My company “A”, recently bought another company of almost equal size. Company A has a SecurID primary authentication manager appliances and 3 replicas, running 8.2SP1 Patch 7, on a single realm. The second company has two realms, a larger one “B” and a small one “C”, with a two-way trust between them, each running 8.2 original release, as in the diagram BeforeTrustedRealm.PNG:
If we configure a single two-way trust between A and B, is that sufficient for tokens in C to be trusted by A and vice-versa? In other words, are trusted realms transitive? As in the left diagram AfterTrustedRealmOpt1.PNG:
Or must we also configure a two-way trust between A and C? As in the above right diagram AfterTrustedRealmOpt2.PNG?