Skip to content

Commit 340ede5

Browse files
johnnyshieldsjohnnyshields
authored
Review feedback
1 parent 385a342 commit 340ede5

File tree

1 file changed

+7
-6
lines changed

1 file changed

+7
-6
lines changed

README.md

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -562,8 +562,8 @@ Ruby SAML supports supports the signing and encryption functionality:
562562
563563
1. Signing your SP Metadata XML
564564
2. Signing your SP SAML messages
565-
3. Encrypting IdP Assertion messages, and decrypting them upon receipt (EncryptedAssertion)
566-
4. Verifying signatures on IdP Assertion messages
565+
3. Decrypting IdP Assertion messages upon receipt (EncryptedAssertion)
566+
4. Verifying signatures on SAML messages and IdP Assertions
567567
568568
In order to use functions 1-3 above, you must first define your SP public certificate and private key:
569569
@@ -572,8 +572,9 @@ In order to use functions 1-3 above, you must first define your SP public certif
572572
settings.private_key = "PRIVATE KEY TEXT WITH BEGIN/END HEADER AND FOOTER"
573573
```
574574
575-
Note that the same certificate and private key are used for all SP encryption and signing-related functions.
576-
Ruby SAML does not currently allow to specify different certificates for each function.
575+
Note that the same certificate (and its associated private key) are used to perform
576+
all decryption and signing-related functions (1-4) above. Ruby SAML does not currently allow
577+
to specify different certificates for each function.
577578
578579
You may also globally set the SP signature and digest method, to be used in SP signing (functions 1 and 2 above):
579580
@@ -620,7 +621,7 @@ Note that the RelayState parameter is used when creating the Signature on the `H
620621
Remember to provide it to the Signature builder if you are sending a `GET RelayState` parameter or the
621622
signature validation process will fail at the Identity Provider.
622623
623-
#### Encrypting SAML Assertions
624+
#### Decrypting IdP SAML Assertions
624625
625626
Ruby SAML supports EncryptedAssertion. The Identity Provider will encrypt the Assertion with the
626627
public cert of the Service Provider. The Service Provider will decrypt the EncryptedAssertion with its private key.
@@ -632,7 +633,7 @@ SP Metadata XML, to be read by the IdP.
632633
settings.certificate = "CERTIFICATE TEXT WITH BEGIN/END HEADER AND FOOTER"
633634
settings.private_key = "PRIVATE KEY TEXT WITH BEGIN/END HEADER AND FOOTER"
634635
635-
settings.security[:want_assertions_encrypted] = true # Enable EncryptedAssertion
636+
settings.security[:want_assertions_encrypted] = true # Invalidate SAML messages without an EncryptedAssertion
636637
```
637638
638639
#### Verifying Signature on IdP Assertions

0 commit comments

Comments
 (0)