File tree Expand file tree Collapse file tree 1 file changed +5
-7
lines changed
Expand file tree Collapse file tree 1 file changed +5
-7
lines changed Original file line number Diff line number Diff line change @@ -318,14 +318,15 @@ we maintain it for compatibility and also to be used on test environment.
318318
319319## Handling Multiple IdP Certificates
320320
321- If IdP includes multiple certificates in their metadata XML , you may specify the `idp_cert_multi`
322- parameter. When used, `idp_cert` and `idp_cert_fingerprint` values are ignored.
323- This is useful in the following scenarios:
321+ If the IdP metadata XML includes multiple certificates, you may specify the `idp_cert_multi`
322+ parameter. When used, `idp_cert` and `idp_cert_fingerprint` are ignored. This is useful in the
323+ following scenarios:
324324
325325* The IdP uses different certificates for signing versus encryption.
326326* The IdP is undergoing a key rollover and is publishing the old and new certificates in parallel.
327327
328- The `idp_cert_multi` must be a Hash as follows:
328+ The `idp_cert_multi` must be a Hash as follows. The `:signing` and `:encryption` arrays below,
329+ add the IdP X.509 public certificates published on the IdP metadata.
329330
330331```ruby
331332{
@@ -334,9 +335,6 @@ The `idp_cert_multi` must be a Hash as follows:
334335}
335336```
336337
337- And on `:signing` and `:encryption` arrays, add the different IdP X.509 public certificates
338- published on the IdP metadata.
339-
340338## Metadata Based Configuration
341339
342340The method above requires a little extra work to manually specify attributes about both the IdP and your SP application.
You can’t perform that action at this time.
0 commit comments