Commit e87afc94 authored by Kristina Hoeppner's avatar Kristina Hoeppner
Browse files

admin/extensions: Add info about signature algorithm

and in admin/ institutions. New in Mahara 17.10:
Adding the signature algorithm makes it possible to
hook ADFS into the SAML authentication. Theoretically,
this also works for Azure AD, but we haven't had the
chance to test that out due to lack of an Azure AD
server (Bug #1704887).
parent 7263f54a
......@@ -497,9 +497,22 @@ If you wish to use :ref:`SAML authentication <saml>` anywhere on your site, you
Prepare your site for SAML authentication
#. **Service Provider entityId**: This is the unique ID that identifies your Mahara instance to the Identity Provider, e.g. It is filled in automatically with the wwwroot of your instance. If it is incorrect, you can change it here.
#. |new in Mahara 17.10| **Signature algorithm**: :index:`This <single: New in Mahara 17.10; Select the signature algorithm for SAML authentication>` is the algorithm that will be used to sign SAML requests. This makes it possible to use the SAML authentication with ADFS (Active Directory Federation Services). The following options are available:
* SHA256 (Default)
* SHA384
* SHA512
* Legacy SHA1 (Dangerous)
.. warning::
The SHA1 algorithm is only provided for backwards compatibility. Unless you absolutely must use it, it is recommended to avoid it and use at least SHA256 instead.
#. **Metadata**: The metadata link takes you to the page with your SAML metadata that you would need to give to the Identity Provider.
#. **Public key**: The public key is generated and rotated automatically.
#. Click the *Save* button to keep your changes.
#. **Public key**: The public key is generated and rotated automatically. Typically, you would not need to copy it from here since you copy the entire metadata. It is displayed for verification purposes.
#. Click the *Save* button to make your changes or to rotate the key manually.
.. note::
If you click the *Save* button to rotate the public key, double check that it was changed by checking the expiry date and also the last few characters of the public key.
.. index::
pair: Plugins - configurable; Fulltext search
......@@ -506,6 +506,8 @@ SAML authentication
Choose this authentication method for your institution when you have a SAML 2.0 Identity Provider Service set up for your organisation that allows you to use the same login for multiple applications.
|new in Mahara 17.10| :index:`The <single: New in Mahara 17.10; Use ADFS as authentication method via SAML>` SAML plugin can be used to connect to ADFS as well. In order to do so, the signature algorithm needs to be set appropriately in the :ref:`SAML plugin configuration <plugin_saml>`.
.. figure:: /images/administration/institution_saml.*
:alt: SAML 2.0 authentication
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment