Clarify the release notes around SAML2 for v1.27.0.
This commit is contained in:
parent
6600f0bd57
commit
d804285139
|
@ -3,7 +3,7 @@ Synapse 1.27.0 (2021-02-16)
|
||||||
|
|
||||||
Note that this release includes a change in Synapse to use Redis as a cache ─ as well as a pub/sub mechanism ─ if Redis support is enabled for workers. No action is needed by server administrators, and we do not expect resource usage of the Redis instance to change dramatically.
|
Note that this release includes a change in Synapse to use Redis as a cache ─ as well as a pub/sub mechanism ─ if Redis support is enabled for workers. No action is needed by server administrators, and we do not expect resource usage of the Redis instance to change dramatically.
|
||||||
|
|
||||||
This release also changes the callback URI for OpenID Connect (OIDC) identity providers. If your server is configured to use single sign-on via an OIDC/OAuth2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
|
This release also changes the callback URI for OpenID Connect (OIDC) and SAML2 identity providers. If your server is configured to use single sign-on via an OIDC/OAuth2 or SAML2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
|
||||||
|
|
||||||
This release also changes escaping of variables in the HTML templates for SSO or email notifications. If you have customised these templates, please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
|
This release also changes escaping of variables in the HTML templates for SSO or email notifications. If you have customised these templates, please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
|
||||||
|
|
||||||
|
|
23
UPGRADE.rst
23
UPGRADE.rst
|
@ -88,20 +88,21 @@ for example:
|
||||||
Upgrading to v1.27.0
|
Upgrading to v1.27.0
|
||||||
====================
|
====================
|
||||||
|
|
||||||
Changes to callback URI for OAuth2 / OpenID Connect
|
Changes to callback URI for OAuth2 / OpenID Connect and SAML2
|
||||||
---------------------------------------------------
|
-------------------------------------------------------------
|
||||||
|
|
||||||
This version changes the URI used for callbacks from OAuth2 identity providers. If
|
This version changes the URI used for callbacks from OAuth2 and SAML2 identity providers:
|
||||||
your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
|
|
||||||
provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
|
|
||||||
to the list of permitted "redirect URIs" at the identity provider.
|
|
||||||
|
|
||||||
See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
|
* If your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
|
||||||
Connect.
|
provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
|
||||||
|
to the list of permitted "redirect URIs" at the identity provider.
|
||||||
|
|
||||||
(Note: a similar change is being made for SAML2; in this case the old URI
|
See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
|
||||||
``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to
|
Connect.
|
||||||
work, so no immediate changes are required for existing installations.)
|
|
||||||
|
* If your server is configured for single sign-on via a SAML2 identity provider, you will
|
||||||
|
need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted
|
||||||
|
"ACS location" (also known as "allowed callback URLs") at the identity provider.
|
||||||
|
|
||||||
Changes to HTML templates
|
Changes to HTML templates
|
||||||
-------------------------
|
-------------------------
|
||||||
|
|
Loading…
Reference in New Issue