IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Docs: Update SAML docs after making the certificate/private key optional (#91202)

Browse Source 
* update SAML docs after changing the certificate/private key to be optional

* fix link with example of how to generate saml credentials

* revert link
This commit is contained in:
Mihai Doarna 2024-08-14 18:02:57 +03:00 committed by GitHub
parent b0dd3fb1a1
commit 340af8cf6b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/sources/setup-grafana/configure-security/configure-authentication/saml-ui/index.md
View File

@ -75,17 +75,19 @@ Sign in to Grafana and navigate to **Administration > Authentication > Configure
| **Single logout** | The SAML single logout feature enables users to log out from all applications associated with the current IdP session established using SAML SSO. For more information, refer to [SAML single logout documentation]]({{< relref "../saml#single-logout" >}}). | | **Single logout** | The SAML single logout feature enables users to log out from all applications associated with the current IdP session established using SAML SSO. For more information, refer to [SAML single logout documentation]]({{< relref "../saml#single-logout" >}}). |
| **Identity provider initiated login** | Enables users to log in to Grafana directly from the SAML IdP. For more information, refer to [IdP initiated login documentation]({{< relref "../saml#idp-initiated-single-sign-on-sso" >}}). | | **Identity provider initiated login** | Enables users to log in to Grafana directly from the SAML IdP. For more information, refer to [IdP initiated login documentation]({{< relref "../saml#idp-initiated-single-sign-on-sso" >}}). |
1. Click **Next: Key and certificate**. 1. Click **Next: Sign requests**.
### 2. Key and Certificate Section ### 2. Sign Requests Section
1. Provide a certificate and a private key that will be used by the service provider (Grafana) and the SAML IdP. 1. In the **Sign requests** field, specify whether you want the outgoing requests to be signed, and, if so, then:
1. Provide a certificate and a private key that will be used by the service provider (Grafana) and the SAML IdP.
Use the [PKCS #8](https://en.wikipedia.org/wiki/PKCS_8) format to issue the private key. Use the [PKCS #8](https://en.wikipedia.org/wiki/PKCS_8) format to issue the private key.
For more information, refer to an [example on how to generate SAML credentials]({{< relref "../saml#generate-private-key-for-saml-authentication" >}}). For more information, refer to an [example on how to generate SAML credentials]({{< relref "../saml#generate-private-key-for-saml-authentication" >}}).
1. In the **Sign requests** field, specify whether you want the outgoing requests to be signed, and, if so, which signature algorithm should be used. 1. Choose which signature algorithm should be used.
The SAML standard recommends using a digital signature for some types of messages, like authentication or logout requests to avoid [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). The SAML standard recommends using a digital signature for some types of messages, like authentication or logout requests to avoid [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack).