From 9fa3d8335cb2c3fffcc7000cdb3ff91e172b3234 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Wed, 31 Aug 2022 17:41:21 +0200
Subject: [PATCH] Add note on changing endpoints

---
 docs/simplesamlphp-upgrade-notes-2.0.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/simplesamlphp-upgrade-notes-2.0.md b/docs/simplesamlphp-upgrade-notes-2.0.md
index 013b07744..4e20c0130 100644
--- a/docs/simplesamlphp-upgrade-notes-2.0.md
+++ b/docs/simplesamlphp-upgrade-notes-2.0.md
@@ -39,6 +39,11 @@ composer require simplesamlphp/simplesamlphp-module-ldap --update-no-dev
   `metadata/saml20-idp-hosted.php` (or to the existing entityID when upgrading an existing installation).
   If you are using a database to store metadata, make sure to replace any __DYNAMIC% entityID's with
   a real value manually. Dynamic records are no longer loaded from the database.
+- SAML endpoints have changed, meaning that a metadata exchange with your peers _could_ be necessary depending on
+  your configuration. If you are an IDP, you are fine, because the old endpoints still work and you can still
+  receive authentication requests there. If you're an SP, it is dependent on you IDPs.. For example, Azure AD is known
+  to break and will require a new metadata exchange. However, any SAML2INT compliant IDP should accept the new endpoint
+  out-of-the-box _if_ you are signing your authentication requests.
 
 ## Configuration changes
 
-- 
GitLab