diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 12:08:36 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-12-20 12:08:36 +0300 |
| commit | 19e00b948726c0f7ca27dd92200493803499a4e1 (patch) | |
| tree | 0df898db4ba20af4b4de2baf39285fe4d113d148 /doc/integration | |
| parent | ca5ebd2044ce696cc1aafc8a80a606e20f2c9e4b (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/integration')
| -rw-r--r-- | doc/integration/saml.md | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/doc/integration/saml.md b/doc/integration/saml.md index 84879b7c4c7..ff5ebc88e76 100644 --- a/doc/integration/saml.md +++ b/doc/integration/saml.md @@ -772,15 +772,20 @@ unchangeable. ## Assertion encryption (optional) -GitLab requires the use of TLS encryption with SAML 2.0, but in some cases there can be a -need for additional encryption of the assertions. +GitLab requires the use of TLS encryption with SAML 2.0. Sometimes, GitLab needs +additional assertion encryption. For example, if you: -This may be the case, for example, if you terminate TLS encryption early at a load -balancer and include sensitive details in assertions that you do not want appearing -in logs. Most organizations should not need additional encryption at this layer. +- Terminate TLS encryption early at a load balancer. +- Include sensitive details in assertions that you do not want appearing in logs. -The SAML integration supports EncryptedAssertion. You should define the private -key and the public certificate of your GitLab instance in the SAML settings. When you define the key and certificate, replace all line feeds in the key file with `\n`. This makes the key file one long string with no line feeds. +Most organizations should not need additional encryption at this layer. + +The SAML integration supports `EncryptedAssertion`. To encrypt your assertions, +define the private key and the public certificate of your GitLab instance in the +SAML settings. + +When you define the key and certificate, replace all line feeds in the key file with `\n`. +This makes the key file one long string with no line feeds. ```yaml args: { @@ -794,10 +799,12 @@ args: { } ``` -Your Identity Provider encrypts the assertion with the public certificate of GitLab. GitLab decrypts the EncryptedAssertion with its private key. +Your IdP encrypts the assertion with the public certificate of GitLab. +GitLab decrypts the `EncryptedAssertion` with its private key. NOTE: -This integration uses the `certificate` and `private_key` settings for both assertion encryption and request signing. +This integration uses the `certificate` and `private_key` settings for both +assertion encryption and request signing. ## Sign SAML authentication requests (optional) |