bitwarden/help
1
0
Fork 0
mirror of https://github.com/bitwarden/help synced 2026-01-07 11:03:46 +00:00
Code Issues Releases Wiki Activity

Presentation fixes for TOCs (#296)

Browse Source
This commit is contained in:
fred_the_tech_writer
2020-11-16 12:37:07 -05:00
committed by GitHub
parent 80a0b17ac6
commit a2342ddc5e
9 changed files with 82 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
_articles/login-with-sso/configure-sso-saml.md
View File

@@ -36,15 +36,18 @@ Fields in this section will be required when you [Configure your IdP](#step-3-co
{% image /sso/sso-saml-sp.png SAML Service Provider Configuration section %}
### SP Entity ID
#### SP Entity ID
Your Bitwarden endpoint for Login with SSO. This value will be automatically generated based on your Bitwarden instance URL. For all Cloud-hosted instances, `https://sso.bitwarden.com/saml2/`. For self-hosted instances, domain is based on your configured Server URL.
### Assertion Consumer Service (ACS) URL
#### Assertion Consumer Service (ACS) URL
Location where the SAML assertion is sent from the IdP. This value is automatically generated by appending an Organization-identifying string and `/Acs` to your **SP Entity ID**. For example, `https://sso.bitwarden.com/saml2/abcd123-ef45-gh67-ij89/Acs/`.
For self-hosted instances, domain is based on your configured Server URL.
### Name ID Format
#### Name ID Format
Format of the SAML assertion. Options include:
- Unspecified (*default*)
- Email Address
@@ -55,23 +58,27 @@ Format of the SAML assertion. Options include:
- Persistent
- Transient
### Outbound Signing Algorithm
#### Outbound Signing Algorithm
Encryption method used by the SAML assertion. Options include:
- <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> (*default*)
- <http://www.w3.org/2000/09/xmldsig#rsa-sha1>
- <http://www.w3.org/2000/09/xmldsig#rsa-sha384>
- <http://www.w3.org/2000/09/xmldsig#rsa-sha512>
### Signing Behavior
#### Signing Behavior
Whether Bitwarden will sign SAML assertions. Options include:
- If IdP Wants Authn Requests Signed (*default*)
- Always
- Never
### Want Assertions Signed
#### Want Assertions Signed
Check this checkbox if Bitwarden should expect responses from the IdP to be signed.
### Validate Certificates
#### Validate Certificates
Check this checkbox when using trusted and valid certificates from your IdP through a trusted CA. Self-signed certificates may fail unless proper trust chains are configured within the Bitwarden Login with SSO docker image.
## Step 3: Configure Your IdP
@@ -103,21 +110,22 @@ Required fields will be marked. Failing to provide a value for a required field
{% image /sso/sso-saml-ip.png %}
### Entity ID (*Required*)
#### Entity ID (*Required*)
Address or URL of your Identity Server or the IDP Entity ID.
### Binding Type
#### Binding Type
Method used by the IdP to respond to Bitwarden SAML assertions. Options include:
- Redirect (*recommended*)
- HTTP POST
- Artifact
### Single Sign On Service URL (*Required if Entity ID is not a URL*)
#### Single Sign On Service URL (*Required if Entity ID is not a URL*)
SSO URL issued by your IdP.
### Single Log Out Service URL
#### Single Log Out Service URL
SLO URL issued by your IdP.
@@ -125,11 +133,11 @@ SLO URL issued by your IdP.
Login with SSO currently **does not** support SLO. This option is planned for future use, however we strongly recommend pre-configuring this field.
{% endcallout %}
### Artifact Resolution Service URL (*Required if Binding Type is Artifact*)
#### Artifact Resolution Service URL (*Required if Binding Type is Artifact*)
URL used for the Artifact Resolution Protocol.
### X509 Public CERTIFICATE (*Required unless Signing Behavior is Never*)
#### X509 Public CERTIFICATE (*Required unless Signing Behavior is Never*)
The X.509 Base-64 encoded certificate body. Do not include the `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` lines or portions of the CER/PEM formatted certificate.
@@ -137,25 +145,28 @@ The X.509 Base-64 encoded certificate body. Do not include the `-----BEGIN CERTI
Extra spaces, carriage returns, and other extraneous characters inside this field will cause certificate validation failure. Copy **only** the certificate data into this field.
{% endcallout %}
### Outbound Signing Algorithm
#### Outbound Signing Algorithm
Encryption method used by the SAML assertion. Options include:
- <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256> (*default*)
- <http://www.w3.org/2000/09/xmldsig#rsa-sha1>
- <http://www.w3.org/2000/09/xmldsig#rsa-sha384>
- <http://www.w3.org/2000/09/xmldsig#rsa-sha512>
### Allow Unsolicited Authentication response
#### Allow Unsolicited Authentication response
{% callout info %}
Login with SSO currently **does not** support unsolicited (IdP-Initiated) SSO assertions. This checkbox is planned for future use.
{% endcallout %}
### Disable Outbound Logout requests
#### Disable Outbound Logout requests
{% callout info %}
Login with SSO currently **does not** support SLO. This option is planned for future use, however we strongly recommend pre-configuring this field.
{% endcallout %}
### Want Authentication Requests Signed
#### Want Authentication Requests Signed
Check this checkbox if your IdP should expect SAML requests from Bitwarden to be signed.
## Field Mappings Reference