SWITCHaai Federation Metadata
The federation metadata describes Identity Providers (IdP) and Service Providers (SP) as well as trust information of the federation.Federation Metadata Shibboleth for 2.1 and newer
The metadata files are updated hourly, usually every full hour.
| Shibboleth 2.1 and newer | |
|
SWITCHaai Federation metadata.switchaai.xml |
AAI Test Federation metadata.aaitest.xml |
|
The federation metadata files are digitally signed with the
SWITCHaai Metadata Signer certificate. This certificate chains up
to the SWITCHaai Root CA certificate used as the trust anchor.
More information about the SWITCHaai Root CA. |
|
Update of Federation Metadata
We require the systems to update the SWITCHaai federation metadata at least daily. Hourly updates are strongly recommended in order to support fast propagation of metadata changes.
The Shibboleth IdP and SP version 2 can be configured to automatically update the metadata. For a configuration reference, see the Shibboleth Wiki for the IdP Metadata Provider and the SP Metadata Provider.
If the SP or IdP downloading metadata is behind a firewall or proxy, one must be aware that the IP address of the host metadata.aai.switch.ch can change anytime. Therefore, we recommend configuring the SP to use a proxy and the IdP to use a proxy rather than creating IP-based exception rules.
Federation Metadata Shibboleth for earlier versions
The metadata files are updated hourly, usually every full hour.
| Shibboleth 1.3 / 2.0 | |
|
SWITCHaai Federation metadata.switchaai.xml |
AAI Test Federation metadata.aaitest.xml |
|
These files are digitally signed with the
SWITCHaai Metadata Signer certificate. It is recommended
to check the signature with the Shibboleth metadatatool after the download. If you are using Shibboleth 1.3.x, please upgrade to Shibboleth 2.x as soon as possible as all support (including security support) ended in July 2010. |
|