A domain controls how a user is authorized.
Domain provides multiple advanced options which help us to take some default actions based on the conditions. Advanced rules determine if unknown subscribers can come into the system and defines the unknown service. This is often used if subscribers self-provision and so are initially unknown or a default service can be assigned to a known subscribers.
When multiple domains are configured it is very difficult to select a single domain to authorize/authenticate a subscriber. This problem can be overcome by configuring the Locations on the individual domains. Location provides an option to select the individual domain based on the attributes received from the incoming request like Framed-IP, NAS-IP or based on AVP with the combination of Time Zone.
Once a user is authorized, domains can also auto-provision a user in USuM (including a default Service). If a user is not auto-provisioned, the user must have been provisioned by API into USuM before they are assigned a Service on the network.
Each user goes through a single domain authorization process upon log in. There can be multiple domains configured each having different kind of authorization. A user's domain is determined by Location. If a user does not match any of the Domains, they are considered to be part of the Domain marked as 'default'.
A domain can also auto provision a subscriber in SPR and associate a default service to it. This provides an option to register the subscriber based on Primary Credential and Password received from the incoming request, for example, Radius Username and Radius Password. This method is generally used in scenarios where the system is configured to “auto-learn” subscribers and assign a default service profile.
You can configure an external SPR that ANDSF can use to validate subscribers.
To use an external SPR for authorization, configure the URL of the external SPR in the ANDSF plugin configuration as described in ANDSF Configuration. The Policy Server uses the same URL to connect to the external SPR. When you configure the domain for ANDSF, you must also configure the anonymous service that is attached to the subscriber so that the subscriber can be assigned a policy