Support multiple profiles

[jornane]

Right now the app supports only one profile to be installed at a time. There are cases where you would have multiple profiles installed, e.g. when working at multiple institutions with eduroam, when testing IdP or when using the app for a different network than eduroam.

Additionally, the eap-config format supports multiple EAP <EAPIdentityProvider> entries in the <EAPIdentityProviderList>. I think the app currently only uses the first one. There are as far as I know currently no cases where an eap-config does contain more than one provider.

We need a GUI overhaul to support this, so this is not a priority.

[spaetow]

Yes, this would be good to have (we currently cannot test the app with our alternative config because of this). 👍

[DimitryNL]

What about migrating backend radius (servers) with same Common Name, but different certificate providers (and thus different root & intermediate certificates)? Do you need multiple profiles for this or is it possible to create an eap-profile created with eduroamCAT with both current as well as new root/intermediate certificates included?

[restena-sw]

All I can say from a CAT point of view is that the XML file which geteduroam consumes is generated with all configured root CAs of the organisation inside one profile, the code iterates over the full array of CAs:

https://github.com/GEANT/CAT/blob/release_2_0/devices/xml/Device_XML.php#L365

So, multiple profile support is not a precondition for CA rollover to be working. However, whether geteduroam extracts all the CAs (and not just the first) from the incoming XML file and marks them all as trusted, I don't know. That needs a geteduroam core dev to answer.

[pauldekkers]

Yes, that will work @DimitryNL and @restena-sw; it installs all CAs from that single CAT profile as trusted. (Multiple profiles is not a solution/will not work.)