Verified Commit 94982def authored by Jan Alexander Steffens (heftig)'s avatar Jan Alexander Steffens (heftig)
Browse files

matrix: Update synapse to 1.31.0

parent 24c85844
Pipeline #6390 passed with stage
in 34 seconds
...@@ -78,7 +78,7 @@ ...@@ -78,7 +78,7 @@
- name: install synapse - name: install synapse
pip: pip:
name: name:
- 'matrix-synapse[postgres,systemd,url_preview,redis]==1.30.1' - 'matrix-synapse[postgres,systemd,url_preview,redis]==1.31.0'
state: latest state: latest
extra_args: '--upgrade-strategy=eager' extra_args: '--upgrade-strategy=eager'
virtualenv: /var/lib/synapse/venv virtualenv: /var/lib/synapse/venv
......
...@@ -871,10 +871,10 @@ rc_message: ...@@ -871,10 +871,10 @@ rc_message:
#rc_joins: #rc_joins:
# local: # local:
# per_second: 0.1 # per_second: 0.1
# burst_count: 3 # burst_count: 10
# remote: # remote:
# per_second: 0.01 # per_second: 0.01
# burst_count: 3 # burst_count: 10
# #
#rc_3pid_validation: #rc_3pid_validation:
# per_second: 0.003 # per_second: 0.003
...@@ -1763,6 +1763,9 @@ saml2_config: ...@@ -1763,6 +1763,9 @@ saml2_config:
# Note that, if this is changed, users authenticating via that provider # Note that, if this is changed, users authenticating via that provider
# will no longer be recognised as the same user! # will no longer be recognised as the same user!
# #
# (Use "oidc" here if you are migrating from an old "oidc_config"
# configuration.)
#
# idp_name: A user-facing name for this identity provider, which is used to # idp_name: A user-facing name for this identity provider, which is used to
# offer the user a choice of login mechanisms. # offer the user a choice of login mechanisms.
# #
...@@ -1878,6 +1881,24 @@ saml2_config: ...@@ -1878,6 +1881,24 @@ saml2_config:
# which is set to the claims returned by the UserInfo Endpoint and/or # which is set to the claims returned by the UserInfo Endpoint and/or
# in the ID Token. # in the ID Token.
# #
# It is possible to configure Synapse to only allow logins if certain attributes
# match particular values in the OIDC userinfo. The requirements can be listed under
# `attribute_requirements` as shown below. All of the listed attributes must
# match for the login to be permitted. Additional attributes can be added to
# userinfo by expanding the `scopes` section of the OIDC config to retrieve
# additional information from the OIDC provider.
#
# If the OIDC claim is a list, then the attribute must match any value in the list.
# Otherwise, it must exactly match the value of the claim. Using the example
# below, the `family_name` claim MUST be "Stephensson", but the `groups`
# claim MUST contain "admin".
#
# attribute_requirements:
# - attribute: family_name
# value: "Stephensson"
# - attribute: groups
# value: "admin"
#
# See https://github.com/matrix-org/synapse/blob/master/docs/openid.md # See https://github.com/matrix-org/synapse/blob/master/docs/openid.md
# for information on how to configure these options. # for information on how to configure these options.
# #
...@@ -1910,51 +1931,29 @@ oidc_providers: ...@@ -1910,51 +1931,29 @@ oidc_providers:
# localpart_template: "{{ '{{ user.login }}' }}" # localpart_template: "{{ '{{ user.login }}' }}"
# display_name_template: "{{ '{{ user.name }}' }}" # display_name_template: "{{ '{{ user.name }}' }}"
# email_template: "{{ '{{ user.email }}' }}" # email_template: "{{ '{{ user.email }}' }}"
# attribute_requirements:
# For use with Keycloak # - attribute: userGroup
# # value: "synapseUsers"
#- idp_id: keycloak
# idp_name: Keycloak
# issuer: "https://127.0.0.1:8443/auth/realms/my_realm_name"
# client_id: "synapse"
# client_secret: "copy secret generated in Keycloak UI"
# scopes: ["openid", "profile"]
# For use with Github
#
#- idp_id: github
# idp_name: Github
# idp_brand: github
# discover: false
# issuer: "https://github.com/"
# client_id: "your-client-id" # TO BE FILLED
# client_secret: "your-client-secret" # TO BE FILLED
# authorization_endpoint: "https://github.com/login/oauth/authorize"
# token_endpoint: "https://github.com/login/oauth/access_token"
# userinfo_endpoint: "https://api.github.com/user"
# scopes: ["read:user"]
# user_mapping_provider:
# config:
# subject_claim: "id"
# localpart_template: "{{ '{{ user.login }}' }}"
# display_name_template: "{{ '{{ user.name }}' }}"
# Arch Linux accounts # Arch Linux accounts
# #
#- idp_id: oidc #- idp_id: oidc
# idp_name: "Arch Linux" # idp_name: "Arch Linux"
# idp_icon: "mxc://archlinux.org/iQmyhmksPLmphXWFUxiLEwVw" # idp_icon: "mxc://archlinux.org/iQmyhmksPLmphXWFUxiLEwVw"
# idp_brand: org.archlinux # idp_brand: archlinux
# issuer: "https://accounts.archlinux.org/auth/realms/archlinux" # issuer: "https://accounts.archlinux.org/auth/realms/archlinux"
# client_id: "openid_matrix" # client_id: "openid_matrix"
# client_secret: "your-client-secret" # TO BE FILLED # client_secret: "your-client-secret" # TO BE FILLED
# scopes: ["openid", "profile"] # scopes: ["openid", "profile", "email", "roles"]
# allow_existing_users: true # allow_existing_users: false
# user_mapping_provider: # user_mapping_provider:
# config: # config:
# localpart_template: "{{ '{{ user.preferred_username }}' }}" # localpart_template: "{{ '{{ user.preferred_username }}' }}"
# display_name_template: "{{ '{{ user.name | default(user.preferred_username, true) }}' }}" # display_name_template: "{{ '{{ user.name | default(user.preferred_username, true) }}' }}"
# email_template: "{{ '{{ user.email }}' }}" # email_template: "{{ '{{ user.email }}' }}"
# attribute_requirements:
# - attribute: roles
# value: "Staff"
# Enable Central Authentication Service (CAS) for registration and login. # Enable Central Authentication Service (CAS) for registration and login.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment