github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 16:46:12 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

sso_secret: cryptographically authenticate, not encrypt.

Browse Source 
The sso_secret is an input to HMAC, which is a hash-based message
authentication code, not encryption.
This commit is contained in:
Paul Annesley 2015-01-26 13:52:02 -08:00
parent 7741e4dc02
commit bf2bbfb06e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/locales/server.en.yml
View File

@ -783,7 +783,7 @@ en:
enable_sso: "Enable single sign on via an external site (WARNING: can prevent anyone from logging in if not properly configured when enabled; also disables invites)"
enable_sso_provider: "Implement Discourse SSO protocol at the /session/sso_provider endpoint, requires sso_secret to be set"
sso_url: "URL of single sign on endpoint"
sso_secret: "Secret string used to encrypt/decrypt SSO information, be sure it is 10 chars or longer"
sso_secret: "Secret string used to cryptographically authenticate SSO information, be sure it is 10 characters or longer"
sso_overrides_email: "Overrides local email with external site email from SSO payload (WARNING: discrepancies can occur due to normalization of local emails)"
sso_overrides_username: "Overrides local username with external site username from SSO payload (WARNING: discrepancies can occur due to differences in username length/requirements)"
sso_overrides_name: "Overrides local name with external site name from SSO payload (WARNING: discrepancies can occur due to normalization of local names)"