diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 97c5d48ae..32ae30f44 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -425,6 +425,11 @@ matrix_synapse_federation_port_openid_resource_required: false # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`. matrix_synapse_federation_domain_whitelist: ~ +# Enable/disable OpenID Connect +matrix_synapse_oidc_enabled: false +# List of OpenID Connect providers, ref: https://matrix-org.github.io/synapse/latest/openid.html#sample-configs +matrix_synapse_oidc_providers: [] + # A list of additional "volumes" to mount in the container. # This list gets populated dynamically based on Synapse extensions that have been enabled. # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."} diff --git a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 index dd4e6325d..b3a4aa796 100644 --- a/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -2090,9 +2090,9 @@ saml2_config: # use 'oidc' for the idp_id to ensure that existing users continue to be # recognised.) # -oidc_providers: +{% if matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers | length > 0 %} # Generic example - # + #matrix_synapse_oidc_providers: #- idp_id: my_idp # idp_name: "My OpenID provider" # idp_icon: "mxc://example.com/mediaid" @@ -2116,6 +2116,9 @@ oidc_providers: # attribute_requirements: # - attribute: userGroup # value: "synapseUsers" +oidc_providers: + {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }} +{% endif %} # Enable Central Authentication Service (CAS) for registration and login.