„HREF Key Rollover 2020” változatai közötti eltérés

Innen: KIFÜ Wiki
a (Northway(AT)niif.hu átnevezte a(z) Certificate Rollover lapot a következő névre: HREF Key Rollover 2020)
(Shibboleth Service Provider key rollover)
1. sor: 1. sor:
== Shibboleth Certificate Rollover ==
+
== Shibboleth Service Provider  ==
  
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPMultipleCredentials
+
=== XML ===
  
https://wiki.shibboleth.net/confluence/display/SP3/Multiple+Credentials
+
<syntaxhighlight lang="xml" line>
 +
<MetadataProvider type="Chaining">
 +
    <MetadataProvider type="XML" id="href-2011" url="http://metadata.eduid.hu/current/href.xml" backingFilePath="href-2011.xml">
 +
        <MetadataFilter type="Signature" certificate="href-metadata-signer-2011.crt"/>
 +
        <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
 +
    </MetadataProvider>
 +
    <MetadataProvider type="XML" id="href-2020" url="http://metadata.eduid.hu/current/href.xml" backingFilePath="href-2020.xml">
 +
        <MetadataFilter type="Signature" certificate="href-metadata-signer-2020.crt"/>
 +
        <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
 +
    </MetadataProvider>
 +
</MetadataProvider>
 +
</syntaxhighlight>
 +
 
 +
=== MDX ===
 +
 
 +
==== Shibboleth 3.X ====
 +
 
 +
<syntaxhighlight lang="xml" line>
 +
<MetadataProvider type="MDQ" id="href-2015" ignoreTransport="true" baseUrl="https://mdx.eduid.hu/">
 +
    <MetadataFilter type="Signature" certificate="mdx-test-signer-2015.crt"/>
 +
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
 +
</MetadataProvider>
 +
<MetadataProvider type="MDQ" id="href-2020" ignoreTransport="true" baseUrl="https://mdx.eduid.hu/">
 +
    <MetadataFilter type="Signature" certificate="href-metadata-signer-2020.crt"/>
 +
    <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
 +
</MetadataProvider>
 +
</syntaxhighlight>
 +
 
 +
==== Shibboleth 2.X ====
 +
 
 +
<syntaxhighlight lang="xml" line>
 +
<MetadataProvider type="Dynamic" id="href-2015" ignoreTransport="true">
 +
    <Subst>https://mdx.eduid.hu/entities/$entityID</Subst>
 +
    <MetadataFilter type="Signature" certificate="mdx-test-signer-2015.crt"/>
 +
</MetadataProvider>
 +
<MetadataProvider type="Dynamic" id="href-2020" ignoreTransport="true">
 +
    <Subst>https://mdx.eduid.hu/entities/$entityID</Subst>
 +
    <MetadataFilter type="Signature" certificate="href-metadata-signer-2020.crt"/>
 +
</MetadataProvider>
 +
</syntaxhighlight>
  
 
== SimpleSAMLphp Certificate Rollover ==  
 
== SimpleSAMLphp Certificate Rollover ==  
  
 
https://simplesamlphp.org/docs/stable/saml:keyrollover
 
https://simplesamlphp.org/docs/stable/saml:keyrollover

A lap 2020. szeptember 7., 19:39-kori változata

Shibboleth Service Provider

XML

 1 <MetadataProvider type="Chaining">
 2     <MetadataProvider type="XML" id="href-2011" url="http://metadata.eduid.hu/current/href.xml" backingFilePath="href-2011.xml">
 3         <MetadataFilter type="Signature" certificate="href-metadata-signer-2011.crt"/>
 4         <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
 5     </MetadataProvider>
 6     <MetadataProvider type="XML" id="href-2020" url="http://metadata.eduid.hu/current/href.xml" backingFilePath="href-2020.xml">
 7         <MetadataFilter type="Signature" certificate="href-metadata-signer-2020.crt"/>
 8         <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
 9     </MetadataProvider>
10 </MetadataProvider>

MDX

Shibboleth 3.X

1 <MetadataProvider type="MDQ" id="href-2015" ignoreTransport="true" baseUrl="https://mdx.eduid.hu/">
2     <MetadataFilter type="Signature" certificate="mdx-test-signer-2015.crt"/>
3     <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
4 </MetadataProvider>
5 <MetadataProvider type="MDQ" id="href-2020" ignoreTransport="true" baseUrl="https://mdx.eduid.hu/">
6     <MetadataFilter type="Signature" certificate="href-metadata-signer-2020.crt"/>
7     <MetadataFilter type="RequireValidUntil" maxValidityInterval="864000"/>
8 </MetadataProvider>

Shibboleth 2.X

1 <MetadataProvider type="Dynamic" id="href-2015" ignoreTransport="true">
2     <Subst>https://mdx.eduid.hu/entities/$entityID</Subst>
3     <MetadataFilter type="Signature" certificate="mdx-test-signer-2015.crt"/>
4 </MetadataProvider>
5 <MetadataProvider type="Dynamic" id="href-2020" ignoreTransport="true">
6     <Subst>https://mdx.eduid.hu/entities/$entityID</Subst>
7     <MetadataFilter type="Signature" certificate="href-metadata-signer-2020.crt"/>
8 </MetadataProvider>

SimpleSAMLphp Certificate Rollover

https://simplesamlphp.org/docs/stable/saml:keyrollover