In earlier sections of OpenWiFi documentation, the association of Access Point Equipment and SSID Profiles were described.
For Passpoint® configuration, each Equipment Profile may reference multiple SSID Profiles. Within the SSID Profile, an association to RADIUS and Passpoint® Profile is made.
From the Passpoint® Profile, an Operator, Venue and multiple Identity Providers are defined.
Passpoint® via UI
Passpoint® Configuration
Cloud SDK user interface enables all Passpoint® configuration needed for live service.
Passpoint® services will combine multiple Cloud SDK Profiles.
RADIUS
Passpoint
Passpoint ID Provider
Passpoint Operator
Passpoint Venue
RADIUS Profile
Add a RADIUS Profile, specify the IP address and shared secret and port required for reachability and authentication and accounting with the defined server(s).
Operator Profile - Venue
Each Operator of Wi-Fi services or Venue must be defined.
Passpoint Operator
Passpoint ID Provider
Network Access Identifier (NAI) Realm implements all possible EAP methods for authentications. When adding EAP method, select the appropriate configuration to the deployment.
Passpoint Profile
Passpoint profile aggregates the other Operator / Venue, Identity Provider together, once joined to an SSID will be combined with RADIUS in terms of the Access Point processing logic for UE association and authentication.
Add Passpoint Profile
Associate to the SSIDs of network service:
Advertise type of IP Connectivity
Advanced settings support ANQP Domain ID, GAS Behaviors and DGAF operation
Passpoint® Postman Collection
Passpoint® via API
Cloud SDK accepts all Passpoint® configuration via API if desired. Please refer to API for additional instructions on use of Cloud SDK OpenAPI.
Open WiFi 1.0 SSIDs are mapped to a single RADIUS profile. All Authentication and Accounting will be forwarded to the RADIUS services defined in the Profile. Sub-release 1.1 supports realm-based forwarding and RADSec operations (RADIUS over TLS)
Identities
Identity Provider Profile Example: PLMN ID Based Identity
In the above example, an MNO with PLMN identifiers is configured. The result of this configuration will be a UE mobile handset learns its home network operator is available over Wi-Fi network and attempts authentication seamlessly. The MNO logo will display in the UE home screen top bar.
Identity Provider Profile Example: OI / RCOI Based Identity
In the above example, a settled roaming provider part of the OpenRoaming federated RCOI has been defined. The UE device will automatically discover this network, for many devices with existing OpenRoaming credentials will seamlessly associate to the advertised service from this Wi-Fi network.