__matrix_synapse: add --saml2-sp-key and --saml2-sp-cert flags

This commit is contained in:
fnux 2021-12-23 10:46:21 +01:00
parent e052178122
commit 35e299a5d1
No known key found for this signature in database
GPG key ID: 4502C902C00A1E12
4 changed files with 33 additions and 0 deletions

View file

@ -1727,6 +1727,13 @@ if [ -n "$SAML2_IDP_METADATA_URL" ]; then
EOF
fi
if [ -n "$SAML2_SP_CERT" ] || [ -n "$SAML2_SP_KEY" ]; then
cat << EOF
key_file: "$SAML2_SP_KEY"
cert_file: "$SAML2_SP_CERT"
EOF
fi
cat << EOF
# Allowed clock difference in seconds between the homeserver and IdP.
#

View file

@ -192,6 +192,12 @@ bind-address
saml2-idp-metadata-url
HTTP(S) url to SAML2 Identity Provider (IdP), used for Single Sign On (SSO) logic.
saml2-sp-key
Path to PEM-formatted key file for use by PySAML2.
saml2-sp-cert
Path to PEM-formatted cert file for use by PySAML2.
extra-setting
Arbitrary string to be added to the configuration file. Can be specified multiple times.

View file

@ -200,6 +200,24 @@ if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then
export SAML2_IDP_METADATA_URL
fi
if [ -f "$__object/parameter/saml2-sp-key" ]; then
SAML2_SP_KEY=$(cat "$__object/parameter/saml2-sp-key")
export SAML2_SP_KEY
fi
if [ -f "$__object/parameter/saml2-sp-cert" ]; then
SAML2_SP_CERT=$(cat "$__object/parameter/saml2-sp-cert")
export SAML2_SP_CERT
fi
if [ -n "$SAML2_SP_KEY" ] && [ -z "$SAML2_SP_CERT" ]; then
echo "--saml2-sp-cert must be set if --saml2-sp-key is provided." >&2
exit 1
elif [ -n "$SAML2_SP_CERT" ] && [ -z "$SAML2_SP_KEY" ]; then
echo "--saml2-sp-key must be set if --saml2-sp-cert is provided." >&2
exit 1
fi
if [ -f "$__object/parameter/default-identity-server" ]; then
DEFAULT_IDENTITY_SERVER=$(cat "$__object/parameter/default-identity-server")
export DEFAULT_IDENTITY_SERVER

View file

@ -37,4 +37,6 @@ tls-cert
tls-private-key
registration-shared-secret
saml2-idp-metadata-url
saml2-sp-key
saml2-sp-cert
default-identity-server