The Fedkom production environment is accessible only to members of Fedkom and opted-in members from Sambi and Skolfederation. All member metadata published in the Fedkom aggregated metadata feed is by confirmed member organizations, that must comply with the trust framework and technical requirements.
All members of Fedkom gain automatic access to the production environment.
If your member organization is a Swedish municipality and a member of either Skolfederation or Sambi, you have the option to include existing or new entities in Fedkom. This is done by:
Example:
<md:EntityDescriptor
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
entityID="https://openfed.swefed.se/placeholder/internetstiftelsen/sp-prod">
<md:Extensions>
<mdattr:EntityAttributes>
<saml:Attribute Name="https://id.openfed.se/entityattributes/opt-in" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>https://id.openfed.se/entityattributes/opt-in/yes</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</md:Extensions>
...
...
</md:EntityDescriptor> |
Once the opt-in Entity Attribute is correctly applied and the metadata has been published, the entity will be included in Fedkom in accordance with the federation policy.
After publishing your entity with the opt-in Entity Attribute, it may take up to approximately one hour before the entity is published in the Fedkom feeds. This delay is due to differences in metadata aggregation and publishing cycles between the federations and Fedkom. |
If your member organization is not a member of Skolfederation or Sambi, you can upload metadata by sending the metadata to the federation operator for validation and verification. If there are errors, the federation operator will request corrections. If everything is ready for upload, the federation operator will contact the Technical Contact to validate metadata checksum (SHA1) before publication to federation.
Fedkom produces three metadata feeds available for consumption:
| Metadata feed | URL |
|---|---|
| All entities (IdP and SP) | https://md.openfed.se/prod/md/metadata_set1_01.xml |
| All SP's only | https://md.openfed.se/prod/md/metadata_set1_sp_01.xml |
| All IdP's only | https://md.openfed.se/prod/md/metadata_set1_idp_01.xml |
Public key for verifying signature of all Fedkom metadata feeds is found below.
Certificate file: openfed-saml-signer-prod-1_0.crt
