eduroam architecture

eduroam technology is based on 802.1X standard and a hierarchy of RADIUS proxy servers.

Every membre institution has an Identity Provider RADIUS server (IdP) which processes authentication requests for its own users. The IdP RADIUS server is connected to the Federation-Level RADIUS server (FLR) which is used in order to gateway authentication and accounting requests between eduroam IdPs member sites. In Morocco, The FLR is managed by MARWAN.

The FLR is in turn connected to the international Top-Level RADIUS server (TLR) which has a list of connected FLR servers and the associated realms. The format of usernames used is ‘user@realm’; where realm is the institution’s DNS domain name; the RADIUS servers can use this information to route the request to the appropriate next hop in the hierarchy until the home institution is reached.

An example of the eduroam infrastructure is shown on the image below.