SAFIRE Metadata

SAFIRE publishes various metadata feeds, at the locations shown below. All feeds are signed using SAFIRE's metadata signing key, and the signatures should be verified before using this metadata.

Metadata for identity providers

SAFIRE Federation Hub

This is the basic metadata for the SAFIRE federation, and contains information about the hub. It is intended for use by SAFIRE identity providers.

Metadata URL https://metadata.safire.ac.za/safire-hub-metadata.xml
Entity ID https://iziko.safire.ac.za/
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

The hub metadata can also be used by SAFIRE service providers who only wish to make use of central discovery services. However this mode of operation is deprecated as it is incompatible with current best practices for IdP discovery.

Metadata for service providers

SAFIRE IdP Proxies

This is metadata for identity providers in the SAFIRE federation, reached via an IdP proxy to avoid centralised discovery. It is intended for use by SAFIRE participants who wish to run their own local discovery services (this is best practice).

Metadata URL https://metadata.safire.ac.za/safire-idp-proxy-metadata.xml
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

Service providers are strongly encouraged to also consume one of the eduGAIN IdP feeds in addtion to the IdP Proxies feed even if they have no immediate intention of using eduGAIN.

SAFIRE Service Providers consuming eduGAIN IdPs

This is a re-publication of the eduGAIN metadata after it has passed through SAFIRE's metadata aggregation and filters. It is intended for use by SAFIRE service providers who are participating in eduGAIN, and therefore only includes identity providers.

Metadata URL https://metadata.safire.ac.za/edugain-consuming.xml
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

SAFIRE Service Providers consuming Sirtfi-compliant eduGAIN IdPs

This is a re-publication of a subset of the eduGAIN metadata that only includes Sirtfi-compliant identity providers that have passed through SAFIRE's metadata aggregation and filters. It is intended for use by SAFIRE service providers who are participating in eduGAIN.

Metadata URL https://metadata.safire.ac.za/edugain-sirtfi-consuming.xml
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

Inter-federation Metadata

SAFIRE Participants into eduGAIN

This is a feed for eduGAIN containing only identity and service providers who wish to participate in inter-federation.

Metadata URL https://metadata.safire.ac.za/safire-edugain.xml
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

South African Identity Federation