diff options
| author | reivilibre <reivilibre@users.noreply.github.com> | 2021-10-28 10:31:48 +0000 |
|---|---|---|
| committer | reivilibre <reivilibre@users.noreply.github.com> | 2021-10-28 10:31:48 +0000 |
| commit | 4aa8c47ffeb20d5d9d3172d6f9428c44a98e41c8 (patch) | |
| tree | 75adbf5aff4060ebd03f034627ba036a1d7abaf5 /develop/openid.html | |
| parent | deploy: c7a5e49664ab0bd18a57336e282fa6c3b9a17ca0 (diff) | |
| download | synapse-4aa8c47ffeb20d5d9d3172d6f9428c44a98e41c8.tar.xz | |
deploy: a19bf32a03cbc43169f1076c002287f193bffa4a
Diffstat (limited to 'develop/openid.html')
| -rw-r--r-- | develop/openid.html | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/develop/openid.html b/develop/openid.html index b774d7fe45..8d67198368 100644 --- a/develop/openid.html +++ b/develop/openid.html @@ -371,6 +371,40 @@ to install Dex.</p> localpart_template: "{{ user.preferred_username }}" display_name_template: "{{ user.name }}" </code></pre> +<h3 id="authentik"><a class="header" href="#authentik">Authentik</a></h3> +<p><a href="https://goauthentik.io/">Authentik</a> is an open-source IdP solution.</p> +<ol> +<li>Create a provider in Authentik, with type OAuth2/OpenID.</li> +<li>The parameters are:</li> +</ol> +<ul> +<li>Client Type: Confidential</li> +<li>JWT Algorithm: RS256</li> +<li>Scopes: OpenID, Email and Profile</li> +<li>RSA Key: Select any available key</li> +<li>Redirect URIs: <code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li> +</ul> +<ol start="3"> +<li>Create an application for synapse in Authentik and link it to the provider.</li> +<li>Note the slug of your application, Client ID and Client Secret.</li> +</ol> +<p>Synapse config:</p> +<pre><code class="language-yaml">oidc_providers: + - idp_id: authentik + idp_name: authentik + discover: true + issuer: "https://your.authentik.example.org/application/o/your-app-slug/" # TO BE FILLED: domain and slug + client_id: "your client id" # TO BE FILLED + client_secret: "your client secret" # TO BE FILLED + scopes: + - "openid" + - "profile" + - "email" + user_mapping_provider: + config: + localpart_template: "{{ user.preferred_username }}}" + display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize. +</code></pre> <h3 id="github"><a class="header" href="#github">GitHub</a></h3> <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but just a regular OAuth2 provider.</p> |