From 4aa8c47ffeb20d5d9d3172d6f9428c44a98e41c8 Mon Sep 17 00:00:00 2001 From: reivilibre Date: Thu, 28 Oct 2021 10:31:48 +0000 Subject: deploy: a19bf32a03cbc43169f1076c002287f193bffa4a --- develop/openid.html | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'develop/openid.html') diff --git a/develop/openid.html b/develop/openid.html index b774d7fe45..8d67198368 100644 --- a/develop/openid.html +++ b/develop/openid.html @@ -371,6 +371,40 @@ to install Dex.

localpart_template: "{{ user.preferred_username }}" display_name_template: "{{ user.name }}" +

Authentik

+

Authentik is an open-source IdP solution.

+
    +
  1. Create a provider in Authentik, with type OAuth2/OpenID.
    2. +
  2. The parameters are:
    3. +
+ +
    +
  1. Create an application for synapse in Authentik and link it to the provider.
    2. +
  2. Note the slug of your application, Client ID and Client Secret.
    3. +
+

Synapse config:

+
oidc_providers:
+  - idp_id: authentik
+    idp_name: authentik
+    discover: true
+    issuer: "https://your.authentik.example.org/application/o/your-app-slug/" # TO BE FILLED: domain and slug
+    client_id: "your client id" # TO BE FILLED
+    client_secret: "your client secret" # TO BE FILLED
+    scopes:
+      - "openid"
+      - "profile"
+      - "email"
+    user_mapping_provider:
+      config:
+        localpart_template: "{{ user.preferred_username }}}"
+        display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
+

GitHub

GitHub is a bit special as it is not an OpenID Connect compliant provider, but just a regular OAuth2 provider.

-- cgit 1.4.1