Skip to content

Commit

Permalink
Describe SAML supported private key format and encryption algorithm (#…
Browse files Browse the repository at this point in the history 
…1855) (#4109)

OpenSearch allows signing requests by using a private key in the PKCS#8 format. If a user wants to use an encrypted key, the key must be encrypted with a PKCS#12-compatible algorithm.

The `SAML -> Request signing` documentation is extended with the requirements. It should save time of the customers who use wrong key formats or a good key format, but encrypted with an unsupported algorithm (e.g. PKCS#5 2.0 compatible algorithm).


(cherry picked from commit b52424e)

Signed-off-by: Adam Gabryś <adam.gabrys@live.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
  • Loading branch information
@opensearch-trigger-bot @github-actions
opensearch-trigger-bot[bot] and github-actions[bot] authored May 18, 2023
1 parent a151786 commit 176d1d8
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions _security/authentication-backends/saml.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,8 @@ Name | Description
`sp.signature_private_key_filepath` | Path to the private key. The file must be placed under the OpenSearch `config` directory, and the path must be specified relative to that same directory.
`sp.signature_algorithm` | The algorithm used to sign the requests. See the next table for possible values.
The private key must be in PKCS#8 format. If you want to use an encrypted key, it must be encrypted with a PKCS#12-compatible algorithm (3DES).
The Security plugin supports the following signature algorithms.
Algorithm | Value
Expand Down

0 comments on commit 176d1d8

Please sign in to comment.