Introduction
The Kantara Trust Registry (KTR) publishes a digitally signed SAML metadata document that complies with [SAMLIOP], [SAMLRPI] and [SAMLIAP]. The KTR SAML metadata includes signing and encryption keys associated with Kantara approved CSPs. In order to securely consume the KTR SAML metadata it is critically important to validate the XML digital signature using the information provided below.
Tools
There are several free tools and libraries that can be used to validate the XML signature on the KTR SAML metadata.
In addition there are several commercial tools, libraries and guidelines available online.
Signing Key
The technology preview KTR SAML metadata is signed with a public key with SHA1 fingerprint 26:2F:55:66:4C:8E:1D:49:BC:CC:B1:B4:2C:F5:3D:20:6B:B0:08:72
:
-----BEGIN CERTIFICATE----- MIIGETCCA/mgAwIBAgIJAJqtOCIVBTQOMA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMClBpc2NhdGF3YXkxGzAZBgNV BAoMEkthbnRhcmEgSW5pdGlhdGl2ZTEkMCIGA1UEAwwbdHJ1c3Qua2FudGFyYWlu aXRpYXRpdmUub3JnMSowKAYJKoZIhvcNAQkBFht0cnVzdEBrYW50YXJhaW5pdGlh dGl2ZS5vcmcwHhcNMTIwNjE3MTk0NDUwWhcNMjIwNjE1MTk0NDUwWjCBnjELMAkG A1UEBhMCVVMxCzAJBgNVBAgMAk5KMRMwEQYDVQQHDApQaXNjYXRhd2F5MRswGQYD VQQKDBJLYW50YXJhIEluaXRpYXRpdmUxJDAiBgNVBAMMG3RydXN0LmthbnRhcmFp bml0aWF0aXZlLm9yZzEqMCgGCSqGSIb3DQEJARYbdHJ1c3RAa2FudGFyYWluaXRp YXRpdmUub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtNMf2fk6 6NVJalYVljYKPgUB4pUn/RUKelx+ubqg+lZrRjQgUuF1PnIhFwwU1JUQul3G2VK5 mkl9KzYNig9RNJUF27uUCx0G8Qo7j/jCX36hk+9Je7PdxjQxJU9RyI1ri9S3v0eX y/JucuEYZFMPoXj5GUfqVvSFq95MZ7rlbSbVh3fKXbqy+OnDwvOHD8S9QPUylj+c RFNckAWWTwWVuYC4DE89O5MArtnlEXbVU8N5sLXxuIO+KJoCrvoZUc5CB3SEdWPm mrpL1haTPlwZwc7eJY+SQorHSpsp+L3KDqU9x56HtkuV1t6SffVgGIPv+pwNBogA j6/1Z3PuOaAzrkZd7pOBHKYyWurd7dZqxtkrkua/zwuy678PHGk0V9W261YTGPLC wLUPNQ3tVc79Pqs5PNZMsyT6bXlesEdpesUH5wrMC59WDC5pHU1o8tBoeww7TxP5 r78kVwL6yoD7c9EXBcinOWXmHy685FHjpCvDOtHY7zENnWVZmR3IZwcEbnoKzRLe 0cPBGfC4jyn155aEdJF4nWygt2of9epo0shttLO9F3vIWH5qi4Lqu5lUxCYZPiga TzlWjvQ6DIx5/A+xrwBuECBfbWHLnLsK6fj/SeApbjIEZ+I39RBzaQ89bIfciwQf Ye1jRialKSt74y6HxZkbdUTiEfs9wIu+Iu0CAwEAAaNQME4wHQYDVR0OBBYEFOdI ohREOpx6zOcEmEaj3QtQ8gn+MB8GA1UdIwQYMBaAFOdIohREOpx6zOcEmEaj3QtQ 8gn+MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggIBAGosDtYBb7KMUYkH nZmV5gEp8n0yk0IBvDfwdTe9IsLIk/G49TN8K1A5ItTlgwjGm62Iay8hYGi49eS6 o8sPA/VwSUljSBp/VAf54WAgf3iQN1V3bVswghRZoJoUaoTP0qlZHlTVVn5+4FHx wy1OYsShkKi1HeDFlH9fzcA80mf51ROwK32fzyTh+7LT0IT86F+wn9s/dKjp+cqe uO+ofTIu088vUcNjUnNmXCKV4La+fdBXaEBgEdhn5mc6lJsfS35ZoFuUA3UHRpgJ EW2ZBy0xaanLYlLEU8rK2GPXjLSUG2IWBnngAjgtHr9xh5m4rz9UMa0aMvuqA+1b XiYL7duhwRTsJCmhPCOPjmk1rbzRc7SF52WxOzH8GaNsD7lcFCsOXxYyN1xS+Q5J 9ZuGPTWXHii9SS/QDv61jzmsiEPcsXfY8vYEl3IWzDyd9zIVmGp7Q1eYazj3z7Xq N0hhoLsuY1iDqPtQSSLrts6UIugqHwhtis9ZPPuqmR3snVJmmWmyM+JyEV5i6BsP bQE1P3Ar5GH9ZGSfmN3NoQ0WiE0Togm2fBv2XyUqaVvyb07airmItQZ9yBfXL2u4 8DboCwT3Fbu6J3eP6yDCbPyNF2u10U7CRb8u9a5MGvf64aRP7sXQ+xD1AXMJx0WZ /3qXMVC9NXA4Dnu4IbjbqgYdXZuv -----END CERTIFICATE-----