From a8a382b53fbff449386bec0b63511912e8346c80 Mon Sep 17 00:00:00 2001
From: Nikhil Jha <nikhiljha@users.noreply.github.com>
Date: Fri, 18 Dec 2020 16:39:53 -0800
Subject: [PATCH 1/2] Create 50-saml.md

---
 src/data/docs/20-authentication/50-saml.md | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 src/data/docs/20-authentication/50-saml.md

diff --git a/src/data/docs/20-authentication/50-saml.md b/src/data/docs/20-authentication/50-saml.md
new file mode 100644
index 0000000..02c5450
--- /dev/null
+++ b/src/data/docs/20-authentication/50-saml.md
@@ -0,0 +1,27 @@
+---
+title: 'SAML Authentication'
+sidebarTitle: 'SAML'
+excerpt: 'Authenticating to Meli using SAML'
+---
+
+# SAML Authentication
+
+1. Create a new SAML client in your IdP (for example, Keycloak) and remember the issuer/client name.
+1. Look at your IdP docs to find the corresponding endpoint (for keycloak it is `https://<my.keycloak.install>/auth/realms/<my.realm>/protocol/saml`)
+
+Now, you can update your `docker-compose.yml`:
+
+<div class="code-group">
+
+```yaml
+services:
+  # ...
+  server:
+    # ...
+    environment:
+      # ...
+      MELI_SAML_ENDPOINT: <the-full-url-to-your-saml-endpoint>
+      MELI_SAML_ISSUER: <the-issuer-or-client-to-authenticate-as>
+``` 
+
+</div>

From 14a98c8ad7451e43fdf1efc8211c8ba44b05f21e Mon Sep 17 00:00:00 2001
From: Nikhil Jha <nikhiljha@users.noreply.github.com>
Date: Sun, 20 Dec 2020 18:22:53 -0800
Subject: [PATCH 2/2] Update 50-saml.md

---
 src/data/docs/20-authentication/50-saml.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/data/docs/20-authentication/50-saml.md b/src/data/docs/20-authentication/50-saml.md
index 02c5450..cfb8c28 100644
--- a/src/data/docs/20-authentication/50-saml.md
+++ b/src/data/docs/20-authentication/50-saml.md
@@ -6,8 +6,14 @@ excerpt: 'Authenticating to Meli using SAML'
 
 # SAML Authentication
 
+**Warning:** Make sure to setup your private/public keys, or else SAML login will be insecure.
+
 1. Create a new SAML client in your IdP (for example, Keycloak) and remember the issuer/client name.
 1. Look at your IdP docs to find the corresponding endpoint (for keycloak it is `https://<my.keycloak.install>/auth/realms/<my.realm>/protocol/saml`)
+1. Look at your IdP docs to find your SAML certificate (for keycloak you can get it at `https://<my.keycloak.install>/auth/realms/<my.realm>/protocol/saml/descriptor`)
+1. Generate an RSA private/public keypair to use for signing requests, and configure your IdP with the public key.
+
+For information on how to format the certificate and key, see [the upstream passport-saml documentation](https://github.com/node-saml/passport-saml#security-and-signatures).
 
 Now, you can update your `docker-compose.yml`:
 
@@ -22,6 +28,8 @@ services:
       # ...
       MELI_SAML_ENDPOINT: <the-full-url-to-your-saml-endpoint>
       MELI_SAML_ISSUER: <the-issuer-or-client-to-authenticate-as>
+      MELI_SAML_IDP_CRT: <the-public-cert-of-your-IdP>
+      MELI_SAML_PRIVATE_CRT: <an-RSA-private-key>
 ``` 
 
 </div>