Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

This page is under construction, and is therefore not yet complete. Come back soon to see if it's finished!

Opennav
 
Numbered Headings

Introduction

Moonshot Credential Files (.msht)

Code Block
languagexml
linenumberstrue
<?xml version="1.0" encoding="UTF-8"?>
<identities>
  <identity>
    <display-name>[i.e. John Smith from Camford University]</display-name>
    <user>[i.e. johnsmith]</user>
    <password>[i.e. correct-horse-battery-staple]</password>
    <realm>[i.e. camford.ac.uk]</realm>
    <selection-rules>
    </selection-rules>
    <trust-anchor>
      <server-cert>[sha256 fingerprint OR the base64 encoded representation of a root certificate in DER form used in the IdP's trust anchor]</server-cert>
    </trust-anchor>
  </identity>
</identities>
Note
Inclusion of the trust anchor is vital - without it, credentials may be exposed to malicious resource providers. This credential format is also used to secure communication between RPs, IdPs and trust routers.

Importing Credential Files

Moonshot ships with a tool, moonshot-webp, to securely and correctly provision credentials onto clients. The format for credential files is simple XML:

Inclusion of the trust anchor is vital - without it credentials may be exposed to malicious resource providers. This credential format is also used to secure communication between RP's, IdP's and trust routers.