From 3a786a4611ea2ec4b342407ce5dda6a875e39eb3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Mon, 21 Apr 2008 10:10:17 +0000
Subject: [PATCH] Adding documentatino for the new tlsclient authentication
module
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@501 44740490-163a-0410-bde0-09ae8108e29a
---
docs/source/simplesamlphp-idp.xml | 33 ++++++++++++++++++++++++++++++-
1 file changed, 32 insertions(+), 1 deletion(-)
diff --git a/docs/source/simplesamlphp-idp.xml b/docs/source/simplesamlphp-idp.xml
index 337411ad2..3e1feaef2 100644
--- a/docs/source/simplesamlphp-idp.xml
+++ b/docs/source/simplesamlphp-idp.xml
@@ -7,7 +7,7 @@
<articleinfo>
<date>2007-10-15</date>
- <pubdate>Thu Mar 27 20:46:34 2008</pubdate>
+ <pubdate>Wed Apr 16 10:24:40 2008</pubdate>
<author>
<firstname>Andreas Ă…kre</firstname>
@@ -120,6 +120,15 @@
LDAP.</para>
</glossdef>
</glossentry>
+
+ <glossentry>
+ <glossterm>auth/login-tlsclient.php</glossterm>
+
+ <glossdef>
+ <para>Authentication via client certificates. (using the apache
+ SSL module)</para>
+ </glossdef>
+ </glossentry>
</glosslist></para>
<section>
@@ -158,6 +167,28 @@
</itemizedlist>
</section>
+ <section>
+ <title>Configure the tlsclient authenticaiton module</title>
+
+ <para>Configure apache like this:</para>
+
+ <programlisting> SSLEngine On
+ SSLCertificateFile /etc/ssl/private/bridge.pem
+ SSLCertificateKeyFile /etc/ssl/private/bridge.key
+ SSLCertificateChainFile /etc/ssl/certs/sureserverEDU.pem
+ SSLOptions +StdEnvVars +ExportCertData
+ KeepAliveTimeout 60
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ SSLCACertificateFile "/etc/ssl/private/tlsclienttest-ca.crt"
+ SSLVerifyClient optional
+ SSLVerifyDepth  1</programlisting>
+
+ <para>And, then configure the identity provider to use the
+ authentication module:
+ <filename>auth/login-tlsclient.php</filename>.</para>
+ </section>
+
<section>
<title>Configuring the multi-LDAP authenticaiton module</title>
--
GitLab