diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2021-03-29 15:40:11 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-29 15:40:11 +0100 |
commit | 4bbd53545041c9295fbae5dd0cefdd66d55d0b53 (patch) | |
tree | b7c8705631445e676df6096d416629949e1f409e | |
parent | Fix CI by ignore type for None module import (#9709) (diff) | |
download | synapse-4bbd53545041c9295fbae5dd0cefdd66d55d0b53.tar.xz |
Update the OIDC sample config (#9695)
I've reiterated the advice about using `oidc` to migrate, since I've seen a few people caught by this. I've also removed a couple of the examples as they are duplicating the OIDC documentation, and I think they might be leading people astray.
-rw-r--r-- | changelog.d/9695.doc | 1 | ||||
-rw-r--r-- | docs/sample_config.yaml | 34 | ||||
-rw-r--r-- | synapse/config/oidc_config.py | 34 |
3 files changed, 7 insertions, 62 deletions
diff --git a/changelog.d/9695.doc b/changelog.d/9695.doc new file mode 100644 index 0000000000..cf82e68a85 --- /dev/null +++ b/changelog.d/9695.doc @@ -0,0 +1 @@ +Update the sample configuration for OIDC authentication. diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index 07a928224d..17cda71adc 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1758,6 +1758,9 @@ saml2_config: # Note that, if this is changed, users authenticating via that provider # will no longer be recognised as the same user! # +# (Use "oidc" here if you are migrating from an old "oidc_config" +# configuration.) +# # idp_name: A user-facing name for this identity provider, which is used to # offer the user a choice of login mechanisms. # @@ -1927,37 +1930,6 @@ oidc_providers: # - attribute: userGroup # value: "synapseUsers" - # For use with Keycloak - # - #- idp_id: keycloak - # idp_name: Keycloak - # issuer: "https://127.0.0.1:8443/auth/realms/my_realm_name" - # client_id: "synapse" - # client_secret: "copy secret generated in Keycloak UI" - # scopes: ["openid", "profile"] - # attribute_requirements: - # - attribute: groups - # value: "admin" - - # For use with Github - # - #- idp_id: github - # idp_name: Github - # idp_brand: github - # discover: false - # issuer: "https://github.com/" - # client_id: "your-client-id" # TO BE FILLED - # client_secret: "your-client-secret" # TO BE FILLED - # authorization_endpoint: "https://github.com/login/oauth/authorize" - # token_endpoint: "https://github.com/login/oauth/access_token" - # userinfo_endpoint: "https://api.github.com/user" - # scopes: ["read:user"] - # user_mapping_provider: - # config: - # subject_claim: "id" - # localpart_template: "{{ user.login }}" - # display_name_template: "{{ user.name }}" - # Enable Central Authentication Service (CAS) for registration and login. # diff --git a/synapse/config/oidc_config.py b/synapse/config/oidc_config.py index 747ab9a7fe..05733ec41d 100644 --- a/synapse/config/oidc_config.py +++ b/synapse/config/oidc_config.py @@ -79,6 +79,9 @@ class OIDCConfig(Config): # Note that, if this is changed, users authenticating via that provider # will no longer be recognised as the same user! # + # (Use "oidc" here if you are migrating from an old "oidc_config" + # configuration.) + # # idp_name: A user-facing name for this identity provider, which is used to # offer the user a choice of login mechanisms. # @@ -247,37 +250,6 @@ class OIDCConfig(Config): # attribute_requirements: # - attribute: userGroup # value: "synapseUsers" - - # For use with Keycloak - # - #- idp_id: keycloak - # idp_name: Keycloak - # issuer: "https://127.0.0.1:8443/auth/realms/my_realm_name" - # client_id: "synapse" - # client_secret: "copy secret generated in Keycloak UI" - # scopes: ["openid", "profile"] - # attribute_requirements: - # - attribute: groups - # value: "admin" - - # For use with Github - # - #- idp_id: github - # idp_name: Github - # idp_brand: github - # discover: false - # issuer: "https://github.com/" - # client_id: "your-client-id" # TO BE FILLED - # client_secret: "your-client-secret" # TO BE FILLED - # authorization_endpoint: "https://github.com/login/oauth/authorize" - # token_endpoint: "https://github.com/login/oauth/access_token" - # userinfo_endpoint: "https://api.github.com/user" - # scopes: ["read:user"] - # user_mapping_provider: - # config: - # subject_claim: "id" - # localpart_template: "{{{{ user.login }}}}" - # display_name_template: "{{{{ user.name }}}}" """.format( mapping_provider=DEFAULT_USER_MAPPING_PROVIDER ) |