add SHA1 fingerprint requirement

c48992be · Ben Bodenmiller · Achilleas Pipinellis · 545d52ce · c48992be
Commit c48992be authored Mar 26, 2018 by Ben Bodenmiller Committed by Achilleas Pipinellis Mar 26, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

doc/integration/saml.md doc/integration/saml.md +4 -2

No files found.
--- a/doc/integration/saml.md
+++ b/doc/integration/saml.md
@@ -102,9 +102,10 @@ in your SAML IdP:
    installation to generate the correct value).

 1.  Change the values of `idp_cert_fingerprint`, `idp_sso_target_url`,
-    `name_identifier_format` to match your IdP. Check
+    `name_identifier_format` to match your IdP. If a fingerprint is used it must
+    be a SHA1 fingerprint; check
    [the omniauth-saml documentation](https://github.com/omniauth/omniauth-saml)
-    for details on these options.
+    for more details on these options.

 1.  Change the value of `issuer` to a unique name, which will identify the application
    to the IdP.
@@ -311,6 +312,7 @@ need to be validated using a fingerprint, a certificate or a validator.

 For this you need take the following into account:

+- If a fingerprint is used, it must be the SHA1 fingerprint
 - If no certificate is provided in the settings, a fingerprint or fingerprint
  validator needs to be provided and the response from the server must contain
  a certificate (`<ds:KeyInfo><ds:X509Data><ds:X509Certificate>`)