AnsweredAssumed Answered

Are trusted realms transitive

Question asked by Mark Malyj on Jun 7, 2018
Latest reply on Jun 12, 2018 by George Spagnoli

My company “A”, recently bought another company of almost equal size. Company A has a SecurID primary authentication manager appliances and 3 replicas, running 8.2SP1 Patch 7, on a single realm. The second company has two realms, a larger one “B” and a small one “C”, with a two-way trust between them, each running 8.2 original release, as in the diagram BeforeTrustedRealm.PNG:

 If we configure a single two-way trust between A and B, is that sufficient for tokens in C to be trusted by A and vice-versa? In other words, are trusted realms transitive? As in the left diagram AfterTrustedRealmOpt1.PNG:

 

Or must we also configure a two-way trust between A and C? As in the above right diagram AfterTrustedRealmOpt2.PNG?

 

This topic is not covered in the articles “Add a Trusted Realm” https://community.rsa.com/docs/DOC-77096 and "Trusted Realms" https://community.rsa.com/docs/DOC-76711.

Outcomes