You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
n0emis 56cd947037
fix username formatter
9 months ago
doc Allow users to pick a username on login (#1) 1 year ago
matrix_synapse_saml_mozilla fix username formatter 9 months ago
tests Fix tests by using the proper attribute names instead of a mapping (#10) 10 months ago
.gitignore update gitignore 1 year ago
LICENSE Initial commit 1 year ago don't forget to push your tags 1 year ago
setup.cfg Block new registrations based on a domain blacklist (#2) 1 year ago switch to setuptools_scm 1 year ago
tox.ini bump to dev release of synapse 1 year ago

Synapse Mozilla SAML MXID Mapper

A Synapse plugin module which allows users to choose their username when they first log in.


This plugin can be installed via PyPi:

pip install matrix-synapse-saml-mozilla


Add the following in your Synapse config:

       module: "matrix_synapse_saml_mozilla.SamlMappingProvider"

Also, under the HTTP client listener, configure an additional_resource as per the below:

  - port: <port>
    type: http

      - names: [client]

        module: "matrix_synapse_saml_mozilla.pick_username_resource"

Configuration Options

Synapse allows SAML mapping providers to specify custom configuration through the saml2_config.user_mapping_provider.config option.

Currently the following options are supported:

  • use_name_id_for_remote_uid: if set to False, we will use the SAML attribute mapped to uid to identify the remote user instead of the NameID from the assertion. True by default.

  • bad_domain_file: should point a file containing a list of domains (one per line); users who have an email address on any of these domains will be blocked from registration.

  • bad_domain_list: an alternative to bad_domain_file allowing the list of bad domains to be specified inline in the config.

    If both bad_domain_file and bad_domain_list are specified, the two lists are merged.

Implementation notes

The login flow looks something like this:

login flow

Development and Testing

This repository uses tox to run linting and tests.


Code is linted with the flake8 tool. Run tox -e lint to check for linting errors in the codebase.


This repository uses unittest to run the tests located in the tests directory. They can be ran with tox -e tests.

Making a release

git tag vX.Y
python3 sdist
twine upload dist/matrix-synapse-saml-mozilla-X.Y.tar.gz
git push origin vX.Y