-----BEGIN CERTIFICATE----- MIIF3zCCA8egAwIBAgIUFWgREqIHK0DwvAEUVaXW0Z6cNr0wDQYJKoZIhvcNAQEL BQAwfjEhMB8GA1UEAwwYb3BlbmZlZC1zYW1sLXNpZ25lci1wcm9kMSgwJgYDVQQK DB9UaGUgU3dlZGlzaCBJbnRlcm5ldCBGb3VuZGF0aW9uMRswGQYDVQQLDBJGZWRl cmF0ZWQgU2VydmljZXMxEjAQBgNVBAcMCVN0b2NraG9sbTAgFw0yNjAyMTgxMDA0 MjhaGA8yMTI2MDEyNTEwMDQyOFowfjEhMB8GA1UEAwwYb3BlbmZlZC1zYW1sLXNp Z25lci1wcm9kMSgwJgYDVQQKDB9UaGUgU3dlZGlzaCBJbnRlcm5ldCBGb3VuZGF0 aW9uMRswGQYDVQQLDBJGZWRlcmF0ZWQgU2VydmljZXMxEjAQBgNVBAcMCVN0b2Nr aG9sbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKesRxDCvDsdDYvj f2y0YiuK5ay/phWT3DY3DTsIQDpnpWewIuRaSGhkVm5Q+/DVjDquQAI/IwlHiUBt m9pP1aAIt3fCM3Fz3z2HmPquz/SmKRF1Mov8jPpl69ZK/DmtZKIkCw42mCdH//oq gjqcR2rDz4nj35kmCVUaKpyAvU6lmQxlgE6ODIKSGjcRMCJKKNNnGlwoA1pJKCfC 4ZJ+WXD5/9btUmPMo0k70GRbva5/KDP7JBxi7t41XrM9UXhfnBSnmrB0ulagwwDM oF28XIeu37/4ZuW8hYJzOGIOME5dmM2QJOTwaoMjrK3z84Bc4TEB+Tq5+j2dsVx8 gu4oq8y7LDkEnQoOqX1/gfobAC14Q5ydvV33CLRPve+ZrO60ZkA5wIJG7qkUHzET N0BFYbaJCyY4vVWMyAGdOcpG2gBGVnEy0akURzccv1+z9bwuj9S3mjsPEp4FVOsq 7ikw/I+fGydCKdxXzXsl0lu9G5l4DYrSXhMqqzyH+M6oQjRjzcHLkRhLOwDriGYa LftcKMbQ/3cxx4xAWTBb1TSTy2jF6zuVO5L+sFM6FOfQ5rRpXcUMeWh6w58ZJgpW ldKCRm+YWaAmn/i3vZwpkCQZSl0sEz7BoChq1YjFVO8fJx0w928dxuagOX4lM9AQ M8vWqXd6se8uNBC9TGZmVrYAtebzAgMBAAGjUzBRMB0GA1UdDgQWBBTbMbFzwZ6S u1ZjkcY/YaJbEE0b6TAfBgNVHSMEGDAWgBTbMbFzwZ6Su1ZjkcY/YaJbEE0b6TAP BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBesnIFX0im9T5TXBgp guoNqWVd7Zu/55M9HPVfLcjK37C8Epmplj3q6RmvGNY+11jyPBTUnujzeOpIMKf2 yJDg0wDMqZdOMZYCVeZGI+4p+DPWt6iUBS6xnXg6voU4HxDVCWEynE/jx0QS4oY0 2E1ixh5/m5I84T21GlAncxkuUwoCdFl9Uqv7JVOArM56lzwjSDFq0tYD6VOqegGr MXXtoP+IkVGCVx/BudtNWyngMCk6NiU1WS3hSwJsCnaZCMQh1kOY7K62C61T7T5F atnUXGAvhpplXiB8RnaMWNhsDRywpRhARJt8gpHge7ETrmzr1knh04ewxdMCfvy4 ukqXrXroXgIOYldZ8Wp6Pv4Wry3zKNnYgoOAMNxlDK8Xt4AXdjoMPLBrevjfjPRS jzFiVmH+kXMhPVe1X4uEdR9aGqjXI89VJxsRjqCjA0yqWYUUJi49ZItZP1FfIOqP rPxduE1MxlTGtM+d7dYVPzGAzKTSK/YP6AeuVkhB2YJlSx7msF7xowktH9m+7Bpk xDBqvt2cWfX0B8VQOfjP9pf4iq1vCKbPS976bZmuJQ2MB7yk8dW+6Q9w5gVoaE7r gMUWbMXQoOjO6TQE5UaZ+JLN3s71flWiruDuey72FnvsKCrIwygIevS3p3WDNKEm vwRHX3FjNwXhLYnC0o0yTds2YQ== -----END CERTIFICATE----- |
SHA-256 fingerprint: EE:A2:A9:C3:05:06:72:BD:B5:4E:81:1E:97:7A:11:B4:A6:DC:08:7B:C5:15:D5:B8:6F:0D:0C:88:37:F1:BA:B6 |
We recommend verifying the fingerprint of the signing certificate with the federation operator before adding the certificate to your IdP/SP trust. After trusting the certificate, always verify federation metadata signature with signing certificate to guarantee metadata integrity. |
A centralized SAML 2.0 Discovery Service for Fedkom is found below.
https://md.openfed.se/prod/ds/
The DS is populated with all IdP's from the Fedkom metadata. The names shown in the DS are based on the OrganizationDisplayName attribute from the IdP metadata.
Note that the federation operator does not recommend the usage of the centralized DS for discovery of IdP's in production environments, due to limitations in user experience. If required, service providers are recommended to implement a method of discovery better suited to their service. |
A generic errorURL handler is provided in the federation. More information: Generic errorURL handler.