docs: Update documentation for assertion.encryption.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2074 44740490-163a-0410-bde0-09ae8108e29a

docs: Update documentation for assertion.encryption.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2074 44740490-163a-0410-bde0-09ae8108e29a
62d62382 · Olav Morken · 686cc254 · 62d62382 · 62d62382 · 62d62382
Commit 62d62382 authored 15 years ago by Olav Morken
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -87,6 +87,12 @@ SAML 2.0 options

 The following SAML 2.0 options are available:

+`assertion.encryption`
+:   Whether assertions sent from this IdP should be encrypted. The default
+    value is `FALSE`.
+
+:   Note that this option can be set for each SP in the SP-remote metadata.
+
 `AttributeNameFormat`
 :   What value will be set in the Format field of attribute
    statements. This parameter can be configured multiple places, and

--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -92,7 +92,11 @@ It is possible to decrypt the assertions received from an IdP. Currently the onl
 There are two modes of encryption supported by simpleSAMLphp. One is symmetric encryption, in which case both the SP and the IdP needs to share a key. The other mode is the use of public key encryption. In that mode, the public key of the SP is extracted from the certificate of the SP.

 `assertion.encryption`
-:   Whether assertions received from this IdP are encrypted. The default value is `FALSE`.
+:   Whether assertions received from this IdP must be encrypted. The default value is `FALSE`.
+    If this option is set to `TRUE`, assertions from the IdP must be encrypted.
+    Unencrypted assertions will be rejected.
+
+:   Note that this option overrides the option with the same name in the SP configuration.

 `sharedkey`
 :   Symmetric key which should be used for decryption. This should be a 128-bit key. If this option is not specified, public key encryption will be used instead.

--- a/docs/simplesamlphp-reference-sp-remote.txt
+++ b/docs/simplesamlphp-reference-sp-remote.txt
@@ -215,6 +215,10 @@ of the SP.
 :   Whether assertions sent to this SP should be encrypted. The default
    value is `FALSE`.

+:   Note that this option also exists in the IdP-hosted metadata. This
+    entry in the SP-remote metadata overrides the option in the
+    IdP-hosted metadata.
+
 `sharedkey`
 :   Symmetric key which should be used for encryption. This should be a
    128-bit key. If this option is not specified, public key encryption

--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -94,6 +94,14 @@ Here we will list some examples for this authentication source.
 Options
 -------

+`assertion.encryption`
+:   Whether assertions received by this SP must be encrypted. The default value is `FALSE`.
+    If this option is set to `TRUE`, unencrypted assertions will be rejected.
+
+:   Note that this option can be overridden for a specific IdP in saml20-idp-remote.
+
+:   *Note*: SAML 2 specific.
+
 `AuthnContextClassRef`
 :   The SP can request authentication with a specific authentication context class.
    One example of usage could be if the IdP supports both username/password authentication as well as software-PKI.