The Sambi production environment is accessible only to members of Sambi. All member metadata published in the Sambi aggregated metadata feed is by confirmed member organizations, that must comply with Sambis trust framework and technical requirements.
Access to Sambi production environment
All members of Sambi gain automatic access to the production environment. On finalization of membership, all Technical Contacts can access Federationsadmin by using their e-identification (BankID or Freja eID+). Technical Contacts also have the ability to create Technical Agents to delegate access to the members metadata management. More on creating and managing Technical Agents is found in the user guide.
Uploading metadata to Sambi
Uploading metadata in Federationsadmin
To upload metadata to Sambi, log on to Federationsadmin with your e-identification (BankID or Freja eID+). Note that you have to be either the member's Technical Contact or Technical Agent to gain access.
Log on to Sambi in Federationsadmin
Instructions
Sending metadata manually to federation operator
An alternative to managing the metadata in Federationsadmin is to use the form linked below to send metadata to the federation operator for validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.
Technical information
Metadata
Metadata for Sambi is found below.
https://fed.sambi.se/prod/md/metadata.xml
Public key for verifying signature of federation metadata is found below.
-----BEGIN CERTIFICATE----- MIIFtTCCA52gAwIBAgIJAJIxSfDidpyHMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNV BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEl MCMGA1UECgwcSW50ZXJuZXRzdGlmdGVsc2VuIGkgU3ZlcmlnZTETMBEGA1UEAwwK c2FtYmktcHJvZDAeFw0xNzA4MjkwNzI5NDBaFw0yNzA4MjcwNzI5NDBaMHExCzAJ BgNVBAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9s bTElMCMGA1UECgwcSW50ZXJuZXRzdGlmdGVsc2VuIGkgU3ZlcmlnZTETMBEGA1UE AwwKc2FtYmktcHJvZDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMYK 8u6sfvbxgSGqBz4VPi0Bp1m6XevG1VArx+Ks9aFDVjj4i9IQVRr2MnCrlBABQThC w/+SsFAiBmc4OanMPdclJE50FQRFQrKVyT7IzAi+HlkXNEKm1W8B9VviJFniEsw8 zEg/8rSHPSp/zZ3KhiFEN/OpNJAAf+HgRIBlbaDGaoWf5ovHlb0RDlmOee1OsPtA AcE6hUMVJNw6mXuSiQwdBku2eHYfKJnprYMGfvAYxz/11guATCKvUr74mGsMkGiz 6Pdac+1U2aOhjaGGgJXCz+hy3q4lVRA3Z3yJHnLg1HVyGdQoY/BXOVvDjMSOxdMX zEQdHqzIxwIpeJEpWlISidfSDsc6v83SZlfppiGITkJAOzC+zwMhoOrIp3PYpW5m RmiX6BQHCCKSkh++UvvuAyt6P0a6+xKKgCLNqHyvb8W4YBNoHc4HVDxpsZlcAC3f REgvUzkcfCldPoIn1ChlJ82xW5WuzbKGNWfHIM5bi37PtOT+RhYwv5eCd/M0xmX9 eO4NzuxAlMMdOX2mNft4kCIn/PPGCcAmIxuDtdsrHTXV1fLPcYZl2e2yZtnWqoWx 9/3gBJKQsBmdus3nSkGNUIFC5LrBN730rzPOKk8zmmdB1GwuhUZN8PZO5S6I450J ow+llF6We8Pg+PH6njBDHWeN4CPlYytJiJ+5Tnq9AgMBAAGjUDBOMB0GA1UdDgQW BBRRJbdHmh7Nxi5otLkK/L0bYeGSFTAfBgNVHSMEGDAWgBRRJbdHmh7Nxi5otLkK /L0bYeGSFTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQA7Xxp6wv68 zx0pgO9npFQFQ263hScdmNMcZOtwBCZx6A0iIUCK6nPKmFX7qNXUetlwqqHLOnXI Wbn+93sLDf5kSpu4Ou53DCIhEjLFto8AT5aiezV86UhLmcjm9oic1FHUq/40qadV iYZ8jkAZR+2rkdF1undnaOKdBJIsXkVttcpDzhNm0mqOD0hVd8/R62pLEOajaWhh jm+uq/qKlYlpF5+cJ0gF4WAbr7N2r/CFQARCuF8XujZpfJ8wZDyMLJ8LRams2ur3 Zxt8lBiJR+t3KxScSEnUVbbzo141XrGg2sd/9+FmyOyIUtHrK5P2Zn4r3OmXuVDw 11KVw+RZTSzk4IlLrz6fFWi8rEqjQaBbZd8vj311jDSfsINmKt0FJb2W6VhQltCk Y/7XnEbJQhzz3s8OeNZo5snFbGNpoxV8fv+Ubta00YVPT3Cmqfv9IF1LEs+6GuCR YZbm0bhIm1/i02om7Rgkg6AGgIR0p+m0tmlZmNRm4MPz3CFF2mInMirIHYmGEqH4 Lc9+dCMNTgN9+0Pp0LdwzfyqanmoJlY86uTVEJv27+rqpm+GVDXoQOIW/D6U3xxy QFmoez5eArI7Zs7x5G1UVm58br7HahuMPAVwiuSfR/O7UdQTcgN7Lt3Scm9vgMeP VkQ7+EQl7xk5NB0/Ewi/FfzEerm7Jm+CGg== -----END CERTIFICATE-----
SHA 256 fingerprint: 35:3F:3A:24:4B:B2:79:6E:B8:41:65:00:AF:59:88:67:16:5D:E5:9A:EF:46:DB:37:24:87:BA:3E:00:88:A4:A2
Verify metadata with certificate
We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your IdP/SP trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity.
Discovery Service (DS)
A centralized SAML 2.0 Discovery Service for Sambi is found below.
The DS is populated with all IdP's from the Sambi metadata. The names shown in the DS are based on the OrganizationDisplayName attribute from the IdP metadata.
Use other ways of discovery
Note that the federation operator does not recommend the usage of the centralized DS for discovery of IdP's in production environments, due to limitations in user experience. If required, service providers are recommended to implement a method of discovery better suited to their service.
Test services in production?
Currently, there are no test services available in production. For testing your IdP or SP solution, please feel free to use the test services in the test environment Sambi Trial.
Add Comment