The identity provider must autenticate users who need access to eduroam. Normally, you can build upon already existing user databases in the form of an Active Directory or an LDAP database.
Both identity and service providers must use an authentication server to communicate the validation of eduroam users on the fly. This server is often called a Radius server as the Radius protocol (Remote Authentication Dial-In User Service, RFC 2865, etc.) is used in communication between the cooperating servers.