# HREF Key Rollover 2020 English ## Introduction The Hungarian Research and Educational Federation is migrating to a new metadata signing certificate (HREF-2020). All HREF member and partner have to update their IdP and SP configurations before 2022. January 1st., in order to provide the federational services without interruption. After 2022 January 1st., the old metadata signing certificate (HREF-2011) will be shut down. The tables below and configuration examples are containing all the necessary technical information. ## Key Rollover ### Code names | Code name | Metadata signing certificate | Date of expiration | |---|---|---| | HREF-2011 | [href-metadata-signer-2011.crt](https://metadata.eduid.hu/certs/href-metadata-signer-2011.crt) | 2022.01.01. | | HREF-2015 | [mdx-test-signer-2015.crt](https://metadata.eduid.hu/certs/mdx-test-signer-2020.crt) | 2022.01.01. | | HREF-2020 | [href-metadata-signer-2020.crt](https://metadata.eduid.hu/certs/href-metadata-signer-2020.crt) | 2025.06.14. | ### SHA1 fingerprints | Code name | SHA1 fingerprint | |---|---| | HREF-2011 | `FE:AE:0B:E8:FB:59:ED:F7:CB:7F:69:DF:19:4F:8B:6D:C7:F6:96:66` | | HREF-2015 | `91:81:AD:2B:F1:C1:4E:47:93:A2:9D:49:34:B7:77:62:4F:2F:98:43` | | HREF-2020 | `C3:72:DC:75:4C:FA:BA:65:63:52:D9:6B:47:5B:44:7E:AA:F6:45:61` | ### Domain names | Domain | URL | Key | Status | |---|---|---|---| | metadata.eduid.hu | `metadata.eduid.hu/2011/href.xml` | HREF-2011 | Prod | | metadata.eduid.hu | `metadata.eduid.hu/2020/href.xml` | HREF-2020 | Prod | | mdx.eduid.hu | `mdx-2015.eduid.hu` | HREF-2015 | Prod | | mdx.eduid.hu | `mdx-2020.eduid.hu` | HREF-2020 | Prod | ## Shibboleth Service Provider Configurations [https://wiki.shibboleth.net/confluence/display/SP3/MetadataProvider](https://wiki.shibboleth.net/confluence/display/SP3/MetadataProvider) ### XML [https://wiki.shibboleth.net/confluence/display/SP3/XMLMetadataProvider](https://wiki.shibboleth.net/confluence/display/SP3/XMLMetadataProvider) ```xml ``` ### MDX #### Shibboleth 3.X [https://wiki.shibboleth.net/confluence/display/SP3/MDQMetadataProvider](https://wiki.shibboleth.net/confluence/display/SP3/MDQMetadataProvider) ```xml ``` #### Shibboleth 2.X ```xml https://mdx-2015.eduid.hu/entities/$entityID https://mdx-2020.eduid.hu/entities/$entityID ``` ## Shibboleth Identity Provider Configurations ### XML #### Shibboleth 4.X [https://wiki.shibboleth.net/confluence/display/IDP4/FileBackedHTTPMetadataProvider](https://wiki.shibboleth.net/confluence/display/IDP4/FileBackedHTTPMetadataProvider) ```xml md:SPSSODescriptor ``` #### Shibboleth 3.X [https://wiki.shibboleth.net/confluence/display/IDP30/FileBackedHTTPMetadataProvider](https://wiki.shibboleth.net/confluence/display/IDP30/FileBackedHTTPMetadataProvider) ```xml md:SPSSODescriptor ``` ### MDX #### Shibboleth 4.X [https://wiki.shibboleth.net/confluence/display/IDP4/DynamicHTTPMetadataProvider](https://wiki.shibboleth.net/confluence/display/IDP4/DynamicHTTPMetadataProvider) ```xml https://mdx-2020.eduid.hu/ ``` #### Shibboleth 3.X [https://wiki.shibboleth.net/confluence/display/IDP30/DynamicHTTPMetadataProvider](https://wiki.shibboleth.net/confluence/display/IDP30/DynamicHTTPMetadataProvider) ```xml https://mdx-2020.eduid.hu/ ``` ## SimpleSAMLphp Configurations ### MDX ```php //config/config.php 'metadata.sources' => [[=> 'flatfile']('type'), // ez a *-hosted metadata konfiguráció betöltése miatt szükséges [ 'type' => 'mdq', 'server' => 'https://mdx-2020.eduid.hu', /* --- */ 'validateFingerprint' => 'C3:72:DC:75:4C:FA:BA:65:63:52:D9:6B:47:5B:44:7E:AA:F6:45:61' ], ], ``` ### metarefresh [https://simplesamlphp.org/docs/stable/simplesamlphp-maintenance#section_3](https://simplesamlphp.org/docs/stable/simplesamlphp-maintenance#section_3) [https://github.com/simplesamlphp/simplesamlphp-module-metarefresh/blob/master/docs/simplesamlphp-automated_metadata.md](https://github.com/simplesamlphp/simplesamlphp-module-metarefresh/blob/master/docs/simplesamlphp-automated_metadata.md) ```php // config/config-metarefresh.php $config = [ 'sets' => [ 'href-2011' => [ 'cron' => ['hourly'], 'sources' => [ [ 'src' => 'https://metadata.eduid.hu/2011/href.xml', 'validateFingerprint' => 'FE:AE:0B:E8:FB:59:ED:F7:CB:7F:69:DF:19:4F:8B:6D:C7:F6:96:66', ], ], 'expireAfter' => 777600, // 9 nap 'outputDir' => 'metadata/metarefresh-href-2011/', 'outputFormat' => 'flatfile', ], 'href-2020' => [ 'cron' => ['hourly'], 'sources' => [ [ 'src' => 'https://metadata.eduid.hu/2020/href.xml', 'validateFingerprint' => 'C3:72:DC:75:4C:FA:BA:65:63:52:D9:6B:47:5B:44:7E:AA:F6:45:61', ], ], 'expireAfter' => 777600, // 9 nap. 'outputDir' => 'metadata/metarefresh-href-2020/', 'outputFormat' => 'flatfile', ], ], ]; ``` ```php // config/config.php 'metadata.sources' => [ ['type' => 'flatfile'], ['type' => 'flatfile', 'directory' => 'metadata/metarefresh-href-2011'], ['type' => 'flatfile', 'directory' => 'metadata/metarefresh-href-2020'], ], ```