SAFIRE Metadata

SAFIRE publishes various metadata feeds, at the locations shown below. All feeds are signed using SAFIRE’s metadata signing key, and the signatures should be verified before using this metadata.

Metadata for identity providers

This is metadata for entities that have joined SAFIRE as an identity provider and exchanged metadata with us.

SAFIRE Federation Hub

This is the basic metadata for the SAFIRE federation, and contains information about the hub.

Metadata URL https://metadata.safire.ac.za/safire-hub-metadata.xml
Entity ID https://iziko.safire.ac.za/
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

The hub metadata can also be used by SAFIRE service providers who only wish to make use of central discovery services. However this mode of operation is deprecated as it is incompatible with current best practices for IdP discovery.

Metadata for service providers

This is metadata for entities that have joined SAFIRE as a service provider and exchanged metadata with us.

SAFIRE IdP Proxies

This is metadata for identity providers in the SAFIRE federation, reached via an IdP proxy to avoid centralised discovery. It is intended for use by SAFIRE participants who wish to run their own local discovery services (this is best practice).

Metadata URL https://metadata.safire.ac.za/safire-idp-proxy-metadata.xml
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

Service providers are strongly encouraged to also consume one of the eduGAIN IdP feeds in addtion to the IdP Proxies feed even if they have no immediate intention of using eduGAIN.

SAFIRE Service Providers consuming eduGAIN IdPs

This is a re-publication of the eduGAIN metadata after it has passed through SAFIRE’s metadata aggregation and filters. It is intended for use by SAFIRE service providers who are participating in eduGAIN, and therefore only includes identity providers.

Metadata URL https://metadata.safire.ac.za/edugain-consuming.xml
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

SAFIRE Service Providers consuming Sirtfi-compliant eduGAIN IdPs

This is a re-publication of a subset of the eduGAIN metadata that only includes Sirtfi-compliant identity providers that have passed through SAFIRE’s metadata aggregation and filters. It is intended for use by SAFIRE service providers who are participating in eduGAIN.

Metadata URL https://metadata.safire.ac.za/edugain-sirtfi-consuming.xml
Signing Certificate https://metadata.safire.ac.za/safire-metadata.crt
Cert Fingerprints BB:89:BA:97:E5:D8:DA:4F:7C:75:41:7B:14:6A:E6:EC:4A:01:C5:D8:51:2E:09:2D:7C:75:A8:2B:47:7F:00:4C (SHA256)
FF:EF:5D:8E:AA:12:EA:5D:A1:81:4F:48:02:F3:07:22:4A:7D:FA:05 (SHA1)

Inter-federation Metadata

SAFIRE also provides metadata to the eduGAIN interfederation for use by academic federations around the world. Entities wishing to interfederate should receive this metadata from their local federation rather than directly from SAFIRE. You can view metadata we provide to eduGAIN in the REFEDS metadata explorer tool.

South African Identity Federation