Creating an Identity Provider Profile
A Service Provider keeps track of user subscriptions. Use an Identity Provider profile, which defines the properties pertaining to a service provider, to authenticate users using realm-based authentication and accounting services.
Complete the following steps to create an Identity Provider profile:
- From the navigation bar, select Network Control > Policies & Profiles.
-
In the Policies &
Profiles page, click the Identity Provider
tile. The Hotspot 2.0 tab is displayed. Click Add HS2.0 IDP.
Alternatively, in the Policies & Profiles page, click
Add Policy or
Profile, select the Identity Provider tile,
and click Next.
The Add Identity Provider wizard is displayed.
Adding an Identity Provider Profile - In the Network Identifier page, enter the profile name.
-
Under Provider
Settings, configure the following settings:
-
(Optional) Click Import from a Known
Identity Provider to import a pre-configured identity
provider from the list.
When you import a pre-configured identity provider, the existing configuration in the NAI Realm, PLMN, and Roaming Consortium OI tables is replaced by the new one.
-
Click Add
Realm to add an NAI realm. In the Add
Realm sidebar, enter the realm information to configure
the realm mapping to the authentication service. Enter a realm name and
choose the Encoding (RFC-4282 or UTF-8) from the list, and then
click Add.
You can add another realm by selecting the Add another Realm checkbox.
Note: Choose RFC-4282 encoding to handle user names during network authentication. Alternatively, choose UTF-8 encoding for text representation that is compatible with a broad range of languages and systems.- Click Add EAP Method. The Add EAP
Method sidebar appears. Select the EAP
Method from the list. If you would like to add
another authentication type for this EAP method, then click
Add another Auth and select the Auth
Type from the list. Enter the Vendor
ID and Vendor
Type, and then click Add.
You can add another EAP method by selecting the Add another EAP Method checkbox. You can select up to four EAP methods.
Adding an EAP Method
- Click Add EAP Method. The Add EAP
Method sidebar appears. Select the EAP
Method from the list. If you would like to add
another authentication type for this EAP method, then click
Add another Auth and select the Auth
Type from the list. Enter the Vendor
ID and Vendor
Type, and then click Add.
- (Optional) Add a Public Land Mobile Network (PLMN) Wi-Fi operator for the geographical location and a Roaming Consortium Organization Identifier (OI). For more information, refer to Identity Provider Overview.
-
(Optional) Click Import from a Known
Identity Provider to import a pre-configured identity
provider from the list.
- Click Next in the Add Identity Provider page.
- In the AAA Settings page, select a preconfigured authentication server from the list or click Add Server to configure a primary authentication server. In the Add AAA Server dialog box, add an IP address, select the port number, and enter the Shared Secret, then click Add. Optionally, click Add Secondary Server to configure a secondary authentication server.
- (Optional) For Accounting Service, toggle the switch to ON to select an Accounting Server from the list or click Add Server to configure a primary accounting server. In the Add AAA Server dialog box, add an IP address, select the port number, and enter the Shared Secret, then click Add. Optionally, you can configure a secondary accounting server and click Next.
- Under Summary, review the settings and click Add to add the Identity Provider.