diff options
author | Marcus Schopen <lists@localguru.de> | 2020-11-18 13:36:28 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-18 07:36:28 -0500 |
commit | d356588339db627397e84e98d3468a4c996253ab (patch) | |
tree | d6d48f880128812cb396665a4da3a9e3be0ad6ea | |
parent | Merge branch 'master' into develop (diff) | |
download | synapse-d356588339db627397e84e98d3468a4c996253ab.tar.xz |
SAML: Document allowing a clock/time difference from IdP (#8731)
Updates the sample configuration with the pysaml2 configuration for accepting clock skew/drift between the homeserver and IdP.
Diffstat (limited to '')
-rw-r--r-- | changelog.d/8731.misc | 1 | ||||
-rw-r--r-- | docs/sample_config.yaml | 6 | ||||
-rw-r--r-- | synapse/config/saml2_config.py | 6 |
3 files changed, 13 insertions, 0 deletions
diff --git a/changelog.d/8731.misc b/changelog.d/8731.misc new file mode 100644 index 0000000000..df5882e960 --- /dev/null +++ b/changelog.d/8731.misc @@ -0,0 +1 @@ +Add an example and documentation for clock skew to the SAML2 sample configuration to allow for clock/time difference between the homserver and IdP. Contributed by @localguru. diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index e9e77ca94e..bedc147770 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1546,6 +1546,12 @@ saml2_config: # remote: # - url: https://our_idp/metadata.xml + # Allowed clock difference in seconds between the homeserver and IdP. + # + # Uncomment the below to increase the accepted time difference from 0 to 3 seconds. + # + #accepted_time_diff: 3 + # By default, the user has to go to our login page first. If you'd like # to allow IdP-initiated login, set 'allow_unsolicited: true' in a # 'service.sp' section: diff --git a/synapse/config/saml2_config.py b/synapse/config/saml2_config.py index 2ff7dfb311..f233854941 100644 --- a/synapse/config/saml2_config.py +++ b/synapse/config/saml2_config.py @@ -256,6 +256,12 @@ class SAML2Config(Config): # remote: # - url: https://our_idp/metadata.xml + # Allowed clock difference in seconds between the homeserver and IdP. + # + # Uncomment the below to increase the accepted time difference from 0 to 3 seconds. + # + #accepted_time_diff: 3 + # By default, the user has to go to our login page first. If you'd like # to allow IdP-initiated login, set 'allow_unsolicited: true' in a # 'service.sp' section: |