From 9f833de13961ba370b8f344e539e7069c6af8c39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Thu, 17 Oct 2024 18:35:04 +0200 Subject: [PATCH] [mod] role:synapse:mas als authentication-Variante --- roles/synapse/defaults/main.json | 6 +++++ roles/synapse/info.md | 1 + roles/synapse/templates/homeserver.yaml.j2 | 15 ++++++++++++ roles/synapse/vardef.json | 27 +++++++++++++++++++++- 4 files changed, 48 insertions(+), 1 deletion(-) diff --git a/roles/synapse/defaults/main.json b/roles/synapse/defaults/main.json index 87eff2a..efda6b0 100644 --- a/roles/synapse/defaults/main.json +++ b/roles/synapse/defaults/main.json @@ -20,6 +20,12 @@ "var_synapse_authentication_data_authelia_client_id": "synapse", "var_synapse_authentication_data_authelia_client_secret": "REPLACE_ME", "var_synapse_authentication_data_authelia_url_base": "https://authelia.example.org", + "var_synapse_authentication_data_mas_url_base": "http://localhost:2839", + "var_synapse_authentication_data_mas_client_id": "synapse", + "var_synapse_authentication_data_mas_client_secret": "REPLACE_ME", + "var_synapse_authentication_data_mas_admin_token": "REPLACE_ME", + "var_synapse_authentication_data_mas_provider_id": "mas", + "var_synapse_authentication_data_mas_provider_name": "MAS", "var_synapse_smtp_host": "smtp.example.org", "var_synapse_smtp_port": 587, "var_synapse_smtp_username": "synapse@smtp.example.org", diff --git a/roles/synapse/info.md b/roles/synapse/info.md index 9f4407e..88503ae 100644 --- a/roles/synapse/info.md +++ b/roles/synapse/info.md @@ -9,3 +9,4 @@ Zur Einrichtung des [matrix.org](https://matrix.org/)-Servers Synapse - [GitHub-Repository](https://github.com/matrix-org/synapse) - [Configuration Manual](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html) - [Dokumentation | PostgreSQL](https://matrix-org.github.io/synapse/latest/postgres.html#using-postgres) +- [MAS-Dokumentation | Homeserver configuration](https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html) diff --git a/roles/synapse/templates/homeserver.yaml.j2 b/roles/synapse/templates/homeserver.yaml.j2 index a8b43b4..278a4b4 100644 --- a/roles/synapse/templates/homeserver.yaml.j2 +++ b/roles/synapse/templates/homeserver.yaml.j2 @@ -126,6 +126,21 @@ oidc_providers: email_template: "{{"{{"}} user.email {{"}}"}}" {% endif %} +{% if var_synapse_authentication_kind == 'mas' %} +enable_registration: false +enable_registration_without_verification: false + +experimental_features: + msc3861: + enabled: true + issuer: "{{var_synapse_authentication_data_mas_url_base}}" + client_auth_method: client_secret_basic + client_id: "{{var_synapse_authentication_data_mas_client_id}}" + client_secret: "{{var_synapse_authentication_data_mas_client_secret}}" + admin_token: "{{var_synapse_authentication_data_mas_admin_token}}" + account_management_url: "{{var_synapse_authentication_data_mas_url_base}}/account" +{% endif %} + account_validity: bcrypt_rounds: 12 diff --git a/roles/synapse/vardef.json b/roles/synapse/vardef.json index 391dfdb..95e1549 100644 --- a/roles/synapse/vardef.json +++ b/roles/synapse/vardef.json @@ -71,7 +71,8 @@ "mandatory": false, "options": [ "internal", - "authelia" + "authelia", + "mas" ] }, "authentication_data_authelia_provider_id": { @@ -94,6 +95,30 @@ "type": "string", "mandatory": false }, + "authentication_data_mas_url_base": { + "type": "string", + "mandatory": false + }, + "authentication_data_mas_client_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_mas_client_secret": { + "type": "string", + "mandatory": false + }, + "authentication_data_mas_admin_token": { + "type": "string", + "mandatory": false + }, + "authentication_data_mas_provider_id": { + "type": "string", + "mandatory": false + }, + "authentication_data_mas_provider_name": { + "type": "string", + "mandatory": false + }, "smtp_host": { "type": "string", "mandatory": false