From db9111479dffb903fdcf1ab1a714f1fa39dce19d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no>
Date: Wed, 27 Nov 2013 12:39:53 +0000
Subject: [PATCH] Update the documentation regarding certificates.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3305 44740490-163a-0410-bde0-09ae8108e29a
---
docs/simplesamlphp-authproc.txt | 4 +-
docs/simplesamlphp-idp.txt | 45 ++++++++-----------
...samlphp-metadata-extensions-attributes.txt | 4 +-
docs/simplesamlphp-metadata-extensions-ui.txt | 4 +-
docs/simplesamlphp-modules.txt | 4 +-
docs/simplesamlphp-reference-idp-hosted.txt | 4 +-
docs/simplesamlphp-reference-idp-remote.txt | 4 +-
docs/simplesamlphp-reference-sp-remote.txt | 2 +-
8 files changed, 32 insertions(+), 39 deletions(-)
diff --git a/docs/simplesamlphp-authproc.txt b/docs/simplesamlphp-authproc.txt
index f9d7b3eb6..74beeabac 100644
--- a/docs/simplesamlphp-authproc.txt
+++ b/docs/simplesamlphp-authproc.txt
@@ -109,8 +109,8 @@ Filters can be added both in `hosted` and `remote` metadata. Here is an example
'__DYNAMIC:1__' => array(
'host' => '__DEFAULT_',
- 'privatekey' => 'server.pem',
- 'certificate' => 'server.crt',
+ 'privatekey' => 'example.org.pem',
+ 'certificate' => 'example.org.crt',
'auth' => 'feide',
'authproc' => array(
40 => 'core:AttributeRealm',
diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
index b73299d48..6520dc7d9 100644
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -122,6 +122,23 @@ This configuration creates two users - `student` and `employee`, with the passwo
The attributes will be returned by the IdP when the user logs on.
+Creating a SSL self signed certificate
+--------------------------------------
+
+Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.
+
+This key and certificate can be used to sign SAML messages:
+
+ openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
+
+The certificate above will be valid for 10 years.
+
+
+### Note ###
+
+simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.
+
+
Configuring the IdP
-------------------
@@ -142,8 +159,8 @@ This is a minimal configuration of a SAML 2.0 IdP:
* The private key and certificate to use when signing responses.
* These are stored in the cert-directory.
*/
- 'privatekey' => 'server.pem',
- 'certificate' => 'server.crt',
+ 'privatekey' => 'example.org.pem',
+ 'certificate' => 'example.org.crt',
/*
* The authentication source which should be used to authenticate the
@@ -189,30 +206,6 @@ If you have the metadata of the remote SP as an XML file, you can use the built-
For more information about available options in the sp-remote metadata files, see the [SP remote reference](simplesamlphp-reference-sp-remote).
-Creating a SSL self signed certificate
---------------------------------------
-
-For test purposes, you can skip this section, and use the certificate included in the simpleSAMLphp distribution.
-
-Here is an example of an `openssl`-command which can be used to generate a new private key key and the corresponding self-signed certificate.
-
-This key and certificate can be used to sign SAML messages:
-
- openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes -out example.org.crt -keyout example.org.pem
-
-The certificate above will be valid for 10 years.
-
-
-### Note ###
-
-simpleSAMLphp will only work with RSA certificates. DSA certificates are not supported.
-
-
-### Warning ###
-
-The certificate that is included in the simpleSAMLphp distribution must **NEVER** be used in production, as the private key is also included in the package and can be downloaded by anyone.
-
-
Adding this IdP to other SPs
----------------------------
diff --git a/docs/simplesamlphp-metadata-extensions-attributes.txt b/docs/simplesamlphp-metadata-extensions-attributes.txt
index fb9dad61a..c88f579d6 100644
--- a/docs/simplesamlphp-metadata-extensions-attributes.txt
+++ b/docs/simplesamlphp-metadata-extensions-attributes.txt
@@ -79,8 +79,8 @@ If given the following configuration...
