summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAchilleas Pipinellis <axil@gitlab.com>2018-03-26 11:29:29 +0000
committerAchilleas Pipinellis <axil@gitlab.com>2018-03-26 11:29:29 +0000
commit5523ae4915babfd2a66211f76d3285439d38d4f2 (patch)
treea66bc129805ea233b902d13a1820383c7bbe42a9
parent545d52ce6ca1b296230b20cd2b219919ae38007b (diff)
parentc48992bed1a3e7681da67f966d8699a4edf055c7 (diff)
downloadgitlab-ce-5523ae4915babfd2a66211f76d3285439d38d4f2.tar.gz
Merge branch 'patch-19' into 'master'
add SHA1 fingerprint requirement See merge request gitlab-org/gitlab-ce!17976
-rw-r--r--doc/integration/saml.md6
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/integration/saml.md b/doc/integration/saml.md
index f8a7dd6b1dc..3f49432ce93 100644
--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
@@ -102,9 +102,10 @@ in your SAML IdP:
installation to generate the correct value).
1. Change the values of `idp_cert_fingerprint`, `idp_sso_target_url`,
- `name_identifier_format` to match your IdP. Check
+ `name_identifier_format` to match your IdP. If a fingerprint is used it must
+ be a SHA1 fingerprint; check
[the omniauth-saml documentation](https://github.com/omniauth/omniauth-saml)
- for details on these options.
+ for more details on these options.
1. Change the value of `issuer` to a unique name, which will identify the application
to the IdP.
@@ -311,6 +312,7 @@ need to be validated using a fingerprint, a certificate or a validator.
For this you need take the following into account:
+- If a fingerprint is used, it must be the SHA1 fingerprint
- If no certificate is provided in the settings, a fingerprint or fingerprint
validator needs to be provided and the response from the server must contain
a certificate (`<ds:KeyInfo><ds:X509Data><ds:X509Certificate>`)