SUNET · s-hal · Apr 28, 2025 · Apr 29, 2025 · Apr 30, 2025 · May 1, 2025
diff --git a/dc4eu_federation/README_wallet.rst b/dc4eu_federation/README_wallet.rst
@@ -173,15 +173,15 @@ Typical usage::
     ./create_trust_mark.py -d trust_mark_issuer -m http://dc4eu.example.com/EHICCredential/se -e https://127.0.0.1:8080
     ./create_trust_mark.py -d trust_mark_issuer -m http://dc4eu.example.com/PDA1Credential/se -e https://127.0.0.1:8080
 
-usage: create_trust_mark.py [-h] [-d DIR_NAME] [-e ENTITY_ID] [-m TRUST_MARK_ID] ::
+usage: create_trust_mark.py [-h] [-d DIR_NAME] [-e ENTITY_ID] [-m TRUST_MARK_TYPE] ::
 
     options:
       -h, --help            show this help message and exit
       -d DIR_NAME, --dir_name DIR_NAME
       -e ENTITY_ID, --entity_id ENTITY_ID
-      -m TRUST_MARK_ID, --trust_mark_id TRUST_MARK_ID
+      -m TRUST_MARK_TYPE, --trust_mark_type TRUST_MARK_TYPE
 
-The TRUST_MARK_ID is http://dc4eu.example.com/PersonIdentificationData/se.
+The TRUST_MARK_TYPE is http://dc4eu.example.com/PersonIdentificationData/se.
 Which is something I just invented for this setup
 https://127.0.0.1:8080 is where the Credential Issuer (The OpenID4VCI SATOSA frontend)
 should be found.

diff --git a/dc4eu_federation/create_trust_mark.py b/dc4eu_federation/create_trust_mark.py
@@ -8,12 +8,12 @@
     parser = argparse.ArgumentParser()
     parser.add_argument('-d', '--dir_name')
     parser.add_argument('-e', '--entity_id')
-    parser.add_argument('-m', '--trust_mark_id')
+    parser.add_argument('-m', '--trust_mark_type')
     args = parser.parse_args()
 
     cnf = load_config_file(f"{args.dir_name}/conf.json")
     server = make_federation_combo(**cnf["entity"])
 
     _tme = server.server.trust_mark_entity
-    _trust_mark = _tme.create_trust_mark(args.trust_mark_id, args.entity_id)
+    _trust_mark = _tme.create_trust_mark(args.trust_mark_type, args.entity_id)
     print(_trust_mark)
diff --git a/dc4eu_federation/query_server/conf.json b/dc4eu_federation/query_server/conf.json
@@ -65,7 +65,7 @@
           "kwargs": {
             "entity_type": "credential_issuer",
             "credential_type": "PersonIdentificationData",
-            "trust_mark_id": "http://dc4eu.example.com/PersonIdentificationData/se"
+            "trust_mark_type": "http://dc4eu.example.com/PersonIdentificationData/se"
           }
         }
       }

diff --git a/edu_federation/README_identity.rst b/edu_federation/README_identity.rst
@@ -51,11 +51,11 @@ This will create a number of things in the *trust_anchor* directory
 All entities in the federation has to have some information about the
 trust mark. The information to pass along is collected by doing::
 
-    ./get_info.py -k -t https://127.0.0.1:7010 > trust_anchor.json
+    ./get_info.py -k -t https://89.46.21.210:7010 > trust_anchor.json
 
 This must be done while the Trust anchor is running.
 Of course if you have changed the entity_id of the trust anchor from
-https://127.0.0.1:7003 to something else you have to change this command accordingly.
+https://89.46.21.210:7003 to something else you have to change this command accordingly.
 
 Now you're done with phase 1 concerning the trust anchor. So you can
 kill that process for the time being.
@@ -92,11 +92,11 @@ Now four things have to happen::
 The first two are simply::
 
     ./add_info.py -s trust_anchor.json -t trust_mark_issuer/trust_anchors
-    echo -e "https://127.0.0.1:7010" >> trust_mark_issuer/authority_hints
+    echo -e "https://89.46.21.210:7010" >> trust_mark_issuer/authority_hints
 
 The third would look like this::
 
-    ./get_info.py -k -s https://127.0.0.1:6010 > tmp.json
+    ./get_info.py -k -s https://89.46.21.210:6010 > tmp.json
     ./add_info.py -s tmp.json -t trust_anchor/subordinates
 
 The fourth is presently done like this (may change in the future)::
@@ -143,11 +143,11 @@ Now four things have to happen::
 The first two are simply::
 
     ./add_info.py -s trust_anchor.json -t openid_provider/trust_anchors
-    echo -e "https://127.0.0.1:7010" >> openid_provider/authority_hints
+    echo -e "https://89.46.21.210:7010" >> openid_provider/authority_hints
 
 The third would look like this::
 
-    ./get_info.py -k -s https://127.0.0.1:4020 > tmp.json
+    ./get_info.py -k -s https://89.46.21.210:4020 > tmp.json
     ./add_info.py -s tmp.json -t trust_anchor/subordinates
 
 
@@ -190,11 +190,11 @@ Now four things have to happen::
 The first two are simply::
 
     ./add_info.py -s trust_anchor.json -t relying_party_explicit/trust_anchors
-    echo -e "https://127.0.0.1:7010" >> relying_party_explicit/authority_hints
+    echo -e "https://89.46.21.210:7010" >> relying_party_explicit/authority_hints
 
 The third would look like this::
 
-    ./get_info.py -k -s https://127.0.0.1:4010 > tmp.json
+    ./get_info.py -k -s https://89.46.21.210:4010 > tmp.json
     ./add_info.py -s tmp.json -t trust_anchor/subordinates
 
