SWITCHaai Metadata

The metadata describe Identity Providers (IdP) and Service Providers (SP) of the respective federation. They are updated hourly, usually every full hour.

SAML 2.0 metadata

The federation metadata files are digitally signed with the SWITCHaai Metadata Signer certificate. This certificate chains to the SWITCHaai Root CA certificate which should be configured as the trust anchor for PKIX-based validation of the metadata signature.

Update of Federation Metadata

AAI-enabled systems in the SWITCHaai federation are requested to update the metadata at least daily. Hourly updates are strongly recommended in order to support fast propagation of metadata changes.

Instructions for configuring the above metadata with an automatic hourly refresh and signature validation based on the SWITCHaai Root CA trust anchor can be found in our SP deployment guide and the IdP deployment guide, respectively (MetadataProvider elements in the XML configuration files).

If the SP or IdP downloading metadata is behind a firewall or proxy, please be aware that the IP address of the metadata.aai.switch.ch host may change without notice. Creating IP-based filter rules is therefore discouraged, and we strongly recommend configuring the SP to use a proxy and the IdP to use a proxy instead.