The identity provider must autenticate users who need access to eduroam. Normally, you can build upon already existing user databases in the form of an Active Directory or an LDAP database.
Both identity and service providers must use an authentication server to communicate the validation of eduroam users on the fly. This server is often called a Radius server as the Radius protocol (Remote Authentication Dial-In User Service, RFC 2865, etc.) is used in communication between the cooperating servers.
The local server is connected to DeICs Radius server and hence to the infrastructure of eduroam. Connection will be made only to well known parties, in order to ensure a high degree of trust.
The choice of EAP method and the version of the user database and Radius server influence how to configure the Radius server. You may find information in the configuration examples of the European Wiki:
To produce customized installers for your institution, you are granted administration privileges within the eduroam CAT. A guide is available on the European eduroam Wiki:
Service providers (non identity providers) may benefit from a more simple server setup. If applicable, the Wi-Fi controller may be connected directly to DeICs Radius server. That is relevant only for smaller installations not runnning a Radius server.