summary refs log tree commit diff
diff options
context:
space:
mode:
authorTravis Ralston <travpc@gmail.com>2019-09-13 01:58:18 -0600
committerRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-09-13 08:58:18 +0100
commitc755955f335984dc6f97a269b57ad955f257ef8f (patch)
tree90edf3327e18eba7fe18c2bd6e91e30ffdf55685
parentFix for structured logging tests stomping on logs (#6023) (diff)
downloadsynapse-c755955f335984dc6f97a269b57ad955f257ef8f.tar.xz
Add developer docs for using SAML without a server (#6032)
-rw-r--r--changelog.d/6032.misc1
-rw-r--r--docs/dev/saml.md37
2 files changed, 38 insertions, 0 deletions
diff --git a/changelog.d/6032.misc b/changelog.d/6032.misc
new file mode 100644
index 0000000000..ec5b5eb881
--- /dev/null
+++ b/changelog.d/6032.misc
@@ -0,0 +1 @@
+Add developer documentation for using SAML2.
diff --git a/docs/dev/saml.md b/docs/dev/saml.md
new file mode 100644
index 0000000000..f41aadce47
--- /dev/null
+++ b/docs/dev/saml.md
@@ -0,0 +1,37 @@
+# How to test SAML as a developer without a server
+
+https://capriza.github.io/samling/samling.html (https://github.com/capriza/samling) is a great
+resource for being able to tinker with the SAML options within Synapse without needing to
+deploy and configure a complicated software stack.
+
+To make Synapse (and therefore Riot) use it:
+
+1. Use the samling.html URL above or deploy your own and visit the IdP Metadata tab.
+2. Copy the XML to your clipboard.
+3. On your Synapse server, create a new file `samling.xml` next to your `homeserver.yaml` with
+   the XML from step 2 as the contents.
+4. Edit your `homeserver.yaml` to include:
+   ```yaml
+   saml2_config:
+     sp_config:
+       allow_unknown_attributes: true  # Works around a bug with AVA Hashes: https://github.com/IdentityPython/pysaml2/issues/388
+       metadata:
+         local: ["samling.xml"]   
+   ```
+5. Run `apt-get install xmlsec1` and `pip install --upgrade --force 'pysaml2>=4.5.0'` to ensure
+   the dependencies are installed and ready to go.
+6. Restart Synapse.
+
+Then in Riot:
+
+1. Visit the login page with a Riot pointing at your homeserver.
+2. Click the Single Sign-On button.
+3. On the samling page, enter a Name Identifier and add a SAML Attribute for `uid=your_localpart`.
+   The response must also be signed.
+4. Click "Next".
+5. Click "Post Response" (change nothing).
+6. You should be logged in.
+
+If you try and repeat this process, you may be automatically logged in using the information you
+gave previously. To fix this, open your developer console (`F12` or `Ctrl+Shift+I`) while on the
+samling page and clear the site data. In Chrome, this will be a button on the Application tab.