Open Thatoo opened 9 months ago
+1
Maybe an easy way would be to install automatically https://github.com/YunoHost-Apps/dex_ynh along synapse to use Yunohost LDAP through OIDC in synapse?
Well after some investigation dex or something else will be needed to link user with LDAP but it will be not enough as we also will need to manage user which was authenticated without yunohost (and is not in LDAP). For this we will need the matrix-authentication-service.
But I really think installing dex
+matrix-authentication-service
+sliding_proxy
all on the same yunohost package make it a bit heavy.
For me ideally the yunohost SSO "should" provide a solution to connect the matrix-authentication-service (OAuth 2.0/OIDC) as it's not the only app which need this. Many app probably already need this and in long term more and more app will need this.
There are already many discussion about this here: https://github.com/YunoHost/issues/issues?q=is%3Aissue+openid
I agree with you about integrating openid to Yunohost's sso system.
For what I understood, sliding sync proxy will be merged into synapse package at some point. In the mean time, it is possible to add it separately but I wonder if we have the ressources to focus on this temporary work just to benefit a faster app for thoose who are using Element X app before synapse integrate it.
I think that working on integrating openid in SSO is a much more important long run investment.
For me it's not urgent to add sliding proxy support until elementX is merged into element. It's nice to have it but it's not mandatory.
On the openid side for me idealy we should migrate the authentication system on the same time than sliding proxy as it's all liked to the new matrix spec. But yes on other side on yunohost side there are some work to integrate oidc. Maybe it could be integrated into the work of the new yunohost portail.
Anyway for me all of this (sliding proxy and oidc) are big project which will take time to integrate. Synapse package a used by many people so we can't release unstable things. We had many regression since some last PR and we really should avoid this.
[info] Element has now a native oidc support : https://github.com/element-hq/element-web/releases/tag/v1.11.59-rc.0 I guess that all plateforme (desktop and smartphone) have at least one version working with oidc now (not yet the case for sliding-sync though).
The main issue about this is that yunohost don't support natively oidc cf https://github.com/YunoHost/issues/issues/676
Extract from matrix.org blog :
Will it work with yunohost sso and ldap functionality?