diff options
author | Travis Ralston <travpc@gmail.com> | 2019-09-13 01:58:18 -0600 |
---|---|---|
committer | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-09-13 08:58:18 +0100 |
commit | c755955f335984dc6f97a269b57ad955f257ef8f (patch) | |
tree | 90edf3327e18eba7fe18c2bd6e91e30ffdf55685 | |
parent | Fix for structured logging tests stomping on logs (#6023) (diff) | |
download | synapse-c755955f335984dc6f97a269b57ad955f257ef8f.tar.xz |
Add developer docs for using SAML without a server (#6032)
-rw-r--r-- | changelog.d/6032.misc | 1 | ||||
-rw-r--r-- | docs/dev/saml.md | 37 |
2 files changed, 38 insertions, 0 deletions
diff --git a/changelog.d/6032.misc b/changelog.d/6032.misc new file mode 100644 index 0000000000..ec5b5eb881 --- /dev/null +++ b/changelog.d/6032.misc @@ -0,0 +1 @@ +Add developer documentation for using SAML2. diff --git a/docs/dev/saml.md b/docs/dev/saml.md new file mode 100644 index 0000000000..f41aadce47 --- /dev/null +++ b/docs/dev/saml.md @@ -0,0 +1,37 @@ +# How to test SAML as a developer without a server + +https://capriza.github.io/samling/samling.html (https://github.com/capriza/samling) is a great +resource for being able to tinker with the SAML options within Synapse without needing to +deploy and configure a complicated software stack. + +To make Synapse (and therefore Riot) use it: + +1. Use the samling.html URL above or deploy your own and visit the IdP Metadata tab. +2. Copy the XML to your clipboard. +3. On your Synapse server, create a new file `samling.xml` next to your `homeserver.yaml` with + the XML from step 2 as the contents. +4. Edit your `homeserver.yaml` to include: + ```yaml + saml2_config: + sp_config: + allow_unknown_attributes: true # Works around a bug with AVA Hashes: https://github.com/IdentityPython/pysaml2/issues/388 + metadata: + local: ["samling.xml"] + ``` +5. Run `apt-get install xmlsec1` and `pip install --upgrade --force 'pysaml2>=4.5.0'` to ensure + the dependencies are installed and ready to go. +6. Restart Synapse. + +Then in Riot: + +1. Visit the login page with a Riot pointing at your homeserver. +2. Click the Single Sign-On button. +3. On the samling page, enter a Name Identifier and add a SAML Attribute for `uid=your_localpart`. + The response must also be signed. +4. Click "Next". +5. Click "Post Response" (change nothing). +6. You should be logged in. + +If you try and repeat this process, you may be automatically logged in using the information you +gave previously. To fix this, open your developer console (`F12` or `Ctrl+Shift+I`) while on the +samling page and clear the site data. In Chrome, this will be a button on the Application tab. |