diff options
author | Achilleas Pipinellis <axil@gitlab.com> | 2018-03-26 11:29:29 +0000 |
---|---|---|
committer | Achilleas Pipinellis <axil@gitlab.com> | 2018-03-26 11:29:29 +0000 |
commit | 5523ae4915babfd2a66211f76d3285439d38d4f2 (patch) | |
tree | a66bc129805ea233b902d13a1820383c7bbe42a9 | |
parent | 545d52ce6ca1b296230b20cd2b219919ae38007b (diff) | |
parent | c48992bed1a3e7681da67f966d8699a4edf055c7 (diff) | |
download | gitlab-ce-5523ae4915babfd2a66211f76d3285439d38d4f2.tar.gz |
Merge branch 'patch-19' into 'master'
add SHA1 fingerprint requirement
See merge request gitlab-org/gitlab-ce!17976
-rw-r--r-- | doc/integration/saml.md | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/integration/saml.md b/doc/integration/saml.md index f8a7dd6b1dc..3f49432ce93 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -102,9 +102,10 @@ in your SAML IdP: installation to generate the correct value). 1. Change the values of `idp_cert_fingerprint`, `idp_sso_target_url`, - `name_identifier_format` to match your IdP. Check + `name_identifier_format` to match your IdP. If a fingerprint is used it must + be a SHA1 fingerprint; check [the omniauth-saml documentation](https://github.com/omniauth/omniauth-saml) - for details on these options. + for more details on these options. 1. Change the value of `issuer` to a unique name, which will identify the application to the IdP. @@ -311,6 +312,7 @@ need to be validated using a fingerprint, a certificate or a validator. For this you need take the following into account: +- If a fingerprint is used, it must be the SHA1 fingerprint - If no certificate is provided in the settings, a fingerprint or fingerprint validator needs to be provided and the response from the server must contain a certificate (`<ds:KeyInfo><ds:X509Data><ds:X509Certificate>`) |