From 06c821bb049b68de7ec730c77f76c6ed661a187d Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 4 Jun 2008 08:26:52 +0000
Subject: [PATCH] Added documentation for metadata signing to the advanced
 features documentation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@598 44740490-163a-0410-bde0-09ae8108e29a
---
 .../source/simplesamlphp-advancedfeatures.xml | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/docs/source/simplesamlphp-advancedfeatures.xml b/docs/source/simplesamlphp-advancedfeatures.xml
index 19ee4f0d4..26bd79974 100644
--- a/docs/source/simplesamlphp-advancedfeatures.xml
+++ b/docs/source/simplesamlphp-advancedfeatures.xml
@@ -365,6 +365,47 @@ foreach($_SERVER as $key=&gt;$value) {
   </section>
 
 
+  <section>
+    <title>Metadata signing</title>
+
+    <para>simpleSAMLphp supports signing of the metadata it generates.
+    Metadata signing is configured by three options:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para><literal>metadata.sign.enable</literal>: Whether metadata
+        signing should be enabled or not. Set to <literal>TRUE</literal> to
+        enable metadata signing. Defaults to <literal>FALSE</literal>.</para>
+      </listitem>
+
+      <listitem>
+        <para><literal>metadata.sign.privatekey</literal>: Name of the file
+        with the private key which should be used to sign the metadata. This
+        file must exist in in the <literal>cert</literal> directory.</para>
+      </listitem>
+
+      <listitem>
+        <para><literal>metadata.sign.certificate</literal>: Name of the file
+        with the certificate which matches the private key. This file must
+        exist in in the <literal>cert</literal> directory.</para>
+      </listitem>
+    </itemizedlist>
+
+    <para>These options can be configured globally in the
+    <literal>config/config.php</literal>-file, or per SP/IdP by adding
+    them to the hosted metadata for the SP/IdP. The configuration in the
+    metadata for the SP/IdP takes precedence over the global
+    configuration.</para>
+
+    <para>There is also an additional fallback for the private key and the
+    certificate. If <literal>metadata.sign.privatekey</literal> and
+    <literal>metadata.sign.certificate</literal> isn't configured,
+    simpleSAMLphp will use the <literal>privatekey</literal> and
+    <literal>certificate</literal> options in the metadata for the
+    SP/IdP.</para>
+  </section>
+
+
   <section>
     <title>Support</title>
 
-- 
GitLab