Skip to content
Snippets Groups Projects
Commit 8e3494be authored by Olav Morken's avatar Olav Morken
Browse files

Updated SP documentation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@412 44740490-163a-0410-bde0-09ae8108e29a
parent 742f6534
Branches
Tags
No related merge requests found
...@@ -344,16 +344,31 @@ ...@@ -344,16 +344,31 @@
</warning></para> </warning></para>
</glossdef> </glossdef>
</glossentry> </glossentry>
<glossentry>
<glossterm>SingleLogoutServiceResponse</glossterm>
<glossdef>
<para>Some IdPs may require logout responses to be sent to a
different URL than logout requests. If this option is set, then
logout responses will be sent to this URL while logout requests
are sent to the URL in
<literal>SingleLogoutService</literal>.
<literal>SingleLogoutService</literal> will be used for both
messages if this option is unset.</para>
</glossdef>
</glossentry>
</glosslist> </glosslist>
</section> </section>
<section> <section>
<title>Fields for requireing signed LogoutRequests</title> <title>Fields for requireing signed
LogoutRequests/LogoutResponses</title>
<para>simpleSAMLphp supports signing the HTTP-REDIRECT authentication <para>simpleSAMLphp supports signing the HTTP-REDIRECT messages, but
request, but by default it will not sign it. Note that if you want to by default it will neither sign nor validate them. To enable validation
sign the authentication requests, you will need to have a of LogoutRequest and LogoutResponse messages from this IdP, you will
keypair/certificate at the SP.</para> need to set these options:</para>
<glosslist> <glosslist>
<glossentry> <glossentry>
...@@ -361,17 +376,8 @@ ...@@ -361,17 +376,8 @@
<glossdef> <glossdef>
<para>A boolean value, that should be true or false. Default is <para>A boolean value, that should be true or false. Default is
false. To turn on signing authentication requests, set this flag false. To require validation of messages from the IdP, set this
to true.</para> flag to true.</para>
</glossdef>
</glossentry>
<glossentry>
<glossterm>privatekey</glossterm>
<glossdef>
<para>The filename of the privatekey to be used for
singing.</para>
</glossdef> </glossdef>
</glossentry> </glossentry>
...@@ -379,14 +385,15 @@ ...@@ -379,14 +385,15 @@
<glossterm>certificate</glossterm> <glossterm>certificate</glossterm>
<glossdef> <glossdef>
<para>The filename of the certificate which corresponds to the <para>The filename of the certificate which should be used to
privatekey.</para> verify the signature.</para>
</glossdef> </glossdef>
</glossentry> </glossentry>
</glosslist> </glosslist>
<example> <example>
<title>Example of configured signed LogoutRequests</title> <title>Example of configuration which requires validation valid
signatures on LogoutRequests</title>
<programlisting>'request.signing' =&gt; true, <programlisting>'request.signing' =&gt; true,
'certificate' =&gt; 'server.crt'</programlisting> 'certificate' =&gt; 'server.crt'</programlisting>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment