libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Merge pull request #46 from hmlnarik/KEYCLOAK-1881

Browse source 
KEYCLOAK-1881 - SAML key rotation at IdP side
This commit is contained in:
Stian Thorgersen 2016-11-08 07:58:18 +01:00 committed by GitHub
commit 5c224219e9
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
topics/clients/client-saml.adoc
View file

@ -58,6 +58,18 @@ Include AuthnStatement::
Sign Documents:: Sign Documents::
When turned on, {{book.project.name}} will sign the document using the realm's private key. When turned on, {{book.project.name}} will sign the document using the realm's private key.
Optimize REDIRECT signing key lookup::
When turned on, the SAML protocol messages will include {{book.project.name}}
native extension that contains a hint with signing key ID. When the SP
understands this extension, it can use it for signature validation instead of
attempting to validate signature with all known keys. This option only applies to
REDIRECT bindings where the signature is transferred in query parameters where
there is no place with this information in the signature information
(contrary to POST binding messages where key ID is always included in
document signature). Currently this is relevant to situations where both
IDP and SP are provided by {{book.project.name}} server and adapter. This
option is only relevant when `Sign Documents` is switched on.
Sign Assertions:: Sign Assertions::
The `Sign Documents` switch signs the whole document. The `Sign Documents` switch signs the whole document.
With this setting the assertion is also signed and embedded within the SAML XML Auth response. With this setting the assertion is also signed and embedded within the SAML XML Auth response.