Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Replace the items in the configuration as appropriate:
    1. your.identity.realm.example.org - Your identity realm, e.g. camford.ac.uk
    2. your.idp.service.realm.example.org - Your IdP host, e.g. moonshot-idp.camford.ac.uk
    3. your.rp-proxy.service.realm.example.org - Your RP proxy host, e.g. moonshot-rp.camford.ac.uk

      Note

      If you are using a combined IdP and RP proxy service, your.rp-proxy.service.realm.example.org will be the same as your.idp.service.realm.org and you can delete the unneeded entry.

    4. your-trustrouter-credential@ov-apc.moonshot.ja.net - Your 'username' on the APC, which is stored in the user element of the credentials.xml file issued to you by Janetyour Trust Router operator.

  2. In the Moonshot portal, register your Trust Router as a service realm for your organisation, e.g. moonshot-tr.camford.ac.uk
  3. In the Moonshot portal, change the AAA server name for the IdP realm(s) that connect to your Trust Router to the hostname of your Trust Router, i.e. set the AAA server for your.identity.realm.example.org to the host you registered in Step 2.
  4. Once the changes have been applied, change to the /etc/trust_router/conf.d/default directory and run trust_router as the trustrouter user. There should be no errors.

...

Code Block
titletrusts.cfg
linenumberstrue
{
 "communities": [
   {
     "apcs": [
     ],
     "community_id": "ov-apc.moonshot.ja.net",
     "idp_realms": [
       "your.identity.realm.example.org"
     ],
     "rp_realms": [
       "tr.moonshot.ja.net",
       "your.rp-proxy.service.realm.example.org",
       "your.idp.service.realm.example.org"
     ],
     "type": "apc",
     "expiration_interval": 10
   }
 ],
 "idp_realms": [
   {
     "aaa_servers": [
       "your.idp.hostname.example.org"
     ],
     "apcs": [
       "ov-apc.moonshot.ja.net"
     ],
     "realm_id": "your.identity.realm.example.org",
     "shared_config": "no"
   }
 ],
 "rp_clients": [
   {
     "filter": {
       "filter_lines": [
         {
           "action": "accept",
           "domain_constraints": [
           ],
           "filter_specs": [
             {
               "field": "rp_realm",
               "match": "tr.moonshot.ja.net"
             },
             {
               "field": "rp_realm",
               "match": "*.tr.moonshot.ja.net"
             }
           ],
           "realm_constraints": [
             "tr.moonshot.ja.net",
             "*.tr.moonshot.ja.net"
           ]
         }
       ],
       "type": "rp_permitted"
     },
     "gss_names": [
       "trustrouter@ov-apc.moonshot.ja.net"
     ]
   },
   {
     "filter": {
       "filter_lines": [
         {
           "action": "accept",
           "domain_constraints": [
             "your.rp-proxy.hostname.example.org",
             "*.your.rp-proxy.hostname.example.org"

           ],
           "filter_specs": [
             {
               "field": "rp_realm",
               "match": "your.rp-proxy.service.realm.example.org"
             },
             {
               "field": "rp_realm",
               "match": "*.your.rp-proxy.service.realm.example.org"
             }
           ],
           "realm_constraints": [
             "your.rp-proxy.service.realm.example.org",
             "*.your.rp-proxy.service.realm.example.org"
           ]
         },
         {
           "action": "accept",
           "domain_constraints": [
             "your.idp.hostname.example.org",
             "*.your.idp.hostname.example.org"
           ],
           "filter_specs": [
             {
               "field": "rp_realm",
               "match": "your.idp.service.realm.example.org"
             },
             {
               "field": "rp_realm",
               "match": "*.your.idp.service.realm.example.org"
             }
           ],
           "realm_constraints": [
             "your.idp.service.realm.example.org",
             "*.your.idp.service.realm.example.org"
           ]
         }
       ],
       "type": "rp_permitted"
     },
     "gss_names": [
       "your-trustrouter-credential@ov-apc.moonshot.ja.net"
     ]
   }
 ]
}

...