Versions Compared

Old Version 1

changes.mady.by.user Rasmus Larsson

Saved on

compared with

New Version Current

changes.mady.by.user Rasmus Larsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Skolfederation production environment is accessible only to members of Skolfederation. All member metadata published in the Skolfederation aggregated metadata feed is by confirmed member organizations, that must comply with Skolfederations trust framework and technical requirements.

Access to Skolfederation production environment

All members of Skolfederation gain automatic access to the production environment. On finalization of membership, all Technical Contacts can access Federationsadmin by using their e-identification (BankID or Freja eID+). Technical Contacts also have the ability to create Technical Agents to delegate access to the members metadata management. More on creating and managing Technical Agents is found in the user guide.

Info
titleIf your organization became a Skolfederation member before 19th November 2019
If your organization became a Skolfederation member before 19th November 2019 and you do not yet have access to the production environment, you need to fill out the access request form found here. If your organization became member after 19th November 2019, you do not need to use this form.

Uploading metadata to Skolfederation 

Uploading metadata in Federationsadmin

To upload metadata to Skolfederation, log on to Federationsadmin with your e-identification (BankID or Freja eID+). Note that you have to be either the members Technical Contact or a Technical Agent to gain access.

...

Info
titleInstructions
For instructions how to manage your metadata in Federationsadmin, please read the user guides for metadata management.

Sending metadata manually to federation operator

An alternative to managing the metadata in Federationsadmin is to use the form linked below to send metadata to the federation operator . The federation operator will then verify and validate the metadatafor validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will callback contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.Länk till formulär..

Link to metadata form

Technical information

Metadata

Metadata for Skolfederation is found below. 

https://fed.skolfederation.se/trialprod/md/skolfederation-trial-3_1.xml 

Public key for verifying signature of federation metadata is found below.

Certificate file: https://ny.skolfederation.se/app/uploads/2016/05/skolfederation-trial-3_1.crt

