libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

KEYCLOAK-9192 Migration of Google Identity Provider

Browse source
This commit is contained in:
Hynek Mlnarik 2019-01-03 17:19:23 +01:00 committed by Hynek Mlnařík
parent c554098350
commit 80f32ee591
3 changed files with 44 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
upgrading/topics/keycloak/changes.adoc
View file

@ -1,5 +1,21 @@
== Migration Changes
=== Migrating to 4.8.2
==== Google Identity Provider updated to use Google Sign-in authentication system
The Google Identity Provider implementation in {project_name} up to version 4.8.1 relies on the Google+ API endpoints
endpoints for authorization and obtaining the user profile. From March 2019 onwards, Google is removing support
for the Google+ API in favor of the new Google Sign-in authentication system. The {project_name} identity provider has been updated
to use the new endpoints so if this integration is in use make sure you upgrade to {project_name} version 4.8.2 or later.
If you run into an error saying that the application identifier was not found in the directory, you will have to register the client application again in the
https://console.developers.google.com/apis/credentials[Google API Console] portal to obtain a new application id and secret.
It is possible that you will need to adjust custom mappers for non-standard claims that were provided by Google+ user
information endpoint and are provided under different name by Google Sign-in API. Please consult Google documentation
for the most up-to-date information on available claims.
=== Migrating to 4.6.0
==== New default client scopes

16
upgrading/topics/rhsso/changes-72.adoc
View file

@ -47,7 +47,7 @@ This can be done for the particular client in the {project_name} admin console,
described in <<_compatibility_with_older_adapters>>. There is the `Exclude Session State From Authentication Response` switch,
which can be turned on to prevent adding the `session_state` parameter to the Authentication Response.
==== Microsoft Identity Provider updated to use the Microsoft Graph API
=== Microsoft Identity Provider updated to use the Microsoft Graph API
The Microsoft Identity Provider implementation in {project_name} up to version 7.2.4 relies on the Live SDK
endpoints for authorization and obtaining the user profile. From November 2018 onwards, Microsoft is removing support
@ -58,3 +58,17 @@ Legacy client applications registered under "Live SDK applications" won't work w
due to changes in the id format of the applications. If you run into an error saying that the application identifier
was not found in the directory, you will have to register the client application again in the
https://account.live.com/developers/applications/create[Microsoft Application Registration] portal to obtain a new application id.
=== Google Identity Provider updated to use Google Sign-in authentication system
The Google Identity Provider implementation in {project_name} up to version 7.2.5 relies on the Google+ API endpoints
endpoints for authorization and obtaining the user profile. From March 2019 onwards, Google is removing support
for the Google+ API in favor of the new Google Sign-in authentication system. The {project_name} identity provider has been updated
to use the new endpoints so if this integration is in use make sure you upgrade to {project_name} version 7.2.6 or later.
If you run into an error saying that the application identifier was not found in the directory, you will have to register the client application again in the
https://console.developers.google.com/apis/credentials[Google API Console] portal to obtain a new application id and secret.
It is possible that you will need to adjust custom mappers for non-standard claims that were provided by Google+ user
information endpoint and are provided under different name by Google Sign-in API. Please consult Google documentation
for the most up-to-date information on available claims.

13
upgrading/topics/rhsso/changes-73.adoc
View file

@ -137,3 +137,16 @@ due to changes in the id format of the applications. If you run into an error sa
was not found in the directory, you will have to register the client application again in the
https://account.live.com/developers/applications/create[Microsoft Application Registration] portal to obtain a new application id.
=== Google Identity Provider updated to use Google Sign-in authentication system
The Google Identity Provider implementation in {project_name} up to version 7.2.5 relies on the Google+ API endpoints
endpoints for authorization and obtaining the user profile. From March 2019 onwards, Google is removing support
for the Google+ API in favor of the new Google Sign-in authentication system. The {project_name} identity provider has been updated
to use the new endpoints so if this integration is in use make sure you upgrade to {project_name} version 7.2.6 or later.
If you run into an error saying that the application identifier was not found in the directory, you will have to register the client application again in the
https://console.developers.google.com/apis/credentials[Google API Console] portal to obtain a new application id and secret.
It is possible that you will need to adjust custom mappers for non-standard claims that were provided by Google+ user
information endpoint and are provided under different name by Google Sign-in API. Please consult Google documentation
for the most up-to-date information on available claims.