Clarify the use of the fingerprint

Close SAML-Toolkits#87

Author: pitbulk

README.md

@@ -325,13 +325,17 @@ $settings = array (
         // Public x509 certificate of the IdP
         'x509cert' => '',
         /*
-         *  Instead of use the whole x509cert you can use a fingerprint
+         *  Instead of use the whole x509cert you can use a fingerprint in order to 
+         *  validate a SAMLResponse.
          *  (openssl x509 -noout -fingerprint -in "idp.crt" to generate it,
          *   or add for example the -sha256 , -sha384 or -sha512 parameter)
          *
          *  If a fingerprint is provided, then the certFingerprintAlgorithm is required in order to
          *  let the toolkit know which algorithm was used. Possible values: sha1, sha256, sha384 or sha512
          *  'sha1' is the default value.
+         * 
+         *  Notice that if you want to validate any SAML Message sent by the HTTP-Redirect binding, you
+         *  will need to provide the whole x509cert.
          */
         // 'certFingerprint' => '',
         // 'certFingerprintAlgorithm' => 'sha1',
@@ -1341,4 +1345,4 @@ validation, the userdata and the nameID will be available, using `getNameId()` o
 `getAttributes()` we obtain them.
 
 Since the version 1 of the php toolkit does not support SLO we don't show how
-handle SLO in this demo-old.
+handle SLO in this demo-old.