From 62d62382bd88ecdc6bf8f2fd0f0f609cb73b187c Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 5 Jan 2010 13:52:11 +0000
Subject: [PATCH] docs: Update documentation for assertion.encryption.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2074 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-reference-idp-hosted.txt | 6 ++++++
 docs/simplesamlphp-reference-idp-remote.txt | 6 +++++-
 docs/simplesamlphp-reference-sp-remote.txt  | 4 ++++
 modules/saml/docs/sp.txt                    | 8 ++++++++
 4 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt
index 4cd309fd3..7d904a710 100644
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -87,6 +87,12 @@ SAML 2.0 options
 
 The following SAML 2.0 options are available:
 
+`assertion.encryption`
+:   Whether assertions sent from this IdP should be encrypted. The default
+    value is `FALSE`.
+
+:   Note that this option can be set for each SP in the SP-remote metadata.
+
 `AttributeNameFormat`
 :   What value will be set in the Format field of attribute
     statements. This parameter can be configured multiple places, and
diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt
index f69dca7d6..5a8ee250e 100644
--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -92,7 +92,11 @@ It is possible to decrypt the assertions received from an IdP. Currently the onl
 There are two modes of encryption supported by simpleSAMLphp. One is symmetric encryption, in which case both the SP and the IdP needs to share a key. The other mode is the use of public key encryption. In that mode, the public key of the SP is extracted from the certificate of the SP.
 
 `assertion.encryption`
-:   Whether assertions received from this IdP are encrypted. The default value is `FALSE`.
+:   Whether assertions received from this IdP must be encrypted. The default value is `FALSE`.
+    If this option is set to `TRUE`, assertions from the IdP must be encrypted.
+    Unencrypted assertions will be rejected.
+
+:   Note that this option overrides the option with the same name in the SP configuration.
 
 `sharedkey`
 :   Symmetric key which should be used for decryption. This should be a 128-bit key. If this option is not specified, public key encryption will be used instead.
diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt
index 950c16305..6954a00d6 100644
--- a/docs/simplesamlphp-reference-sp-remote.txt
+++ b/docs/simplesamlphp-reference-sp-remote.txt
@@ -215,6 +215,10 @@ of the SP.
 :   Whether assertions sent to this SP should be encrypted. The default
     value is `FALSE`.
 
+:   Note that this option also exists in the IdP-hosted metadata. This
+    entry in the SP-remote metadata overrides the option in the
+    IdP-hosted metadata.
+
 `sharedkey`
 :   Symmetric key which should be used for encryption. This should be a
     128-bit key. If this option is not specified, public key encryption
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 72eb70136..6390e1a47 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -94,6 +94,14 @@ Here we will list some examples for this authentication source.
 Options
 -------
 
+`assertion.encryption`
+:   Whether assertions received by this SP must be encrypted. The default value is `FALSE`.
+    If this option is set to `TRUE`, unencrypted assertions will be rejected.
+
+:   Note that this option can be overridden for a specific IdP in saml20-idp-remote.
+
+:   *Note*: SAML 2 specific.
+
 `AuthnContextClassRef`
 :   The SP can request authentication with a specific authentication context class.
     One example of usage could be if the IdP supports both username/password authentication as well as software-PKI.
-- 
GitLab