iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Describe SAML supported private key format and encryption algorithm (#1855) 

OpenSearch allows signing requests by using a private key in the PKCS#8 format. If a user wants to use an encrypted key, the key must be encrypted with a PKCS#12-compatible algorithm.

The `SAML -> Request signing` documentation is extended with the requirements. It should save time of the customers who use wrong key formats or a good key format, but encrypted with an unsupported algorithm (e.g. PKCS#5 2.0 compatible algorithm).

Signed-off-by: Adam Gabryś <adam.gabrys@live.com>
This commit is contained in:
Adam Gabryś 2023-05-18 19:08:11 +02:00 committed by GitHub
parent 2e49b86962
commit b52424e67b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_security/authentication-backends/saml.md
View File

@ -176,6 +176,8 @@ Name | Description
`sp.signature_private_key_filepath` | Path to the private key. The file must be placed under the OpenSearch `config` directory, and the path must be specified relative to that same directory.
`sp.signature_algorithm` | The algorithm used to sign the requests. See the next table for possible values.
The private key must be in PKCS#8 format. If you want to use an encrypted key, it must be encrypted with a PKCS#12-compatible algorithm (3DES).
The Security plugin supports the following signature algorithms.
Algorithm | Value