uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

synapse: Support configuring login via oidc provider

Browse Source
This commit is contained in:
uumas
2025-03-22 02:05:43 +02:00
parent cefa207eed
commit 46242f30d5
3 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/synapse/defaults/main.yaml
View File

@@ -18,3 +18,4 @@ synapse_auto_accept_invites:
synapse_auto_join_rooms: [] synapse_auto_join_rooms: []
synapse_smtp_server: "" synapse_smtp_server: ""
synapse_oidc_provider_client_id: ""

23
roles/synapse/meta/argument_specs.yaml
View File

@@ -88,6 +88,29 @@ argument_specs:
default: [] default: []
elements: str elements: str
synapse_oidc_provider_client_id:
type: str
required: false
default: ""
synapse_oidc_provider_name:
description: Required if synapse_oidc_provider_client_id is set
type: str
synapse_oidc_provider_client_secret:
description: Required if synapse_oidc_provider_client_id is set
type: str
synapse_oidc_provider_issuer:
description: Required if synapse_oidc_provider_client_id is set
type: str
synapse_oidc_provider_scope:
description: Required if synapse_oidc_provider_client_id is set
type: list
elements: str
synapse_oidc_provider_mas_claims_imports:
description:
- Passed to matrix authentication service.
- See https://element-hq.github.io/matrix-authentication-service/setup/sso.html#user-attributes-mapping
type: dict
synapse_postgres_tag: synapse_postgres_tag:
description: Postgres tag to use for synapse postgres container description: Postgres tag to use for synapse postgres container
type: str type: str

7
roles/synapse/tasks/main.yaml
View File

@@ -75,3 +75,10 @@
matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}" matrix_authentication_service_email_smtp_user: "{{ synapse_email_smtp_user }}"
matrix_authentication_service_email_smtp_password: "{{ synapse_email_smtp_password }}" matrix_authentication_service_email_smtp_password: "{{ synapse_email_smtp_password }}"
matrix_authentication_service_email_from: "{{ synapse_email_from | replace('%(app)s', synapse_email_app_name) }}" matrix_authentication_service_email_from: "{{ synapse_email_from | replace('%(app)s', synapse_email_app_name) }}"
matrix_authentication_service_upstream_oauth2_client_id: "{{ synapse_oidc_provider_client_id }}"
matrix_authentication_service_upstream_oauth2_client_secret: "{{ synapse_oidc_provider_client_secret }}"
matrix_authentication_service_upstream_oauth2_issuer: "{{ synapse_oidc_provider_issuer }}"
matrix_authentication_service_upstream_oauth2_scope: "{{ synapse_oidc_provider_scopes | join(' ') }}"
matrix_authentication_service_upstream_oauth2_claims_imports: "{{ synapse_oidc_provider_mas_claims_imports }}"
matrix_authentication_service_upstream_oauth2_human_name: "{{ synapse_oidc_provider_name }}"