About encrypted assertions
If your IdP support encryption of assertions, you can configure encrypted assertions on GitHub Enterprise Server for increased security during the authentication process.
必要な環境
To enable encrypted assertions for authentication to GitHub Enterprise Server, you must configure SAML authentication, and your IdP must support encrypted assertions.
Enabling encrypted assertions
To enable encrypted assertions, you must provide GitHub Enterprise Serverインスタンス's public certificate to your IdP, and configure encryption settings that match your IdP.
注釈: GitHub strongly recommends that you verify any new configuration for authentication in a staging environment. An incorrect configuration could result in downtime for GitHub Enterprise Serverインスタンス. 詳しい情報については "ステージングインスタンスのセットアップ"を参照してください。
-
Optionally, enable SAML debugging. SAML debugging records verbose entries in GitHub Enterprise Server's authentication log, and may help you troubleshoot failed authentication attempts. For more information, see "Troubleshooting SAML authentication."
-
From an administrative account on GitHub Enterprise Server, in the upper-right corner of any page, click .
-
If you're not already on the "Site admin" page, in the upper-left corner, click Site admin.
-
左のサイドバーでManagement Consoleをクリックしてください。
-
左のサイドバーでAuthentication(認証)をクリックしてください。
-
Select Require encrypted assertions.
-
To the right of "Encryption Certificate", click Download to save a copy of GitHub Enterprise Serverインスタンス's public certificate on your local machine.
-
Sign into your SAML IdP as an administrator.
-
In the application for GitHub Enterprise Serverインスタンス, enable encrypted assertions.
- Note the encryption method and key transport method.
- Provide the public certificate you downloaded in step 7.
-
Return to the management console on GitHub Enterprise Serverインスタンス.
-
To the right of "Encryption Method", select the encryption method for your IdP from step 9.
-
To the right of "Key Transport Method", select the key transport method for your IdP from step 9.
-
Save settings(設定の保存)をクリックしてください。
-
設定が完了するのを待ってください。
If you enabled SAML debugging to test authentication with encrypted assertions, disable SAML debugging when you're done testing. For more information, see "Troubleshooting SAML authentication."