Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Moonshot ships with a tool, moonshot-webp, to securely and correctly provision credentials onto clients. The format for credential files is simple XML:

<?xml version="1.0" encoding="UTF-8"?>
<identities>
  <identity>
    <display-name>[i.e. John Smith from Camford University]</display-name>
    <user>[i.e. johnsmith]</user>
    <password>[i.e. correct-horse-battery-staple]</password>
    <realm>[i.e. camford.ac.uk]</realm>
    <selection-rules>
    </selection-rules>
    <trust-anchor>
      <server-cert>[sha256 fingerprint OR the base64 encoded representation of a root certificate in DER form used in the IdP's trust anchor]</server-cert>
    </trust-anchor>
  </identity>
</identities>

Inclusion of the trust anchor is vital - without it credentials may be exposed to malicious resource providers. This credential format is also used to secure communication between RP's, IdP's and trust routers.

The rules section is used to restrict which services credential will be automatically used for - for use with a trust router, the service type is "trustidentity".

       <rule>
        <pattern>trustidentity/*</pattern>
        <always-confirm>false</always-confirm>
      </rule>
  • No labels