mirror of
https://github.com/netzbegruenung/meteor-accounts-saml.git
synced 2024-05-02 11:54:53 +02:00
Update README.md
added encryption section
This commit is contained in:
parent
290e5695bc
commit
d40a8835fb
|
@ -103,14 +103,21 @@ and if SingleLogout is needed
|
||||||
</EntityDescriptor>
|
</EntityDescriptor>
|
||||||
```
|
```
|
||||||
|
|
||||||
##OpenAM Setup
|
## OpenAM Setup
|
||||||
|
|
||||||
1. I prefer using OpenAM realms. Set up a realm using a name that matches the one in the entry point URL of the `settings.json` file: `https://openam.idp.io/openam/SSORedirect/metaAlias/<YOURREALM>/idp`; we used `zimt` above.
|
1. I prefer using OpenAM realms. Set up a realm using a name that matches the one in the entry point URL of the `settings.json` file: `https://openam.idp.io/openam/SSORedirect/metaAlias/<YOURREALM>/idp`; we used `zimt` above.
|
||||||
2. Save the SP metadata (obtained in Step 5 above) in a file `sp-metadata.xml`.
|
2. Save the SP metadata (obtained in Step 5 above) in a file `sp-metadata.xml`.
|
||||||
3. Logon OpenSSO console as `amadmin` and select _Common Tasks > Register Remote Service Provider_
|
3. Logon OpenSSO console as `amadmin` and select _Common Tasks > Register Remote Service Provider_
|
||||||
4. Select the corresponding real and upload the metadata (alternatively, point OpenAM to the SP's metadata URL eg `http://sp.meteor.com/_saml/metadata/openam`). If all goes well the new SP shows up under _Federation > Entity Providers_
|
4. Select the corresponding real and upload the metadata (alternatively, point OpenAM to the SP's metadata URL eg `http://sp.meteor.com/_saml/metadata/openam`). If all goes well the new SP shows up under _Federation > Entity Providers_
|
||||||
|
|
||||||
|
## Encryption
|
||||||
|
The `<EncryptedAssertion>` element represents an assertion in encrypted fashion, as defined by the XML Encryption Syntax and Processing specification [XMLEnc](http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/). Encrypted assertions are intended as a confidentiality protection mechanism when the plain-text value passes through an intermediary.
|
||||||
|
|
||||||
|
The following schema fragment defines the `<EncryptedAssertion>` element:
|
||||||
|
```
|
||||||
|
<element name="EncryptedAssertion" type="saml:EncryptedElementType"/>
|
||||||
|
```
|
||||||
|
In case the SAML response contains an `<EncryptedAssertion>` element and the configuration key `privateKey` is set, the assertion get's decrypted and handled like it would be an unencrypted one.
|
||||||
|
|
||||||
## OpenIDP setup
|
## OpenIDP setup
|
||||||
- EntryID = http://accounts-saml-example.meteor.com
|
- EntryID = http://accounts-saml-example.meteor.com
|
||||||
|
|
Loading…
Reference in a new issue