summary refs log tree commit diff
path: root/UPGRADE.rst
diff options
context:
space:
mode:
authorPatrick Cloke <patrickc@matrix.org>2021-02-18 11:25:27 -0500
committerPatrick Cloke <patrickc@matrix.org>2021-02-18 11:25:27 -0500
commitd8042851397e829c29ba193adc4090cf62f7ee59 (patch)
tree1007faf24d81d5d7214f2b060c9285639acaeb71 /UPGRADE.rst
parentFixup CHANGES (diff)
downloadsynapse-d8042851397e829c29ba193adc4090cf62f7ee59.tar.xz
Clarify the release notes around SAML2 for v1.27.0. github/release-v1.27.0 release-v1.27.0
Diffstat (limited to 'UPGRADE.rst')
-rw-r--r--UPGRADE.rst23
1 files changed, 12 insertions, 11 deletions
diff --git a/UPGRADE.rst b/UPGRADE.rst
index 22edfe0d60..6f628a6947 100644
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -88,20 +88,21 @@ for example:
 Upgrading to v1.27.0
 ====================
 
-Changes to callback URI for OAuth2 / OpenID Connect
----------------------------------------------------
+Changes to callback URI for OAuth2 / OpenID Connect and SAML2
+-------------------------------------------------------------
 
-This version changes the URI used for callbacks from OAuth2 identity providers. If
-your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
-provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
-to the list of permitted "redirect URIs" at the identity provider.
+This version changes the URI used for callbacks from OAuth2 and SAML2 identity providers:
 
-See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
-Connect.
+* If your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
+  provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
+  to the list of permitted "redirect URIs" at the identity provider.
 
-(Note: a similar change is being made for SAML2; in this case the old URI
-``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to
-work, so no immediate changes are required for existing installations.)
+  See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
+  Connect.
+
+* If your server is configured for single sign-on via a SAML2 identity provider, you will
+  need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted
+  "ACS location" (also known as "allowed callback URLs") at the identity provider.
 
 Changes to HTML templates
 -------------------------