The Moa production environment is currently accessible only to members of Skolfederation. All member metadata published in the Moa aggregated metadata feed is by confirmed member organizations, that must comply with Skolfederations trust framework and technical requirements.
Access to Moa production environment
All members of Skolfederation gain automatic access to the Moa production environment. On finalization of membership, all Technical Contacts can access Federationsadmin by using their e-identification (BankID or Freja eID+). Technical Contacts also have the ability to create Technical Agents to delegate access to the members metadata management. More on creating and managing Technical Agents is found in the user guide.
Uploading metadata to Moa
Uploading metadata in Federationsadmin
To upload metadata to Moa, log on to Federationsadmin with your e-identification (BankID or Freja eID+). Note that you have to be either the members Technical Contact or a Technical Agent to gain access.
Log on to Moa in Federationsadmin
Instructions
Sending metadata manually to federation operator
An alternative to managing the metadata in Federationsadmin is to use the form linked below to send metadata to the federation operator for validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.
Technical information
Metadata
Metadata for Moa is found below.
https://fed.skolfederation.se/prod/md/kontosynk.jws
Current JSON schema: https://www.fedtls.se/schema/fedtls-metadata-schema.json
Public key (JWKS) for verifying signature of federation metadata is found below.
{ "keys": [ { "kid": "c2fb860e-f4b6-4f0e-b17a-5115d2826d56", "kty": "EC", "crv": "P-256", "alg": "ES256", "x": "gpIQD9_WnEVDcx-dvhiYFeeIvJIqrcU-EdrUIVI0pXo", "y": "6krPBBM3sA1-PURGrTCEuo5nRF-dcDIg82w7B4n0TiY" } ] }
SHA-256 fingerprint: 72:9C:D2:6B:28:6C:BD:BD:91:62:4F:91:27:10:D5:A6:69:4A:C0:35:33:03:EB:AB:3D:26:AD:C8:95:15:96:95
Verify metadata with certificate
We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your client or server trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity.
Add Comment