...
If you prefer to create the document manually, follow these steps:
Copy the Public Keys File to issuer_registration.json
- Run the following command to create a working copy of the file:
| Code Block | ||
|---|---|---|
| ||
cp satosa/public/pid_fed_keys.json issuer_registration.json |
Edit issuer_registration.json- Open the file in a text editor of your choice
- Modify the contents to match the following structure, replacing
<issuer-entity-id>with the actual Issuer Entity Identifier (e.g.,https://issuer.example.com):
...
- Locate the
"keys"array already present inissuer_registration.json. - Move it inside the
"jwks"section so the structure looks like this:
| Code Block |
|---|
{
"https://issuer.example.com": {
"entity_types": [
"federation_entity",
"openid_credential_issuer",
"oauth_authorization_server"
],
"jwks": {
"keys": [
{
"kty": "RSA",
"use": "sig",
"kid": "example-kid",
"n": "example-n-value",
"e": "AQAB"
}
]
}
}
} |
...
Option 2: One-Liner Command (Automated)
...
For now, Trust Marks will be supplied when the entity is added to the Trust Infrastructure.
Inputs to Trust Mark Issuer:
id: The identifier for the Trust Mark (e.g.,http://dc4eu.example.com/EHICCredential/se).sub: The entity's entity_id.
Steps:
Supply the
idandsubto the Trust Mark Issuer.Retrieve the issued Trust Mark as a signed JWT.
Validation:
- Use a JWT library to verify the Trust Mark's signature using the Trust Mark Issuer's public key:
- Retrieve public keys from the Trust Mark Issuer's /.well-known/jwks.json endpoint.
- Validate claims such as
iss,sub,id, andiatfor compliance.
- Use a JWT library to verify the Trust Mark's signature using the Trust Mark Issuer's public key:
Include in Metadata: Add issued Trust Marks to your issuer’s metadata:
Code Block language yml trust_marks: - "eyJhbGciOiJIUzI1NiIsInR..." - "eyJhbGciOiJIUzI1NiIsInR..."
...