OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

deploy: fe69e7f617

gh-pages
clokep 2023-09-06 18:33:34 +00:00
parent 4431f805b1
commit b8bd769571
4 changed files with 78 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
develop/print.html
View File

@ -6602,27 +6602,50 @@ claim MUST contain &quot;admin&quot;.</p>
<p>Enable Central Authentication Service (CAS) for registration and login. <p>Enable Central Authentication Service (CAS) for registration and login.
Has the following sub-options:</p> Has the following sub-options:</p>
<ul> <ul>
<li><code>enabled</code>: Set this to true to enable authorization against a CAS server. <li>
Defaults to false.</li> <p><code>enabled</code>: Set this to true to enable authorization against a CAS server.
<li><code>idp_name</code>: A user-facing name for this identity provider, which is used to Defaults to false.</p>
offer the user a choice of login mechanisms.</li> </li>
<li><code>idp_icon</code>: An optional icon for this identity provider, which is presented <li>
<p><code>idp_name</code>: A user-facing name for this identity provider, which is used to
offer the user a choice of login mechanisms.</p>
</li>
<li>
<p><code>idp_icon</code>: An optional icon for this identity provider, which is presented
by clients and Synapse's own IdP picker page. If given, must be an by clients and Synapse's own IdP picker page. If given, must be an
MXC URI of the format <code>mxc://&lt;server-name&gt;/&lt;media-id&gt;</code>. (An easy way to MXC URI of the format <code>mxc://&lt;server-name&gt;/&lt;media-id&gt;</code>. (An easy way to
obtain such an MXC URI is to upload an image to an (unencrypted) room obtain such an MXC URI is to upload an image to an (unencrypted) room
and then copy the &quot;url&quot; from the source of the event.)</li> and then copy the &quot;url&quot; from the source of the event.)</p>
<li><code>idp_brand</code>: An optional brand for this identity provider, allowing clients </li>
<li>
<p><code>idp_brand</code>: An optional brand for this identity provider, allowing clients
to style the login flow according to the identity provider in question. to style the login flow according to the identity provider in question.
See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</li> See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</p>
<li><code>server_url</code>: The URL of the CAS authorization endpoint.</li> </li>
<li><code>protocol_version</code>: The CAS protocol version, defaults to none (version 3 is required if you want to use &quot;required_attributes&quot;).</li> <li>
<li><code>displayname_attribute</code>: The attribute of the CAS response to use as the display name. <p><code>server_url</code>: The URL of the CAS authorization endpoint.</p>
If no name is given here, no displayname will be set.</li> </li>
<li><code>required_attributes</code>: It is possible to configure Synapse to only allow logins if CAS attributes <li>
<p><code>protocol_version</code>: The CAS protocol version, defaults to none (version 3 is required if you want to use &quot;required_attributes&quot;).</p>
</li>
<li>
<p><code>displayname_attribute</code>: The attribute of the CAS response to use as the display name.
If no name is given here, no displayname will be set.</p>
</li>
<li>
<p><code>required_attributes</code>: It is possible to configure Synapse to only allow logins if CAS attributes
match particular values. All of the keys given below must exist match particular values. All of the keys given below must exist
and the values must match the given value. Alternately if the given value and the values must match the given value. Alternately if the given value
is <code>None</code> then any value is allowed (the attribute just must exist). is <code>None</code> then any value is allowed (the attribute just must exist).
All of the listed attributes must match for the login to be permitted.</li> All of the listed attributes must match for the login to be permitted.</p>
</li>
<li>
<p><code>enable_registration</code>: set to 'false' to disable automatic registration of new
users. This allows the CAS SSO flow to be limited to sign in only, rather than
automatically registering users that have a valid SSO login but do not have
a pre-registered account. Defaults to true.</p>
<p><em>Added in Synapse 1.93.0.</em></p>
</li>
</ul> </ul>
<p>Example configuration:</p> <p>Example configuration:</p>
<pre><code class="language-yaml">cas_config: <pre><code class="language-yaml">cas_config:
@ -6633,6 +6656,7 @@ All of the listed attributes must match for the login to be permitted.</li>
required_attributes: required_attributes:
userGroup: &quot;staff&quot; userGroup: &quot;staff&quot;
department: None department: None
enable_registration: true
</code></pre> </code></pre>
<hr /> <hr />
<h3 id="sso"><a class="header" href="#sso"><code>sso</code></a></h3> <h3 id="sso"><a class="header" href="#sso"><code>sso</code></a></h3>

