matrix-synapse-saml-mozilla/README.md

# Synapse Mozilla SAML MXID Mapper

A Synapse plugin module which allows users to choose their username when they
first log in.

## Installation

This plugin can be installed via [PyPi](https://pypi.org):

```
pip install matrix-synapse-saml-mozilla
```

### Config

Add the following in your Synapse config:

```yaml
   saml2_config:
     user_mapping_provider:
       module: "matrix_synapse_saml_mozilla.SamlMappingProvider"
```

Also, under the HTTP client `listener`, configure an `additional_resource` as per
the below:

```yaml
listeners:
  - port: <port>
    type: http

    resources:
      - names: [client]

    additional_resources:
      "/_matrix/saml2/pick_username":
        module: "matrix_synapse_saml_mozilla.pick_username_resource"
```

### Configuration Options

Synapse allows SAML mapping providers to specify custom configuration through the
`saml2_config.user_mapping_provider.config` option.

Currently the following options are supported:

 * `use_name_id_for_remote_uid`: if set to `False`, we will use the SAML
   attribute mapped to `uid` to identify the remote user instead of the `NameID`
   from the assertion. `True` by default.

 * `bad_domain_file`: should point a file containing a list of domains (one
   per line); users who have an email address on any of these domains will be
   blocked from registration.

 * `bad_domain_list`: an alternative to `bad_domain_file` allowing the list of
   bad domains to be specified inline in the config.

   If both `bad_domain_file` and `bad_domain_list` are specified, the two lists
   are merged.

## Implementation notes

The login flow looks something like this:

![login flow](https://raw.githubusercontent.com/matrix-org/matrix-synapse-saml-mozilla/master/doc/login_flow.svg?sanitize=true)

## Development and Testing

This repository uses `tox` to run linting and tests.

### Linting

Code is linted with the `flake8` tool. Run `tox -e lint` to check for linting
errors in the codebase.

### Tests

This repository uses `unittest` to run the tests located in the `tests`
directory. They can be ran with `tox -e tests`.

### Making a release

```
git tag vX.Y
python3 setup.py sdist
twine upload dist/matrix-synapse-saml-mozilla-X.Y.tar.gz
git push origin vX.Y
```
Allow users to pick a username on login (#1) This is essentially a rewrite to collect the username from the user when they first log in, rather than try to determine it algorithmically from SAML attributes. 5 years ago			`# Synapse Mozilla SAML MXID Mapper`
Initial commit 5 years ago
Allow users to pick a username on login (#1) This is essentially a rewrite to collect the username from the user when they first log in, rather than try to determine it algorithmically from SAML attributes. 5 years ago			`A Synapse plugin module which allows users to choose their username when they`
			`first log in.`
Initial commit 5 years ago
			`## Installation`

			`This plugin can be installed via [PyPi](https://pypi.org):`

			```
Update module name to be moz flavoured 5 years ago			`pip install matrix-synapse-saml-mozilla`
Initial commit 5 years ago			```

Update plugin to match ABI of Synapse 5 years ago			`### Config`

Fix grammar 5 years ago			`Add the following in your Synapse config:`
Initial commit 5 years ago
			```yaml
			`saml2_config:`
Update module name to be moz flavoured 5 years ago			`user_mapping_provider:`
Rename to matrix_synapse_saml_mozilla 5 years ago			`module: "matrix_synapse_saml_mozilla.SamlMappingProvider"`
Allow users to pick a username on login (#1) This is essentially a rewrite to collect the username from the user when they first log in, rather than try to determine it algorithmically from SAML attributes. 5 years ago			```

			Also, under the HTTP client `listener`, configure an `additional_resource` as per
			`the below:`

			```yaml
			`listeners:`
			`- port: <port>`
			`type: http`

			`resources:`
			`- names: [client]`

			`additional_resources:`
			`"/_matrix/saml2/pick_username":`
			`module: "matrix_synapse_saml_mozilla.pick_username_resource"`
Initial commit 5 years ago			```

Update plugin to match ABI of Synapse 5 years ago			`### Configuration Options`

			`Synapse allows SAML mapping providers to specify custom configuration through the`
Update module name to be moz flavoured 5 years ago			`saml2_config.user_mapping_provider.config` option.
Update plugin to match ABI of Synapse 5 years ago
Block new registrations based on a domain blacklist (#2) 5 years ago			`Currently the following options are supported:`

			* `use_name_id_for_remote_uid`: if set to `False`, we will use the SAML
			attribute mapped to `uid` to identify the remote user instead of the `NameID`
			from the assertion. `True` by default.

Allow specification of domain block list inline 5 years ago			* `bad_domain_file`: should point a file containing a list of domains (one
Block new registrations based on a domain blacklist (#2) 5 years ago			`per line); users who have an email address on any of these domains will be`
			`blocked from registration.`
Allow users to pick a username on login (#1) This is essentially a rewrite to collect the username from the user when they first log in, rather than try to determine it algorithmically from SAML attributes. 5 years ago
Allow specification of domain block list inline 5 years ago			* `bad_domain_list`: an alternative to `bad_domain_file` allowing the list of
			`bad domains to be specified inline in the config.`

			If both `bad_domain_file` and `bad_domain_list` are specified, the two lists
			`are merged.`

Allow users to pick a username on login (#1) This is essentially a rewrite to collect the username from the user when they first log in, rather than try to determine it algorithmically from SAML attributes. 5 years ago			`## Implementation notes`

			`The login flow looks something like this:`
Update plugin to match ABI of Synapse 5 years ago
fix link for login flow 5 years ago			`![login flow](https://raw.githubusercontent.com/matrix-org/matrix-synapse-saml-mozilla/master/doc/login_flow.svg?sanitize=true)`
Update plugin to match ABI of Synapse 5 years ago
Initial commit 5 years ago			`## Development and Testing`

			This repository uses `tox` to run linting and tests.

Update plugin to match ABI of Synapse 5 years ago			`### Linting`
Initial commit 5 years ago
Allow users to pick a username on login (#1) This is essentially a rewrite to collect the username from the user when they first log in, rather than try to determine it algorithmically from SAML attributes. 5 years ago			Code is linted with the `flake8` tool. Run `tox -e lint` to check for linting
Initial commit 5 years ago			`errors in the codebase.`

			`### Tests`

			This repository uses `unittest` to run the tests located in the `tests`
			directory. They can be ran with `tox -e tests`.
Block new registrations based on a domain blacklist (#2) 5 years ago
			`### Making a release`

			```
			`git tag vX.Y`
			`python3 setup.py sdist`
			`twine upload dist/matrix-synapse-saml-mozilla-X.Y.tar.gz`
don't forget to push your tags 5 years ago			`git push origin vX.Y`
Block new registrations based on a domain blacklist (#2) 5 years ago			```