Code Block
titleskolfederation-trial-3_1.crt
-----BEGIN CERTIFICATE-----
MIIFnTCCA4WgAwIBAgIJAJIjkgQRcgiiMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNVMIIFnTCCA4WgAwIBAgIJAP5FnC1GKefSMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEt
MCsGA1UECgwkU3RpZnRlbHNlbiBmb3IgSW50ZXJuZXRpbmZyYXN0cnVrdHVyMCAX
DTE2MDUyMzEzMjc0N1oYDzIxMTYwNTIzMTMyNzQ3WjBkMQswCQYDVQQGEwJTRTESDTE2MDUyMzEzNTUyMFoYDzIxMTYwNTIzMTM1NTIwWjBkMQswCQYDVQQGEwJTRTES
MBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xLTArBgNVBAoM
JFN0aWZ0ZWxzZW4gZm9yIEludGVybmV0aW5mcmFzdHJ1a3R1cjCCAiIwDQYJKoZI
hvcNAQEBBQADggIPADCCAgoCggIBALv2W31Glj8DzofLuvrRsLiT03R0sb0QP4Oi
MCMp4YJOvPuJeMxnoLj0+I5VVx5XpREftZq53CUFLWMjIuu2dzuGdg91MYHFY4zz
MSe3xckD4XsjlrU4+ovaMEcYCJjNLrBVJlDVs6tfTXbwPAIbBq+SAAeLUzF4CJhL
MNm4hwCvuYRXcFaapZKpZnTtwQ+Py/J10b5Bc9aF6766LNFreG39foKDrF+4vFW8
39wLn+lyvBjMbUfbr5jk1kww8gN2Kq08wGJBlQaQyKCEoETH9hv48LvQ1Fi2IJd6
kISjwdhQbF24WFHGyXl4Qr7Sk/HunEOZMQrum8JyDZUeGExBmzZcCgkNarG8u1AY
JrNar+6g/0vLqj71E7coSJ0ywXxJH2WsQ/2FR9pkd5Inikp+ss9oto7UjStbZYLL
Guyg3zOde5uxDqRbd+lfKQyKrsf43mPSs3vdvKpIQYfu6bueMa/oIMtal4g5upii
4j0LENYGROZZad/IOQPxT3wG+BThYE/0EjD7BImm66sr5W+VAQRT0nroRTvm7kJJ
tW8R/I9VK5nDAmdIdaqHCAr/lmJfXXIi0JMttYwtbTmaGkRPkPp7JMVQ5NFmjL+F
hSlqFRJbDvkE0rlQ2Hobspb4AouVkg1mt5VG4A24ptdPUCvmg0v6J1R1FL1VH6Oy
/lMWt1TnAgMBAAGjUDBOMB0GA1UdDgQWBBTeV6UGmGF0di0Rr43/BZpAeX9geTAf
BgNVHSMEGDAWgBTeV6UGmGF0di0Rr43/BZpAeX9geTAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQAEE3sMWLF3mZHPzPZ+RxAn8NHpkwYz2Sz8B+NVlCsP
81f64CxxknB+RwQWBmyottK2lNayvjEsydGvV/Fe5g6hwEJYBWaKGom/1vUqUhuD
/zKTgt1sD3Z3NtLYZepFNNeO8DNQJNFzsLMY9EG0ufc7GbFGaVIJa1ZEzcVb9zc1
+lpAKGcODTjQv+gn9FmqUI4IZj/UcCMCkNrVXes6Lzyt2oWPgVFUC0zTPChXE+6V
K7bdKch8enXKOpUVn4zg7BpoXLpKpk2RXFBXf6KM+GnWpfYsAkZGJmkwJ52Ovd8f
oE3K+QnyxGsyGhN1PX0Dh+0896seCS8VC2Dgs+7JPPXoz7jLYGxiTG9fKMTUZMpm
dSBt+jsitsjV4/41U7wveFLSM9kms3bEoXf9kCJfEqysw3qU4Txyn9zv4uOmBzn8
fdZLa+Vpp6DqpyukSQdPsIcUc38tJomqMgrx1vdoIkWJE8sabj1MSEQmI4hdOoub
kespEI3hPrbNTlWQApIaXWFE/WZftM+48bG9nNDzrNT+oZHFkR0xAnLnHT7WiB+p
zfAgxd8HSURLgfQNUDc9glOwpVyev7MZMUq32VYXdwcMMfeSCWXFQcmbGp/hvpLr
x2DA4dplOP9iMnLxcFeR8zf6IKsUPrAMC1zGe5nwJ3kcZppKydY388CDOMlMrztR
lwhvcNAQEBBQADggIPADCCAgoCggIBAKydAR9OBT4OEXe8n+/BDGvZyECbHR60wiB7
KVXH5xEcfprgUZBlic0aL1fhKG8cLB/KpybZ1HbJyJ4fX0uYP4U989fYiMDECn4q
WvcnCuAZXOromnR14keLyVNBIgi8oiDuRG7em2+fqJiDRGkG5CB7SaV4N457Pdrl
QrxpsBWItWIbe9FatoT/3q3qU/FEAA5+XD9ax8Ycq6qhTqanzy/YDyYi1btqyBCd
7Mu7I2wCZ1Q9wlz1kjtUbh2KHM8ui845qrqUCNxYpsj7D5zBZaZ+9CMiKrO+mmWJ
DeIQ9m2lEPHG/kKumbewKRkZU5Z//fLytcOL+kNQiwC1Qe67gstPWnE0ZgpAIsYd
gLVr2MHnBJuEAcMOGs+oX8y9sxRwcMoMJ9gF4xd12dIGlhffQo94aV4mvTjwJbQ4
/R7NGE2yf3FtsqwQlVHzMojqp6SFOFHGOrYpQlrxhADyC8U97ukjCjkR7FLjzYqz
YhqO8FnQI16uwJg/YNVol/gkLvRg/TVbMpbFW/C+uCk9l2N8hsQljUpmxZFN+JyX
g6vF4pQ1ablqi2Mj5XhQO458XJdqeLvDCgXfuqiZ3x6GU/TISRWKAwG1EPdd+RBo
h2kVCQATuaTqOj76QVagBZR2IFNxItcer1ugATE/NUK098RiOkjrkz2h2OC+tpj2
BNC1jcTnAgMBAAGjUDBOMB0GA1UdDgQWBBQ6DlMFBYLMNF1egakVOw3yL3BflTAf
BgNVHSMEGDAWgBQ6DlMFBYLMNF1egakVOw3yL3BflTAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4ICAQB5KmzUoEhwrZmTTrYJid155cnfyF9KjVoLG5jayzQo
4AhOEDt7ahQkSG4cqmDJSInXaX07uoukopgm2IsanWw70SU7/jPPs2Y4960VuG6w
0a5paeEDNJ10l6NfvROXxUd3VONQbxHbcq7ny3G8y692g2gihrDZv0Vgf0ea+gkT
3ZSZzPewFHg6OFjTVKdTPzBIAWf//5GM5SFMn6WYOm3wwDu6cDoIYnkDOaeuCsDT
nvCmczpIit7W0Wb+EajE+Or40g2YlHUWmOqrJovtN9Gc7ZZ8VV0WDnV8xI+FESFL
yErUik0j1sXVh1/dpx8XYQaVUPd4R5ZVxtVrS3gXxa0Xnkng9mspCJ0fXqL9PYmO
QZPSCmAUk5I4y3xJCTJGqeyfU+/1bp9CRpFOARYLsKxEgVEQhI/YxwhncN/snhM1
IwCXorpgeCHemZtSB62MnKiw3faAKhcYNmiZt8FvTScySd2j7T/53FFuXCT5osz4
GKdvBDzFp5m6xVXBLMTYwmNBeYTGbCYIHxWu1qjDXF4o6zUXG0j7IoXh9w7OLomJ
oUrX/mw3I8KEhpbfdvfk3Y0H1kBvzsO6HzOuBLVqsRTQIcUuXCJ5ZqCq5/JHJgPr
gsHQ3BsZmwOftzjR0SaehDbxdeUozPgFSTEDTaO5XZtnaXQE1Scb7KbaeBjaECh1
vg==
-----END CERTIFICATE-----


