Versions Compared

Old Version 2

changes.mady.by.user Stefan Halen

Saved on

compared with

New Version Current

changes.mady.by.user Stefan Halen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Page Tree
rootGuides and how-to's (Fedvis)

How to Implement Group Representative Information Exchange

This guide outlines the steps to implement the Group Representative Information Exchange specification using the general JWS JSON Serialization format. This specification defines a standardized mechanism for extracting a URL from the SAML extension GroupRepresentative element within SAML metadata, enhancing the interoperability of entities within a federation. Here's how to implement it:

Prerequisites

Before you begin, ensure that you have the following prerequisites in place:

  • Knowledge of Security Assertion Markup Language (SAML) and its concepts.
  • Access to SAML metadata for entities involved in your federation.
  • Familiarity with JSON Web Signature (JWS), JWS general JSON Serialization, and JSON Schema.

Implementation Steps

Create SAML Metadata

Ensure that your SAML metadata includes the GroupRepresentative element. This element should contain a URL pointing to a JSON Web Signature (JWS) conforming to the specification, and it should also include the certificate (x5c) used for signature validation.

Example GroupRepresentative element in SAML metadata:

Code Block
languagexml
titleSAML metadata
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptorxmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://idp1.example.com">
  <IDPSSODescriptor>
    <Extensions>
      <grie:GroupRepresentativexmlns:grie="http://saml-schema.swefed.se/schema/grie" location="https://www.example.com/mdie.jws">
        <md:KeyDescriptor use="signing">
          <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:X509Data>
              <ds:X509Certificate>(Your certificate content here)</ds:X509Certificate>
            </ds:X509Data>
          </ds:KeyInfo>
        </md:KeyDescriptor>
      </grie:GroupRepresentative>
    </Extensions>
  </IDPSSODescriptor>
</EntityDescriptor>

Create the JSON Web Signature (JWS)

Generate the JSON Web Signature (JWS) according to the specified format and content. Ensure that it includes the necessary claims, such as iss, exp, iat, version, cache_ttl, and entities, as defined in the specification.

Here's an example JWS structure in JSON:

...

languagejs

...