Add Authelia OIDC for Synapse.
This commit is contained in:
parent
b544f9a78d
commit
c0f8721a00
3 changed files with 45 additions and 1 deletions
|
@ -69,4 +69,18 @@ notifier:
|
||||||
password: '{{ authelia_secrets["smtp_password"] }}'
|
password: '{{ authelia_secrets["smtp_password"] }}'
|
||||||
sender: 'Authelia <authelia@{{ domain }}>'
|
sender: 'Authelia <authelia@{{ domain }}>'
|
||||||
|
|
||||||
# identity_providers:
|
identity_providers:
|
||||||
|
oidc:
|
||||||
|
hmac_secret: '{{ authelia_secrets["hmac_secret"] }}'
|
||||||
|
jwks:
|
||||||
|
- key: |
|
||||||
|
{{ authelia_secrets["jwks_key"] | indent(width=10) }}
|
||||||
|
clients:
|
||||||
|
- client_id: '{{ synapse_secrets["oidc_client_id"] }}'
|
||||||
|
client_name: Synapse
|
||||||
|
client_secret: '{{ synapse_secrets["oidc_client_secret_hash"] }}'
|
||||||
|
redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
|
||||||
|
scopes:
|
||||||
|
- 'openid'
|
||||||
|
- 'profile'
|
||||||
|
- 'email'
|
||||||
|
|
|
@ -104,3 +104,25 @@ signing_key_path: "/data/{{ domain }}.signing.key"
|
||||||
trusted_key_servers:
|
trusted_key_servers:
|
||||||
- server_name: "matrix.org"
|
- server_name: "matrix.org"
|
||||||
suppress_key_server_warning: true
|
suppress_key_server_warning: true
|
||||||
|
|
||||||
|
|
||||||
|
# Single sign-on integration
|
||||||
|
oidc_providers:
|
||||||
|
- idp_id: authelia
|
||||||
|
idp_name: "Authelia"
|
||||||
|
idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
|
||||||
|
discover: false
|
||||||
|
issuer: "https://auth.{{ domain }}"
|
||||||
|
client_id: '{{ synapse_secrets["oidc_client_id"] }}'
|
||||||
|
client_secret: '{{ synapse_secrets["oidc_client_secret"] }}'
|
||||||
|
scopes: ["openid", "profile", "email"]
|
||||||
|
authorization_endpoint: 'https://auth.{{ domain }}/api/oidc/authorization'
|
||||||
|
token_endpoint: 'https://auth.{{ domain }}/api/oidc/token'
|
||||||
|
jwks_uri: 'https://auth.{{ domain }}/jwks.json'
|
||||||
|
allow_existing_users: true
|
||||||
|
user_mapping_provider:
|
||||||
|
config:
|
||||||
|
subject_claim: "sub"
|
||||||
|
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
|
||||||
|
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
|
||||||
|
email_template: "{% raw %}{{ user.email }}{% endraw %}"
|
||||||
|
|
|
@ -12,6 +12,8 @@ cifs_credentials:
|
||||||
authelia_secrets:
|
authelia_secrets:
|
||||||
# Encryption key for the database, must be saved
|
# Encryption key for the database, must be saved
|
||||||
encryption_key:
|
encryption_key:
|
||||||
|
hmac_secret:
|
||||||
|
jwks_key: | # openssl genrsa 4096
|
||||||
jwt_secret:
|
jwt_secret:
|
||||||
# LDAP bind dn
|
# LDAP bind dn
|
||||||
ldap_user:
|
ldap_user:
|
||||||
|
@ -21,6 +23,7 @@ authelia_secrets:
|
||||||
smtp_user:
|
smtp_user:
|
||||||
smtp_password:
|
smtp_password:
|
||||||
|
|
||||||
|
|
||||||
coturn_secrets:
|
coturn_secrets:
|
||||||
static_auth_secret:
|
static_auth_secret:
|
||||||
|
|
||||||
|
@ -48,6 +51,11 @@ searxng_secrets:
|
||||||
searxng_secret:
|
searxng_secret:
|
||||||
|
|
||||||
synapse_secrets:
|
synapse_secrets:
|
||||||
|
# docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
|
||||||
|
oidc_client_id:
|
||||||
|
# Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
|
||||||
|
oidc_client_secret:
|
||||||
|
oidc_client_secret_hash:
|
||||||
smtp_user:
|
smtp_user:
|
||||||
smtp_pass:
|
smtp_pass:
|
||||||
postgres_user:
|
postgres_user:
|
||||||
|
|
Loading…
Reference in a new issue