Просмотр исходного кода
Update docs on how to use synapse & keycloak OIDC
Use up-to-date example from synapse docs Add link to keycloak website Add link to synapse docs on OIDCpull/2298/head
teutat3s
3 лет назад
Не найден GPG ключ соответствующий данной подписи
Идентификатор GPG ключа: 18DAE600A6BBE705
1 измененных файлов: 19 добавлений и 13 удалений
+ 19
- 13
docs/configuring-playbook-synapse.md
Просмотреть файл
| @@ -56,21 +56,27 @@ Certain Synapse administration tasks (managing users and rooms, etc.) can be per | |||||
| If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)). | If you'd like to use OpenID Connect authentication with Synapse, you'll need some additional reverse-proxy configuration (see [our nginx reverse-proxy doc page](configuring-playbook-nginx.md#synapse-openid-connect-for-single-sign-on)). | ||||
| This example configuration is for [keycloak](https://www.keycloak.org/), an opensource Identity Provider maintained by Red Hat. | |||||
| For more detailed documentation on available options and how to setup keycloak, see the [Synapse documentation on OpenID Connect with keycloak](https://github.com/matrix-org/synapse/blob/develop/docs/openid.md#keycloak). | |||||
| In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ; | In case you encounter errors regarding the parsing of the variables, you can try to add `{% raw %}` and `{% endraw %}` blocks around them. For example ; | ||||
| ``` | ``` | ||||
| - idp_id: keycloak | |||||
| idp_name: "Keycloak" | |||||
| issuer: "https://url.ix/auth/realms/x" | |||||
| client_id: "matrix" | |||||
| client_secret: "{{ vault_synapse_keycloak }}" | |||||
| scopes: ["openid", "profile"] | |||||
| authorization_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/auth" | |||||
| token_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/token" | |||||
| userinfo_endpoint: "https://url.ix/auth/realms/x/protocol/openid-connect/userinfo" | |||||
| user_mapping_provider: | |||||
| config: | |||||
| display_name_template: "{% raw %}{{ user.given_name }}{% endraw %} {% raw %}{{ user.family_name }}{% endraw %}" | |||||
| email_template: "{% raw %}{{ user.email }}{% endraw %}" | |||||
| matrix_synapse_configuration_extension_yaml: | | |||||
| oidc_providers: | |||||
| - idp_id: keycloak | |||||
| idp_name: "My KeyCloak server" | |||||
| issuer: "https://url.ix/auth/realms/{realm_name}" | |||||
| client_id: "matrix" | |||||
| client_secret: "{{ vault_synapse_keycloak }}" | |||||
| scopes: ["openid", "profile"] | |||||
| user_mapping_provider: | |||||
| config: | |||||
| localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}" | |||||
| display_name_template: "{% raw %}{{ user.name }}{% endraw %}" | |||||
| email_template: "{% raw %}{{ user.email }}{% endraw %}" | |||||
| allow_existing_users: true # Optional | |||||
| backchannel_logout_enabled: true # Optional | |||||
| ``` | ``` | ||||