Add Authelia OIDC for Synapse.

This commit is contained in:
Viyurz 2024-05-09 11:22:22 +02:00
parent b544f9a78d
commit c0f8721a00
Signed by: Viyurz
SSH key fingerprint: SHA256:IskOHTmhHSJIvAt04N6aaxd5SZCVWW1Guf9tEcxIMj8
3 changed files with 45 additions and 1 deletions

View file

@ -69,4 +69,18 @@ notifier:
password: '{{ authelia_secrets["smtp_password"] }}' password: '{{ authelia_secrets["smtp_password"] }}'
sender: 'Authelia <authelia@{{ domain }}>' sender: 'Authelia <authelia@{{ domain }}>'
# identity_providers: identity_providers:
oidc:
hmac_secret: '{{ authelia_secrets["hmac_secret"] }}'
jwks:
- key: |
{{ authelia_secrets["jwks_key"] | indent(width=10) }}
clients:
- client_id: '{{ synapse_secrets["oidc_client_id"] }}'
client_name: Synapse
client_secret: '{{ synapse_secrets["oidc_client_secret_hash"] }}'
redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
scopes:
- 'openid'
- 'profile'
- 'email'

View file

@ -104,3 +104,25 @@ signing_key_path: "/data/{{ domain }}.signing.key"
trusted_key_servers: trusted_key_servers:
- server_name: "matrix.org" - server_name: "matrix.org"
suppress_key_server_warning: true suppress_key_server_warning: true
# Single sign-on integration
oidc_providers:
- idp_id: authelia
idp_name: "Authelia"
idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
discover: false
issuer: "https://auth.{{ domain }}"
client_id: '{{ synapse_secrets["oidc_client_id"] }}'
client_secret: '{{ synapse_secrets["oidc_client_secret"] }}'
scopes: ["openid", "profile", "email"]
authorization_endpoint: 'https://auth.{{ domain }}/api/oidc/authorization'
token_endpoint: 'https://auth.{{ domain }}/api/oidc/token'
jwks_uri: 'https://auth.{{ domain }}/jwks.json'
allow_existing_users: true
user_mapping_provider:
config:
subject_claim: "sub"
localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
email_template: "{% raw %}{{ user.email }}{% endraw %}"

View file

@ -12,6 +12,8 @@ cifs_credentials:
authelia_secrets: authelia_secrets:
# Encryption key for the database, must be saved # Encryption key for the database, must be saved
encryption_key: encryption_key:
hmac_secret:
jwks_key: | # openssl genrsa 4096
jwt_secret: jwt_secret:
# LDAP bind dn # LDAP bind dn
ldap_user: ldap_user:
@ -21,6 +23,7 @@ authelia_secrets:
smtp_user: smtp_user:
smtp_password: smtp_password:
coturn_secrets: coturn_secrets:
static_auth_secret: static_auth_secret:
@ -48,6 +51,11 @@ searxng_secrets:
searxng_secret: searxng_secret:
synapse_secrets: synapse_secrets:
# docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
oidc_client_id:
# Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
oidc_client_secret:
oidc_client_secret_hash:
smtp_user: smtp_user:
smtp_pass: smtp_pass:
postgres_user: postgres_user: