/
Sample Trust Router Client configuration (v1.0)
Sample Trust Router Client configuration (v1.0)
- wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
- Stefan Paetow
This page contains a sample configuration for a Trust Router connecting to the primary Janet Trust Router, tr.moonshot.ja.net.
To use this configuration, you must make several changes:
- Replace the items in the configuration as appropriate:
your.identity.realm.example.org- Your identity realm, e.g. camford.ac.ukyour.idp.service.realm.example.org- Your IdP host, e.g. moonshot-idp.camford.ac.ukyour.rp-proxy.service.realm.example.org- Your RP proxy host, e.g. moonshot-rp.camford.ac.ukIf you are using a combined IdP and RP proxy service,
your.rp-proxy.service.realm.example.orgwill be the same asyour.idp.service.realm.organd you can delete the unneeded entry.your-trustrouter-credential@ov-apc.moonshot.ja.net- Your 'username' on the APC, which is stored in theuserelement of thecredentials.xmlfile issued to you by your Trust Router operator.
- In the Moonshot portal, register your Trust Router as a service realm for your organisation, e.g. moonshot-tr.camford.ac.uk
- In the Moonshot portal, change the AAA server name for the IdP realm(s) that connect to your Trust Router to the hostname of your Trust Router, i.e. set the AAA server for
your.identity.realm.example.orgto the host you registered in Step 2. - Once the changes have been applied, change to the
/etc/trust_router/conf.d/defaultdirectory and runtrust_routeras thetrustrouteruser. There should be no errors.
trusts.cfg
{
"communities": [
{
"apcs": [
],
"community_id": "ov-apc.moonshot.ja.net",
"idp_realms": [
"your.identity.realm.example.org"
],
"rp_realms": [
"tr.moonshot.ja.net",
"your.rp-proxy.service.realm.example.org",
"your.idp.service.realm.example.org"
],
"type": "apc",
"expiration_interval": 10
}
],
"idp_realms": [
{
"aaa_servers": [
"your.idp.hostname.example.org"
],
"apcs": [
"ov-apc.moonshot.ja.net"
],
"realm_id": "your.identity.realm.example.org",
"shared_config": "no"
}
],
"rp_clients": [
{
"filter": {
"filter_lines": [
{
"action": "accept",
"domain_constraints": [
],
"filter_specs": [
{
"field": "rp_realm",
"match": "tr.moonshot.ja.net"
},
{
"field": "rp_realm",
"match": "*.tr.moonshot.ja.net"
}
],
"realm_constraints": [
"tr.moonshot.ja.net",
"*.tr.moonshot.ja.net"
]
}
],
"type": "rp_permitted"
},
"gss_names": [
"trustrouter@ov-apc.moonshot.ja.net"
]
},
{
"filter": {
"filter_lines": [
{
"action": "accept",
"domain_constraints": [
"your.rp-proxy.hostname.example.org",
"*.your.rp-proxy.hostname.example.org"
],
"filter_specs": [
{
"field": "rp_realm",
"match": "your.rp-proxy.service.realm.example.org"
},
{
"field": "rp_realm",
"match": "*.your.rp-proxy.service.realm.example.org"
}
],
"realm_constraints": [
"your.rp-proxy.service.realm.example.org",
"*.your.rp-proxy.service.realm.example.org"
]
},
{
"action": "accept",
"domain_constraints": [
"your.idp.hostname.example.org",
"*.your.idp.hostname.example.org"
],
"filter_specs": [
{
"field": "rp_realm",
"match": "your.idp.service.realm.example.org"
},
{
"field": "rp_realm",
"match": "*.your.idp.service.realm.example.org"
}
],
"realm_constraints": [
"your.idp.service.realm.example.org",
"*.your.idp.service.realm.example.org"
]
}
],
"type": "rp_permitted"
},
"gss_names": [
"your-trustrouter-credential@ov-apc.moonshot.ja.net"
]
}
]
}
For more information about the format of this file, see the Trust Router trusts.cfg format.
, multiple selections available,
Related content
_TIDC_FR_Prep_ALPINE
_TIDC_FR_Prep_ALPINE
More like this
_TIDC_FR_Prep_RHEL
_TIDC_FR_Prep_RHEL
More like this
_TIDC_FR_Prep_DEB
_TIDC_FR_Prep_DEB
More like this
The Trust Router configuration format (v1.0)
The Trust Router configuration format (v1.0)
More like this
Trust Router Protocol Flows with Existing APC/IdP Key
Trust Router Protocol Flows with Existing APC/IdP Key
More like this
Install an IdP on RHEL/CentOS/SL
Install an IdP on RHEL/CentOS/SL
More like this