From 4892fbb91366e6831616787534d0fff0c7134708 Mon Sep 17 00:00:00 2001 From: AJ Farkas Date: Fri, 24 May 2024 14:29:28 -0400 Subject: [PATCH] Update SAML Fingerprint process (#557) * Update SAML Fingerprint process * Simplify local process * Link certs --- _articles/saml.md | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/_articles/saml.md b/_articles/saml.md index 064be55b..e247476e 100644 --- a/_articles/saml.md +++ b/_articles/saml.md @@ -51,19 +51,10 @@ If, when logging in to the SAML Sinatra sample app, you get an error saying: This is usually caused by a mismatch between the IdP certificate used to sign the response, and the recorded signature of the certificate which is saved in the environment variable `idp_cert_fingerprint` (either in config/application.yml, or the environment variables in the deployed environment). -To fix this, grab the certificate from the response, e.g., +To fix this, you'll first need to get the X509 Certificate from the appropriate SAML metadata endpoint, ie ([https://idp.dev.identitysandbox.gov/api/saml/metadata2024]) for ([https://dev-identity-saml-sinatra.app.cloud.gov/]). +The local `identity-saml-sinatra` app uses the certificate from `identity-idp`, so that XML can be found at [identity-idp/config/artifacts.example/local/saml${YEAR}.crt](https://github.com/18F/identity-idp/tree/main/config/artifacts.example/local/). -``` - - - - MII/KeepCopyingButBreakItUpInto64CharacterLinesWhenYouSaveItHere...TheLastLineMayNotBeExactly64CharactersAndThatsOK= - - - -``` -edit it to look like a normal certificate (or find the orig), e.g., +Edit it to look like a normal certificate (or find the orig), e.g., ``` -----BEGIN CERTIFICATE----- MII/KeepCopyingButBreakItUpInto64CharacterLinesWhenYouSaveItHere