synapse: add new keycloak config

ansible/roles/docker-compose/files/synapse/config/homeserver.yaml

@@ -2273,11 +2273,23 @@ sso:
     #audiences:
     #    - "provided-by-your-issuer"
 
+oidc_providers:
+  - idp_id: keycloak
+        idp_name: "Corp Login"
+    issuer: "https://idp.corp-serv.net/realms/MAT"
+    client_id: "synapse"
+    client_secret: "vulBbPIatTqthf3wVgWbXjrLa00Ejk913gQEqgFhZm6FTJj4rc5CWgGGIBjH6CBDaAmeyZ4Tgs0iK7w9tannkaY8u3ziW4vhU0Ji"
+    scopes: ["openid", "profile"]
+    user_mapping_provider:
+      config:
+        localpart_template: "{{ user.preferred_username }}"
+        display_name_template: "{{ user.name }}"
+    backchannel_logout_enabled: true
 
 password_config:
    # Uncomment to disable password login
    #
-   #enabled: false
+   enabled: false
 
    # Uncomment to disable authentication against the local password
    # database. This is ignored if enabled is false, and is only useful

ansible/roles/docker-compose/files/synapse/docker-compose.yaml

@@ -7,6 +7,8 @@ services:
     volumes:
       - /mnt/synapse_data:/data
       - ./config:/config
+    ports:
+      - "8008:8008/tcp"
     command:
       - run
       - --config-path=/config/homeserver.yaml

ansible/roles/docker-compose/files/synapse/nginx/synapse.conf

@@ -34,6 +34,6 @@ server {
       proxy_read_timeout 600s;
       send_timeout 600s;
 
-      proxy_pass http://localhost:8008;
+      proxy_pass http://synapse:8008;
     }
 }