For large-scale deployments of Moonshot authentication, it is recommended that user credentials are pre-provisioned, i.e. that users are issued with a credential file that is imported into their local keyring and/or local identity storage. This method also allows the deployment of trust anchors, without which credentials could be exposed to malicious resource providers.
2. Moonshot Credential Files (.msht)
The Moonshot credential file is simple XML. The format of the file is described at the moonshot-webp XML Format page.
A sample of the file can be found at
This credential format is also used to secure communication between RPs, IdPs and trust routers in the Moonshot infrastructure.
3. Importing Credential Files
Moonshot ships with a tool, moonshot-webp, to securely and correctly provision credentials onto clients.
The command-line of the tool is very simple:
-f parameter directs the tool to store the credential in identities.txt instead of the keyring (the default).