Commit 5523ae49 authored by Achilleas Pipinellis's avatar Achilleas Pipinellis

Merge branch 'patch-19' into 'master'

add SHA1 fingerprint requirement

See merge request gitlab-org/gitlab-ce!17976
parents 545d52ce c48992be
...@@ -102,9 +102,10 @@ in your SAML IdP: ...@@ -102,9 +102,10 @@ in your SAML IdP:
installation to generate the correct value). installation to generate the correct value).
1. Change the values of `idp_cert_fingerprint`, `idp_sso_target_url`, 1. Change the values of `idp_cert_fingerprint`, `idp_sso_target_url`,
`name_identifier_format` to match your IdP. Check `name_identifier_format` to match your IdP. If a fingerprint is used it must
be a SHA1 fingerprint; check
[the omniauth-saml documentation](https://github.com/omniauth/omniauth-saml) [the omniauth-saml documentation](https://github.com/omniauth/omniauth-saml)
for details on these options. for more details on these options.
1. Change the value of `issuer` to a unique name, which will identify the application 1. Change the value of `issuer` to a unique name, which will identify the application
to the IdP. to the IdP.
...@@ -311,6 +312,7 @@ need to be validated using a fingerprint, a certificate or a validator. ...@@ -311,6 +312,7 @@ need to be validated using a fingerprint, a certificate or a validator.
For this you need take the following into account: For this you need take the following into account:
- If a fingerprint is used, it must be the SHA1 fingerprint
- If no certificate is provided in the settings, a fingerprint or fingerprint - If no certificate is provided in the settings, a fingerprint or fingerprint
validator needs to be provided and the response from the server must contain validator needs to be provided and the response from the server must contain
a certificate (`<ds:KeyInfo><ds:X509Data><ds:X509Certificate>`) a certificate (`<ds:KeyInfo><ds:X509Data><ds:X509Certificate>`)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment