You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -259,7 +259,7 @@ On the ruby-saml toolkit there are different ways to validate the signature of t
259
259
- You can provide the IdP x509 public certificate at the 'idp_cert' setting.
260
260
- You can provide the IdP x509 public certificate in fingerprint format using the 'idp_cert_fingerprint' setting parameter and additionally the 'idp_cert_fingerprint_algorithm' parameter.
261
261
262
-
When validating the signature of redirect binding, the fingerprint is useless and the the certficate of the IdP is required in order to execute the validation.
262
+
When validating the signature of redirect binding, the fingerprint is useless and the certficate of the IdP is required in order to execute the validation.
263
263
You can pass the option :relax_signature_validation to SloLogoutrequest and Logoutresponse if want to avoid signature validation if no certificate of the IdP is provided.
264
264
265
265
In some scenarios the IdP uses different certificates for signing/encryption, or is under key rollover phase and more than one certificate is published on IdP metadata.
0 commit comments