Thanks Sam

we will certainly monitor port 12309 to check it out.

When I was talking about an RP, I was meaning an RP from the user's
perspective ie. that it is offering a service to an end user (and I dont
mean an IDP service in this context). So it does make sense that some
organisation might only offer an IDP service to end users. We have a
case in point. We want to create a community of interest (actually a VO
since I think we have agreed they are slightly different, but for now,
lets say a CoI) comprising a cloud resource at Kent (the RP), and an IdP
at Kent and an IDP at the University of Murcia in Spain. Kent and Murcia
are the partners in our project and we want users from both IDPs to
access the cloud resource at Kent. So Murcia is only running an IDP in
this example

regards

David

On 06/02/2014 20:05, Sam Hartman wrote:
>>>>>> "David" == David Chadwick <[log in to unmask]> writes:
> 
>     David> Hi Rhys When configuring the Janet trust router to trust a
>     David> domain's RP proxy or IdP is there any information that the
>     David> domain gives to Janet to say whether i) the domain is only
>     David> running an IdP ii) the domain is only running an RP iii) the
>     David> domain is running both an IdP and an RP
> 
> 
> Yes.
> However, only running an IDP is generally nonsensical because the IDP
> needs to act as an RP to accept incoming trust router connections and
> get a tempory key for the APC realm.
> 
> Take a look at traffic on port 12309 when an RP talks to your IDP and
> you'll also see the IDP talking to the trust router as an RP.
>