1. Overview

An IdP is an authoritative source of identity information for users affiliated with the organisation running the IdP. Relying Parties will have a trust relationship of some kind with the IdP that means they trust it to authenticate and authorise users.

The client interacts directly with the IdP through a secure tunnel that passes through the Service and its RP Proxy. The user proves who they are to the IdP through this tunnel via a credential exchange of some kind (e.g., passing a username and password across).

Once the user has successfully authenticated to the IdP, the IdP in turn responds to the Service via its RP proxy; it may provide information solely to acknowledge that a user authenticated correctly, or it may provide further information in the form of attributes such as name or membership information.

2. Requirements

2.1. Moonshot Mechanism

Must have the GSS-EAP mechanism installed and configured in the GSS stack

2.2. RADIUS server with Moonshot capability

Something

2.3. Configured to talk to a Trust Infrastructure

E.g. connection to a Trust Router, hierarchical RADIUS infrastructure, whatever.

3. How Moonshot is used on the IdP.

It does stuff.