 
@@ -237,11 +237,11 @@ Now four things have to happen::
 The first two are simply::
 
     ./add_info.py -s trust_anchor.json -t relying_party_automatic/trust_anchors
-    echo -e "https://127.0.0.1:7010" >> relying_party_automatic/authority_hints
+    echo -e "https://89.46.21.210:7010" >> relying_party_automatic/authority_hints
 
 The third would look like this::
 
-    ./get_info.py -k -s https://127.0.0.1:4015 > tmp.json
+    ./get_info.py -k -s https://89.46.21.210:4010 > tmp.json
     ./add_info.py -s tmp.json -t trust_anchor/subordinates
 
 
@@ -265,17 +265,17 @@ Creating a trust mark for an entity
 For this the script *create_trust_mark.py* is included.
 Typical usage::
 
-    ./create_trust_mark.py -d trust_mark_issuer -m https://refeds.org/category/personalized -e https://127.0.0.1:4010
+    ./create_trust_mark.py -d trust_mark_issuer -m https://refeds.org/category/personalized -e https://89.46.21.210:4010
      > trust_mark.4010
 
 
-usage: create_trust_mark.py [-h] [-d DIR_NAME] [-e ENTITY_ID] [-m TRUST_MARK_ID] ::
+usage: create_trust_mark.py [-h] [-d DIR_NAME] [-e ENTITY_ID] [-m TRUST_MARK_TYPE] ::
 
     options:
       -h, --help            show this help message and exit
       -d DIR_NAME, --dir_name DIR_NAME The directory of the trust mark issuer
       -e ENTITY_ID, --entity_id ENTITY_ID The target of the Trust Mark
-      -m TRUST_MARK_ID, --trust_mark_id TRUST_MARK_ID
+      -m TRUST_MARK_TYPE, --trust_mark_type TRUST_MARK_TYPE
 
 The trust mark issuer doesn't have to be running for this to work.
 Once you have the trust mark drop it in the relying_party_explicit/::

diff --git a/edu_federation/create_trust_mark.py b/edu_federation/create_trust_mark.py
@@ -8,12 +8,12 @@
     parser = argparse.ArgumentParser()
     parser.add_argument('-d', '--dir_name')
     parser.add_argument('-e', '--entity_id')
-    parser.add_argument('-m', '--trust_mark_id')
+    parser.add_argument('-m', '--trust_mark_type')
     args = parser.parse_args()
 
     cnf = load_config_file(f"{args.dir_name}/conf.json")
     server = make_federation_combo(**cnf["entity"])
 
     _tme = server.server.trust_mark_entity
-    _trust_mark = _tme.create_trust_mark(args.trust_mark_id, args.entity_id)
+    _trust_mark = _tme.create_trust_mark(args.trust_mark_type, args.entity_id)
     print(_trust_mark)
diff --git a/edu_federation/relying_party_explicit/conf.json b/edu_federation/relying_party_explicit/conf.json
@@ -79,7 +79,7 @@
     "services": [
       "entity_configuration",
       "entity_statement",
-      "oauth_registration",
+      "oidc_registration",
       "list"
     ],
     "entity_type": {
@@ -197,6 +197,7 @@
     "port": 4010,
     "server_cert": "certs/cert.pem",
     "server_key": "certs/key.pem",
-    "domain": "127.0.0.1"
+    "domain": "127.0.0.1",
+    "debug": true
   }
 }
diff --git a/edu_federation/trust_anchor/conf.json b/edu_federation/trust_anchor/conf.json
@@ -85,7 +85,7 @@
     "server_key": "certs/example.key",
     "cert_chain": null,
     "port": 7010,
-    "domain": "127.0.0.1",
+    "domain": "0.0.0.0",
     "debug": false
   }
 }
diff --git a/edu_federation/trust_anchor/views.py b/edu_federation/trust_anchor/views.py
@@ -185,5 +185,6 @@ def wkof():
         lifetime=_ctx.default_lifetime)
 
     response = make_response(_statement)
-    response.headers['Content-Type'] = 'application/jose; charset=UTF-8'
+    if 'Content-Type' not in response.headers:
+        response.headers['Content-Type'] = 'application/entity-statement+jwt'
     return response
diff --git a/edu_federation/trust_mark_issuer/conf.json b/edu_federation/trust_mark_issuer/conf.json
@@ -125,7 +125,7 @@
     "server_key": "certs/example.key",
     "cert_chain": null,
     "port": 6010,
-    "domain": "127.0.0.1",
+    "domain": "0.0.0.0",
     "debug": false
   }
 }
diff --git a/example/display_entity.py b/example/display_entity.py
@@ -8,7 +8,7 @@
 from idpyoidc.key_import import import_jwks
 from idpyoidc.server.exception import ServiceError
 
-from fedservice.message import EntityStatement
+from fedservice.message import EntityConfiguration
 
 
 def get_self_signed_entity_statement(entity_id):
@@ -18,7 +18,7 @@ def get_self_signed_entity_statement(entity_id):
         raise ServiceError(_response.reason)
     _jws = factory(_response.text)
     _payload = _jws.jwt.payload()
-    entity_statement = EntityStatement(**_payload)
+    entity_statement = EntityConfiguration(**_payload)
     _key_jar = KeyJar()
     # verify  entity_statement["iss"]
     _key_jar = import_jwks(_key_jar, entity_statement['jwks'], entity_id)

diff --git a/example/test_config.py b/example/test_config.py
@@ -8,6 +8,7 @@
 from fedservice.utils import make_federation_combo
 
 subdir = sys.argv[1]
+
 config_file = sys.argv[2]
 
 _cnf = load_values_from_file(load_config_file(f"{subdir}/{config_file}"))