implemented oidc draft for matrix - but deactivated due to infinite redirect loop

group_vars/all/07_applications.yml

@@ -206,6 +206,8 @@ defaults_applications:
     setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
     database:
       central_storage:                True
+    oidc:
+      enabled:                        False                        # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
 
   ## Moodle
   moodle:

roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2

@@ -45,6 +45,22 @@ email:
   client_base_url:              "{{domains.matrix_synapse}}"
   validation_token_lifetime:    15m
 
+{% if applications[application_id].oidc.enabled | bool %}
+# @See https://matrix-org.github.io/synapse/latest/openid.html
+oidc_providers:
+  - idp_id: keycloak
+    idp_name: "{{primary_domain | upper}} SSO"
+    issuer: "{{oidc.client.issuer_url}}"
+    client_id: "{{oidc.client.id}}"
+    client_secret: "{{oidc.client.secret}}"
+    scopes: ["openid", "profile"]
+    user_mapping_provider:
+      config:
+        localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
+        display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
+    backchannel_logout_enabled: true
+{% endif %}
+
 app_service_config_files:
 {% for item in bridges %}
   - {{registration_file_folder}}{{item.bridge_name}}.registration.yaml