From eba188de9096659b4d519947da0becfffe3bbec2 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 20 May 2010 06:44:24 +0000
Subject: [PATCH] Documentation for artifact on the SP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2308 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-artifact-sp.txt         | 29 ++++++++++++++++++++++
 docs/simplesamlphp-reference-sp-hosted.txt | 12 +++++++++
 modules/saml/docs/sp.txt                   | 14 +++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 docs/simplesamlphp-artifact-sp.txt

diff --git a/docs/simplesamlphp-artifact-sp.txt b/docs/simplesamlphp-artifact-sp.txt
new file mode 100644
index 000000000..c71b62acd
--- /dev/null
+++ b/docs/simplesamlphp-artifact-sp.txt
@@ -0,0 +1,29 @@
+Using HTTP-Artifact from a simpleSAMLphp SP
+===========================================
+
+This document describes how to use the HTTP-Artifact binding to receive authentication responses from the IdP.
+
+Which binding the IdP should use when sending authentication responses is controlled by the `ProtocolBinding` in the SP configuration.
+To make your Service Provider (SP) request that the response from the IdP is sent using the HTTP-Artifact binding, this option must be set to the HTTP-Artifact binding.
+
+In addition to selecting the binding, you must also add a private key and certificate to your SP.
+This is used for SSL client authentication when contacting the IdP.
+
+To generate a private key and certificate, you may use the `openssl` commandline utility:
+
+    openssl req -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
+
+You can then add the private key and certificate to the SP configuration.
+When this is done, you can add the metadata of your SP to the IdP, and test the authentication.
+
+Example configuration
+---------------------
+
+    'artifact-sp' => array(
+        'saml:SP',
+        'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
+        'privatekey' => 'sp.example.org.pem',
+        'certificate' => 'sp.example.org.crt',
+    ),
+
+See the [SP configuration reference](./saml:sp) for a description of the options.
diff --git a/docs/simplesamlphp-reference-sp-hosted.txt b/docs/simplesamlphp-reference-sp-hosted.txt
index c234baa6c..10822615c 100644
--- a/docs/simplesamlphp-reference-sp-hosted.txt
+++ b/docs/simplesamlphp-reference-sp-hosted.txt
@@ -136,9 +136,21 @@ The following SAML 2.0 SP options are available:
 `privatekey_pass`
 :   The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out.
 
+`ProtocolBinding`
+:   The binding that should be used for SAML2 authentication responses.
+    This option controls the binding that is requested through the AuthnRequest message to the IdP.
+    By default the HTTP-Redirect binding is used.
+
 `RelayState`
 :   The page the user should be redirected to after an IdP initiated SSO.
 
+`saml.SOAPClient.certificate`
+:   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
+    If this option isn't specified, the SP private key and certificate will be used.
+
+`saml.SOAPClient.privatekey_pass`
+:   The passphrase of the privatekey in `saml.SOAPClient.certificate`.
+
 `SingleLogoutService`
 :   Override the default URL for the SingleLogoutService for this SP. This is an absolute URL. The default value is `<simpleSAMLphp-root>/saml2/sp/SingleLogoutService.php`.
 
diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 2d44c0fcc..0ae5b8db2 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -230,6 +230,20 @@ Options
 
 :   *Note*: SAML 2 specific.
 
+`ProtocolBinding`
+:   The binding that should be used for SAML2 authentication responses.
+    This option controls the binding that is requested through the AuthnRequest message to the IdP.
+    By default the HTTP-Redirect binding is used.
+
+:   *Note*: SAML 2 specific.
+
+`saml.SOAPClient.certificate`
+:   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
+    If this option isn't specified, the SP private key and certificate will be used.
+
+`saml.SOAPClient.privatekey_pass`
+:   The passphrase of the privatekey in `saml.SOAPClient.certificate`.
+
 `saml1.useartifact`
 :   Request that the IdP returns the result to the artifact binding.
     The default is to use the POST binding, set this option to TRUE to use the artifact binding instead.
-- 
GitLab