Skip to main content
We publish frequent updates to our documentation, and translation of this page may still be in progress. For the most current information, please visit the English documentation.
 

 

Enabling encrypted assertions

In this article

You can improve your GitHub Enterprise Server instance's security with SAML single sign-on (SSO) by encrypting the messages that your SAML identity provider (IdP) sends.

Who can use this feature

Site administrators can configure encrypted assertions for a GitHub Enterprise Server instance.

About encrypted assertions

If your IdP support encryption of assertions, you can configure encrypted assertions on GitHub Enterprise Server for increased security during the authentication process.

Prerequisites

To enable encrypted assertions for authentication to GitHub Enterprise Server, you must configure SAML authentication, and your IdP must support encrypted assertions.

Enabling encrypted assertions

To enable encrypted assertions, you must provide your GitHub Enterprise Server instance's public certificate to your IdP, and configure encryption settings that match your IdP.

Note: GitHub strongly recommends that you verify any new configuration for authentication in a staging environment. An incorrect configuration could result in downtime for your GitHub Enterprise Server instance. For more information, see "Setting up a staging instance."

  1. Optionally, enable SAML debugging. SAML debugging records verbose entries in GitHub Enterprise Server's authentication log, and may help you troubleshoot failed authentication attempts. For more information, see "Troubleshooting SAML authentication."

  2. Desde una cuenta administrativa de GitHub Enterprise Server, en la esquina superior derecha de cualquier página, haz clic en .

    Captura de pantalla del icono de cohete para acceder a los ajustes administrativos

  3. Si todavía no está en la página "Administrador del sitio", en la esquina superior izquierda, haga clic en Administrador del sitio.

    Captura de pantalla del vínculo "Administrador del sitio"

  4. En la barra lateral de la izquierda, haga clic en Consola de administración . Pestaña Consola de administración en la barra lateral de la izquierda

  5. En la barra lateral de la izquierda, haga clic en Autenticación. Pestaña de autenticación en la barra lateral de configuración

  6. Select Require encrypted assertions.

    Screenshot of "Enable encrypted assertions" checkbox within management console's "Authentication" section

  7. To the right of "Encryption Certificate", click Download to save a copy of your GitHub Enterprise Server instance's public certificate on your local machine.

    Screenshot of "Download" button for public certificate for encrypted assertions

  8. Sign into your SAML IdP as an administrator.

  9. In the application for your GitHub Enterprise Server instance, enable encrypted assertions.

    • Note the encryption method and key transport method.
    • Provide the public certificate you downloaded in step 7.

  10. Return to the management console on your GitHub Enterprise Server instance.

  11. To the right of "Encryption Method", select the encryption method for your IdP from step 9.

    Screenshot of "Encryption Method" for encrypted assertions

  12. To the right of "Key Transport Method", select the key transport method for your IdP from step 9.

    Screenshot of "Key Transport Method" for encrypted assertions

  13. Click Save settings.

  14. Espera que se complete la fase de configuración.

    Configurar tu instancia

If you enabled SAML debugging to test authentication with encrypted assertions, disable SAML debugging when you're done testing. For more information, see "Troubleshooting SAML authentication."