From f2d1cd20458ae406fe5765df2a1a7aa9c2478744 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Wed, 11 Oct 2023 09:20:48 +0300 Subject: [PATCH] docs(technical advisory): add login ui default context (#6695) * docs(technical advisory): add login ui default context * Update docs/docs/support/advisory/a10003.md Co-authored-by: Fabi --------- Co-authored-by: Fabi --- docs/docs/support/advisory/a10002.md | 6 ++-- docs/docs/support/advisory/a10003.md | 46 ++++++++++++++++++++++++ docs/docs/support/technical_advisory.mdx | 18 +++++++++- 3 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 docs/docs/support/advisory/a10003.md diff --git a/docs/docs/support/advisory/a10002.md b/docs/docs/support/advisory/a10002.md index 6d1e4dc4fc..7c63fb7dc9 100644 --- a/docs/docs/support/advisory/a10002.md +++ b/docs/docs/support/advisory/a10002.md @@ -6,14 +6,14 @@ title: Technical Advisory 10002 Version: TBD -Date: Calendar week 40/41 +Date: Calendar week 44 ## Description Since Angular Material v15 many of the UI components have been refactored to be based on the official Material Design Components for Web (MDC). These refactored components do not support dynamic styling, so in order to keep the library up-to-date, -the console UI will loose its dynamic theming capability. +the console UI will lose its dynamic theming capability. ## Statement @@ -23,7 +23,7 @@ As soon as the release version is published, we will include the version here. ## Mitigation If you need users to have your branding settings -(background-, button-, link and text coloring), you should implemement your +(background-, button-, link and text coloring), you should implement your own user facing UI yourself and not use ZITADELs console UI. Assets like your logo and icons will still be used. ## Impact diff --git a/docs/docs/support/advisory/a10003.md b/docs/docs/support/advisory/a10003.md new file mode 100644 index 0000000000..d3a5d868d2 --- /dev/null +++ b/docs/docs/support/advisory/a10003.md @@ -0,0 +1,46 @@ +--- +title: Technical Advisory 10003 +--- + +## Date and Version + +Version: 2.38.0 + +Date: Calendar week 41 + +## Description + +When users are redirected to the ZITADEL Login-UI without any organizational context, they're currently presented a login screen, +based on the instance settings, e.g. available IDPs and possible login mechanisms. If the user will then register himself, +by the registration form or through an IDP, the user will always be created on the default organization. + +This behaviour led to confusion, e.g. when activating IDPs on default org would not show up in the Login-UI, because they would still be loaded from the instance settings. + +To improve this, we're introducing the following change: +If users are redirected to the Login-UI without any organizational context, they will be presented a login screen based on the settings of the default organization (incl. IDPs). + +:::note +If the registration (and also authentication) needs to occur on a specified organization, apps can already +specify this by providing [an organization scope](https://zitadel.com/docs/apis/openidoauth/scopes#reserved-scopes). +::: + +## Statement + +This change was tracked in the following PR: +[feat(login): use default org for login without provided org context](https://github.com/zitadel/zitadel/pull/6625), which was released in Version [2.38.0](https://github.com/zitadel/zitadel/releases/tag/v2.38.0) + +## Mitigation + +There's no action needed on your side currently as existing instances are not affected directly and IAM_OWNER can activate the flag at their own pace. + +## Impact + +Once this update has been released and deployed, newly created instances will always use the default organization and its settings as default context for the login. + +Already existing instances will still use the instance settings by default and can switch to the new default by ["Activating the 'LoginDefaultOrg' feature"](https://zitadel.com/docs/apis/resources/admin/admin-service-activate-feature-login-default-org) through the Admin API. +**This change is irreversible!** + +:::note +Regardless of the change: +If a known username is entered on the first screen, the login switches its context to the organization of that user and settings will be updated to that organization as well. +::: \ No newline at end of file diff --git a/docs/docs/support/technical_advisory.mdx b/docs/docs/support/technical_advisory.mdx index 520dd3991c..5149d76fc0 100644 --- a/docs/docs/support/technical_advisory.mdx +++ b/docs/docs/support/technical_advisory.mdx @@ -68,7 +68,23 @@ We understand that these advisories may include breaking changes, and we aim to ZITADEL hosted Login-UI is not affected by this change. TBD - Calendar week 40/41 + Calendar week 44 + + + + A-10003 + + Login-UI - Default Context + Breaking Behaviour Change + + When users are redirected to the ZITADEL Login-UI without any organizational context, + they're currently presented a login screen, based on the instance settings, + e.g. available IDPs and possible login mechanisms. If the user will then register himself, + by the registration form or through an IDP, the user will always be created on the default organization. + With the introduced change, the settings will no longer be loaded from the instance, but rather the default organization directly. + + 2.38.0 + Calendar week 41