ungleich-intern/matrix-docker-compose
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[synapse] outsource oidc_providers

Browse source
This commit is contained in:
Nico Schottelius 2024-02-23 18:24:35 +09:00
parent 4b48d1854f
commit f6b596ebe4
2 changed files with 32 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
ansible/inventory/runa.yml
View file

@ -62,6 +62,20 @@ runa:
postgres_password: "31913hkVN_L9b3i_0v1RX_ZJXx_AD564_MM_nz" postgres_password: "31913hkVN_L9b3i_0v1RX_ZJXx_AD564_MM_nz"
postgres_db: matrix-synapse-db postgres_db: matrix-synapse-db
postgres_host: postgresql-mtx.lat.internal.ru.com postgres_host: postgresql-mtx.lat.internal.ru.com
oidc_providers: |
- idp_id: keycloak
idp_name: "Corp Login"
issuer: "https://idp.corp-serv.net/realms/MAT/"
client_id: "synapse"
client_secret: "vulBbPIatTqthf3wVgWbXjrLa00Ejk913gQEqgFhZm6FTJj4rc5CWgGGIBjH6CBDaAmeyZ4Tgs0iK7w9tannkaY8u3ziW4vhU0Ji"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
localpart_template: "{{ '{{' }} user.preferred_username {{ '}}' }}"
display_name_template: "{{ '{{' }} user.name {{ '}}' }}"
subject_template: "{{ '{{' }} user.preferred_username {{ '}}' }}"
backchannel_logout_enabled: true
hosts: hosts:
mtx-elem-1.lat.internal.ru.com: mtx-elem-1.lat.internal.ru.com:
matrix_service: "elementweb" matrix_service: "elementweb"
@ -96,10 +110,23 @@ runa:
- turns:mtx-turn-1.lta.internal.ru.com?transport=tcp - turns:mtx-turn-1.lta.internal.ru.com?transport=tcp
- turns:mtx-turn-1.lta.internal.ru.com?transport=udp - turns:mtx-turn-1.lta.internal.ru.com?transport=udp
turn_shared_secret: "ushaHimahxi6eisaeV4Chu0quaeyeish" turn_shared_secret: "ushaHimahxi6eisaeV4Chu0quaeyeish"
postgres_user: matrix-synapseTBD postgres_user: matrix-synapse
postgres_password: "TBD" postgres_password: "0Dt9G739GRUpb9dgSgWG"
postgres_db: matrix-synapse-dbTBD postgres_db: matrix-synapse-db
postgres_host: TBDpostgresql-mtx.lta.internal.ru.com postgres_host: postgresql-mtx.ltrudev.internal
oidc_providers: |
- idp_id: keycloak
idp_name: "FIXME Login"
issuer: "https://idp.FIXMEcorp-serv.net/realms/MAT/"
client_id: "synapseFIXME"
client_secret: "FIXME"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
localpart_template: "{{ '{{' }} user.preferred_username {{ '}}' }}"
display_name_template: "{{ '{{' }} user.name {{ '}}' }}"
subject_template: "{{ '{{' }} user.preferred_username {{ '}}' }}"
backchannel_logout_enabled: true
hosts: hosts:
mtx-mngm-1.lta.internal.ru.com: mtx-mngm-1.lta.internal.ru.com:
matrix_service: "synapse-admin" matrix_service: "synapse-admin"

13
ansible/roles/synapse/templates/synapse/homeserver.yaml
View file

@ -2319,18 +2319,7 @@ sso:
# - "provided-by-your-issuer" # - "provided-by-your-issuer"
oidc_providers: oidc_providers:
- idp_id: keycloak {{ matrix.oidc_providers | indent(width=2, first=True) }}
idp_name: "Corp Login"
issuer: "https://idp.corp-serv.net/realms/MAT/"
client_id: "synapse"
client_secret: "vulBbPIatTqthf3wVgWbXjrLa00Ejk913gQEqgFhZm6FTJj4rc5CWgGGIBjH6CBDaAmeyZ4Tgs0iK7w9tannkaY8u3ziW4vhU0Ji"
scopes: ["openid", "profile"]
user_mapping_provider:
config:
localpart_template: "{{ '{{' }} user.preferred_username {{ '}}' }}"
display_name_template: "{{ '{{' }} user.name {{ '}}' }}"
subject_template: "{{ '{{' }} user.preferred_username {{ '}}' }}"
backchannel_logout_enabled: true
password_config: password_config:
# Uncomment to disable password login # Uncomment to disable password login