This is an old revision of the document!
Hotspot 2.0/Passpoint User On-boarding
- One of the make or break items of a Hotspot2.0 deployment is the ease to onboard users.
- The initial Hotspot 2.0 standard included Online Signup functionality (OSU)
- This included a Signup Server which used XML and SOAP to communicate between it and the client's WiFi supplicant.
- If you think Hotspot 2.0 never took off, the OSU functionality became the ultimate item that never took off.
- The more recent revisions of Hotspot 2.0 have thus removed the OSU feature all together.
Simplicity is king
- A simpler approach is the way OpenRoaming does things via a portal. (https://www.openroamingconnect.org/)
- User registers on the portal.
- During registration, the system creates a RADIUS user that can be used with WPA2 Enterprise authentication.
- User can log in on the portal where they are given the options to download and install Hotspot 2.0 profiles that are tailor made to a preset Hotspot 2.0 configuration and for a specific operating system.
- Items that can be tweaked are:
- Realms
- NAI Realms
- RCOIs
- Authentication method
- Allowed CA.
Rd-Connect
- We do something similar to the OpenRoaming Portal with Rd-Connect.
- Rd-Connect is a work in progress with extended functionality in mind in MDU deployments that uses a combination of Private PSK and Hotspot 2.0.
- We currently have the following functionality / options
- Choice to install as an mobile app on Android and Apple.
- User registration
- Password management
- Hotspot 2.0 Profile download and install for
- Android
- Apple
- Rd-Connect allows you to specify your own:
- Hotspot 2.0 Domain
- NAI Realms
- RCOIs
- Certificate Authority and allowed FQDN for EAP Certificates