You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
The public key-based request signing functionality added to sso_proxy in #106 is undocumented. In particular, it's not immediately obvious how to a) generate an appropriate keypair or b) validate a signed request in an upstream service.
Describe the solution you'd like
New documentation for this functionality, ideally accompanied by a reference implementation for verifying a signed request.
To start, generating an appropriate keypair for sso_proxy to use for signing requests is as simple as
openssl genrsa -out priv.out 2048
The text was updated successfully, but these errors were encountered:
To start, generating an appropriate keypair for sso_proxy to use for signing requests is as simple as
openssl genrsa -out priv.out 2048
Turns out the above generates a key in PKCS#1 format (I think?), but we need one in PKCS#8 format, which requires an extra conversion step. Luckily, this is still relatively straightforward to do in one pass:
Is your feature request related to a problem? Please describe.
The public key-based request signing functionality added to sso_proxy in #106 is undocumented. In particular, it's not immediately obvious how to a) generate an appropriate keypair or b) validate a signed request in an upstream service.
Describe the solution you'd like
New documentation for this functionality, ideally accompanied by a reference implementation for verifying a signed request.
To start, generating an appropriate keypair for sso_proxy to use for signing requests is as simple as
The text was updated successfully, but these errors were encountered: