Clarify the use of the certFingerprint

pitbulk · pitbulk · commit ff6e4d5f6f45 · 2016-04-01T17:09:47.000+02:00
diff --git a/README.md b/README.md
@@ -250,13 +250,17 @@ This is the settings.json file:
         // Public x509 certificate of the IdP
         "x509cert": "<onelogin_connector_cert>"
         /*
-         *  Instead of use the whole x509cert you can use a fingerprint
+         *  Instead of use the whole x509cert you can use a fingerprint in
+         *  order to validate a SAMLResponse.
          *  (openssl x509 -noout -fingerprint -in "idp.crt" to generate it,
-         *   or add for example the -sha256 , -sha384 or -sha512 parameter)
+         *  or add for example the -sha256 , -sha384 or -sha512 parameter)
          *
          *  If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
          *  let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512
          *  'sha1' is the default value.
+         *
+         *  Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you
+         *  will need to provide the whole x509cert.
          */
         // 'certFingerprint' => '',
         // 'certFingerprintAlgorithm' => 'sha1',
