Update SAML encryption documentation for AES-256-GCM support #8350
Conversation
- Add clarification that AES-256-GCM encryption support was introduced in v10.9 and backported to v10.6.5 - Include backwards compatibility messaging that existing SAML integrations continue working without changes - Note that only customers wanting to use AES-256-GCM keys need to update their configuration - Update main SAML SSO documentation to reference new encryption support - Update technical documentation to include version information Resolves #8349 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Carrie Warner (Mattermost) <[email protected]>
cwarnermm
added
1: Dev Review
|
Newest code from mattermost has been published to preview environment for Git SHA b58f2c5 |
| @@ -58,6 +58,9 @@ Mattermost supports the following encryption methods for SAML: | |||
|
|
|||
| * aes128-gcm | |||
| * aes192-gcm | |||
There was a problem hiding this comment.
This cipher was introduced the in same PR as aes256-gc
There was a problem hiding this comment.
Any follow on action you recommend here, @hanzei?
| @@ -58,6 +58,9 @@ Mattermost supports the following encryption methods for SAML: | |||
|
|
|||
| * aes128-gcm | |||
| * aes192-gcm | |||
| * aes256-gcm | |||
| * aes256-gcm (supported in v10.9+ and backported to v10.6.5+) | |||
There was a problem hiding this comment.
0/5 do we need to mention the backport?
There was a problem hiding this comment.
No. It's over-communication. Removed.
|
|
||
| .. note:: | ||
| **AES-256-GCM encryption** support was introduced in Mattermost v10.9 and backported to v10.6.5. Existing SAML integrations will continue to work without any changes. Only customers who want to use AES-256-GCM keys for SAML encryption need to update their keys and configuration. |
There was a problem hiding this comment.
2/5 that this is overcommunication. Only customers who check our full changelogs will notice that this is a new supported cipher. My concern is that we introduce confusion here,
Co-authored-by: Ben Schumacher <[email protected]>
Co-authored-by: Ben Schumacher <[email protected]>
|
Newest code from mattermost has been published to preview environment for Git SHA d1d4277 |
|
Newest code from mattermost has been published to preview environment for Git SHA 7bc1ad2 |
|
Newest code from mattermost has been published to preview environment for Git SHA f5543f4 |
|
Newest code from mattermost has been published to preview environment for Git SHA 832c789 |
| @@ -60,4 +60,4 @@ Mattermost supports the following encryption methods for SAML: | |||
| * aes192-gcm | |||
There was a problem hiding this comment.
Thanks for the update. As @hanzei mentioned, AES-192-GCM was introduced in the same PR as AES-256-GCM. Given that, would it make sense to expand the note to cover the full AES-GCM family for example:
"AES-GCM algorithms (aes128-gcm, aes192-gcm, aes256-gcm) were introduced in v10.9."
| * aes192-gcm | ||
| * aes256-gcm |
There was a problem hiding this comment.
| * aes192-gcm | |
| * aes256-gcm | |
| * aes192-gcm (supported in v10.9+) | |
| * aes256-gcm (supported in v10.9+ |
Updates SAML encryption documentation to clarify AES-256-GCM support introduced in v10.9 and backported to v10.6.5.
Changes
Resolves #8349
Generated with Claude Code