Add additional SAML2 upgrade notes (#9550)

e5da770c · Ben Banfield-Zanin · GitHub · 8a4b3738 · e5da770c · e5da770c
Unverified Commit e5da770c authored 4 years ago by Ben Banfield-Zanin Committed by GitHub 4 years ago
--- a/UPGRADE.rst
+++ b/UPGRADE.rst
@@ -124,6 +124,13 @@ This version changes the URI used for callbacks from OAuth2 and SAML2 identity p
  need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted
  "ACS location" (also known as "allowed callback URLs") at the identity provider.

+  The "Issuer" in the "AuthnRequest" to the SAML2 identity provider is also updated to
+  ``[synapse public baseurl]/_synapse/client/saml2/metadata.xml``. If your SAML2 identity
+  provider uses this property to validate or otherwise identify Synapse, its configuration
+  will need to be updated to use the new URL. Alternatively you could create a new, separate
+  "EntityDescriptor" in your SAML2 identity provider with the new URLs and leave the URLs in
+  the existing "EntityDescriptor" as they were.
+
 Changes to HTML templates
 -------------------------


--- a/changelog.d/9550.doc
+++ b/changelog.d/9550.doc
+Improve the SAML2 upgrade notes for 1.27.0.