SIR Metadata Documents

SIR SAML metadata signing and gateway certificate updated

A certificate rollover for both metadata and response/assertions signing/encryption took place this week. This is an over view of the changes:

  • Monday, June 20th, 2016.
    • Metadata was signed with the former key, and also including the new signing certificate for metadata. Finished
    • Metadata refresh was shortened to 48 hours. Finished
  • Monday, June 27th, 2016, at 10:00 CEST.
    • The new SAML gateway certificate was changed in both the metadata and the gateway. Finished
    • Metadata was signed with the new signing key. Finished
    • The former certificate disappeared. Finished

Production metadata

These are the metadata associated to each of the protocols supported by SIR:

  • PAPI v1: GPoA metadata.
    Hash SHA1: e1e0c553dd310276d0dc3ec791aab5351323a9cf
  • Shibboleth 1.3 and 2: There are two sets of metadata (both supporting SAML 1.1 and SAML 2):
    • Individual IdP metadata: Defines an individual IdP for each one of the institutions connected to the service.
      Hash SHA1: 1944dc808e46c87550006642ebc185a537991650
    • Common access metadata: defines a single common IdP for the whole SIR infrastructure, associated to an internal Where are you From? (WAYF) service to direct the users back to their institutional services using the SIR internal mechanisms.
      Hash SHA1: eccb7486a328ec2a82d980ee807377465d5c3c3b
    Service providers can choose the metadata document that better fits their needs.

SIRdemo Metadata

SIRdemo is a test environment, allowing institutions and service providers to validate their connection to the service. The metadta for this test infrastructure are:

Digital signature

All the SIR metadata is digitally signed: