Versions Compared

Old Version 4

changes.mady.by.user Stefan Halen

Saved on

compared with

New Version 5

changes.mady.by.user Stefan Halen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Swefed OIDF Sandbox is an isolated environment for testing OpenID Federation. It allows Relying Parties (RPs), OpenID Providers (OPs), and supporting entities to validate interoperability, metadata exchange, and trust chain resolution under a Trust Anchor.

...

  1. The Relying Party fetches the OpenID Provider’s Entity Configuration.
  2. The Relying Party resolves and validates the trust chain using the Resolver to the Trust Anchor.
  3. If trust is valid, the Relying Party registers with the OpenID Provider.
  4. Authentication and token flows proceed under validated trust.

Example of resolving an entity

Code Block
languagebash
curl -ks "https://trust-anchor.oidf.swefed.se/resolve?sub=https://intermediate.oidf.swefed.se&anchor=https://trust-anchor.oidf.swefed.se" \
| cut -d '.' -f2 \
| tr '_-' '/+' \
| base64 -d 2>/dev/null \
| jq .

Explanation of each step

  • curl -ks → fetches over HTTPS, -k ignores certificate verification (useful with self-signed/test certs), -s silences progress.

  • cut -d '.' -f2 → extracts the payload from the JWT (middle part).

  • tr '_-' '/+' → translates Base64URL alphabet into standard Base64.

  • base64 -d → decodes the payload.

  • jq . → pretty-prints the JSON.