Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagecss
titleThe top level
{
  "communities": [ 
    {community1}, 
    {community2}, ... 
  ],
  "idp_realms": [ 
    {idp_realm1}, 
    {idp_realm2}, ... 
  ],
  "rp_clients": [ 
    {rp_client_group1}, 
    {rp_client_group2}, ... 
  ],
  "default_servers": [
    "server_name1",
    "server_name2", ...
  ]
}

 

Communities

The communities list contains the communities in this trust infrastructure in alphabetical order by community_id. There is always a minimum of one community in a trust infrastructure, the Authentication Policy Community (APC). It is the over-arching community that includes all RPs and IdPs.

...

  • The domain_constraints list should at least contain one of the realm_constraints entries, but an empty list is acceptable.
  • Each entry in the realm_constraints list must have a corresponding entry in the filter_specs list.
  • The bare minimum of such an entry should contain the FQDN name of the RP in the domain_constraints and realm_constraints, and a corresponding filter_specs entry.

 

Default servers

The default servers list default_servers contains a list of one or more AAA servers that should be contacted if a TID request is received that this trust router cannot resolve.

This list is used for static peering between trust routers, and it is optional. If it does not exist, the trust router assumes that it is the only or top-level trust router.

Code Block
languagecss
titleidp_realm
  "default_servers": [
    "server_name1",
    "server_name2", ...
  ]


An example file:

Here is an example trusts.cfg file. A full description of the various sections follows

...