__matrix_synapse:add --smal2-idp-metadata-uri flag

type/__matrix_synapse/files/homeserver.yaml.sh

@@ -1711,7 +1711,17 @@ saml2_config:
     #  local: ["saml2/idp.xml"]
     #  remote:
     #    - url: https://our_idp/metadata.xml
+EOF
 
+if [ -n "$SAML2_IDP_METADATA_URL" ]; then
+	cat << EOF
+    metadata:
+      remote:
+        - url: "$SAML2_IDP_METADATA_URL"
+EOF
+fi
+
+cat << EOF
     # Allowed clock difference in seconds between the homeserver and IdP.
     #
     # Uncomment the below to increase the accepted time difference from 0 to 3 seconds.

type/__matrix_synapse/manifest

@@ -191,6 +191,15 @@ if [ -f "$__object/parameter/registration-allows-email-pattern" ]; then
     export RESGISTRATION_ALLOWS_EMAIL_PATTERN
 fi
 
+if [ -f "$__object/parameter/saml2-idp-metadata-url" ]; then
+    # Synapse fails to start while trying to parse IDP metadata if this package
+    # is not installed.
+    __package xmlsec1
+
+    SAML2_IDP_METADATA_URL=$(cat "$__object/parameter/saml2-idp-metadata-url")
+    export SAML2_IDP_METADATA_URL
+fi
+
 # Federation.
 ALLOW_PUBLIC_ROOMS_OVER_FEDERATION=$(get_boolean_for 'allow-public-room-over-federation')
 ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH=$(get_boolean_for 'allow-public-rooms-without-auth')

type/__matrix_synapse/parameter/optional

@@ -36,3 +36,4 @@ background-tasks-worker
 tls-cert
 tls-private-key
 registration-shared-secret
+saml2-idp-metadata-url