add notes on saml fail to UPGRADE.rst

2021-02-18 15:02:44 +00:00 · 2021-02-18 15:02:44 +00:00 · 09510604c6
parent 6600f0bd57
commit 09510604c6
1 changed files with 15 additions and 11 deletions
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@ -88,20 +88,24 @@ for example:
 Upgrading to v1.27.0
 ====================

-Changes to callback URI for OAuth2 / OpenID Connect
---------------------------------------------------
+Changes to callback URI for OAuth2 / OpenID Connect and SAML2
+-------------------------------------------------------------

-This version changes the URI used for callbacks from OAuth2 identity providers. If
-your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
-provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
-to the list of permitted "redirect URIs" at the identity provider.
+This version changes the URI used for callbacks from OAuth2 and SAML2 identity
+providers:

-See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
-Connect.
+ * If your server is configured for single sign-on via an OpenID Connect or
+   OAuth2 identity provider, you will need to add ``[synapse public
+   baseurl]/_synapse/client/oidc/callback`` to the list of permitted "redirect
+   URIs" at the identity provider.
+
+   See `docs/openid.md <docs/openid.md>`_ for more information on setting up
+   OpenID Connect.
+
+* If your server is configured for single sign-on via SAML2, you will need to
+  add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a
+  permitted "ACS location".

-(Note: a similar change is being made for SAML2; in this case the old URI
-``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to
-work, so no immediate changes are required for existing installations.)

 Changes to HTML templates
 -------------------------