...
- Open the
/etc/raddb/mods-enabled/realm
for editing. - Find the "realm suffix {" configuration directive, and fill out the fields as appropriate.
- Repeat this for the "realm bangpath {" configuration directive.
For the default Jisc Assent Trust Router this will look like the following:
Code Block linenumbers true realm suffix { format = suffix delimiter = "@" default_community = "ov-apc.moonshot.ja.net" rp_realm = "Your service realm as registered in the Jisc Assent Portal" trust_router = "tr.moonshot.ja.net" rekey_enabled = yes } realm bangpath { format = prefix delimiter = "!" default_community = "ov-apc.moonshot.ja.net" rp_realm = "Your service realm as registered in the Jisc Assent Portal" trust_router = "tr.moonshot.ja.net" rekey_enabled = yes }
Tip title Example Camford University has a Moonshot service registered in the Jisc Assent Portal at the service realm of moonshot.camford.ac.uk, so its realm file would look like this:
Code Block linenumbers true realm suffix { format = suffix delimiter = "@" default_community = "ov-apc.moonshot.ja.net" rp_realm = "moonshot.camford.ac.uk" trust_router = "tr.moonshot.ja.net" rekey_enabled = yes } realm bangpath { format = prefix delimiter = "!" default_community = "ov-apc.moonshot.ja.net" rp_realm = "moonshot.camford.ac.uk" trust_router = "tr.moonshot.ja.net" rekey_enabled = yes }
Register your Trust Router client with a Trust Router
...
Once you have joined the Trust Router service, you will be issued with a Trust Router an Organisation credential file in XML file format.
...
Note | ||
---|---|---|
| ||
The below instructions are specific to the world's first Trust Router service, Jisc Assent, operated by Jisc in the United Kingdom:
|
You must import the issued credential file using the
moonshot-webp
command as thefreerad
radiusd
user:Code Block $language bash linenumbers true su - --shell=/bin/bash radiusd $ unset DISPLAY $ moonshot-webp -f [path to credential file]
Check that the credential has been correctly imported, by starting the UI and checking the credential has been correctly imported:
Code Block $ ls -la /var/lib/radiusd/.local/share/moonshot-ui/identities.txtlanguage bash linenumbers true moonshot
- If the file exists, the credential file's contents should be present in the file.