From b115434d9ce9ed87792a8ddbf59b938531ee531c Mon Sep 17 00:00:00 2001
From: Klaus Schwartz <klaus@eraga.net>
Date: Sun, 17 Jan 2021 22:28:51 +0300
Subject: [PATCH] update open id connect configuration section in docs with
 additional info

---
 docs/configuring-playbook-synapse.md | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/docs/configuring-playbook-synapse.md b/docs/configuring-playbook-synapse.md
index bab6a0ea2..d5f126f57 100644
--- a/docs/configuring-playbook-synapse.md
+++ b/docs/configuring-playbook-synapse.md
@@ -24,7 +24,23 @@ If you plan to rely only on SSO and don't want your users to ever login with pas
 matrix_synapse_password_config_enabled: true
 ```
 
-Refer to [official doc](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md) for examples.
+Add this to allow seamless forwarding to element web app and element android app. Without this setting matrix will ask the user if he trusts the app he tries to login.  
+
+```yaml
+matrix_synapse_sso:
+  client_whitelist:
+  - "https://element.{{ matrix_domain }}/"
+  - element://element
+
+```
+
+If you use `nginx proxy role` then you should add this setting as well to successfully pass redirects: 
+```yaml
+matrix_nginx_proxy_proxy_matrix_client_api_forwarded_location_synapse_oidc_api_enabled: true
+
+```
+
+Refer to [official Synapse doc](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md) for oidc setup examples.
 
 
 This is the bare minimum config example:
@@ -34,6 +50,7 @@ matrix_synapse_oidc_enabled: true
 matrix_synapse_oidc_issuer: "https://openid.example.com"
 matrix_synapse_oidc_client_id: "your-client-id"
 matrix_synapse_oidc_client_secret: "s0m3v3RyS3cr3tStr!ng"
+
 ```
 
 Depending on oauth provider you may also like to change following settings: