diff --git a/synapse/config/saml2_config.py b/synapse/config/saml2_config.py index 99aa8b3bf1..37d53fdee3 100644 --- a/synapse/config/saml2_config.py +++ b/synapse/config/saml2_config.py @@ -90,6 +90,8 @@ class SAML2Config(Config): "grandfathered_mxid_source_attribute", "uid" ) + self.saml2_idp_entityid = saml2_config.get("idp_entityid", None) + # user_mapping_provider may be None if the key is present but has no value ump_dict = saml2_config.get("user_mapping_provider") or {} @@ -350,6 +352,14 @@ class SAML2Config(Config): # value: "staff" # - attribute: department # value: "sales" + + # Most metadata XML only contains a single IdP entity. However if the + # metadata XML contains multiple IdPs Synapse needs to know which IdP to + # redirect users to. `idp_entityid` can be populated with the entity of + # the IdP that should be used. For most deployments, this parameter should + # be omitted. + # + #idp_entityid: 'https://our_idp/entityid' """ % { "config_dir_path": config_dir_path } diff --git a/synapse/handlers/saml_handler.py b/synapse/handlers/saml_handler.py index f9c310c883..9f93502fbb 100644 --- a/synapse/handlers/saml_handler.py +++ b/synapse/handlers/saml_handler.py @@ -61,7 +61,7 @@ class SamlHandler: def __init__(self, hs: "synapse.server.HomeServer"): self.hs = hs self._saml_client = Saml2Client(hs.config.saml2_sp_config) - self._saml_idp_entityid = hs.config.saml2_sp_config.getattr("idp") + self._saml_idp_entityid = hs.config.saml2_idp_entityid self._auth = hs.get_auth() self._auth_handler = hs.get_auth_handler() self._registration_handler = hs.get_registration_handler()