$metadata['https://www.example.com/saml/saml2/idp/metadata.php'] = array(
'host' => 'www.example.com',
- 'certificate' => 'server.crt',
- 'privatekey' => 'server.pem',
+ 'certificate' => 'example.com.crt',
+ 'privatekey' => 'example.com.pem',
'auth' => 'example-userpass',
'EntityAttributes' => array(
diff --git a/docs/simplesamlphp-metadata-extensions-ui.txt b/docs/simplesamlphp-metadata-extensions-ui.txt
index 7585a32cd..23cc1f831 100644
--- a/docs/simplesamlphp-metadata-extensions-ui.txt
+++ b/docs/simplesamlphp-metadata-extensions-ui.txt
@@ -184,8 +184,8 @@ If given the following configuration...
$metadata['https://www.example.com/saml/saml2/idp/metadata.php'] = array(
'host' => 'www.example.com',
- 'certificate' => 'server.crt',
- 'privatekey' => 'server.pem',
+ 'certificate' => 'example.com.crt',
+ 'privatekey' => 'example.com.pem',
'auth' => 'example-userpass',
'UIInfo' => array(
diff --git a/docs/simplesamlphp-modules.txt b/docs/simplesamlphp-modules.txt
index a141c652b..1223e81bb 100644
--- a/docs/simplesamlphp-modules.txt
+++ b/docs/simplesamlphp-modules.txt
@@ -140,8 +140,8 @@ To use this authentication source in a SAML 2.0 IdP, set the
'__DYNAMIC:1__' => array(
'host' => '__DEFAULT__',
- 'privatekey' => 'server.pem',
- 'certificate' => 'server.crt',
+ 'privatekey' => 'example.org.pem',
+ 'certificate' => 'example.org.crt',
'auth' => 'example-static',
),
diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt
index ae5a9b3bb..9d76115cd 100644
--- a/docs/simplesamlphp-reference-idp-hosted.txt
+++ b/docs/simplesamlphp-reference-idp-hosted.txt
@@ -362,8 +362,8 @@ These are some examples of IdP metadata
'host' => '__DEFAULT__',
/* The private key and certificate used by this IdP. */
- 'certificate' => 'server.crt',
- 'privatekey' => 'server.pem',
+ 'certificate' => 'example.org.crt',
+ 'privatekey' => 'example.org.pem',
/*
* The authentication source for this IdP. Must be one
diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt
index 2bc9242e3..d08339bec 100644
--- a/docs/simplesamlphp-reference-idp-remote.txt
+++ b/docs/simplesamlphp-reference-idp-remote.txt
@@ -196,7 +196,7 @@ These options overrides the options set in `saml20-sp-hosted`.
**Example: Configuration for validating messages**
'redirect.validate' => TRUE,
- 'certificate' => 'server.crt',
+ 'certificate' => 'example.org.crt',
Shibboleth 1.3 options
@@ -238,7 +238,7 @@ Calculating the fingerprint of a certificate
If you have obtained a certificate file, and want to calculate the fingerprint of the file, you can use the `openssl` command:
- $ openssl x509 -noout -fingerprint -in "server.crt"
+ $ openssl x509 -noout -fingerprint -in "example.org.crt"
SHA1 Fingerprint=AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9
In this case, the certFingerprint option should be set to `AF:E7:1C:28:EF:74:0B:C8:74:25:BE:13:A2:26:3D:37:97:1D:A1:F9`.
diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt
index 4d891bb18..9f2af19c1 100644
--- a/docs/simplesamlphp-reference-sp-remote.txt
+++ b/docs/simplesamlphp-reference-sp-remote.txt
@@ -339,7 +339,7 @@ These options overrides the options set in `saml20-idp-hosted`.
**Example: Configuration for validating messages**
'redirect.validate' => TRUE,
- 'certificate' => 'server.crt',
+ 'certificate' => 'example.org.crt',
### Fields for scoping
--
GitLab