synapse: add new keycloak config

2023-09-29 13:05:47 +02:00 · 2023-09-29 13:05:47 +02:00 · 29eed5b047
commit 29eed5b047
parent c53c72d54b
3 changed files with 16 additions and 2 deletions
--- a/ansible/roles/docker-compose/files/synapse/config/homeserver.yaml
+++ b/ansible/roles/docker-compose/files/synapse/config/homeserver.yaml
@ -2273,11 +2273,23 @@ sso:
    #audiences:
    #    - "provided-by-your-issuer"

+oidc_providers:
+  - idp_id: keycloak
+        idp_name: "Corp Login"
+    issuer: "https://idp.corp-serv.net/realms/MAT"
+    client_id: "synapse"
+    client_secret: "vulBbPIatTqthf3wVgWbXjrLa00Ejk913gQEqgFhZm6FTJj4rc5CWgGGIBjH6CBDaAmeyZ4Tgs0iK7w9tannkaY8u3ziW4vhU0Ji"
+    scopes: ["openid", "profile"]
+    user_mapping_provider:
+      config:
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.name }}"
+    backchannel_logout_enabled: true

 password_config:
   # Uncomment to disable password login
   #
-   #enabled: false
+   enabled: false

   # Uncomment to disable authentication against the local password
   # database. This is ignored if enabled is false, and is only useful