summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2020-08-11 16:08:10 +0100
committerGitHub <noreply@github.com>2020-08-11 16:08:10 +0100
commit0cb169900ebd39b6f46dbff1b1909cc5b3c17493 (patch)
treef903fd61691b639be7deff59f819b83db3a15c51 /docs
parentMerge remote-tracking branch 'origin/master' into develop (diff)
downloadsynapse-0cb169900ebd39b6f46dbff1b1909cc5b3c17493.tar.xz
Implement login blocking based on SAML attributes (#8052)
Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the
error handling.

Fixes #8047
Diffstat (limited to 'docs')
-rw-r--r--docs/sample_config.yaml11
1 files changed, 11 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index fe85978a1f..9235b89fb1 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1577,6 +1577,17 @@ saml2_config:
   #
   #grandfathered_mxid_source_attribute: upn
 
+  # It is possible to configure Synapse to only allow logins if SAML attributes
+  # match particular values. The requirements can be listed under
+  # `attribute_requirements` as shown below. All of the listed attributes must
+  # match for the login to be permitted.
+  #
+  #attribute_requirements:
+  #  - attribute: userGroup
+  #    value: "staff"
+  #  - attribute: department
+  #    value: "sales"
+
   # Directory in which Synapse will try to find the template files below.
   # If not set, default templates from within the Synapse package will be used.
   #