Versions Compared

Old Version 1

changes.mady.by.user Stefan Paetow

Saved on

compared with

New Version Current

changes.mady.by.user Alex Perez Mendez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We need to configure the community and rp_realm appropriate for your Moonshot IdPservice, and the Trust Router that it will connect to.

  1. Open the /etc/raddb/mods-enabled/realm for editing.
  2. Find the "realm suffix {" configuration directive, and fill out the fields as appropriate.
  3. Repeat this for the "realm bangpath {" configuration directive.

  4. For the default Jisc Assent Trust Router this will look like the following:

    Code Block
    linenumberstrue
    realm suffix {
  format = suffix
  delimiter = "@"
  default_community = "ov-apc.moonshot.ja.net"
  rp_realm = "Your service realm as registered in the Jisc Assent Portal"
  trust_router = "tr.moonshot.ja.net"
  rekey_enabled = yes
}

realm bangpath {
  format = prefix
 "hostname of your IdP delimiter = "!"
  default_community = "ov-apc.moonshot.ja.net"
  rp_realm = "Your service realm as registered in the Jisc Assent Portal"
  trust_router = "tr.moonshot.ja.net"
  rekey_enabled = yes
}


    Tip
    titleExample

    Camford University has a Moonshot IdP service registered in the Jisc Assent Portal at the service realm of moonshot-idp.camford.ac.uk, so its realm file would look like this:

    Code Block
    linenumberstrue
    realm suffix {
  format = suffix
  delimiter = "@"
  default_community = "ov-apc.moonshot.ja.net"
  rp_realm = "moonshot.camford.ac.uk"
  trust_router = "tr.moonshot-idp.ja.net"
  rekey_enabled = yes
}
 
realm bangpath {
  format = prefix
  delimiter = "!"
  default_community = "ov-apc.moonshot.ja.net"
  rp_realm = "moonshot.camford.ac.uk"
  trust_router = "tr.moonshot.ja.net"
  rekey_enabled = yes
}



Register your Trust Router client with a Trust Router

At this point, the Moonshot RP Proxy service needs to be associated with a Trust Router. To do this, you need to contact the operator of a Trust Router you wish to join for their specific instructions on how to do this.

Once you have joined the Trust Router service, you will be issued with a Trust Router an Organisation credential file in XML file format.

...

Note
titleJisc Assent service instructions

The below instructions are specific to the world's first Trust Router service, Jisc Assent, operated by Jisc in the United Kingdom:

  1. If you are not signed up to Assent, sign up to Assent first. This step may take a day or two while your organisation details are verified and you are invited to join the portal.

  2. If you are signed up to Assent, log into the Assent portal.

    Info

    For more information about the Assent Portal, see the Assent Portal Primer.

    Download a Trust Router

    and follow instructions on how to do it https://assent.jisc.ac.uk/help/organization#manage-credentials

  3. Download an Organisation credential under the 'Credential' section of your organisation in the portal (in the form of an XML file). Keep this file safe!

  1. You must import the issued credential file using the moonshot-webp command as the freerad radiusd user:

    Code Block
    languagebash
    linenumberstrue
    $ su - --shell=/bin/bash radiusd
$ unset DISPLAY
$ moonshot-webp -f [path to credential file]


  2. Check that the credential has been correctly imported, by starting the UI and checking the credential has been correctly imported:

    $ ls -la /var/lib/radiusd/.local/share/moonshot-ui/identities.txt
    Code Block
    languagebash
    linenumberstrue
    moonshot


  3. If the file exists, the credential file's contents should be present in the file.