summary refs log tree commit diff
path: root/docs/sample_config.yaml
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2021-01-12 18:19:42 +0000
committerRichard van der Hoff <richard@matrix.org>2021-01-13 20:22:41 +0000
commit5310808d3bebd17275355ecd474bc013e8c7462d (patch)
tree51df032cf79426b849ef7c06933ed7aa8a8ca108 /docs/sample_config.yaml
parentAdd a test for UI-Auth-via-SSO (#9082) (diff)
downloadsynapse-5310808d3bebd17275355ecd474bc013e8c7462d.tar.xz
Give the user a better error when they present bad SSO creds
If a user tries to do UI Auth via SSO, but uses the wrong account on the SSO
IdP, try to give them a better error.

Previously, the UIA would claim to be successful, but then the operation in
question would simply fail with "auth fail". Instead, serve up an error page
which explains the failure.
Diffstat (limited to 'docs/sample_config.yaml')
-rw-r--r--docs/sample_config.yaml8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index c8ae46d1b3..9da351f9f3 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1969,6 +1969,14 @@ sso:
     #
     #   This template has no additional variables.
     #
+    # * HTML page shown after a user-interactive authentication session which
+    #   does not map correctly onto the expected user: 'sso_auth_bad_user.html'.
+    #
+    #   When rendering, this template is given the following variables:
+    #     * server_name: the homeserver's name.
+    #     * user_id_to_verify: the MXID of the user that we are trying to
+    #       validate.
+    #
     # * HTML page shown during single sign-on if a deactivated user (according to Synapse's database)
     #   attempts to login: 'sso_account_deactivated.html'.
     #