The Sambi production environment is accessible only to members of Sambi. All member metadata published in the Sambi aggregated metadata feed is by confirmed member organizations, that must comply with Sambis trust framework and technical requirements.

Access to Sambi production environment

All members of Sambi gain automatic access to the production environment. On finalization of membership, all Technical Contacts can access Federationsadmin by using their e-identification (BankID or Freja eID+). Technical Contacts also have the ability to create Technical Agents to delegate access to the members metadata management. More on creating and managing Technical Agents is found in the user guide.


Uploading metadata to Sambi 

Uploading metadata in Federationsadmin

To upload metadata to Sambi, log on to Federationsadmin with your e-identification (BankID or Freja eID+). Note that you have to be either the member's Technical Contact or Technical Agent to gain access.

Log on to Sambi in Federationsadmin

Instructions

For instructions how to manage your metadata in Federationsadmin, please read the user guides for metadata management.

Sending metadata manually to federation operator

An alternative to managing the metadata in Federationsadmin is to use the form linked below to send metadata to the federation operator for validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.

Link to metadata form

Technical information

Metadata

Metadata for Sambi is found below. 

https://fed.sambi.se/prod/md/metadata.xml

Public key for verifying signature of federation metadata is found below.

sambi.crt
-----BEGIN CERTIFICATE-----
MIIFtTCCA52gAwIBAgIJAJIxSfDidpyHMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNV
BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEl
MCMGA1UECgwcSW50ZXJuZXRzdGlmdGVsc2VuIGkgU3ZlcmlnZTETMBEGA1UEAwwK
c2FtYmktcHJvZDAeFw0xNzA4MjkwNzI5NDBaFw0yNzA4MjcwNzI5NDBaMHExCzAJ
BgNVBAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9s
bTElMCMGA1UECgwcSW50ZXJuZXRzdGlmdGVsc2VuIGkgU3ZlcmlnZTETMBEGA1UE
AwwKc2FtYmktcHJvZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMYK
8u6sfvbxgSGqBz4VPi0Bp1m6XevG1VArx+Ks9aFDVjj4i9IQVRr2MnCrlBABQThC
w/+SsFAiBmc4OanMPdclJE50FQRFQrKVyT7IzAi+HlkXNEKm1W8B9VviJFniEsw8
zEg/8rSHPSp/zZ3KhiFEN/OpNJAAf+HgRIBlbaDGaoWf5ovHlb0RDlmOee1OsPtA
AcE6hUMVJNw6mXuSiQwdBku2eHYfKJnprYMGfvAYxz/11guATCKvUr74mGsMkGiz
6Pdac+1U2aOhjaGGgJXCz+hy3q4lVRA3Z3yJHnLg1HVyGdQoY/BXOVvDjMSOxdMX
zEQdHqzIxwIpeJEpWlISidfSDsc6v83SZlfppiGITkJAOzC+zwMhoOrIp3PYpW5m
RmiX6BQHCCKSkh++UvvuAyt6P0a6+xKKgCLNqHyvb8W4YBNoHc4HVDxpsZlcAC3f
REgvUzkcfCldPoIn1ChlJ82xW5WuzbKGNWfHIM5bi37PtOT+RhYwv5eCd/M0xmX9
eO4NzuxAlMMdOX2mNft4kCIn/PPGCcAmIxuDtdsrHTXV1fLPcYZl2e2yZtnWqoWx
9/3gBJKQsBmdus3nSkGNUIFC5LrBN730rzPOKk8zmmdB1GwuhUZN8PZO5S6I450J
ow+llF6We8Pg+PH6njBDHWeN4CPlYytJiJ+5Tnq9AgMBAAGjUDBOMB0GA1UdDgQW
BBRRJbdHmh7Nxi5otLkK/L0bYeGSFTAfBgNVHSMEGDAWgBRRJbdHmh7Nxi5otLkK
/L0bYeGSFTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA7Xxp6wv68
zx0pgO9npFQFQ263hScdmNMcZOtwBCZx6A0iIUCK6nPKmFX7qNXUetlwqqHLOnXI
Wbn+93sLDf5kSpu4Ou53DCIhEjLFto8AT5aiezV86UhLmcjm9oic1FHUq/40qadV
iYZ8jkAZR+2rkdF1undnaOKdBJIsXkVttcpDzhNm0mqOD0hVd8/R62pLEOajaWhh
jm+uq/qKlYlpF5+cJ0gF4WAbr7N2r/CFQARCuF8XujZpfJ8wZDyMLJ8LRams2ur3
Zxt8lBiJR+t3KxScSEnUVbbzo141XrGg2sd/9+FmyOyIUtHrK5P2Zn4r3OmXuVDw
11KVw+RZTSzk4IlLrz6fFWi8rEqjQaBbZd8vj311jDSfsINmKt0FJb2W6VhQltCk
Y/7XnEbJQhzz3s8OeNZo5snFbGNpoxV8fv+Ubta00YVPT3Cmqfv9IF1LEs+6GuCR
YZbm0bhIm1/i02om7Rgkg6AGgIR0p+m0tmlZmNRm4MPz3CFF2mInMirIHYmGEqH4
Lc9+dCMNTgN9+0Pp0LdwzfyqanmoJlY86uTVEJv27+rqpm+GVDXoQOIW/D6U3xxy
QFmoez5eArI7Zs7x5G1UVm58br7HahuMPAVwiuSfR/O7UdQTcgN7Lt3Scm9vgMeP
VkQ7+EQl7xk5NB0/Ewi/FfzEerm7Jm+CGg==
-----END CERTIFICATE-----
SHA 256 fingerprint:
35:3F:3A:24:4B:B2:79:6E:B8:41:65:00:AF:59:88:67:16:5D:E5:9A:EF:46:DB:37:24:87:BA:3E:00:88:A4:A2


Verify metadata with certificate

We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your IdP/SP trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity.


Discovery Service (DS)

A centralized SAML 2.0 Discovery Service for Sambi is found below.

https://fed.sambi.se/prod/ds/

The DS is populated with all IdP's from the Sambi metadata. The names shown in the DS are based on the OrganizationDisplayName attribute from the IdP metadata.

Use other ways of discovery

Note that the federation operator does not recommend the usage of the centralized DS for discovery of IdP's in production environments, due to limitations in user experience. If required, service providers are recommended to implement a method of discovery better suited to their service.


Test services in production?

Currently, there are no test services available in production. For testing your IdP or SP solution, please feel free to use the test services in the test environment Sambi Trial.



  • No labels
Write a comment…