To support the efficient operation of the Federation and enable trusted access to connected services, the AAF publishes three metadata documents for the Production environment.
- Contains all AAF subscribers.
- Contains eduGAIN IdP and SP services approved for consumption by AAF subscribers.
- Contains AAF subscriber IdP and SP services approved for addition to the global eduGAIN metadata source.
The AAF has signed these metadata documents with a public key certificate. AAF subscribers must use the public key certificate available from https://md.aaf.edu.au/aaf-metadata-certificate.pem to verify metadata documents whenever they are retrieved. If an automated process retrieves these metadata files, the process must use the public key certificate to verify the metadata every time.
This openssl command can display the public key certificate fingerprint using this command.
$> openssl x509 -subject -dates -fingerprint -in aaf-metadata-certificate.pem
subject= /O=Australian Access Federation/CN=AAF Metadata notBefore=Nov 24 04:27:20 2015 GMT notAfter=Dec 9 04:27:20 2035 GMT SHA1 Fingerprint=E2:FC:CC:CB:0E:0F:3B:32:FA:55:87:29:08:DE:E0:34:DA:A2:15:5A