diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml index edb09b4..ea7b74c 100644 --- a/roles/matrix_synapse/defaults/main.yml +++ b/roles/matrix_synapse/defaults/main.yml @@ -96,7 +96,7 @@ synapse_app_name: Matrix # Log level synapse_log_level: ERROR -# Can be internal, ldap or rest +# Can be internal, ldap, rest or oidc synapse_auth: internal # If auth is ldap @@ -111,3 +111,10 @@ synapse_ldap_filter: (objectClass=posixAccount) # if auth is rest synapse_auth_rest_uri: http://localhost:8083 +# if auth is oidc +synapse_oidc_server: https://sso.domain.com +synapse_oidc_client: matric +synapse_oidc_secret: XXXXX +# Jinja2 template to for the local part of the MXID. +synapse_oidc_localpart: "{{ '\"{{ user.sub }}\"' }}" +synapse_oidc_display_name: "{{ '\"{{ user.name }}\"' }}" diff --git a/roles/matrix_synapse/templates/homeserver.yaml.j2 b/roles/matrix_synapse/templates/homeserver.yaml.j2 index 02b8676..51097d4 100644 --- a/roles/matrix_synapse/templates/homeserver.yaml.j2 +++ b/roles/matrix_synapse/templates/homeserver.yaml.j2 @@ -176,6 +176,22 @@ password_providers: - module: "rest_auth_provider.RestAuthProvider" config: endpoint: "{{ synapse_auth_rest_uri }}" +{% elif synapse_auth == 'oidc' %} +oidc_config: + enabled: True + issuer: '{{ synapse_oidc_server }}' + client_id: '{{ synapse_oidc_client }}' + client_secret: '{{ synapse_oidc_secret }}' + user_mapping_provider: + config: + localpart_template: {{ synapse_oidc_localpart }} +{% if synapse_oidc_display_name is defined %} + display_name_template: {{ synapse_oidc_display_name }} +{% endif %} + +sso: + client_whitelist: + - {{ synapse_public_baseurl | default('https://matrix.' + synapse_server_name) }} {% endif %} alias_creation_rules: