@@ -21,6 +21,12 @@ composer require simplesamlphp/simplesamlphp-module-ldap --update-no-dev
2121
2222## Functional changes
2323
24+ - EntityIDs are no longer auto-generated. Make sure to set something sensible in the array-keys in
25+ ` metadata/saml20-idp-hosted.php ` and for any saml: SP in ` config/authsources.php ` (or to the existing entityIDs when
26+ upgrading an existing installation).
27+ If you are using a database to store metadata, make sure to replace any ` __DYNAMIC:<n>__ ` entityID's with
28+ a real value manually. Dynamic records are no longer loaded from the database. See the "Upgrading and EntityIDs"
29+ section at the end of the document for more information.
2430- Modules must be enabled through the ` module.enable ` option in ` config.php ` . Modules can no longer be enabled by having
2531 a file named ` enable ` or ` default-enable ` in the module's root directory.
2632- The base URL of the SimpleSAMLphp installation no longer provides an admin menu. Instead this is now at the location
@@ -38,11 +44,6 @@ composer require simplesamlphp/simplesamlphp-module-ldap --update-no-dev
3844- All support for the Shibboleth 1.3 / SAML 1.1 protocol has been removed.
3945- Sessions are no longer backwards compatible with previous versions. Make sure to clear your session cache during
4046 the upgrade process. How to do this depends on your session backend.
41- - EntityIDs are no longer auto-generated. Make sure to set something sensible in the array-keys in
42- ` metadata/saml20-idp-hosted.php ` and for any saml: SP in ` config/authsources.php ` (or to the existing entityIDs when
43- upgrading an existing installation).
44- If you are using a database to store metadata, make sure to replace any ` __DYNAMIC:<n>__ ` entityID's with
45- a real value manually. Dynamic records are no longer loaded from the database.
4647
4748## Configuration changes
4849
@@ -144,3 +145,50 @@ $x = \SimpleSAML\Utils\Arrays::arrayize($someVar)
144145
145146[ 1 ] : https://github.com/simplesamlphp/simplesamlphp/wiki/Migrating-translations-(pre-migration)
146147[ 2 ] : https://github.com/simplesamlphp/simplesamlphp/wiki/Twig:-Migrating-templates
148+
149+ ## Upgrading and EntityIDs
150+
151+ If you still have your 1.x installation available, the entityID you
152+ are using for your SP and IdP should be available in
153+ module.php/core/frontpage_federation.php location on your
154+ SimpleSAMLphp server.
155+
156+ For a service provider, if it was set as auto-generated in 1.19, it
157+ will likely have the form of (< https://yourhostname/simplesaml/module.php/saml/sp/metadata.php/default-sp > ).
158+
159+ The EntityID is set in two locations, as the property 'entityID' for
160+ an SP and as the index in the $metadata array for an IdP. Examples of
161+ both are shown below.
162+
163+ For the SP you can set the EntityID as shown in the below fragment of
164+ authsources.php. In all of the below configuration fragments the
165+ EntityID is set to (< https://example.com/the-service/ > ).
166+
167+ ``` php
168+ ...
169+ 'default-sp' => [
170+ 'saml:SP',
171+ // The entity ID of this SP.
172+ 'entityID' => 'https://example.com/the-service/',
173+ ...
174+ ```
175+
176+ One suggestion for forming an EntityID is to use the below scheme.
177+
178+ ``` php
179+ $entityid_sp = 'https://'
180+ . $_SERVER['HTTP_HOST']
181+ . '/simplesaml/module.php/saml/sp/metadata.php/default-sp';
182+ ```
183+
184+ For an IdP you might like to look at saml20-idp-hosted.php where the
185+ EntityID is used as the key in the metadata array.
186+
187+ ``` php
188+ ...
189+ $metadata['https://example.com/the-service/'] = [
190+ ...
191+ ```
192+
193+ If you use SimpleSAMLphp as an SP, the IdP you are using will have
194+ your correct entityID configured.
0 commit comments