On 29 Oct 2014, at 09:10, Frank Tamás <[log in to unmask]> wrote:
> 1. Which elements of this infrastructure use the information I added to portal.moonshot.ja.net? Of course I need the credentials. But is there any direct query to collect some pieces of information stored by the portal during an authentication process? Actually why do we need to use the portal after once we have credentials for our institute?
If I understand correctly, the portal currently is the primary place where APC credentials are created and defined.
> 2. What should I say if another hungarian institute wants to join with an IdP or SP to "hungarian pilot moonshot federation"? What do they have to do? Do they need an own trust router, or just an IdP connected to the "national trust router"?
They don't need a personal trust router. They have to request to be added to the APC (so they have to request to be added to the portal), because they'll need credentials that are known to the APC.
If the institute just wants to be known and accessible from your trust router, you can define the different entities on your trust router (in your trusts.cfg). If they want to be known outside your local trust router, i.e. they'd like to be able to use sites elsewhere, then they need to be defined in the portal.
They can have just an RP Proxy (so just a Service Realm defined in the portal) or an IdP (so they need to add a Service Realm and an ID Provider Realm that are identical), or they can have both. If they intend to use an IdP, they should specify your trust router as the AAA server.
> 3. What is the best way to configure trusts.cfg? What is the adviced method eg. to add a new IdP, or RP to trusts.cfg? I was thinking about it, because we have only a test config with a few entities, but we can be easily lost between the brackets in the json syntax. I think it could be automated to generate this file.
I mentioned this to Adam... I'm writing up a sample config that might be more... human-readable and comprehensible. :-)
Stefan Paetow
Moonshot Industry & Research Liaison Coordinator
t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: [log in to unmask]
skype: stefan.paetow.janet
Janet, the UK’s research and education network.
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|