diff options
| author | Patrick Cloke <clokep@users.noreply.github.com> | 2021-02-18 11:20:33 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-18 11:20:33 -0500 |
| commit | 9ee3b9775fdd8cf5276e1834f9b9117218dcf882 (patch) | |
| tree | f4872b082dbf783518cc63ef0d88bc7d2dc8e5ef /UPGRADE.rst | |
| parent | Revert "Newsfragment", which was meant to be part of #9434. (diff) | |
| download | synapse-9ee3b9775fdd8cf5276e1834f9b9117218dcf882.tar.xz | |
Remove deprecated SAML2 callback URL since it does not work. (#9434)
Updates documentation from #9289 and removes a deprecated endpoint which didn't work as expected.
Diffstat (limited to 'UPGRADE.rst')
| -rw-r--r-- | UPGRADE.rst | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/UPGRADE.rst b/UPGRADE.rst index 22edfe0d60..6f628a6947 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -88,20 +88,21 @@ for example: Upgrading to v1.27.0 ==================== -Changes to callback URI for OAuth2 / OpenID Connect ---------------------------------------------------- +Changes to callback URI for OAuth2 / OpenID Connect and SAML2 +------------------------------------------------------------- -This version changes the URI used for callbacks from OAuth2 identity providers. If -your server is configured for single sign-on via an OpenID Connect or OAuth2 identity -provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback`` -to the list of permitted "redirect URIs" at the identity provider. +This version changes the URI used for callbacks from OAuth2 and SAML2 identity providers: -See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID -Connect. +* If your server is configured for single sign-on via an OpenID Connect or OAuth2 identity + provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback`` + to the list of permitted "redirect URIs" at the identity provider. -(Note: a similar change is being made for SAML2; in this case the old URI -``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to -work, so no immediate changes are required for existing installations.) + See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID + Connect. + +* If your server is configured for single sign-on via a SAML2 identity provider, you will + need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted + "ACS location" (also known as "allowed callback URLs") at the identity provider. Changes to HTML templates ------------------------- |