Sambi Trial is a free test environment open for both members of Sambi and non-members. In Sambi Trial user organizations and service providers can test their solutions with test services provided by the federation, or with other participating entities in Sambi Trial. Technical personnel can also get acquainted with metadata management in Federationsadmin. 

Do not use production information

Due to Trial being a completely open test environment for both IdP's and SP's, no control of organizations or entities is performed other than syntactical check of metadata for interoperability in the Trial federation. For IdP's, do not use production data (i.e. users) and be careful to which entities you allow access and release of user attributes and personal information.

Access to Sambi test environment

All members of Sambi gain automatic access to the Sambi Trial environment. On finalization of membership, all Technical Contacts have received an email with credentials for accessing Sambi Trial in Federationsadmin. Technical Contacts also have the ability to create Technical Agents to delegate access to the members metadata management. More on creating and managing Technical Agents is found in the user guide.

If you are a member of Sambi but forgot your password you can reset your password by clicking "Forgot Password?" at the logon screen for Federationsadmin.

If you are not a member of Sambi but want access to Sambi Trial, use the form below.

https://service.federationer.internetstiftelsen.se/servicedesk/customer/portal/1/create/29

Uploading metadata to Sambi Trial

Uploading metadata in Federationsadmin

To upload metadata to Sambi Trial, log on to Federationsadmin with your Trial credentials.

Log on to Sambi Trial in Federationsadmin

Instructions

For instructions how to manage your metadata in Federationsadmin, please read the user guides for metadata management.

Sending metadata manually to federation operator

An alternative to managing the metadata in Federationsadmin is to use the form linked below to send metadata to the federation operator for validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.

Link to metadata form

Technical information

Metadata

Metadata for Sambi Trial is found below. 

https://fed.sambi.se/trial/md/metadata.xml

Public key for verifying signature of federation metadata is found below.

sambi-trial.crt
-----BEGIN CERTIFICATE-----
MIIFtzCCA5+gAwIBAgIJAL7x+UW6PyVzMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNV
BAYTAlNFMRIwEAYDVQQIDAlTdG9ja2hvbG0xEjAQBgNVBAcMCVN0b2NraG9sbTEl
MCMGA1UECgwcSW50ZXJuZXRzdGlmdGVsc2VuIGkgU3ZlcmlnZTEUMBIGA1UEAwwL
c2FtYmktdHJpYWwwHhcNMTcwODI5MDcyODUyWhcNMjcwODI3MDcyODUyWjByMQsw
CQYDVQQGEwJTRTESMBAGA1UECAwJU3RvY2tob2xtMRIwEAYDVQQHDAlTdG9ja2hv
bG0xJTAjBgNVBAoMHEludGVybmV0c3RpZnRlbHNlbiBpIFN2ZXJpZ2UxFDASBgNV
BAMMC3NhbWJpLXRyaWFsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
+Ni6AqrCOI5n3YUACahag1GKGE/tUyFq9yauQx/AP0IdZkeB+OZ3ZEo36D7R+Q+j
GoPSdqPEx3zlbUES9mnYYPtqv1rBcAr9VlePPoKjmC6GbnjCc/g8RE5PrqOTEOPK
ZiG7W/zCVkgeI0wtGTR+mZK/QoQaPy4Hpg8rYAyagEf7O06uHPmcNRaFvihhqvQR
Y775O2+osnnTPArlAxiFwjVAqnhPHB6v1b72W3+magr62rNB5sFzT7ceZBBjpCsj
pnWyTExw0d6TjhScc1UKweL4QczUM+rPc0CJmVo9VR9Wj+daIPAVY17qgxc7PHcp
wQ/KVgNqm+yc//LhXAVWTIJDyJnYihGtHQa77ge9g/BwBd7pRVOhJmpTRviXX81b
hMRbGRS2C4jzspEyKyv9oWT4wP0ZtuYU2aVDI0gGYPE9nEvucyV5AhTx0IGXgPKw
zfn9AKqS3gTly22BwkquLzBUfO82hZqP3dEGLggp4EDR9bim/rOmQD3r7E2VUw3d
S0pY7Wd9WMD6ZguICohhz9aIV2OZj8Cqt55nUzVbwO3WFgj2PnqkhZv/uokODEn3
eYxqFkIjfqanosSwFloBmEWkaYCPT3K4tDqcAm+aWZjJdk9c5A7iHnH7OlIqHtR6
rsqQix2c+06ctaKuihMPrKFUoO6zofs83tYKBKf+wV8CAwEAAaNQME4wHQYDVR0O
BBYEFFV26USXmG/CilS29OHzFEBFHU62MB8GA1UdIwQYMBaAFFV26USXmG/CilS2
9OHzFEBFHU62MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFVtVKm0
yvCzE1oyNMU2Y+IORufX2ua+VETIaBse09uqOmvqdfMg/1wLqlTTfpyBrRcCvcpi
GNATsetqp/LntnJtcR6BbX+XZwcZJfh4MEzaBjiSD6pkaOrIqre0Dpy0QdL2/ULH
tjegUZ6AstX9OVSL4i/xuW58Ox6lIYyCZ3lhT8nR3Azn8459sElm8oqInMu76sbe
5AnprY4A7AvAm48L0fNigJMUeG4jjptBncwWOGj52OXbxRB1BqPewinoWiVD+wOU
DHARa6dgaNvvn+ADpWCcSlJWBSK6tvT1TG2f1iYqCHP/MIBvyMD/FZRFjECYRY7S
NZXukvc8jQ7na/P9a4HHSPYS3xqXu184JLFnpCxaImrG8jfd1X1XsmzWarRxX2kV
nUYyOiQgB1W+7Ex5yey8squZ4gAxaCOT8p8uWxUP7tpoxPWZO4vkNhx7ADzB/0Tk
R5ajCsqRoezoqWGCML+5v66Bk4N2rMl0mmGflQyzONINQATCqIUWctfBXaGwWvTS
Bdm2Z99vvigYLX5a2RKsYWlxUkQqQWrXndg+M7ktVwWwjGlIqMdZ1ZjOzN3HQCwO
d6V/17CSFno3BsYrTUrJLGLXtcodq3jI7yvW5x5fFphPcj9ndMd+uw5MZB6ygE5r
UWIRgAppdkvOMaRViVcBsIxYP057OyTocCFy
-----END CERTIFICATE-----
SHA 256 fingerprint: 
6B:53:18:C1:7C:DB:CD:B1:45:58:ED:9B:E4:85:95:E4:14:E2:59:6D:B3:4A:BE:E1:67:EF:36:4B:8A:4E:27:21


