Hi Margaret,
it is much more clear, thank you! I am intrested in to set up an own Management Portal, please write me about the details.
Thanks,
Tamas
> On 2014. okt. 29., at 10:42, Margaret Wasserman <[log in to unmask]> wrote:
>
>
> Hi Frank,
>
> On Oct 29, 2014, at 5:10 AM, Frank Tamás <[log in to unmask]> wrote:
>> in the last weeks I have spent plenty of hours with making our pilot moonshot infrastructure to work with some of you, so thanks for helping. Now we have an SP with ssh server, a trust router (TR) configured to be in apc.moonshot.ja.net community, and an RP proxy and an IdP connected to our TR. Now I can ssh to our SP via our TR on behalf of dev.ja.net workshop testuser and with niif testuser as well. In the second case our IdP does the authentication process. It works, but I cannot say: "just works" :)
>
> Congratulations!
>>
>> In spite of this enviroment works, there are some unclear points for me.
>>
>> 1. Which elements of this infrastructure use the information I added to portal.moonshot.ja.net? Of course I need the credentials. But is there any direct query to collect some pieces of information stored by the portal during an authentication process? Actually why do we need to use the portal after once we have credentials for our institute?
>
> I am not sure exactly what you added to the portal.moonshot.ja.net, so I can answer generally and allow one of the Janet folks to answer in more detail, if needed.
>
> If you were an IdP using the Janet service (e.g. a university in the UK), the information you added to the Janet Portal would be used to configure the Janet Trust Router to know about your IdP, your service realms, your IdP realms, your AAA servers, etc. Because you have your own Trust Router, though, you are a peer of Janet, not one of Janet's IdPs. You may have used the Janet Portal to jump-start your configuration, but the Janet Portal is not going to configure your Trust Router on an ongoing basis.
>>
>> 2. What should I say if another hungarian institute wants to join with an IdP or SP to "hungarian pilot moonshot federation"? What do they have to do? Do they need an own trust router, or just an IdP connected to the "national trust router"?
>
> If you are running a "national Trust Router", as Janet does for UK educational institutions, another Hungarian IdP will not need to run another Trust Router, they will connect to yours. What you tell them to do depends on whether you license your own Management Portal, or not.
>
> If you do license your own Portal (from Painless Security), you will add each Hungarian IdP as an Organisation Admin for your Portal, they will use your Portal to configure their information (IdP AAA Servers, Credentials, RP Realms, Communities, etc.), then you will use your Portal to generate a new configuration file for your Trust Router. if you do not license your own Portal, then you will need to update the JSON configuration files for your Trust Router by hand to add a new IdP (with AAA servers and credentials), new IdP Realms, new RP Realms and new Communities, as required by each Hungarian IdP.
>>
>> 3. What is the best way to configure trusts.cfg? What is the adviced method eg. to add a new IdP, or RP to trusts.cfg? I was thinking about it, because we have only a test config with a few entities, but we can be easily lost between the brackets in the json syntax. I think it could be automated to generate this file.
>
> The most advanced method is to license your own Management Portal from Painless Security and use it as described above. We agree that the configuration needed to an IdP to a Moonshot federation is complex-enough to benefit from automation, and that is why we developed the Moonshot Management Portal -- to animate that process in a way that reduces effort, complexity and cost for the groups that run Trust Routers for their countries, areas, organizations, etc.
>
> We will send you information under separate cover about how to license your own portal.
>
> I am excited to hear that you have gotten this farQ Moonshot is an international service now, thanks to your efforts.
>
> Best Regards,
> Margaret
>
-sitya
|
