diff options
| author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-07-02 11:18:11 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-02 11:18:11 +0100 |
| commit | 6eecb6e500776bb6b72536458a9529985a819bfd (patch) | |
| tree | 9a86ec961b14b31dfda91b81cb56b42340bcb569 /docs/sample_config.yaml | |
| parent | Merge pull request #5587 from matrix-org/erikj/fix_synctl (diff) | |
| parent | Merge branch 'develop' into rav/saml2_client (diff) | |
| download | synapse-6eecb6e500776bb6b72536458a9529985a819bfd.tar.xz | |
Complete the SAML2 implementation (#5422)
* SAML2 Improvements and redirect stuff Signed-off-by: Alexander Trost <galexrt@googlemail.com> * Code cleanups and simplifications. Also: share the saml client between redirect and response handlers. * changelog * Revert redundant changes to static js * Move all the saml stuff out to a centralised handler * Add support for tracking SAML2 sessions. This allows us to correctly handle `allow_unsolicited: False`. * update sample config * cleanups * update sample config * rename BaseSSORedirectServlet for consistency * Address review comments
Diffstat (limited to 'docs/sample_config.yaml')
| -rw-r--r-- | docs/sample_config.yaml | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index bf9cd88b15..7fe7c94ac4 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -997,6 +997,12 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key" # so it is not normally necessary to specify them unless you need to # override them. # +# Once SAML support is enabled, a metadata file will be exposed at +# https://<server>:<port>/_matrix/saml2/metadata.xml, which you may be able to +# use to configure your SAML IdP with. Alternatively, you can manually configure +# the IdP to use an ACS location of +# https://<server>:<port>/_matrix/saml2/authn_response. +# #saml2_config: # sp_config: # # point this to the IdP's metadata. You can use either a local file or @@ -1006,7 +1012,15 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key" # remote: # - url: https://our_idp/metadata.xml # -# # The rest of sp_config is just used to generate our metadata xml, and you +# # By default, the user has to go to our login page first. If you'd like to +# # allow IdP-initiated login, set 'allow_unsolicited: True' in a +# # 'service.sp' section: +# # +# #service: +# # sp: +# # allow_unsolicited: True +# +# # The examples below are just used to generate our metadata xml, and you # # may well not need it, depending on your setup. Alternatively you # # may need a whole lot more detail - see the pysaml2 docs! # @@ -1029,6 +1043,12 @@ signing_key_path: "CONFDIR/SERVERNAME.signing.key" # # separate pysaml2 configuration file: # # # config_path: "CONFDIR/sp_conf.py" +# +# # the lifetime of a SAML session. This defines how long a user has to +# # complete the authentication process, if allow_unsolicited is unset. +# # The default is 5 minutes. +# # +# # saml_session_lifetime: 5m |