2
develop/searchindex.js
View File

File diff suppressed because one or more lines are too long

2
develop/searchindex.json
View File

File diff suppressed because one or more lines are too long

52
develop/usage/configuration/config_documentation.html
View File

@ -3060,27 +3060,50 @@ claim MUST contain &quot;admin&quot;.</p>
<p>Enable Central Authentication Service (CAS) for registration and login. <p>Enable Central Authentication Service (CAS) for registration and login.
Has the following sub-options:</p> Has the following sub-options:</p>
<ul> <ul>
<li><code>enabled</code>: Set this to true to enable authorization against a CAS server. <li>
Defaults to false.</li> <p><code>enabled</code>: Set this to true to enable authorization against a CAS server.
<li><code>idp_name</code>: A user-facing name for this identity provider, which is used to Defaults to false.</p>
offer the user a choice of login mechanisms.</li> </li>
<li><code>idp_icon</code>: An optional icon for this identity provider, which is presented <li>
<p><code>idp_name</code>: A user-facing name for this identity provider, which is used to
offer the user a choice of login mechanisms.</p>
</li>
<li>
<p><code>idp_icon</code>: An optional icon for this identity provider, which is presented
by clients and Synapse's own IdP picker page. If given, must be an by clients and Synapse's own IdP picker page. If given, must be an
MXC URI of the format <code>mxc://&lt;server-name&gt;/&lt;media-id&gt;</code>. (An easy way to MXC URI of the format <code>mxc://&lt;server-name&gt;/&lt;media-id&gt;</code>. (An easy way to
obtain such an MXC URI is to upload an image to an (unencrypted) room obtain such an MXC URI is to upload an image to an (unencrypted) room
and then copy the &quot;url&quot; from the source of the event.)</li> and then copy the &quot;url&quot; from the source of the event.)</p>
<li><code>idp_brand</code>: An optional brand for this identity provider, allowing clients </li>
<li>
<p><code>idp_brand</code>: An optional brand for this identity provider, allowing clients
to style the login flow according to the identity provider in question. to style the login flow according to the identity provider in question.
See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</li> See the <a href="https://spec.matrix.org/latest/">spec</a> for possible options here.</p>
<li><code>server_url</code>: The URL of the CAS authorization endpoint.</li> </li>
<li><code>protocol_version</code>: The CAS protocol version, defaults to none (version 3 is required if you want to use &quot;required_attributes&quot;).</li> <li>
<li><code>displayname_attribute</code>: The attribute of the CAS response to use as the display name. <p><code>server_url</code>: The URL of the CAS authorization endpoint.</p>
If no name is given here, no displayname will be set.</li> </li>
<li><code>required_attributes</code>: It is possible to configure Synapse to only allow logins if CAS attributes <li>
<p><code>protocol_version</code>: The CAS protocol version, defaults to none (version 3 is required if you want to use &quot;required_attributes&quot;).</p>
</li>
<li>
<p><code>displayname_attribute</code>: The attribute of the CAS response to use as the display name.
If no name is given here, no displayname will be set.</p>
</li>
<li>
<p><code>required_attributes</code>: It is possible to configure Synapse to only allow logins if CAS attributes
match particular values. All of the keys given below must exist match particular values. All of the keys given below must exist
and the values must match the given value. Alternately if the given value and the values must match the given value. Alternately if the given value
is <code>None</code> then any value is allowed (the attribute just must exist). is <code>None</code> then any value is allowed (the attribute just must exist).
All of the listed attributes must match for the login to be permitted.</li> All of the listed attributes must match for the login to be permitted.</p>
</li>
<li>
<p><code>enable_registration</code>: set to 'false' to disable automatic registration of new
users. This allows the CAS SSO flow to be limited to sign in only, rather than
automatically registering users that have a valid SSO login but do not have
a pre-registered account. Defaults to true.</p>
<p><em>Added in Synapse 1.93.0.</em></p>
</li>
</ul> </ul>
<p>Example configuration:</p> <p>Example configuration:</p>
<pre><code class="language-yaml">cas_config: <pre><code class="language-yaml">cas_config:
@ -3091,6 +3114,7 @@ All of the listed attributes must match for the login to be permitted.</li>
required_attributes: required_attributes:
userGroup: &quot;staff&quot; userGroup: &quot;staff&quot;
department: None department: None
enable_registration: true
</code></pre> </code></pre>
<hr /> <hr />
<h3 id="sso"><a class="header" href="#sso"><code>sso</code></a></h3> <h3 id="sso"><a class="header" href="#sso"><code>sso</code></a></h3>