The Skolfederation production environment is accessible only to members of Skolfederation. All member metadata published in the Skolfederation aggregated metadata feed is by confirmed member organizations, that must comply with Skolfederations trust framework and technical requirements.
Access to Skolfederation production environment
All members of Skolfederation gain automatic access to the production environment. On finalization of membership, all Technical Contacts can access Federationsadmin by using their e-identification (BankID or Freja eID+). Technical Contacts also have the ability to create Technical Agents to delegate access to the members metadata management. More on creating and managing Technical Agents is found in the user guide.
If your organization became a Skolfederation member before 19th November 2019
Uploading metadata to Skolfederation
Uploading metadata in Federationsadmin
To upload metadata to Skolfederation, log on to Federationsadmin with your e-identification (BankID or Freja eID+). Note that you have to be either the members Technical Contact or a Technical Agent to gain access.
Log on to Skolfederation in Federationsadmin
Instructions
Sending metadata manually to federation operator
An alternative to managing the metadata in Federationsadmin is to use the form linked below to send metadata to the federation operator for validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.
Technical information
Metadata
Metadata for Skolfederation is found below.
https://fed.skolfederation.se/prod/md/skolfederation-3_1.xml
Public key for verifying signature of federation metadata is found below.
Certificate file: https://skolfederation.se/app/uploads/2016/05/skolfederation-3_1.crt
-----BEGIN CERTIFICATE----- MIIFnTCCA4WgAwIBAgIJAP5FnC1GKefSMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEt MCsGA1UECgwkU3RpZnRlbHNlbiBmb3IgSW50ZXJuZXRpbmZyYXN0cnVrdHVyMCAX DTE2MDUyMzEzNTUyMFoYDzIxMTYwNTIzMTM1NTIwWjBkMQswCQYDVQQGEwJTRTES MBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hvbG0xLTArBgNVBAoM JFN0aWZ0ZWxzZW4gZm9yIEludGVybmV0aW5mcmFzdHJ1a3R1cjCCAiIwDQYJKoZI hvcNAQEBBQADggIPADCCAgoCggIBAKydAR9OBT4OEXe8n+/BDGvZyECbHR60wiB7 KVXH5xEcfprgUZBlic0aL1fhKG8cLB/KpybZ1HbJyJ4fX0uYP4U989fYiMDECn4q WvcnCuAZXOromnR14keLyVNBIgi8oiDuRG7em2+fqJiDRGkG5CB7SaV4N457Pdrl QrxpsBWItWIbe9FatoT/3q3qU/FEAA5+XD9ax8Ycq6qhTqanzy/YDyYi1btqyBCd 7Mu7I2wCZ1Q9wlz1kjtUbh2KHM8ui845qrqUCNxYpsj7D5zBZaZ+9CMiKrO+mmWJ DeIQ9m2lEPHG/kKumbewKRkZU5Z//fLytcOL+kNQiwC1Qe67gstPWnE0ZgpAIsYd gLVr2MHnBJuEAcMOGs+oX8y9sxRwcMoMJ9gF4xd12dIGlhffQo94aV4mvTjwJbQ4 /R7NGE2yf3FtsqwQlVHzMojqp6SFOFHGOrYpQlrxhADyC8U97ukjCjkR7FLjzYqz YhqO8FnQI16uwJg/YNVol/gkLvRg/TVbMpbFW/C+uCk9l2N8hsQljUpmxZFN+JyX g6vF4pQ1ablqi2Mj5XhQO458XJdqeLvDCgXfuqiZ3x6GU/TISRWKAwG1EPdd+RBo h2kVCQATuaTqOj76QVagBZR2IFNxItcer1ugATE/NUK098RiOkjrkz2h2OC+tpj2 BNC1jcTnAgMBAAGjUDBOMB0GA1UdDgQWBBQ6DlMFBYLMNF1egakVOw3yL3BflTAf BgNVHSMEGDAWgBQ6DlMFBYLMNF1egakVOw3yL3BflTAMBgNVHRMEBTADAQH/MA0G CSqGSIb3DQEBCwUAA4ICAQB5KmzUoEhwrZmTTrYJid155cnfyF9KjVoLG5jayzQo 4AhOEDt7ahQkSG4cqmDJSInXaX07uoukopgm2IsanWw70SU7/jPPs2Y4960VuG6w 0a5paeEDNJ10l6NfvROXxUd3VONQbxHbcq7ny3G8y692g2gihrDZv0Vgf0ea+gkT 3ZSZzPewFHg6OFjTVKdTPzBIAWf//5GM5SFMn6WYOm3wwDu6cDoIYnkDOaeuCsDT nvCmczpIit7W0Wb+EajE+Or40g2YlHUWmOqrJovtN9Gc7ZZ8VV0WDnV8xI+FESFL yErUik0j1sXVh1/dpx8XYQaVUPd4R5ZVxtVrS3gXxa0Xnkng9mspCJ0fXqL9PYmO QZPSCmAUk5I4y3xJCTJGqeyfU+/1bp9CRpFOARYLsKxEgVEQhI/YxwhncN/snhM1 IwCXorpgeCHemZtSB62MnKiw3faAKhcYNmiZt8FvTScySd2j7T/53FFuXCT5osz4 GKdvBDzFp5m6xVXBLMTYwmNBeYTGbCYIHxWu1qjDXF4o6zUXG0j7IoXh9w7OLomJ oUrX/mw3I8KEhpbfdvfk3Y0H1kBvzsO6HzOuBLVqsRTQIcUuXCJ5ZqCq5/JHJgPr gsHQ3BsZmwOftzjR0SaehDbxdeUozPgFSTEDTaO5XZtnaXQE1Scb7KbaeBjaECh1 vg== -----END CERTIFICATE-----
SHA-256 fingerprint: B2:59:33:6B:55:06:72:6D:8E:19:4F:2B:93:92:30:7C:4C:2C:4D:6E:29:7D:A6:AE:09:EF:BE:7B:4B:61:4A:C7
Verify metadata with certificate
We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your IdP/SP trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity.
Discovery Service (DS)
A centralized SAML 2.0 Discovery Service for Skolfederation is found below.
https://fed.skolfederation.se/prod/ds/
The DS is populated with all IdP's from the Skolfederation metadata. The names shown in the DS are based on the OrganizationDisplayName attribute from the IdP metadata.
Use other ways of discovery
Note that the federation operator does not recommend the usage of the centralized DS for discovery of IdP's in production environments, due to limitations in user experience. If required, service providers are recommended to implement a method of discovery better suited to their service.
Test services in production?
Currently, there are no test services available in production. For testing your IdP or SP solution, please feel free to use the test services in the test environment Skolfederation Trial.
Add Comment