From 34634ad35ceccd5163fba2b6c1eff5ef2d0096f9 Mon Sep 17 00:00:00 2001 From: Stefan Guilhen Date: Thu, 18 Oct 2018 08:09:24 -0300 Subject: [PATCH] KEYCLOAK-6757 Add Microsoft identity provider change note to changes-72.adoc --- upgrading/topics/rhsso/changes-72.adoc | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/upgrading/topics/rhsso/changes-72.adoc b/upgrading/topics/rhsso/changes-72.adoc index 1570c93c89..c2601095c7 100644 --- a/upgrading/topics/rhsso/changes-72.adoc +++ b/upgrading/topics/rhsso/changes-72.adoc @@ -46,3 +46,15 @@ If you use RH-SSO 7.1 or a legacy OAuth2 / OpenID Connect adapter, it may be use This can be done for the particular client in the {project_name} admin console, in client details in the section with `OpenID Connect Compatibility Modes`, described in <<_compatibility_with_older_adapters>>. There is the `Exclude Session State From Authentication Response` switch, which can be turned on to prevent adding the `session_state` parameter to the Authentication Response. + +==== Microsoft Identity Provider updated to use the Microsoft Graph API + +The Microsoft Identity Provider implementation in {project_name} up to version 7.2.4 relies on the Live SDK +endpoints for authorization and obtaining the user profile. From November 2018 onwards, Microsoft is removing support +for the Live SDK API in favor of the new Microsoft Graph API. The {project_name} identity provider has been updated +to use the new endpoints so if this integration is in use make sure you upgrade to {project_name} version 7.2.5 or later. + +Legacy client applications registered under "Live SDK applications" won't work with the Microsoft Graph endpoints +due to changes in the id format of the applications. If you run into an error saying that the application identifier +was not found in the directory, you will have to register the client application again in the +https://account.live.com/developers/applications/create[Microsoft Application Registration] portal to obtain a new application id.