implemented oidc draft for matrix - but deactivated due to infinite redirect loop

2025-02-24 05:11:54 +01:00 · 2025-02-23 13:04:12 +01:00 · 2025-02-23 13:04:12 +01:00 · aa591de3e5
commit aa591de3e5
parent 1aa6c01c5a
2 changed files with 18 additions and 0 deletions
--- a/group_vars/all/07_applications.yml
+++ b/group_vars/all/07_applications.yml
@ -206,6 +206,8 @@ defaults_applications:
    setup:                            false                         # Set true in inventory file to execute the setup and initializing procedures
    database:
      central_storage:                True
+    oidc:
+      enabled:                        False                        # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492

  ## Moodle
  moodle:
--- a/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
+++ b/roles/docker-matrix-compose/templates/synapse/homeserver.yaml.j2
@ -45,6 +45,22 @@ email:
  client_base_url:              "{{domains.matrix_synapse}}"
  validation_token_lifetime:    15m

+{% if applications[application_id].oidc.enabled | bool %}
+# @See https://matrix-org.github.io/synapse/latest/openid.html
+oidc_providers:
+  - idp_id: keycloak
+    idp_name: "{{primary_domain | upper}} SSO"
+    issuer: "{{oidc.client.issuer_url}}"
+    client_id: "{{oidc.client.id}}"
+    client_secret: "{{oidc.client.secret}}"
+    scopes: ["openid", "profile"]
+    user_mapping_provider:
+      config:
+        localpart_template: "{% raw %}{{ user.preferred_username }}{% endraw %}"
+        display_name_template: "{% raw %}{{ user.name }}{% endraw %}"
+    backchannel_logout_enabled: true
+{% endif %}
+
 app_service_config_files:
 {% for item in bridges %}
  - {{registration_file_folder}}{{item.bridge_name}}.registration.yaml