KTR Trust Validation


Introduction

The Kantara Trust Registry (KTR) publishes a digitally signed SAML metadata document that complies with [SAMLIOP], [SAMLRPI] and [SAMLIAP]. The KTR SAML metadata includes signing and encryption keys associated with Kantara approved CSPs. In order to securely consume the KTR SAML metadata it is critically important to validate the XML digital signature using the information provided below.

Tools

There are several free tools and libraries that can be used to validate the XML signature on the KTR SAML metadata.

In addition there are several commercial tools, libraries and guidelines available online.

Signing Key

The technology preview KTR SAML metadata is signed with a public key with SHA1 fingerprint 26:2F:55:66:4C:8E:1D:49:BC:CC:B1:B4:2C:F5:3D:20:6B:B0:08:72:

-----BEGIN CERTIFICATE-----                                                                                                                                             
MIIGETCCA/mgAwIBAgIJAJqtOCIVBTQOMA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD                                                                                                        
VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMClBpc2NhdGF3YXkxGzAZBgNV                                                                                                        
BAoMEkthbnRhcmEgSW5pdGlhdGl2ZTEkMCIGA1UEAwwbdHJ1c3Qua2FudGFyYWlu                                                                                                        
aXRpYXRpdmUub3JnMSowKAYJKoZIhvcNAQkBFht0cnVzdEBrYW50YXJhaW5pdGlh                                                                                                        
dGl2ZS5vcmcwHhcNMTIwNjE3MTk0NDUwWhcNMjIwNjE1MTk0NDUwWjCBnjELMAkG                                                                                                        
A1UEBhMCVVMxCzAJBgNVBAgMAk5KMRMwEQYDVQQHDApQaXNjYXRhd2F5MRswGQYD                                                                                                        
VQQKDBJLYW50YXJhIEluaXRpYXRpdmUxJDAiBgNVBAMMG3RydXN0LmthbnRhcmFp
bml0aWF0aXZlLm9yZzEqMCgGCSqGSIb3DQEJARYbdHJ1c3RAa2FudGFyYWluaXRp
YXRpdmUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtNMf2fk6
6NVJalYVljYKPgUB4pUn/RUKelx+ubqg+lZrRjQgUuF1PnIhFwwU1JUQul3G2VK5
mkl9KzYNig9RNJUF27uUCx0G8Qo7j/jCX36hk+9Je7PdxjQxJU9RyI1ri9S3v0eX
y/JucuEYZFMPoXj5GUfqVvSFq95MZ7rlbSbVh3fKXbqy+OnDwvOHD8S9QPUylj+c
RFNckAWWTwWVuYC4DE89O5MArtnlEXbVU8N5sLXxuIO+KJoCrvoZUc5CB3SEdWPm
mrpL1haTPlwZwc7eJY+SQorHSpsp+L3KDqU9x56HtkuV1t6SffVgGIPv+pwNBogA
j6/1Z3PuOaAzrkZd7pOBHKYyWurd7dZqxtkrkua/zwuy678PHGk0V9W261YTGPLC
wLUPNQ3tVc79Pqs5PNZMsyT6bXlesEdpesUH5wrMC59WDC5pHU1o8tBoeww7TxP5
r78kVwL6yoD7c9EXBcinOWXmHy685FHjpCvDOtHY7zENnWVZmR3IZwcEbnoKzRLe
0cPBGfC4jyn155aEdJF4nWygt2of9epo0shttLO9F3vIWH5qi4Lqu5lUxCYZPiga
TzlWjvQ6DIx5/A+xrwBuECBfbWHLnLsK6fj/SeApbjIEZ+I39RBzaQ89bIfciwQf
Ye1jRialKSt74y6HxZkbdUTiEfs9wIu+Iu0CAwEAAaNQME4wHQYDVR0OBBYEFOdI
ohREOpx6zOcEmEaj3QtQ8gn+MB8GA1UdIwQYMBaAFOdIohREOpx6zOcEmEaj3QtQ
8gn+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggIBAGosDtYBb7KMUYkH
nZmV5gEp8n0yk0IBvDfwdTe9IsLIk/G49TN8K1A5ItTlgwjGm62Iay8hYGi49eS6
o8sPA/VwSUljSBp/VAf54WAgf3iQN1V3bVswghRZoJoUaoTP0qlZHlTVVn5+4FHx
wy1OYsShkKi1HeDFlH9fzcA80mf51ROwK32fzyTh+7LT0IT86F+wn9s/dKjp+cqe
uO+ofTIu088vUcNjUnNmXCKV4La+fdBXaEBgEdhn5mc6lJsfS35ZoFuUA3UHRpgJ
EW2ZBy0xaanLYlLEU8rK2GPXjLSUG2IWBnngAjgtHr9xh5m4rz9UMa0aMvuqA+1b
XiYL7duhwRTsJCmhPCOPjmk1rbzRc7SF52WxOzH8GaNsD7lcFCsOXxYyN1xS+Q5J
9ZuGPTWXHii9SS/QDv61jzmsiEPcsXfY8vYEl3IWzDyd9zIVmGp7Q1eYazj3z7Xq
N0hhoLsuY1iDqPtQSSLrts6UIugqHwhtis9ZPPuqmR3snVJmmWmyM+JyEV5i6BsP
bQE1P3Ar5GH9ZGSfmN3NoQ0WiE0Togm2fBv2XyUqaVvyb07airmItQZ9yBfXL2u4
8DboCwT3Fbu6J3eP6yDCbPyNF2u10U7CRb8u9a5MGvf64aRP7sXQ+xD1AXMJx0WZ
/3qXMVC9NXA4Dnu4IbjbqgYdXZuv
-----END CERTIFICATE-----