IntroductionMoonshot Credential Files (.msht)| Code Block |
|---|
| language | xml |
|---|
| linenumbers | true |
|---|
| <?xml version="1.0" encoding="UTF-8"?>
<identities>
<identity>
<display-name>[i.e. John Smith from Camford University]</display-name>
<user>[i.e. johnsmith]</user>
<password>[i.e. correct-horse-battery-staple]</password>
<realm>[i.e. camford.ac.uk]</realm>
<selection-rules>
</selection-rules>
<trust-anchor>
<server-cert>[sha256 fingerprint OR the base64 encoded representation of a root certificate in DER form used in the IdP's trust anchor]</server-cert>
</trust-anchor>
</identity>
</identities> |
| Note |
|---|
| Inclusion of the trust anchor is vital - without it, credentials may be exposed to malicious resource providers. This credential format is also used to secure communication between RPs, IdPs and trust routers. |
Importing Credential FilesMoonshot ships with a tool, moonshot-webp, to securely and correctly provision credentials onto clients. The format for credential files is simple XML: Inclusion of the trust anchor is vital - without it credentials may be exposed to malicious resource providers. This credential format is also used to secure communication between RP's, IdP's and trust routers. |