diff options
| -rw-r--r-- | docs/simplesamlphp-reference-idp-hosted.txt | 10 | ||||
| -rw-r--r-- | docs/simplesamlphp-reference-idp-remote.txt | 12 | ||||
| -rw-r--r-- | docs/simplesamlphp-reference-sp-remote.txt | 12 | ||||
| -rw-r--r-- | modules/saml/docs/sp.txt | 10 |
4 files changed, 44 insertions, 0 deletions
diff --git a/docs/simplesamlphp-reference-idp-hosted.txt b/docs/simplesamlphp-reference-idp-hosted.txt index b2d14ba..b2a708e 100644 --- a/docs/simplesamlphp-reference-idp-hosted.txt +++ b/docs/simplesamlphp-reference-idp-hosted.txt @@ -234,6 +234,16 @@ The following SAML 2.0 options are available: any value in the SP-remote metadata overrides the one configured in the IdP metadata. +`signature.algorithm` +: The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA1. +: Possible values: + + * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` + *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` + `validate.authnrequest` : Whether we require signatures on authentication requests sent to this IdP. diff --git a/docs/simplesamlphp-reference-idp-remote.txt b/docs/simplesamlphp-reference-idp-remote.txt index e8af410..2bc9242 100644 --- a/docs/simplesamlphp-reference-idp-remote.txt +++ b/docs/simplesamlphp-reference-idp-remote.txt @@ -142,6 +142,18 @@ The following SAML 2.0 options are available: `SingleLogoutServiceResponse` : Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses. +`signature.algorithm` +: The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA1. +: Note that this option also exists in the SP configuration. + This value in the IdP remote metadata overrides the value in the SP configuration. +: Possible values: + + * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` + *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` + `SPNameQualifier` : This corresponds to the SPNameQualifier in the SAML 2.0 specification. It allows to give subjects a SP specific namespace. This option is rarely used, so if you don't need it, leave it out. When left out, simpleSAMLphp assumes the entityID of your SP as the SPNameQualifier. diff --git a/docs/simplesamlphp-reference-sp-remote.txt b/docs/simplesamlphp-reference-sp-remote.txt index 9fbdcef..4d891bb 100644 --- a/docs/simplesamlphp-reference-sp-remote.txt +++ b/docs/simplesamlphp-reference-sp-remote.txt @@ -231,6 +231,18 @@ The following SAML 2.0 options are available: : Note that this option also exists in the IdP-hosted metadata. The value in the SP-remote metadata overrides the value in the IdP-hosted metadata. +`signature.algorithm` +: The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA1. +: Note that this option also exists in the IdP-hosted metadata. + The value in the SP-remote metadata overrides the value in the IdP-hosted metadata. +: Possible values: + + * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` + *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` + `simplesaml.nameidattribute` : When the value of the `NameIDFormat`-option is set to either `email` or `persistent`, this is the name of the attribute which diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt index 84f8ca4..6d05772 100644 --- a/modules/saml/docs/sp.txt +++ b/modules/saml/docs/sp.txt @@ -388,6 +388,16 @@ Options : *Note*: SAML 2 specific. +`signature.algorithm` +: The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA1. +: Possible values: + + * `http://www.w3.org/2000/09/xmldsig#rsa-sha1` + *Note*: the use of SHA1 is **deprecated** and will be disallowed in the future. + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384` + * `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512` + `redirect.sign` : Whether authentication requests, logout requests and logout responses sent from this SP should be signed. The default is `FALSE`. |