gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
Browse Source

Remove deprecated SAML2 callback URL since it does not work. (#9434) 

Updates documentation from #9289 and removes a deprecated
endpoint which didn't work as expected.
tags/v1.28.0rc1
Patrick Cloke 3 years ago
committed by GitHub
parent
90550f598e
commit
9ee3b9775f
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 15 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -0
      CHANGES.md
  2. +12
    -10
      UPGRADE.rst
  3. +1
    -0
      changelog.d/9434.doc
  4. +1
    -5
      synapse/rest/synapse/client/__init__.py

+ 2
- 0
CHANGES.md View File

@@ -3,6 +3,8 @@ Synapse 1.xx.0 (2021-xx-xx)

Note that this release drops support for ARMv7 in the official Docker images, due to repeated problems building for ARMv7 (and the associated maintenance burden this entails).

This release also fixes the documentation included in v1.27.0 around the callback URI for SAML2 identity providers. If your server is configured to use single sign-on via a SAML2 IdP, you may need to make configuration changes. Please review [UPGRADE.rst](UPGRADE.rst) for more details on these changes.

Removal warning
---------------



+ 12
- 10
UPGRADE.rst View File

@@ -88,20 +88,21 @@ for example:
Upgrading to v1.27.0
====================

Changes to callback URI for OAuth2 / OpenID Connect
Changes to callback URI for OAuth2 / OpenID Connect and SAML2
-------------------------------------------------------------

This version changes the URI used for callbacks from OAuth2 identity providers. If
your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
to the list of permitted "redirect URIs" at the identity provider.
This version changes the URI used for callbacks from OAuth2 and SAML2 identity providers:

See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
Connect.
* If your server is configured for single sign-on via an OpenID Connect or OAuth2 identity
provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback``
to the list of permitted "redirect URIs" at the identity provider.

(Note: a similar change is being made for SAML2; in this case the old URI
``[synapse public baseurl]/_matrix/saml2`` is being deprecated, but will continue to
work, so no immediate changes are required for existing installations.)
See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID
Connect.

* If your server is configured for single sign-on via a SAML2 identity provider, you will
need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted
"ACS location" (also known as "allowed callback URLs") at the identity provider.

Changes to HTML templates
-------------------------


+ 1
- 0
changelog.d/9434.doc View File

@@ -0,0 +1 @@
Fix erroneous documentation from v1.27.0 about updating the SAML2 callback URL.

+ 1
- 5
synapse/rest/synapse/client/__init__.py View File

@@ -54,11 +54,7 @@ def build_synapse_client_resource_tree(hs: "HomeServer") -> Mapping[str, Resourc
if hs.config.saml2_enabled:
from synapse.rest.synapse.client.saml2 import SAML2Resource

res = SAML2Resource(hs)
resources["/_synapse/client/saml2"] = res

# This is also mounted under '/_matrix' for backwards-compatibility.
resources["/_matrix/saml2"] = res
resources["/_synapse/client/saml2"] = SAML2Resource(hs)

return resources



Write Preview
Loading…
Cancel
Save