Versions Compared

Old Version 6

changes.mady.by.user Stefan Halen

Saved on

compared with

New Version 7

changes.mady.by.user Stefan Halen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A Trust Mark Issuer evaluates an entity against defined requirements. If compliant, it issues a signed JWT Trust Mark including the required claims iss (issuer), sub (subject), id (trust mark identifier), iat (issued at), and exp (expiration).

Examples

...

RP to OP Interaction

  1. The Relying Party fetches the OpenID Provider’s Entity Configuration.
  2. The Relying Party resolves and validates the trust chain using the Resolver to the Trust Anchor.
  3. If trust is valid, the Relying Party registers with the OpenID Provider.
  4. Authentication and token flows proceed under validated trust.

...

Fetching Entity Configuration

The following command extracts and displays the payload of an Entity Configuration. It is useful for inspection, but it does not validate the JWT signature. Signature validation must always be performed with trusted keys.

Code Block
languagebash
curl -s https://trust-anchor.oidf.swefed.se/.well-known/openid-federation \
| cut -d '.' -f2 \
| tr '_-' '/+' \
| base64 -d 2>/dev/null \
| jq .

...