You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
n0emis 56cd947037
fix username formatter
1 year ago
doc Allow users to pick a username on login (#1) 2 years ago
matrix_synapse_saml_mozilla fix username formatter 1 year ago
tests Fix tests by using the proper attribute names instead of a mapping (#10) 1 year ago
.gitignore update gitignore 2 years ago
LICENSE Initial commit 2 years ago
README.md don't forget to push your tags 2 years ago
setup.cfg Block new registrations based on a domain blacklist (#2) 2 years ago
setup.py switch to setuptools_scm 2 years ago
tox.ini bump to dev release of synapse 2 years ago

README.md

Synapse Mozilla SAML MXID Mapper

A Synapse plugin module which allows users to choose their username when they first log in.

Installation

This plugin can be installed via PyPi:

pip install matrix-synapse-saml-mozilla

Config

Add the following in your Synapse config:

   saml2_config:
     user_mapping_provider:
       module: "matrix_synapse_saml_mozilla.SamlMappingProvider"

Also, under the HTTP client listener, configure an additional_resource as per the below:

listeners:
  - port: <port>
    type: http

    resources:
      - names: [client]

    additional_resources:
      "/_matrix/saml2/pick_username":
        module: "matrix_synapse_saml_mozilla.pick_username_resource"

Configuration Options

Synapse allows SAML mapping providers to specify custom configuration through the saml2_config.user_mapping_provider.config option.

Currently the following options are supported:

  • use_name_id_for_remote_uid: if set to False, we will use the SAML attribute mapped to uid to identify the remote user instead of the NameID from the assertion. True by default.

  • bad_domain_file: should point a file containing a list of domains (one per line); users who have an email address on any of these domains will be blocked from registration.

  • bad_domain_list: an alternative to bad_domain_file allowing the list of bad domains to be specified inline in the config.

    If both bad_domain_file and bad_domain_list are specified, the two lists are merged.

Implementation notes

The login flow looks something like this:

login flow

Development and Testing

This repository uses tox to run linting and tests.

Linting

Code is linted with the flake8 tool. Run tox -e lint to check for linting errors in the codebase.

Tests

This repository uses unittest to run the tests located in the tests directory. They can be ran with tox -e tests.

Making a release

git tag vX.Y
python3 setup.py sdist
twine upload dist/matrix-synapse-saml-mozilla-X.Y.tar.gz
git push origin vX.Y