Configure Passpoint Policy OSU Provider

About this task

WiNG managed clients can use Online Sign-Up (OSU) for registration and credential provisioning to obtain hotspot network access. Service providers have an OSU AAA server and certificate authority (CA). For a client and hotspot to trust one another, the OSU server holds a certificate signed by a CA whose root certificate is issued by a CA authorized by the Wi-Fi Alliance, and CA certificates are installed on the client device. A CA performs the following functions:
  • Issues certificates (creates and signs)
  • Maintains certificate status information and issues certificate revocation lists (CRLs)
  • Publishes current (non-expired) certificates and CRLs
  • Maintains status archives for the expired or revoked certificates it has issued

Passpoint certificates are governed by the Hotspot 2.0 OSU Certificate Policy Specification. An OSU server certificate should be obtained from any of the CAs authorized by the Wi-Fi Alliance. Once an OSU provider is selected, the client connects to the OSU WLAN. It then triggers an HTTPS connection to the OSU server, which was received with the OSU providers list. The client validates the server certificate to ensure it's a trusted OSU server. The client is prompted to complete an online registration through their browser. When the client has a valid credential for the hotspot 2.0 WLAN, it disassociates from the OSU WLAN and connects to the hotspot 2.0 WLAN.

Procedure

  1. Select to create a new OSU provider configuration for passpoint hotspot utilization, to edit or modify the existing configuration attributes, or to delete a selected configuration.
  2. If you are creating a new OSU provider configuration, provide a 32-character maximum OSU ID that will serve as an online sign up identifier.
  3. Set the following attributes to secure the Network Access Identifier (NAI) submitted by the hotspot during OSU authentication:
    Server URL Provide a 255 character maximum sign up server URL for the OSU provide
    NAI Type a 255 character maximum NAI to identify the user and assist in routing an authentication request to the authentication server. The realm name is often the domain name of the service provider
    Method OMA DM Priority Select to provide Open Mobile Alliance (OMA) device management priority. OMA is a standards body developing open standards for mobile clients. OMA is relevant to service providers working across countries (with different languages), operators and mobile terminals. Adherence to OMA is strictly voluntary. Use the drop-down list box to specify the priority as 1 or 2
    Method Soap XML SPP Priority Select to apply a SOAP-XML subscription provisioning protocol priority of either 1 or 2. The Simple Object Access Protocol (SOAP) is a protocol for exchanging structured information in web services. SOAP uses XML as its message format and relies on other application layer protocols, like HTTP or SMTP, for message negotiation and transmission
  4. Refer to the Name field to set a 252-character English language sign up name, then provide a 3-character maximum ISO-639 language code to apply the sign up name in a language other than English.
    Apply a 252-character maximum hexadecimal online sign up name to encode in the ISO-639 language code applied to the sign up name.
  5. Refer to the OSU Provider Description field to set an online sign up description in a language other than English.
    Select Add and provide a 3-character maximum ISO-639 language code to apply the sign up name in a language other than English.

    Apply a 252-character maximum hexadecimal online sign up description to encode in the ISO-639 language code applied to the sign up name.

  6. Select Add and provide an OSU Provider Icon.
    Apply the following configuration attributes to the icon.
    Code Type a 3-character maximum ISO-639 language Code to define the language used in the OSU provider icon
    File Name Provide a 255-character maximum icon name and directory path location for the icon file
    Height Provide the icon's height in pixels from 0 to 65,535. The default setting is 0
    Mime Type Set the icon's MIME file type from 0 to 64. The MIME associates the file name extensions with a MIME type. A MIME allows a fallback on an extension and are frequently used by web servers
    Width Provide the icon's width in pixels from 0 to 65,535. The default setting is 0
  7. Select Add to save OSU provider settings updates.
9037026-03 Rev AA