Home Explore Help
Register Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Browse Source

Add doc to integrate synapse with LemonLDAP OIDC (#11257)

Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
Co-authored-by: Julian Vanden Broeck <julian.vandenbroeck@dalibo.com>
Julian 2 years ago
parent
a37df1b091
commit
09cb441a04
2 changed files with 39 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      changelog.d/11257.doc
  2. 38 0
      docs/openid.md

+ 1 - 0
changelog.d/11257.doc
View File 

@@ -0,0 +1 @@
 
+Add documentation for using LemonLDAP as an OpenID Connect Identity Provider. Contributed by @l00ptr.

+ 38 - 0
docs/openid.md
View File 

@@ -22,6 +22,7 @@ such as [Github][github-idp].
 
 [google-idp]: https://developers.google.com/identity/protocols/oauth2/openid-connect
 
 [auth0]: https://auth0.com/
 
 [authentik]: https://goauthentik.io/
 
+[lemonldap]: https://lemonldap-ng.org/
 
 [okta]: https://www.okta.com/
 
 [dex-idp]: https://github.com/dexidp/dex
 
 [keycloak-idp]: https://www.keycloak.org/docs/latest/server_admin/#sso-protocols
 
@@ -243,6 +244,43 @@ oidc_providers:
 
         display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
 
 ```
 
 
+### LemonLDAP
 
+
 
+[LemonLDAP::NG][lemonldap] is an open-source IdP solution.
 
+
 
+1. Create an OpenID Connect Relying Parties in LemonLDAP::NG
 
+2. The parameters are:
 
+- Client ID under the basic menu of the new Relying Parties (`Options > Basic >
 
+  Client ID`)
 
+- Client secret (`Options > Basic > Client secret`)
 
+- JWT Algorithm: RS256 within the security menu of the new Relying Parties
 
+  (`Options > Security > ID Token signature algorithm` and `Options > Security >
 
+  Access Token signature algorithm`)
 
+- Scopes: OpenID, Email and Profile
 
+- Allowed redirection addresses for login (`Options > Basic > Allowed
 
+  redirection addresses for login` ) :
 
+  `[synapse public baseurl]/_synapse/client/oidc/callback`
 
+
 
+Synapse config:
 
+```yaml
 
+oidc_providers:
 
+  - idp_id: lemonldap
 
+    idp_name: lemonldap
 
+    discover: true
 
+    issuer: "https://auth.example.org/" # TO BE FILLED: replace with your domain
 
+    client_id: "your client id" # TO BE FILLED
 
+    client_secret: "your client secret" # TO BE FILLED
 
+    scopes:
 
+      - "openid"
 
+      - "profile"
 
+      - "email"
 
+    user_mapping_provider:
 
+      config:
 
+        localpart_template: "{{ user.preferred_username }}}"
 
+        # TO BE FILLED: If your users have names in LemonLDAP::NG and you want those in Synapse, this should be replaced with user.name|capitalize or any valid filter.
 
+        display_name_template: "{{ user.preferred_username|capitalize }}"
 
+```
 
+
 
 ### GitHub
 
 
 [GitHub][github-idp] is a bit special as it is not an OpenID Connect compliant provider, but