I have done that for a few operators when I was working in Saudi Arabia (using both Cisco and Aruba). I think I can help you with this one.
As part of your SSID configuration, you need to enable hotspot 2.0 for the specific SSID. AP will broadcast hotspot2.0 capability in its beacon frame. Client queries 3GPP network information through AQNP and Access Point responds with APs network and service provider identity. Client device validates this information & automatically associates to the passpoint (hotspot 2.0) AP.
On association, 802.1x will be performed by the client. You can either use EAP-SIM or EAP-AKA. Your AAA server will be the service provider AAA server. IF authentication succeeds, the client will be allowed network access.
From config perspective, you will need:
- To integrate with service provider AAA server
- Make sure your controller has L3/L4 reachability to the provider AAA server
- For ease of management, I would recommend use a RADIUS server between Aruba Controller and Service Provider AAA server. I have used Aptilo and Cisco PAR but quite sure ClearPass should work as well.