summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2019-09-13 15:20:49 +0100
committerRichard van der Hoff <richard@matrix.org>2019-09-13 16:01:46 +0100
commita8ac40445c98b9e1fc2538d7d4ec49c80b0298ac (patch)
treee506896dcaa02f826ffe0e5e1c859acabb290626 /docs
parentMake the sample saml config closer to our standards (diff)
downloadsynapse-a8ac40445c98b9e1fc2538d7d4ec49c80b0298ac.tar.xz
Record mappings from saml users in an external table
We want to assign unique mxids to saml users based on an incrementing
suffix. For that to work, we need to record the allocated mxid in a separate
table.
Diffstat (limited to 'docs')
-rw-r--r--docs/sample_config.yaml26
1 files changed, 26 insertions, 0 deletions
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 8cfc5c312a..9021fe2cb8 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1099,6 +1099,32 @@ saml2_config:
   #
   #saml_session_lifetime: 5m
 
+  # The SAML attribute (after mapping via the attribute maps) to use to derive
+  # the Matrix ID from. 'uid' by default.
+  #
+  #mxid_source_attribute: displayName
+
+  # The mapping system to use for mapping the saml attribute onto a matrix ID.
+  # Options include:
+  #  * 'hexencode' (which maps unpermitted characters to '=xx')
+  #  * 'dotreplace' (which replaces unpermitted characters with '.').
+  # The default is 'hexencode'.
+  #
+  #mxid_mapping: dotreplace
+
+  # In previous versions of synapse, the mapping from SAML attribute to MXID was
+  # always calculated dynamically rather than stored in a table. For backwards-
+  # compatibility, we will look for user_ids matching such a pattern before
+  # creating a new account.
+  #
+  # This setting controls the SAML attribute which will be used for this
+  # backwards-compatibility lookup. Typically it should be 'uid', but if the
+  # attribute maps are changed, it may be necessary to change it.
+  #
+  # The default is 'uid'.
+  #
+  #grandfathered_mxid_source_attribute: upn
+
 
 
 # Enable CAS for registration and login.