From 7aa2b42a23e91a51f35bba395dc978f6e7f5f81e Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 11 Dec 2020 10:38:54 +0100 Subject: [PATCH] update oidc configuration --- Dockerfile | 4 ++++ rootfs/etc/confd/templates/server.yaml.tmpl | 16 ++++++++-------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1f06eb3..f3956d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,10 @@ RUN apk add --no-cache \ zlib \ jpeg +RUN apk --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community add \ + py3-authlib + + RUN mkdir /tmp/wheels COPY --from=builder /*.whl /tmp/wheels/ diff --git a/rootfs/etc/confd/templates/server.yaml.tmpl b/rootfs/etc/confd/templates/server.yaml.tmpl index 182e9fe..4558dad 100644 --- a/rootfs/etc/confd/templates/server.yaml.tmpl +++ b/rootfs/etc/confd/templates/server.yaml.tmpl @@ -1673,19 +1673,19 @@ oidc_config: # Uncomment the following to enable authorization against an OpenID Connect # server. Defaults to false. # - enabled: "{{getenv "OIDC_ENABLED" "false"}}" + enabled: {{getenv "OIDC_ENABLED" "false"}} # Uncomment the following to disable use of the OIDC discovery mechanism to # discover endpoints. Defaults to true. # - discover: "{{getenv "OIDC_DISCOVER" "true"}}" + discover: {{getenv "OIDC_DISCOVER" "true"}} # the OIDC issuer. Used to validate tokens and (if discovery is enabled) to # discover the provider's endpoints. # # Required if 'enabled' is true. # - issuer: "{{getenv "OIDC_ISSUER" "true"}}" + issuer: "{{getenv "OIDC_ISSUER"}}" # oauth2 client id to use. # @@ -1747,7 +1747,7 @@ oidc_config: # Uncomment to allow a user logging in via OIDC to match a pre-existing account instead # of failing. This could be used if switching from password logins to OIDC. Defaults to false. # - allow_existing_users: "{{getenv "OIDC_ALLOW_EXISTING_USER", "false"}}" + allow_existing_users: "{{getenv "OIDC_ALLOW_EXISTING_USER" "false"}}" # An external module can be provided here as a custom solution to mapping # attributes returned from a OIDC provider onto a matrix user. @@ -1759,7 +1759,7 @@ oidc_config: # See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers # for information on implementing a custom mapping provider. # - module: "{{getenv "OIDC_MAPPING_PROVIDER", "synapse.handlers.oidc_handler.JinjaOidcMappingProvider"}}" + module: "{{getenv "OIDC_MAPPING_PROVIDER" "synapse.handlers.oidc_handler.JinjaOidcMappingProvider"}}" # Custom configuration values for the module. This section will be passed as # a Python dictionary to the user mapping provider module's `parse_config` @@ -1782,13 +1782,13 @@ oidc_config: # # This must be configured if using the default mapping provider. # - localpart_template: "{{ user.preferred_username }}" + localpart_template: "{{"{{"}} user.preferred_username {{"}}"}}" # Jinja2 template for the display name to set on first login. # # If unset, no displayname will be set. # - #display_name_template: "{{ user.given_name }} {{ user.last_name }}" + #display_name_template: "{{"{{"}} user.given_name {{"}}"}} {{"{{"}} user.last_name {{"}}"}}" # Jinja2 templates for extra attributes to send back to the client during # login. @@ -1796,7 +1796,7 @@ oidc_config: # Note that these are non-standard and clients will ignore them without modifications. # #extra_attributes: - #birthdate: "{{ user.birthdate }}" + #birthdate: "{{"{{"}} user.birthdate {{"}}"}}"