This is an old revision of the document!

Hotspot 2.0/Passpoint User On-boarding

  • One of the critical factors of a Hotspot2.0 deployment is the ease to onboard users.
  • The initial Hotspot 2.0 standard included Online Signup functionality (OSU).
  • This included a Signup Server which used XML and SOAP to communicate between it and the client's WiFi supplicant.
  • If you think Hotspot 2.0 never took off, the OSU functionality ultimately failed even more to gain traction.
  • The more recent revisions of Hotspot 2.0 have thus removed the OSU feature all together.

Simplicity is king

  • A simpler approach is the way OpenRoaming does things via a portal. (https://www.openroamingconnect.org/)
    • User registers on the portal.
    • During registration, the system creates a RADIUS user that can be used with WPA2 Enterprise authentication.
    • Users can log into the portal where they are given the options to download and install Hotspot 2.0 profiles that are tailor made to a preset Hotspot 2.0 configuration and for a specific operating system.
    • Items that can be tweaked are:
      • Realms
      • NAI Realms
      • RCOIs
      • Authentication method
      • Allowed CA.

Rd-Connect

  • We do something similar to the OpenRoaming Portal with Rd-Connect.
  • Rd-Connect is a work in progress with extended functionality in mind in MDU deployments that uses a combination of Private PSK and Hotspot 2.0.
  • We currently have the following functionality / options
    • Choice to install as an mobile app on Android and Apple.
    • User registration
    • Password management
    • Hotspot 2.0 Profile download and install for
      • Android
      • Apple
  • Rd-Connect allows you to specify your own:
    • Hotspot 2.0 Domain
    • NAI Realms
    • RCOIs
    • Certificate Authority and allowed FQDN for EAP Certificates

Install Rd-Connect (Server Side)

  • Rd-Connect runs on the same server as RADIUSdesk
cd /var/www
sudo git clone https://github.com/RADIUSdesk/rd_connect.git
cd /var/www/html
#For the RD-Connect Mobile UI
sudo ln -s ../rd_connect/build/production/RdConnect ./rd_connect

Configure Rd-Connect

  • Rd-Connect work as part of a RADIUSdesk deployment and rely on two items in RADIUSdesk to be configured properly in order for it to work as intended.
  • Each RADIUS Realm in RADIUSdesk has optional configuration related to Hotspot2.0/Passpoint. You need to configure the Realms → Hotspot2.0/Passpoint settings to match your environment.
  • To allow user registration we will latch onto an existing Login Page where the User Registration is already configured.
  • Once these two items have been configured we can do the last tweaks on Rd-Connect's config file for everything to work together as a unit.

Realm -> Hotspot2.0/Passpoint

  • See the screenshot below as reference.
  • If you use the FreeRADIUS sam

Rd-Connect Mobile App

  • technical/pp-connect.1753211697.txt.gz
  • Last modified: 2025/07/22 21:14
  • by system