Skip to content

Commit

Permalink
Update README.md (#296)
Browse files Browse the repository at this point in the history 
Added information to docs of when KEY_FILE is required.

I'm not sure what other conditions also require KEY_FILE  - so maybe we want to hold off merging until we know the other cases?
  • Loading branch information
@rrauenza
rrauenza authored Jun 24, 2024
1 parent bb893cb commit d8af163
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,7 +224,7 @@ Some of the following settings are related to how this module operates. The rest
| ------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| **METADATA\_AUTO\_CONF\_URL** | Auto SAML2 metadata configuration URL | `str` | `None` | `https://ORG.okta.com/app/APP-ID/sso/saml/metadata` |
| **METADATA\_LOCAL\_FILE\_PATH** | SAML2 metadata configuration file path | `str` | `None` | `/path/to/the/metadata.xml` |
| **KEY_FILE** | SAML2 private key file path | `str` | `None` | `/path/to/the/key.pem` |
| **KEY_FILE** | SAML2 private key file path. Required for AUTHN\_REQUESTS\_SIGNED | `str` | `None` | `/path/to/the/key.pem` |
| **CERT_FILE** | SAML2 public certificate file path | `str` | `None` | `/path/to/the/cert.pem` |
| **ENCRYPTION_KEYPAIRS** | Required for handling encrypted assertions. Will be automatically set if both `KEY_FILE` and `CERT_FILE` are set. | `list` | Not set. | `[ { 'key_file': '[The key file path]', 'cert_file': '[The certificate file path]' } ]` |
| **DEBUG** | Send debug information to a log file | `bool` | `False` | |
Expand Down Expand Up @@ -255,7 +255,7 @@ Some of the following settings are related to how this module operates. The rest
| **JWT\_PUBLIC\_KEY** | Public key to decode the signed JWT token. | `str` or `bytes` | `'--- YOUR PUBLIC KEY ---'` | |
| **JWT\_EXP** | JWT expiry time in seconds | `int` | 60 | |
| **FRONTEND\_URL** | If `USE_JWT` is `True`, you should set the URL to where your frontend is located (will default to `DEFAULT_NEXT_URL` if you fail to do so). Once the client is authenticated through the SAML SSO, your client is redirected to the `FRONTEND_URL` with the JWT token as `token` query parameter. Example: `https://app.example.com/?&token=<your.jwt.token`. With the token, your SPA can now authenticate with your API. | `str` | `admin:index` | |
| **AUTHN\_REQUESTS\_SIGNED** | Set this to `False` if your provider doesn't sign each authorization request. | `bool` | `True` |
| **AUTHN\_REQUESTS\_SIGNED** | Set this to `False` if your provider doesn't sign each authorization request. KEY_FILE is required if this is set True. | `bool` | `True` |
| **LOGOUT\_REQUESTS\_SIGNED** | Set this to `False` if your provider doesn't sign each logout request. | `bool` | `True` | |
| **WANT\_ASSERTIONS\_SIGNED** | Set this to `False` if your provider doesn't sign each assertion. | `bool` | `True` | |
| **WANT\_RESPONSE\_SIGNED** | Set this to `False` if you don't want your provider to sign the response. | `bool` | `True` | |
Expand Down

0 comments on commit d8af163

Please sign in to comment.