Code Block
FingerprintSHA-256 fingerprint: 
DDB2:4259:FE33:DA6B:AB55:E906:F072:996D:D38E:BE19:EC4F:CA2B:9493:9592:3F30:E87C:334C:952C:684D:506E:1D29:D17D:3AA6:8AAE:D209:FDEF:A5BE:A77B:8F4B:1661:DC4A:EDC7


Info
titleVerify metadata with certificate

We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your IdP/SP trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity.


Discovery Service (DS)

A centralized SAML 2.0 Discovery Service for Skolfederation Trial is found below.

https://fed.skolfederation.se/trialprod/ds/

The DS is populated with all IdP's from the Skolfederation metadata. The names shown in the DS are based on the OrganizationDisplayName attribute from the IdP metadata.

Info
titleUse other ways of discovery

Note that the federation operator does not recommend the usage of the centralized DS for discovery of IdP's in production environments, due to limitations in user experience. However, in the case of Skolfederation Trial feel free to use this tool to test your services.

Test services in Skolfederation Trial

Skolfederation Trial provides test IdP and test SP services for participants to test logon flows, attribute release and attribute consumption. 

Test IdP

The test IdP can be used for testing logon  and attribute release to your SP uploaded in Skolfederation Trial. As the IdP service is only a form where you can select what attributes and values to release (in accordance with Skolfederation Attribute Profile), the test IdP does not require any user authentication. The test IdP automatically trusts and allows logons to all SP's in the federation metadata for Skolfederation Trial.

...

Skolfederation Trial test IdP, overview of the formImage Removed

Trial IdP attribute release form

Test SP

The test SP can be used for testing logon and attribute release from your IdP uploaded in Skolfederation Trial. The SP service presents all sent attributes in a table. If the attribute is presented this means the SP could consume the attribute correctly and that the attribute syntax is correct. The test SP automatically trusts and allows logons from all IdP's in the federation metadata for Skolfederation Trial.

...

Skolfederation Trial Test , overview of consumed attributesImage Removed

Trial SP attribute consumption view

xxx - ska vi ha följande fortfarande? Vid vissa typer av uppdateringar publiceras en betaversion av framtida produktionsmiljö två till tre månader innan skarp produktionssättning.

Detta gäller när förändringen innebär att befintliga implementationer behöver anpassas, eller då vi bedömer att det finns risk att befintliga implementationer kan påverkas.

...

If required, service providers are recommended to implement a method of discovery better suited to their service.


Info
titleTest services in production?

Currently, there are no test services available in production. For testing your IdP or SP solution, please feel free to use the test services in the test environment Skolfederation Trial.