deploy: 09cb441a04

2021-11-05 12:08:31 +00:00 · 2021-11-05 12:08:31 +00:00 · d5dc3df251
parent d7b659c154
commit d5dc3df251
4 changed files with 68 additions and 2 deletions
--- a/develop/openid.html
+++ b/develop/openid.html
@ -405,6 +405,39 @@ to install Dex.</p>
        localpart_template: &quot;{{ user.preferred_username }}}&quot;
        display_name_template: &quot;{{ user.preferred_username|capitalize }}&quot; # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
 </code></pre>
+<h3 id="lemonldap"><a class="header" href="#lemonldap">LemonLDAP</a></h3>
+<p><a href="https://lemonldap-ng.org/">LemonLDAP::NG</a> is an open-source IdP solution.</p>
+<ol>
+<li>Create an OpenID Connect Relying Parties in LemonLDAP::NG</li>
+<li>The parameters are:</li>
+</ol>
+<ul>
+<li>Client ID under the basic menu of the new Relying Parties (<code>Options &gt; Basic &gt; Client ID</code>)</li>
+<li>Client secret (<code>Options &gt; Basic &gt; Client secret</code>)</li>
+<li>JWT Algorithm: RS256 within the security menu of the new Relying Parties
+(<code>Options &gt; Security &gt; ID Token signature algorithm</code> and <code>Options &gt; Security &gt; Access Token signature algorithm</code>)</li>
+<li>Scopes: OpenID, Email and Profile</li>
+<li>Allowed redirection addresses for login (<code>Options &gt; Basic &gt; Allowed redirection addresses for login</code> ) :
+<code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li>
+</ul>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: lemonldap
+    idp_name: lemonldap
+    discover: true
+    issuer: &quot;https://auth.example.org/&quot; # TO BE FILLED: replace with your domain
+    client_id: &quot;your client id&quot; # TO BE FILLED
+    client_secret: &quot;your client secret&quot; # TO BE FILLED
+    scopes:
+      - &quot;openid&quot;
+      - &quot;profile&quot;
+      - &quot;email&quot;
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username }}}&quot;
+        # TO BE FILLED: If your users have names in LemonLDAP::NG and you want those in Synapse, this should be replaced with user.name|capitalize or any valid filter.
+        display_name_template: &quot;{{ user.preferred_username|capitalize }}&quot;
+</code></pre>
 <h3 id="github"><a class="header" href="#github">GitHub</a></h3>
 <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
 just a regular OAuth2 provider.</p>
--- a/develop/print.html
+++ b/develop/print.html
@ -6442,6 +6442,39 @@ to install Dex.</p>
        localpart_template: &quot;{{ user.preferred_username }}}&quot;
        display_name_template: &quot;{{ user.preferred_username|capitalize }}&quot; # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize.
 </code></pre>
+<h3 id="lemonldap"><a class="header" href="#lemonldap">LemonLDAP</a></h3>
+<p><a href="https://lemonldap-ng.org/">LemonLDAP::NG</a> is an open-source IdP solution.</p>
+<ol>
+<li>Create an OpenID Connect Relying Parties in LemonLDAP::NG</li>
+<li>The parameters are:</li>
+</ol>
+<ul>
+<li>Client ID under the basic menu of the new Relying Parties (<code>Options &gt; Basic &gt; Client ID</code>)</li>
+<li>Client secret (<code>Options &gt; Basic &gt; Client secret</code>)</li>
+<li>JWT Algorithm: RS256 within the security menu of the new Relying Parties
+(<code>Options &gt; Security &gt; ID Token signature algorithm</code> and <code>Options &gt; Security &gt; Access Token signature algorithm</code>)</li>
+<li>Scopes: OpenID, Email and Profile</li>
+<li>Allowed redirection addresses for login (<code>Options &gt; Basic &gt; Allowed redirection addresses for login</code> ) :
+<code>[synapse public baseurl]/_synapse/client/oidc/callback</code></li>
+</ul>
+<p>Synapse config:</p>
+<pre><code class="language-yaml">oidc_providers:
+  - idp_id: lemonldap
+    idp_name: lemonldap
+    discover: true
+    issuer: &quot;https://auth.example.org/&quot; # TO BE FILLED: replace with your domain
+    client_id: &quot;your client id&quot; # TO BE FILLED
+    client_secret: &quot;your client secret&quot; # TO BE FILLED
+    scopes:
+      - &quot;openid&quot;
+      - &quot;profile&quot;
+      - &quot;email&quot;
+    user_mapping_provider:
+      config:
+        localpart_template: &quot;{{ user.preferred_username }}}&quot;
+        # TO BE FILLED: If your users have names in LemonLDAP::NG and you want those in Synapse, this should be replaced with user.name|capitalize or any valid filter.
+        display_name_template: &quot;{{ user.preferred_username|capitalize }}&quot;
+</code></pre>
 <h3 id="github"><a class="header" href="#github">GitHub</a></h3>
 <p><a href="https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps">GitHub</a> is a bit special as it is not an OpenID Connect compliant provider, but
 just a regular OAuth2 provider.</p>
--- a/develop/searchindex.js
+++ b/develop/searchindex.js
--- a/develop/searchindex.json
+++ b/develop/searchindex.json