Merge pull request #2926 from etkecc/add-synapse-oidc-vars

add matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers vars

roles/custom/matrix-synapse/defaults/main.yml

@@ -425,6 +425,11 @@ matrix_synapse_federation_port_openid_resource_required: false
 # result, it's better to accomplish it by changing `matrix_synapse_federation_enabled`.
 matrix_synapse_federation_domain_whitelist: ~
 
+# Enable/disable OpenID Connect
+matrix_synapse_oidc_enabled: false
+# List of OpenID Connect providers, ref: https://matrix-org.github.io/synapse/latest/openid.html#sample-configs
+matrix_synapse_oidc_providers: []
+
 # A list of additional "volumes" to mount in the container.
 # This list gets populated dynamically based on Synapse extensions that have been enabled.
 # Contains definition objects like this: `{"src": "/outside", "dst": "/inside", "options": "rw|ro|slave|.."}

roles/custom/matrix-synapse/templates/synapse/homeserver.yaml.j2

@@ -2090,9 +2090,9 @@ saml2_config:
 # use 'oidc' for the idp_id to ensure that existing users continue to be
 # recognised.)
 #
-oidc_providers:
+{% if matrix_synapse_oidc_enabled and matrix_synapse_oidc_providers | length > 0 %}
   # Generic example
-  #
+  #matrix_synapse_oidc_providers:
   #- idp_id: my_idp
   #  idp_name: "My OpenID provider"
   #  idp_icon: "mxc://example.com/mediaid"
@@ -2116,6 +2116,9 @@ oidc_providers:
   #  attribute_requirements:
   #    - attribute: userGroup
   #      value: "synapseUsers"
+oidc_providers:
+  {{ matrix_synapse_oidc_providers|to_nice_yaml(indent=2, width=999999) }}
+{% endif %}
 
 
 # Enable Central Authentication Service (CAS) for registration and login.