Verify metadata with certificate

We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your IdP/SP trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity.


Discovery Service (DS)

A centralized SAML 2.0 Discovery Service for Sambi is found below.

https://fed.sambi.se/trial/ds/

The DS is populated with all IdP's from the Sambi metadata. The names shown in the DS are based on the OrganizationDisplayName attribute from the IdP metadata.

Use other ways of discovery

Note that the federation operator does not recommend the usage of the centralized DS for discovery of IdP's in production environments, due to limitations in user experience. If required, service providers are recommended to implement a method of discovery better suited to their service. However, in the case of Sambi Trial feel free to use this tool to test your services.

Test services in Sambi Trial

Sambi Trial provides test IdP and test SP services for participants to test logon flows, attribute release and attribute consumption. 

Test IdP

The test IdP can be used for testing logon  and attribute release to your SP uploaded in Sambi Trial. As the IdP service is only a form where you can select what attributes and values to release (in accordance with Sambi Attribute Profile), the test IdP does not require any user authentication. The test IdP automatically trusts and allows logons to all SP's in the federation metadata for Sambi Trial.


SAML 2.0 entityIDName in Sambi Trial discovery service
https://trial-idp-01.sambi.se/saml2/idp/metadata.phpSambi Trial IDP

Trial IdP attribute release form


Test SP

The test SP can be used for testing logon and attribute release from your IdP uploaded in Sambi Trial. The SP service presents all sent attributes in a table. If the attribute is presented this means the SP could consume the attribute correctly and that the attribute syntax is correct. The test SP automatically trusts and allows logons from all IdP's in the federation metadata for SambiTrial.


SAML 2.0 entityIDLogon URL
https://trial-sp-01.sambi.se/simplesaml/module.php/saml/sp/metadata.php/default-sphttps://trial-sp-01.sambi.se/


Trial SP attribute consumption view


  • No labels
Write a comment…