Inhaltsverzeichnis

Metadata Administration Tool

This online tool allows for editing the SAML metadata of the participating entities (Identity Provider, Service Provider, Attribute Authorities) and the registration of those entities with the metadata sets published by the DFN-AAI. Each home organization resp. service provider operator is granted access after signing the paperwork with us (see Registration). You can find the metadata administration tool at https://mdv.aai.dfn.de.

This is our Metadata Registration Practice Statement.

Accounts and account settings

How to get access

Metadata admins can be appointed by the contractual or technical contact persons registered in the DFN-AAI contract database. In the metadata administration tool, these persons are listed with the contract data of your organization or company.

If you signed a contract for DFN-AAI with us in one of those roles, you can just send us an e-mail to hotline@aai.dfn.de containing the following information for each person designated as metadata admin:

The user credentials will then be sent directly to each of the new metadata admins.

Please note that we added a new role called “subadmin” (as of 11/9/2022). Metadata admins can invite subadmins independently and delegate the administration of metadata of individual IdPs/SPs to them. (See below for details.)

How to get your initial credentials for the MD Admin Tool

You will receive an invitation link to the e-mail address you registered with. Follow the link in the e-mail. It only works once, though. If you followed the link earlier but did not set a password, please use the password reset link.

Two factor authentication

Configuring a second factor for login is mandatory. Right after your initial login you are asked to register a TOTP device.

How to configure 2FA upon second login

If you logged out after your initial login without adding a second factor, you can ONCE request a token via e-mail. To do so, go to the login page, enter your user name (which is your e-mail address) and your password and press submit. If this is you first attempt to do this, the tool will offer you to send you a token. Once you have got it and logged in with it, please register your second factor immediately as this procedure will not work again.

Password changes

Further role: Subadmin

In the new metadata administration tool the role of subadmins is a new feature. It enables regular metadata admins to delegate the administration of metadata of individual IdPs/SPs to third parties. They do not have to involve DFN-AAI hotline into account creation for subadmins. (Regular metadata admins with full access still have to be registered via the hotline though.)

Subadmins have limited permissions. They can

Subadmins cannot:

Invitation of subadmins

Your organization's overview

After logging in you are presented an overview of everything linked to your organization. If you are a metadata admin for more than one organization, you see the list of organizations as your start page.

The overview of an organization contains the following sections that are all collapsed when you open the page:

The list of entities

Expand the section “Entities” in your organization's overview. Here you can access the metadata entries of your IdPs, SPs or Attribute Authorities. Regular metadata admins have five action buttons on the right side of the list:

  1. edit the entity
  2. view the metadata of the entity (xml in browser)
  3. download the metadata of the entity
  4. delete the entity
  5. view the version history of the entity.

How to add an IdP/SP

How to edit an IdP/SP

Logos and favicons