Introduction

To support the efficient operation of the Federation and enable trusted access to connected services, the AAF publishes three metadata documents for the Production environment.

    • Contains all AAF subscribers.
    • Contains eduGAIN IdP and SP services approved for consumption by AAF subscribers. 
    • Contains AAF subscriber IdP and SP services approved for addition to the global eduGAIN metadata source. 

The AAF also publishes metadata for the Test Federation, this metadata does not enable access to eduGAIN.

Details

The AAF has signed these metadata documents with a public key certificate. AAF subscribers must use the  public key certificate available from https://md.aaf.edu.au/aaf-metadata-certificate.pem to verify metadata documents whenever they are retrieved. If an automated process retrieves these metadata files, the process must use the public key certificate to verify the metadata every time. 


This openssl command can display the public key certificate fingerprint using this command.

$> openssl x509 -subject -dates -fingerprint -in aaf-metadata-certificate.pem


The public key certificate output should match the following strings:
subject= /O=Australian Access Federation/CN=AAF Metadata
notBefore=Nov 24 04:27:20 2015 GMT
notAfter=Dec  9 04:27:20 2035 GMT
SHA1 Fingerprint=E2:FC:CC:CB:0E:0F:3B:32:FA:55:87:29:08:DE:E0:34:DA:A2:15:5A