From f6b596ebe484517a902b47588846671409cfc4b9 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 23 Feb 2024 18:24:35 +0900 Subject: [PATCH] [synapse] outsource oidc_providers --- ansible/inventory/runa.yml | 35 ++++++++++++++++--- .../synapse/templates/synapse/homeserver.yaml | 13 +------ 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/ansible/inventory/runa.yml b/ansible/inventory/runa.yml index 8ee85e5..7843e34 100644 --- a/ansible/inventory/runa.yml +++ b/ansible/inventory/runa.yml @@ -62,6 +62,20 @@ runa: postgres_password: "31913hkVN_L9b3i_0v1RX_ZJXx_AD564_MM_nz" postgres_db: matrix-synapse-db postgres_host: postgresql-mtx.lat.internal.ru.com + oidc_providers: | + - idp_id: keycloak + idp_name: "Corp Login" + issuer: "https://idp.corp-serv.net/realms/MAT/" + client_id: "synapse" + client_secret: "vulBbPIatTqthf3wVgWbXjrLa00Ejk913gQEqgFhZm6FTJj4rc5CWgGGIBjH6CBDaAmeyZ4Tgs0iK7w9tannkaY8u3ziW4vhU0Ji" + scopes: ["openid", "profile"] + user_mapping_provider: + config: + localpart_template: "{{ '{{' }} user.preferred_username {{ '}}' }}" + display_name_template: "{{ '{{' }} user.name {{ '}}' }}" + subject_template: "{{ '{{' }} user.preferred_username {{ '}}' }}" + backchannel_logout_enabled: true + hosts: mtx-elem-1.lat.internal.ru.com: matrix_service: "elementweb" @@ -96,10 +110,23 @@ runa: - turns:mtx-turn-1.lta.internal.ru.com?transport=tcp - turns:mtx-turn-1.lta.internal.ru.com?transport=udp turn_shared_secret: "ushaHimahxi6eisaeV4Chu0quaeyeish" - postgres_user: matrix-synapseTBD - postgres_password: "TBD" - postgres_db: matrix-synapse-dbTBD - postgres_host: TBDpostgresql-mtx.lta.internal.ru.com + postgres_user: matrix-synapse + postgres_password: "0Dt9G739GRUpb9dgSgWG" + postgres_db: matrix-synapse-db + postgres_host: postgresql-mtx.ltrudev.internal + oidc_providers: | + - idp_id: keycloak + idp_name: "FIXME Login" + issuer: "https://idp.FIXMEcorp-serv.net/realms/MAT/" + client_id: "synapseFIXME" + client_secret: "FIXME" + scopes: ["openid", "profile"] + user_mapping_provider: + config: + localpart_template: "{{ '{{' }} user.preferred_username {{ '}}' }}" + display_name_template: "{{ '{{' }} user.name {{ '}}' }}" + subject_template: "{{ '{{' }} user.preferred_username {{ '}}' }}" + backchannel_logout_enabled: true hosts: mtx-mngm-1.lta.internal.ru.com: matrix_service: "synapse-admin" diff --git a/ansible/roles/synapse/templates/synapse/homeserver.yaml b/ansible/roles/synapse/templates/synapse/homeserver.yaml index b16a307..f219144 100755 --- a/ansible/roles/synapse/templates/synapse/homeserver.yaml +++ b/ansible/roles/synapse/templates/synapse/homeserver.yaml @@ -2319,18 +2319,7 @@ sso: # - "provided-by-your-issuer" oidc_providers: - - idp_id: keycloak - idp_name: "Corp Login" - issuer: "https://idp.corp-serv.net/realms/MAT/" - client_id: "synapse" - client_secret: "vulBbPIatTqthf3wVgWbXjrLa00Ejk913gQEqgFhZm6FTJj4rc5CWgGGIBjH6CBDaAmeyZ4Tgs0iK7w9tannkaY8u3ziW4vhU0Ji" - scopes: ["openid", "profile"] - user_mapping_provider: - config: - localpart_template: "{{ '{{' }} user.preferred_username {{ '}}' }}" - display_name_template: "{{ '{{' }} user.name {{ '}}' }}" - subject_template: "{{ '{{' }} user.preferred_username {{ '}}' }}" - backchannel_logout_enabled: true +{{ matrix.oidc_providers | indent(width=2, first=True) }} password_config: # Uncomment to disable password login