Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • The aaa_servers entry must contain a hostname that belongs to the organisation that owns (or manages) the realm in realm_id
    This hostname must be able to match a corresponding filter_lines entry in one of the rp_clients groups in the top-level rp_clients list.


    The rpaaa_realmservers entries on the upstream trust router for any idp_realms entries connected to downstream trust routers must point to the trust router they are connected to.

    Example: IDP1 is connected to Trust Router B, which is downstream from Trust Router A. On Trust Router A, IDP1's rpaaa_realmservers entry must be set to Trust Router B's hostname, while on Trust Router B, the aaa_servers entry for IDP1 points to its real hostname.

  • The realm_id must be listed in the idp_realms list of at least the APC. You may add it to other communities as well to make that realm available as an ID Provider in those communities.
  • The shared_config option is currently not used and should be said to "no".