From 23e3ae121196b3fa3f3159af3a2feb27922939ef Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Wed, 11 Dec 2019 16:32:26 -0800 Subject: [PATCH] docs: Reorganize some SAML setup instructions. This reads and line-wraps better. --- docs/production/authentication-methods.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/docs/production/authentication-methods.md b/docs/production/authentication-methods.md index 53512ae699..91cc795385 100644 --- a/docs/production/authentication-methods.md +++ b/docs/production/authentication-methods.md @@ -47,20 +47,23 @@ it as follows: 1. Tell your IdP how to find your Zulip server: * **SP Entity ID**: `https://yourzulipdomain.example.com`. + + The `Entity ID` should match the value of + `SOCIAL_AUTH_SAML_SP_ENTITY_ID` computed in the Zulip settings. + You can get the correct value by running the following: + `/home/zulip/deployments/current/scripts/setup/get-django-setting + SOCIAL_AUTH_SAML_SP_ENTITY_ID`. + * **SSO URL**: `https://yourzulipdomain.example.com/complete/saml/`. This is - the "SAML ACS url" in SAML terminology. If you're - [hosting multiple organizations](../production/multiple-organizations.html#authentication)) + the "SAML ACS url" in SAML terminology. + + If you're + [hosting multiple organizations](../production/multiple-organizations.html#authentication), you need to use `SOCIAL_AUTH_SUBDOMAIN`. For example, if `SOCIAL_AUTH_SUBDOMAIN="auth"` and `EXTERNAL_HOST=zulip.example.com`, this should be `https://auth.zulip.example.com/complete/saml/`. - The `Entity ID` should match the value of - `SOCIAL_AUTH_SAML_SP_ENTITY_ID` computed in the Zulip settings. - You can run on your Zulip server - `/home/zulip/deployments/current/scripts/setup/get-django-setting - SOCIAL_AUTH_SAML_SP_ENTITY_ID` to get the computed value. - 2. Tell Zulip how to connect to your SAML provider(s) by filling out the section of `/etc/zulip/settings.py` on your Zulip server with the heading "SAML Authentication".