diff --git a/docs/simplesamlphp-artifact-sp.txt b/docs/simplesamlphp-artifact-sp.txt new file mode 100644 index 0000000000000000000000000000000000000000..c71b62acd19b66ea0974dcab1044dcb90c9b65c6 --- /dev/null +++ b/docs/simplesamlphp-artifact-sp.txt @@ -0,0 +1,29 @@ +Using HTTP-Artifact from a simpleSAMLphp SP +=========================================== + +This document describes how to use the HTTP-Artifact binding to receive authentication responses from the IdP. + +Which binding the IdP should use when sending authentication responses is controlled by the `ProtocolBinding` in the SP configuration. +To make your Service Provider (SP) request that the response from the IdP is sent using the HTTP-Artifact binding, this option must be set to the HTTP-Artifact binding. + +In addition to selecting the binding, you must also add a private key and certificate to your SP. +This is used for SSL client authentication when contacting the IdP. + +To generate a private key and certificate, you may use the `openssl` commandline utility: + + openssl req -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem + +You can then add the private key and certificate to the SP configuration. +When this is done, you can add the metadata of your SP to the IdP, and test the authentication. + +Example configuration +--------------------- + + 'artifact-sp' => array( + 'saml:SP', + 'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', + 'privatekey' => 'sp.example.org.pem', + 'certificate' => 'sp.example.org.crt', + ), + +See the [SP configuration reference](./saml:sp) for a description of the options. diff --git a/docs/simplesamlphp-reference-sp-hosted.txt b/docs/simplesamlphp-reference-sp-hosted.txt index c234baa6cbb5fc4f519b2d2cc3dd6e5dcedbdda4..10822615cb65d9263c29aa724264d2c3c1f858a9 100644 --- a/docs/simplesamlphp-reference-sp-hosted.txt +++ b/docs/simplesamlphp-reference-sp-hosted.txt @@ -136,9 +136,21 @@ The following SAML 2.0 SP options are available: `privatekey_pass` : The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out. +`ProtocolBinding` +: The binding that should be used for SAML2 authentication responses. + This option controls the binding that is requested through the AuthnRequest message to the IdP. + By default the HTTP-Redirect binding is used. + `RelayState` : The page the user should be redirected to after an IdP initiated SSO. +`saml.SOAPClient.certificate` +: A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP. + If this option isn't specified, the SP private key and certificate will be used. + +`saml.SOAPClient.privatekey_pass` +: The passphrase of the privatekey in `saml.SOAPClient.certificate`. + `SingleLogoutService` : Override the default URL for the SingleLogoutService for this SP. This is an absolute URL. The default value is `<simpleSAMLphp-root>/saml2/sp/SingleLogoutService.php`. diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt index 2d44c0fcc18a4147458b391aaa8782c6f2afe7a0..0ae5b8db22dd01d3e7d40df5ab577b0b2bd4957e 100644 --- a/modules/saml/docs/sp.txt +++ b/modules/saml/docs/sp.txt @@ -230,6 +230,20 @@ Options : *Note*: SAML 2 specific. +`ProtocolBinding` +: The binding that should be used for SAML2 authentication responses. + This option controls the binding that is requested through the AuthnRequest message to the IdP. + By default the HTTP-Redirect binding is used. + +: *Note*: SAML 2 specific. + +`saml.SOAPClient.certificate` +: A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP. + If this option isn't specified, the SP private key and certificate will be used. + +`saml.SOAPClient.privatekey_pass` +: The passphrase of the privatekey in `saml.SOAPClient.certificate`. + `saml1.useartifact` : Request that the IdP returns the result to the artifact binding. The default is to use the POST binding, set this option to TRUE to use the artifact binding instead.