aaa_serversentry must contain a
hostnamethat belongs to the organisation that owns (or manages) the realm in
hostnamemust be able to match a corresponding
filter_linesentry in one of the
rp_clientsgroups in the top-level
aaa_serversentries on the upstream trust router for any
idp_realmsentries connected to downstream trust routers must point to the trust router they are connected to.
Example: IDP1 is connected to Trust Router B, which is downstream from Trust Router A. On Trust Router A, IDP1's
aaa_serversentry must be set to Trust Router B's
hostname, while on Trust Router B, the
aaa_serversentry for IDP1 points to its real
realm_idmust be listed in the
idp_realmslist of at least the APC. You may add it to other communities as well to make that realm available as an ID Provider in those communities.
shared_configoption is currently not used and should be said to "no".