ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/config/saml.yml.example

25 lines
782 B
Plaintext
Raw Normal View History

add support for SAML encrypted assertions; fixes #5299 Change-Id: I12b9db32e324ecff043f4f72051999b0515f4e72 Reviewed-on: https://gerrit.instructure.com/6727 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
2011-11-06 15:49:27 +08:00
# In order to consume encrypted SAML assertions, you'll need to create
# a public/private keypair:
#
support multiple SAML private keys for decryption this sets us to to be able to rotate the SAML keypair without breaking existing integrations that use encrypted assertions. refs CNVS-4354 test plan: - set up openam/canvas saml authentication with a 1024-bit key - turn on assertion encryption in openam, should work fine - generate new 2048-bit saml key and restart canvas (keep old keypair) - openam integration should break since it's encrypting with wrong key - add old private key under additional_private keys, restart canvas - openam integration should work again Change-Id: I8b4d71e4942a93184097fdb444621bdd0aca25ed Reviewed-on: https://gerrit.instructure.com/18425 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com> QA-Review: Clare Hetherington <clare@instructure.com>
2013-03-13 06:09:45 +08:00
# openssl req -new -newkey rsa:2048 -days 730 -nodes -x509 -keyout samlkey.pem -out samlcert.pem
add support for SAML encrypted assertions; fixes #5299 Change-Id: I12b9db32e324ecff043f4f72051999b0515f4e72 Reviewed-on: https://gerrit.instructure.com/6727 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
2011-11-06 15:49:27 +08:00
Initial commit. closes #6988138
2011-02-01 09:57:29 +08:00
production:
entity_id: "http://www.your-domain.com/saml2"
tech_contact_name: "Administrator"
tech_contact_email: "info@your-domain.com"
development:
entity_id: "http://www.your-domain.com/saml2"
tech_contact_name: "Administrator"
tech_contact_email: "info@your-domain.com"
add support for SAML encrypted assertions; fixes #5299 Change-Id: I12b9db32e324ecff043f4f72051999b0515f4e72 Reviewed-on: https://gerrit.instructure.com/6727 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
2011-11-06 15:49:27 +08:00
encryption:
private_key: /path/to/samlkey.pem
certificate: /path/to/samlcert.pem
support multiple SAML private keys for decryption this sets us to to be able to rotate the SAML keypair without breaking existing integrations that use encrypted assertions. refs CNVS-4354 test plan: - set up openam/canvas saml authentication with a 1024-bit key - turn on assertion encryption in openam, should work fine - generate new 2048-bit saml key and restart canvas (keep old keypair) - openam integration should break since it's encrypting with wrong key - add old private key under additional_private keys, restart canvas - openam integration should work again Change-Id: I8b4d71e4942a93184097fdb444621bdd0aca25ed Reviewed-on: https://gerrit.instructure.com/18425 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com> QA-Review: Clare Hetherington <clare@instructure.com>
2013-03-13 06:09:45 +08:00
additional_private_keys:
- /path/to/oldsamlkey.pem
Initial commit. closes #6988138
2011-02-01 09:57:29 +08:00
test:
entity_id: "http://www.your-domain.com/saml2"
tech_contact_name: "Administrator"
tech_contact_email: "info@your-domain.com"