Metadata Sources

The AAF publishes 3 metadata documents:

1. https://md.aaf.edu.au/aaf-metadata.xml
   Containing IdP and SP which have been approved to participate in the AAF.
2. https://md.aaf.edu.au/aaf-edugain-metadata.xml
   Containing IdP and SP from the global eduGAIN metadata source which have been approved for consumption by AAF subscribers.
3. https://md.aaf.edu.au/aaf-edugain-export-metadata.xml
   Containing AAF subscribed IdP and SP which have been approved for publishing to the global eduGAIN metadata source.

The AAF also provides MDQ endpoints for use:

1. https://md.aaf.edu.au/mdq/aaf/
   Containing IdP and SP which have been approved to participate in the AAF.
2. https://md.aaf.edu.au/mdq/aaf_and_edugain/
   As above, and also containing IdP and SP from the global eduGAIN metadata source which have been approved for consumption by AAF subscribers.

Metadata documents and MDQ endpoints are only accessible by https request. Our metadata endpoints automatically redirect http requests.

Signatures

The AAF signs all metadata. Subscribers MUST use the public key available at https://md.aaf.edu.au/aaf-metadata-certificate.pem to verify metadata documents whenever they are retrieved.

To confirm that you have obtained the correct key ensure the file you have downloaded conforms to the following:

         $> openssl x509 -subject -dates -fingerprint -in aaf-metadata-certificate.pem

         subject= /O=Australian Access Federation/CN=AAF Metadata
         notBefore=Nov 24 04:27:20 2015 GMT
         notAfter=Dec  9 04:27:20 2035 GMT
         SHA1 Fingerprint=E2:FC:CC:CB:0E:0F:3B:32:FA:55:87:29:08:DE:E0:34:DA:A2:15:5A
     

MDQ caveats

The AAF's MDQ endpoints largely conform to the Metadata Query Protocol specifications, with a few deviations documented below.

Even where the AAF's endpoints accept noncompliant requests, subscribers SHOULD aim to conform fully to the specifications. Noncompliant requests which are accepted today may be rejected tomorrow.