A service provider
exists inside a domain to customize the user experience for a subset of users
(usually defined by a Service Provider) within a Domain. A Service Provider is
determined by a user's realm (typically something like: @cisco.com).
For example, let's say
we have a Domain for the Mall of America. All users get redirected to a portal
where they can buy a voucher for service. However, The Mall of America has an
agreement with Cisco to allow only Cisco customers free access. Cisco has set
up a RADIUS AAA server to authenticate users. We can set up a domain which
authorizes based on USuM and a Service Provider which matches the realm
(“@cisco.com”) that authorizes the @cisco.com users against Cisco's RADIUS AAA
server. If we want to minimize the amount of traffic to Cisco's server and
improve the experience for the user, we could set up TAL to provision the users
MAC or IP in USuM so after the first login they no longer need to provide their
A Service Provider
domain can be created by clicking on the
link on the
Figure 12. Creating a
Service Provider Domain
After creating a
Service Provider, we need to select the type of authorization from the
authorization drop-down list as shown below.
For example, here we
can select Proxy AAA Authorization as explained in the above example for Cisco
customers to be authenticated at Cisco’s AAA server. Hence CPS needs to proxy
those requests to AAA server of Cisco.
Figure 13. Selecting the
And in the service
provider settings we need to provide the realm information to match the Cisco
customers as shown below.
Figure 14. Configuring
authenticates the requests coming with realm cisco.com with Cisco AAA server
using service provider domain cisco.com else by default, parent domain is used
to authenticate the subscribers.