Documentation for artifact on the SP.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2308 44740490-163a-0410-bde0-09ae8108e29a

Documentation for artifact on the SP.
eba188de · Olav Morken · 06b1088b · eba188de · eba188de · eba188de
Commit eba188de authored 15 years ago by Olav Morken
--- a/docs/simplesamlphp-artifact-sp.txt
+++ b/docs/simplesamlphp-artifact-sp.txt
+Using HTTP-Artifact from a simpleSAMLphp SP
+===========================================
+This document describes how to use the HTTP-Artifact binding to receive authentication responses from the IdP.
+Which binding the IdP should use when sending authentication responses is controlled by the `ProtocolBinding` in the SP configuration.
+To make your Service Provider (SP) request that the response from the IdP is sent using the HTTP-Artifact binding, this option must be set to the HTTP-Artifact binding.
+In addition to selecting the binding, you must also add a private key and certificate to your SP.
+This is used for SSL client authentication when contacting the IdP.
+To generate a private key and certificate, you may use the `openssl` commandline utility:
+    openssl req -new -x509 -days 3652 -nodes -out sp.example.org.crt -keyout sp.example.org.pem
+You can then add the private key and certificate to the SP configuration.
+When this is done, you can add the metadata of your SP to the IdP, and test the authentication.
+Example configuration
+---------------------
+    'artifact-sp' => array(
+        'saml:SP',
+        'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
+        'privatekey' => 'sp.example.org.pem',
+        'certificate' => 'sp.example.org.crt',
+    ),
+See the [SP configuration reference](./saml:sp) for a description of the options.
--- a/docs/simplesamlphp-reference-sp-hosted.txt
+++ b/docs/simplesamlphp-reference-sp-hosted.txt
@@ -136,9 +136,21 @@ The following SAML 2.0 SP options are available:
 `privatekey_pass`
 :   The passphrase for the private key, if it is encrypted. If the private key is unencrypted, this can be left out.
+`ProtocolBinding`
+:   The binding that should be used for SAML2 authentication responses.
+    This option controls the binding that is requested through the AuthnRequest message to the IdP.
+    By default the HTTP-Redirect binding is used.
 `RelayState`
 :   The page the user should be redirected to after an IdP initiated SSO.
+`saml.SOAPClient.certificate`
+:   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
+    If this option isn't specified, the SP private key and certificate will be used.
+`saml.SOAPClient.privatekey_pass`
+:   The passphrase of the privatekey in `saml.SOAPClient.certificate`.
 `SingleLogoutService`
 :   Override the default URL for the SingleLogoutService for this SP. This is an absolute URL. The default value is `<simpleSAMLphp-root>/saml2/sp/SingleLogoutService.php`.

--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -230,6 +230,20 @@ Options
 :   *Note*: SAML 2 specific.
+`ProtocolBinding`
+:   The binding that should be used for SAML2 authentication responses.
+    This option controls the binding that is requested through the AuthnRequest message to the IdP.
+    By default the HTTP-Redirect binding is used.
+:   *Note*: SAML 2 specific.
+`saml.SOAPClient.certificate`
+:   A file with a certificate _and_ private key that should be used when issuing SOAP requests from this SP.
+    If this option isn't specified, the SP private key and certificate will be used.
+`saml.SOAPClient.privatekey_pass`
+:   The passphrase of the privatekey in `saml.SOAPClient.certificate`.
 `saml1.useartifact`
 :   Request that the IdP returns the result to the artifact binding.
    The default is to use the POST binding, set this option to TRUE to use the artifact binding instead.