Clarify the release notes around SAML2 for v1.27.0.

This commit is contained in:
Patrick Cloke 2021-02-18 11:25:27 -05:00
parent 6600f0bd57
commit d804285139
2 changed files with 13 additions and 12 deletions

View File

@ -3,7 +3,7 @@ Synapse 1.27.0 (2021-02-16)
Note that this release includes a change in Synapse to use Redis as a cache ─ as well as a pub/sub mechanism ─ if Redis support is enabled for workers. No action is needed by server administrators, and we do not expect resource usage of the Redis instance to change dramatically. Note that this release includes a change in Synapse to use Redis as a cache ─ as well as a pub/sub mechanism ─ if Redis support is enabled for workers. No action is needed by server administrators, and we do not expect resource usage of the Redis instance to change dramatically.
This release also changes the callback URI for OpenID Connect (OIDC) identity providers. If your server is configured to use single sign-on via an OIDC/OAuth2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes. This release also changes the callback URI for OpenID Connect (OIDC) and SAML2 identity providers. If your server is configured to use single sign-on via an OIDC/OAuth2 or SAML2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.
This release also changes escaping of variables in the HTML templates for SSO or email notifications. If you have customised these templates, please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes. This release also changes escaping of variables in the HTML templates for SSO or email notifications. If you have customised these templates, please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.

View File

@ -88,20 +88,21 @@ for example:
Upgrading to v1.27.0 Upgrading to v1.27.0
==================== ====================
Changes to callback URI for OAuth2 / OpenID Connect Changes to callback URI for OAuth2 / OpenID Connect and SAML2
--------------------------------------------------- -------------------------------------------------------------
This version changes the URI used for callbacks from OAuth2 identity providers. If This version changes the URI used for callbacks from OAuth2 and SAML2 identity providers:
your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
to the list of permitted "redirect URIs" at the identity provider.
See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID * If your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
Connect. provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
to the list of permitted "redirect URIs" at the identity provider.
(Note: a similar change is being made for SAML2; in this case the old URI See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to Connect.
work, so no immediate changes are required for existing installations.)
* If your server is configured for single sign-on via a SAML2 identity provider, you will
need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted
"ACS location" (also known as "allowed callback URLs") at the identity provider.
Changes to HTML templates Changes to HTML templates
------------------------- -------------------------