The Moa production environment is currently accessible only to members of Skolfederation. All member metadata published in the Moa aggregated metadata feed is by confirmed member organizations, that must comply with Skolfederations trust framework and technical requirements.

Access to Moa production environment

All members of Skolfederation gain automatic access to the Moa production environment. On finalization of membership, all Technical Contacts can access Federationsadmin by using their e-identification (BankID or Freja eID+). Technical Contacts also have the ability to create Technical Agents to delegate access to the members metadata management. More on creating and managing Technical Agents is found in the user guide.


Uploading metadata to Moa

Uploading metadata in Federationsadmin

To upload metadata to Moa, log on to Federationsadmin with your e-identification (BankID or Freja eID+). Note that you have to be either the members Technical Contact or a Technical Agent to gain access.

Log on to Moa in Federationsadmin

Instructions

For instructions how to manage your metadata in Federationsadmin, please read the user guides for metadata management.

Sending metadata manually to federation operator

An alternative to managing the metadata in Federationsadmin is to use the form linked below to send metadata to the federation operator for validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.

Link to metadata form

Technical information

Metadata

Metadata for Moa is found below. 

https://fed.skolfederation.se/prod/md/kontosynk.jws

Current JSON schema: https://www.fedtls.se/schema/fedtls-metadata-schema.json 

Public key (JWKS) for verifying signature of federation metadata is found below.

moa-prod-1_0.jwks
{
    "keys": [
        {
            "kid": "c2fb860e-f4b6-4f0e-b17a-5115d2826d56",
            "kty": "EC",
            "crv": "P-256",
            "alg": "ES256",
            "x": "gpIQD9_WnEVDcx-dvhiYFeeIvJIqrcU-EdrUIVI0pXo",
            "y": "6krPBBM3sA1-PURGrTCEuo5nRF-dcDIg82w7B4n0TiY"
        }
    ]
}
SHA-256 fingerprint:
72:9C:D2:6B:28:6C:BD:BD:91:62:4F:91:27:10:D5:A6:69:4A:C0:35:33:03:EB:AB:3D:26:AD:C8:95:15:96:95


Verify metadata with certificate

We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your client or server trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity.

  • No labels
Write a comment…