SAFIRE Metadata
SAFIRE publishes various metadata feeds at the locations shown below. All feeds are signed using SAFIRE’s metadata signing key, and the signatures should be verified before using this metadata.
Metadata for identity providers
The metadata feeds in this section are for entities that have joined SAFIRE as an identity provider and that have exchanged metadata with us.
SAFIRE Federation Hub
This contains the basic metadata for the SAFIRE federation, and contains information about the hub. It is the only metadata required by identity providers, and should be consumed dynamically or updated regularly.
| Metadata URL | https://metadata.safire.ac.za/safire-hub-metadata.xml |
|---|---|
| Entity ID | https://iziko.safire.ac.za/ |
| Signing Certificate | https://metadata.safire.ac.za/safire-metadata.crt |
| Cert Fingerprints | BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256) FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1) |
The hub metadata can also be used by SAFIRE service providers who only wish to make use of central discovery services. However this mode of operation is deprecated as it is incompatible with current best practices for IdP discovery.
Metadata for service providers
This metadata feeds in this section are for entities that have joined SAFIRE as a service provider and that have exchanged metadata with us.
SAFIRE IdP Proxies
This aggregate contains metadata for identity providers in the SAFIRE federation, reached via an IdP proxy to avoid centralised discovery. It is intended for use by SAFIRE service providers who wish to run their own local discovery services (this is best practice).
| Metadata URL | https://metadata.safire.ac.za/safire-idp-proxy-metadata.xml |
|---|---|
| Signing Certificate | https://metadata.safire.ac.za/safire-metadata.crt |
| Cert Fingerprints | BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256) FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1) |
Service providers are strongly encouraged to also consume one of the two eduGAIN IdP feeds below in addition to the IdP Proxies feed even if they have no immediate intention of using eduGAIN.
SAFIRE Service Providers consuming eduGAIN IdPs
This aggregate contains a re-publication of the eduGAIN metadata after it has passed through SAFIRE’s metadata aggregation and filters. It is intended for use by SAFIRE service providers who are participating in eduGAIN, and therefore only includes identity providers.
| Metadata URL | https://metadata.safire.ac.za/edugain-consuming.xml |
|---|---|
| Signing Certificate | https://metadata.safire.ac.za/safire-metadata.crt |
| Cert Fingerprints | BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256) FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1) |
SAFIRE Service Providers consuming Sirtfi-compliant eduGAIN IdPs
This aggregate contains a re-publication of a subset of the eduGAIN metadata that only includes Sirtfi-compliant identity providers that have passed through SAFIRE’s metadata aggregation and filters. It is intended for use by SAFIRE service providers who are participating in eduGAIN.
| Metadata URL | https://metadata.safire.ac.za/edugain-sirtfi-consuming.xml |
|---|---|
| Signing Certificate | https://metadata.safire.ac.za/safire-metadata.crt |
| Cert Fingerprints | BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256) FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1) |
Inter-federation Metadata
SAFIRE also provides metadata to the eduGAIN interfederation for use by academic federations around the world. Entities wishing to interfederate should receive this metadata from their local federation rather than directly from SAFIRE. You can view metadata we provide to eduGAIN in the REFEDS metadata explorer tool.