Using this table you manage the profile lists for the NAI realms. With these lists you have the ability to group certain ANQP elements. These include the realms of the hotspot operator and its roaming partners, as well as the associated authentication methods and parameters. Stations use the information stored in this list to determine whether they have the hotspot operator or one of its roaming partners have valid credentials.
In order to edit the entries in the table NAI realms, click on the button Add.... The entries in the edit window have the following meaning:
- Name: Assign a name for the NAI realm profile, such as the name of the service provider or service to which the NAI realm belongs. This name will appear later in the ANQP profile in the selection for NAI realm list.
- NAI realm: Enter the realm for the Wi-Fi network. The identification of the NAI realm consists of the username and a domain, which can be extended using regular expressions. The syntax for an NAI realm is defined in IETF RFC 2486 and, in the simplest case, is <username>@<realm>, for user746@providerX.org, and therefore the corresponding realm is providerX.org.
- EAP method: Select a language for the NAI realm from the list. EAP stands for the authentication profile (Extensible Authentication Protocol), followed by the corresponding authentication method Possible values include:
- EAP-TLS: Authentication using Transport Layer Security (TLS). Select this setting when authentication via the relevant NAI realm is performed by a digital certificate that the user has to install.
- EAP-SIM: Authentication via the Subscriber Identity Module (SIM). Select this setting when authentication via the relevant NAI realm is performed by the GSM Subscriber Identity Module (SIM card) of the station.
- EAP-TTLS: Authentication via Tunneled Transport Layer Security (TTLS). Select this setting when authentication via the relevant NAI real is performed using a username and password. For security reasons, the connection is tunneled for this method.
- EAP-AKA: Authentication using Authentication and Key Agreement (AKA). Select this setting when authentication via the relevant NAI realm is performed by the UMTS Subscriber Identity Module (USIM card) of the station.
- None: Select this setting when the relevant NAI realm does not require authentication.
- Authentication parameters: In the window that opens when you click the Select button, select the appropriate authentication parameters for the EAP method, such as EAP-TTLS NonEAPAuth.MSCHAPV2,Credential.UserPass or for EAP-TLS Credentials.Certificate. Possible values include:*) The specific parameter or sub-parameter is reserved for future uses within the framework of Passpoint™ certification, but currently is not in use.
Table 1. Overview of possible authentication parameters Parameters Sub-parameters Comment NonEAPAuth. Identifies the protocol that the realm requires for phase 2 authentication: PAP Password Authentication Protocol CHAP Challenge Handshake Authentication Protocol, original CHAP implementation, specified in RFC 1994 MSCHAP Implementation of Microsoft CHAP V1, specified in RFC 2433 MSCHAPV2 Implementation of Microsoft CHAP V2, specified in RFC 2759 Credentials. Describes the type of authentication that the realm accepts: SIM SIM card USIM USIM card NFCSecure NFC chip HWToken* Hardware token SoftToken* Software token Certificate Digital certificate UserPass Username and password None No credentials required TunnelEAPCredentials.* SIM* SIM card USIM* USIM card NFCSecure* NFC chip HWToken* Hardware token SoftToken* Software token Certificate* Digital certificate UserPass* Username and password Anonymous* Anonymous login