Synapse role

roles/synapse/templates/conf.d/sso.yaml.j2

@@ -0,0 +1,74 @@
+# {{ ansible_managed }}
+
+password_config:
+  enabled: false
+
+{% if synapse_sso_client_whitelist is defined %}
+sso:
+  client_whitelist:
+{% for client in synapse_sso_client_whitelist %}
+    - {{ client }}
+{% endfor %}
+{% endif %}
+
+oidc_providers:
+{% for provider in matrix_openidc_providers %}
+  - idp_id: "{{ provider.idp_id }}"
+    idp_name: "{{ provider.idp_name }}"
+{% if provider.idp_icon is defined %}
+    idp_icon: "{{ provider.idp_icon }}"
+{% endif %}
+{% if provider.idp_brand is defined %}
+    idp_brand: "{{ provider.idp_brand }}"
+{% endif %}
+    discover: {{ provider.discover | default(true) | bool | lower }}
+    issuer: "{{ provider.issuer }}"
+    client_id: "{{ provider.client_id }}"
+{% if provider.client_secret is defined %}
+    client_secret: "{{ provider.client_secret }}"
+{% else %}
+    client_secret_jwt_key: "{{ provider.client_secret_jwt_key }}"
+{% endif %}
+    client_auth_method: "{{ provider.client_auth_method | default('client_secret_basic') }}"
+    scopes: {{ provider.scopes }}
+{% if provider.discover == false %}
+    authorization_endpoint: "{{ provider.authorization_endpoint }}"
+    token_endpoint: "{{ provider.token_endpoint }}"
+{% if provider.userinfo_endpoint is defined %}
+    userinfo_endpoint: "{{ provider.userinfo_endpoint }}"
+{% endif %}
+{% if provider.jwks_uri is defined %}
+    jwks_uri: "{{ provider.jwks_uri }}"
+{% endif %}
+{% endif %}
+{% if provider.skip_verification is defined %}
+    skip_verification: "{{ provider.skip_verification }}"
+{% endif %}
+    user_profile_method: "{{ provider.user_profile_method | default('auto') }}"
+    allow_existing_users: {{ provider.allow_existing_users | default(false) | bool | lower }}
+{% if provider.user_mapping_provider is defined %}
+    user_mapping_provider:
+{% for mapping_provider in provider.user_mapping_provider %}
+        "{{ mapping_provider }}":
+{% if provider.user_mapping_provider[mapping_provider].subject_claim is defined %}
+          subject_claim: "{{ provider.user_mapping_provider[mapping_provider].subject_claim }}"
+{% endif %}
+{% if provider.user_mapping_provider[mapping_provider].localpart_template is defined %}
+          localpart_template: "{{ provider.user_mapping_provider[mapping_provider].localpart_template }}"
+{% endif %}
+{% if provider.user_mapping_provider[mapping_provider].display_name_template is defined %}
+          display_name_template: "{{ provider.user_mapping_provider[mapping_provider].display_name_template }}"
+{% endif %}
+{% if provider.user_mapping_provider[mapping_provider].email_template is defined %}
+          email_template: "{{ provider.user_mapping_provider[mapping_provider].email_template }}"
+{% endif %}
+{% endfor %}
+{% endif %}
+{% if provider.attribute_requirements is defined %}
+    attribute_requirements:
+{% for attribute in provider.attribute_requirements %}
+      - attribute: "{{ attribute }}"
+        value: "{{ attribute.value }}"
+{% endfor %}
+{% endif %}
+{% endfor %}