You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe SAML supported private key format and encryption algorithm (opensearch-project#1855)
OpenSearch allows signing requests by using a private key in the PKCS#8 format. If a user wants to use an encrypted key, the key must be encrypted with a PKCS#12-compatible algorithm.
The `SAML -> Request signing` documentation is extended with the requirements. It should save time of the customers who use wrong key formats or a good key format, but encrypted with an unsupported algorithm (e.g. PKCS#5 2.0 compatible algorithm).
Signed-off-by: Adam Gabryś <[email protected]>
Copy file name to clipboardExpand all lines: _security/authentication-backends/saml.md
+2Lines changed: 2 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -176,6 +176,8 @@ Name | Description
176
176
`sp.signature_private_key_filepath` | Path to the private key. The file must be placed under the OpenSearch `config` directory, and the path must be specified relative to that same directory.
177
177
`sp.signature_algorithm` | The algorithm used to sign the requests. See the next table for possible values.
178
178
179
+
The private key must be in PKCS#8 format. If you want to use an encrypted key, it must be encrypted with a PKCS#12-compatible algorithm (3DES).
180
+
179
181
The Security plugin supports the following signature algorithms.
0 commit comments