UK federation operational information
The UK federation normally makes updates to its published metadata aggregates once per working day (Monday to Friday). Please note the office is closed over the Christmas and New Year break.
The signing and publishing process includes manual checks and multiple scheduled processes, so we cannot guarantee a particular time at which metadata is published.
Once published, metadata takes some time to propagate around the UK federation. We cannot give an accurate estimate for how long this takes as the metadata is pulled from our servers by the individual entities. We say in the UK federation Technical Recommendations for Participants that a daily refresh operation should be regarded as normal (section 4.2), and we recommend that SPs check for updated metadata every 4 hours.
We usually publish updated metadata towards the end of the working day, that is to say late afternoon UK time. This means that the day's metadata updates will normally have propagated throughout the federation in time for the start of the next working day.
Download the signed metadata file for the UK federation here:
You can download the certificate used to sign the metadata file from
ukfederation.pem. The certificate is required for your identity provider or service provider configuration. For the Shibboleth IdP this is described in the "Credentials" section of the federation Shibboleth IdP configuration documentation. For the Shibboleth SP this is described in the "MetadataProvider" section of the federation Shibboleth SP configuration documentation.
However, as this certificate secures the entire UK Federation, you should not rely on it until you have checked the certificate's fingerprint with a member of the UK Federation Operations team. You can use this
openssl command to find out the SHA-1 fingerprint of the certificate that you have downloaded:
openssl x509 -sha1 -fingerprint -noout -in ukfederation.pem
You should compare the resulting value with the correct fingerprint value, which can be obtained from the UK federation team. To guard against the possibility of this web site being compromised, you should contact them by telephone. Their phone number can be found on the federation helpdesk contact information page.
Testing new deployments
- You can test your IdP configuration using this UK federation test service provider. See the UK federation test SP documentation page for more information.
- The UK federation operates a test IdP that can be used for testing SP deployments. For more information please see the UK federation test IdP documentation page.
Attributes used in the UK federation
See Attribute usage for details.
The SDSS development federation was the forerunner of the UK federation.