From eb4fbb70fd44baff8c767775f8412d040511fb34 Mon Sep 17 00:00:00 2001
From: DMRobertson <DMRobertson@users.noreply.github.com>
Date: Wed, 30 Aug 2023 11:42:28 +0000
Subject: deploy: 8c56e18e4786a28bedbafb1a73fd1abc8806933f

---
 .../usage/configuration/config_documentation.html  | 36 ++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

(limited to 'latest/usage/configuration/config_documentation.html')

diff --git a/latest/usage/configuration/config_documentation.html b/latest/usage/configuration/config_documentation.html
index 1719e87a65..9ac6706349 100644
--- a/latest/usage/configuration/config_documentation.html
+++ b/latest/usage/configuration/config_documentation.html
@@ -2640,6 +2640,16 @@ enable SAML login. You can either put your entire pysaml config inline using the
 option, or you can specify a path to a psyaml config file with the sub-option <code>config_path</code>.
 This setting has the following sub-options:</p>
 <ul>
+<li><code>idp_name</code>: A user-facing name for this identity provider, which is used to
+offer the user a choice of login mechanisms.</li>
+<li><code>idp_icon</code>: An optional icon for this identity provider, which is presented
+by clients and Synapse's own IdP picker page. If given, must be an
+MXC URI of the format <code>mxc://&lt;server-name&gt;/&lt;media-id&gt;</code>. (An easy way to
+obtain such an MXC URI is to upload an image to an (unencrypted) room
+and then copy the &quot;url&quot; from the source of the event.)</li>
+<li><code>idp_brand</code>: An optional brand for this identity provider, allowing clients
+to style the login flow according to the identity provider in question.
+See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</li>
 <li><code>sp_config</code>: the configuration for the pysaml2 Service Provider. See pysaml2 docs for format of config.
 Default values will be used for the <code>entityid</code> and <code>service</code> settings,
 so it is not normally necessary to specify them unless you need to
@@ -2798,7 +2808,7 @@ offer the user a choice of login mechanisms.</p>
 <li>
 <p><code>idp_icon</code>: An optional icon for this identity provider, which is presented
 by clients and Synapse's own IdP picker page. If given, must be an
-MXC URI of the format mxc://<server-name>/<media-id>. (An easy way to
+MXC URI of the format <code>mxc://&lt;server-name&gt;/&lt;media-id&gt;</code>. (An easy way to
 obtain such an MXC URI is to upload an image to an (unencrypted) room
 and then copy the &quot;url&quot; from the source of the event.)</p>
 </li>
@@ -2820,7 +2830,15 @@ is enabled) to discover the provider's endpoints.</p>
 </li>
 <li>
 <p><code>client_secret</code>: oauth2 client secret to use. May be omitted if
-<code>client_secret_jwt_key</code> is given, or if <code>client_auth_method</code> is 'none'.</p>
+<code>client_secret_jwt_key</code> is given, or if <code>client_auth_method</code> is 'none'.
+Must be omitted if <code>client_secret_path</code> is specified.</p>
+</li>
+<li>
+<p><code>client_secret_path</code>: path to the oauth2 client secret to use. With that
+it's not necessary to leak secrets into the config file itself.
+Mutually exclusive with <code>client_secret</code>. Can be omitted if
+<code>client_secret_jwt_key</code> is specified.</p>
+<p><em>Added in Synapse 1.91.0.</em></p>
 </li>
 <li>
 <p><code>client_secret_jwt_key</code>: Alternative to client_secret: details of a key used
@@ -3042,6 +3060,16 @@ Has the following sub-options:</p>
 <ul>
 <li><code>enabled</code>: Set this to true to enable authorization against a CAS server.
 Defaults to false.</li>
+<li><code>idp_name</code>: A user-facing name for this identity provider, which is used to
+offer the user a choice of login mechanisms.</li>
+<li><code>idp_icon</code>: An optional icon for this identity provider, which is presented
+by clients and Synapse's own IdP picker page. If given, must be an
+MXC URI of the format <code>mxc://&lt;server-name&gt;/&lt;media-id&gt;</code>. (An easy way to
+obtain such an MXC URI is to upload an image to an (unencrypted) room
+and then copy the &quot;url&quot; from the source of the event.)</li>
+<li><code>idp_brand</code>: An optional brand for this identity provider, allowing clients
+to style the login flow according to the identity provider in question.
+See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</li>
 <li><code>server_url</code>: The URL of the CAS authorization endpoint.</li>
 <li><code>displayname_attribute</code>: The attribute of the CAS response to use as the display name.
 If no name is given here, no displayname will be set.</li>
@@ -3265,12 +3293,16 @@ user does not share a room with the requester.</p>
 If set to true, local users are more likely to appear above remote users when searching the
 user directory. Defaults to false.</p>
 </li>
+<li>
+<p><code>show_locked_users</code>: Defines whether to show locked users in search query results. Defaults to false.</p>
+</li>
 </ul>
 <p>Example configuration:</p>
 <pre><code class="language-yaml">user_directory:
     enabled: false
     search_all_users: true
     prefer_local_users: true
+    show_locked_users: true
 </code></pre>
 <hr />
 <h3 id="user_consent"><a class="header" href="#user_consent"><code>user_consent</code></a></h3>
-- 
cgit 1.5.1