add SHA1 fingerprint requirement
This commit is contained in:
Ben Bodenmiller
Achilleas Pipinellis
parent
545d52ce6c
commit
c48992bed1
|
|
@ -102,9 +102,10 @@ in your SAML IdP:
|
|||
installation to generate the correct value).
|
||||
|
||||
1. Change the values of `idp_cert_fingerprint`, `idp_sso_target_url`,
|
||||
`name_identifier_format` to match your IdP. Check
|
||||
`name_identifier_format` to match your IdP. If a fingerprint is used it must
|
||||
be a SHA1 fingerprint; check
|
||||
[the omniauth-saml documentation](https://github.com/omniauth/omniauth-saml)
|
||||
for details on these options.
|
||||
for more details on these options.
|
||||
|
||||
1. Change the value of `issuer` to a unique name, which will identify the application
|
||||
to the IdP.
|
||||
|
|
@ -311,6 +312,7 @@ need to be validated using a fingerprint, a certificate or a validator.
|
|||
|
||||
For this you need take the following into account:
|
||||
|
||||
- If a fingerprint is used, it must be the SHA1 fingerprint
|
||||
- If no certificate is provided in the settings, a fingerprint or fingerprint
|
||||
validator needs to be provided and the response from the server must contain
|
||||
a certificate (`<ds:KeyInfo><ds:X509Data><ds:X509Certificate>`)
|
||||
|
|
|
|||
Loading…
Reference in New Issue