temporary sundry accounts. |
Guest button is automatic. Campus account management team grants sundry accounts. Note: Sundry accounts provide access to more than just campus wireless. |
We do not currently assert this value. |