diff options
| author | Ben Bodenmiller <bbodenmiller@hotmail.com> | 2018-03-26 11:29:29 +0000 |
|---|---|---|
| committer | Achilleas Pipinellis <axil@gitlab.com> | 2018-03-26 11:29:29 +0000 |
| commit | c48992bed1a3e7681da67f966d8699a4edf055c7 (patch) | |
| tree | a66bc129805ea233b902d13a1820383c7bbe42a9 | |
| parent | 545d52ce6ca1b296230b20cd2b219919ae38007b (diff) | |
| download | gitlab-ce-c48992bed1a3e7681da67f966d8699a4edf055c7.tar.gz | |
add SHA1 fingerprint requirement
| -rw-r--r-- | doc/integration/saml.md | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/integration/saml.md b/doc/integration/saml.md index f8a7dd6b1dc..3f49432ce93 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -102,9 +102,10 @@ in your SAML IdP: installation to generate the correct value). 1. Change the values of `idp_cert_fingerprint`, `idp_sso_target_url`, - `name_identifier_format` to match your IdP. Check + `name_identifier_format` to match your IdP. If a fingerprint is used it must + be a SHA1 fingerprint; check [the omniauth-saml documentation](https://github.com/omniauth/omniauth-saml) - for details on these options. + for more details on these options. 1. Change the value of `issuer` to a unique name, which will identify the application to the IdP. @@ -311,6 +312,7 @@ need to be validated using a fingerprint, a certificate or a validator. For this you need take the following into account: +- If a fingerprint is used, it must be the SHA1 fingerprint - If no certificate is provided in the settings, a fingerprint or fingerprint validator needs to be provided and the response from the server must contain a certificate (`<ds:KeyInfo><ds:X509Data><ds:X509Certificate>`) |