diff options
| author | reivilibre <reivilibre@users.noreply.github.com> | 2021-11-05 12:08:31 +0000 |
|---|---|---|
| committer | reivilibre <reivilibre@users.noreply.github.com> | 2021-11-05 12:08:31 +0000 |
| commit | d5dc3df251a411fc02e627c808f4c23aafb7bd4c (patch) | |
| tree | d90a03ca6e1c8c198eba06694e2a6c854b87fe93 /develop/openid.html | |
| parent | deploy: 499c44d69685c1c1e347ff252ad08f5dfe089a83 (diff) | |
| download | synapse-d5dc3df251a411fc02e627c808f4c23aafb7bd4c.tar.xz | |
deploy: 09cb441a043947ee367820b56d189c02f5fd35a6
Diffstat (limited to 'develop/openid.html')
| -rw-r--r-- | develop/openid.html | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/develop/openid.html b/develop/openid.html index 8d67198368..a80b7b4ec1 100644 --- a/develop/openid.html +++ b/develop/openid.html @@ -405,6 +405,39 @@ to install Dex.</p> localpart_template: "{{ user.preferred_username }}}" display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize. </code></pre> +<h3 id="lemonldap"><a class="header" href="#lemonldap">LemonLDAP</a></h3> +<p><a href="https://lemonldap-ng.org/">LemonLDAP::NG</a> is an open-source IdP solution.</p> +<ol> +<li>Create an OpenID Connect Relying Parties in LemonLDAP::NG</li> +<li>The parameters are:</li> +</ol> +<ul> +<li>Client ID under the basic menu of the new Relying Parties (<code>Options > Basic > Client ID</code>)</li> +<li>Client secret (<code>Options > Basic > Client secret</code>)</li> +<li>JWT Algorithm: RS256 within the security menu of the new Relying Parties +(<code>Options > Security > ID Token signature algorithm</code> and <code>Options > Security > Access Token signature algorithm</code>)</li> +<li>Scopes: OpenID, Email and Profile</li> +<li>Allowed redirection addresses for login (<code>Options > Basic > Allowed redirection addresses for login</code> ) : +<code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li> +</ul> +<p>Synapse config:</p> +<pre><code class="language-yaml">oidc_providers: + - idp_id: lemonldap + idp_name: lemonldap + discover: true + issuer: "https://auth.example.org/" # TO BE FILLED: replace with your domain + client_id: "your client id" # TO BE FILLED + client_secret: "your client secret" # TO BE FILLED + scopes: + - "openid" + - "profile" + - "email" + user_mapping_provider: + config: + localpart_template: "{{ user.preferred_username }}}" + # TO BE FILLED: If your users have names in LemonLDAP::NG and you want those in Synapse, this should be replaced with user.name|capitalize or any valid filter. + display_name_template: "{{ user.preferred_username|capitalize }}" +</code></pre> <h3 id="github"><a class="header" href="#github">GitHub</a></h3> <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but just a regular OAuth2 provider.</p> |