Unable to add identity server als identity server in element client.

[NiTRoeSE]

Ive set up the ma1sd via docker and configured it properly like described in documentation. If i want to use the identity server as identity server in element client its not possible to add it.

any help would be create

thanks in advanced!

[s0p4LiN]

In this example, I installed ma1sd on Matrix server itself. It is working smoothly. I don't know if it will be helpfull.

You need to announce the identity provider through NGINX and not choosing the Identity from the clients.

• /etc/nginx/sites-available/matrix

  
  server {
  listen 80;
  server_name matrix.company.lan;
  return 301 https://matrix.company.lan$request_uri;
  }

server { listen 443 ssl; server_name matrix.company.lan; root /var/www/synapse-admin; index index.html index.php index.htm;

ssl_certificate /etc/ssl/certs/matrix.pem;
ssl_certificate_key /etc/ssl/certs/matrix-privkey.pem;

 location /.well-known/matrix/server {
    return 200 '{"m.server": "matrix.company.lan:8448"}';
    add_header Content-Type application/json;
  }

 location /.well-known/matrix/client {
    return 200 '{"m.homeserver": {"base_url": "https://matrix.company.lan"},"m.identity_server": {"base_url": "https://matrix.company.lan"},"io.element.e2ee": {"default": false, "secure_backup_required": true, "secure_backup_setup_methods": ["passphrase"]}}';
    #add_header Content-Type application/json;
    default_type application/json;
    add_header "Access-Control-Allow-Origin" *;
     }

 location /_matrix/client/r0/login {
    proxy_pass http://localhost:8090;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $remote_addr;
}

 location /_matrix/client/r0/user_directory {
    proxy_pass http://localhost:8090/_matrix/client/r0/user_directory;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $remote_addr;
}

 location /_matrix/identity {
    proxy_pass http://localhost:8090/_matrix/identity;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $remote_addr;
}

location /_matrix {

 location ~* ^(\/_matrix|\/_synapse|\/client) {        
    proxy_pass http://localhost:8008;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host; 
    # Nginx by default only allows file uploads up to 1M in size
    # Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
    client_max_body_size 50M;

}

}

This is used for Matrix Federation

which is using default TCP port '8448'

server { listen 8448 ssl; server_name matrix.company.lan;

ssl_certificate /etc/ssl/certs/matrix.pem;
ssl_certificate_key /etc/ssl/certs/matrix-privkey.pem;

location / {
    proxy_pass http://localhost:8008;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
}

}

- /etc/nginx/sites-available/element

server { listen 80; server_name chat.company.lan; return 301 https://chat.company.lan$request_uri; }

server { listen 443 ssl; server_name chat.company.lan; root /var/www/element/; index index.html index.php index.htm;

ssl_certificate /etc/ssl/certs/chat.pem;
ssl_certificate_key /etc/ssl/certs/chatpvkey.pem;
#ssl_dhparam /etc/ssl/certs/dhparam-chat.pem;

access_log /var/log/nginx/chat.company.lan.access.log;
error_log /var/log/nginx/chat.company.lan.error.log;

add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";

add_header Content-Security-Policy "frame-ancestors 'none'";

ssl_protocols TLSv1.1 TLSv1.2;
ssl_ecdh_curve X25519:P-521:P-384:P-256;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m;
ssl_session_tickets off;

location / {
            try_files $uri $uri/ =404;
    }

location = /index.html {
    add_header Cache-Control "no-cache";
}

}

/etc/matrix-synapse/homeserver.yaml

modules: pid_file: "/var/run/matrix-synapse.pid" public_baseurl: https://matrix.company.lan/ presence:

listeners:

• port: 8008 tls: false type: http x_forwarded: true bind_addresses: ['::1', '127.0.0.1'] resources:
  • names: [client, federation] compress: false

manhole_settings: limit_usage_by_mau: false limit_remote_rooms: templates:

retention: enabled: true default_policy: min_lifetime: 7d max_lifetime: 30d

caches: per_cache_factors:

database: name: psycopg2 txn_limit: 10000 args: user: synapse_db_user password: xxxxxxxxxx database: synapse_db host: xxx.xxx.xxx.xxx port: 5432 cp_min: 5 cp_max: 10 keepalives_idle: 10 keepalives_interval: 10 keepalives_count: 3

log_config: "/etc/matrix-synapse/log.yaml" media_store_path: "/element-data/media" max_upload_size: 15M url_preview_accept_language: oembed: turn_uris: [ "turn:coturn.company.lan:5349?transport=udp", "turn:coturn.company.lan:5349?transport=tcp" ] turn_shared_secret: "9ab7fb7521002kukukuku7485c27b5" enable_registration: false registration_shared_secret: uukkukukuuk account_threepid_delegates: enable_set_displayname: false metrics_flags: room_prejoin_state: macaroon_secret_key: ukukukukukku signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" old_signing_keys:

trusted_key_servers:

• server_name: "matrix.org"

saml2_config: sp_config: user_mapping_provider: config:

oidc_providers: cas_config: sso:

password_config: policy:

ui_auth: email: push:

user_directory: search_all_users: true

stats: opentracing: redis:

password_providers:

• module: "rest_auth_provider.RestAuthProvider" config: endpoint: "http://10.100.120.110:8090"

• /etc/ma1sd/ma1sd.yaml

matrix:
  domain: 'matrix.company.lan'
  v1: false
  v2: true

directory:
  exclude:
    homeserver: true

dns:
  overwrite:
    homeserver:
      client:
        - name: 'matrix.company.lan'
          value: 'http://localhost:8008'

enable_registration: false
key:
  path: '/var/lib/ma1sd/keys'

storage:
  provider:
    sqlite:
      database: '/var/lib/ma1sd/store.db'

ldap:
  enabled: true
  lookup: true 
  activeDirectory: true
  defaultDomain: 'company.lan'
  connection:
    host: 'dc01.company.lan'
    tls: true
    port: 636
    bindDn: 'CN=account,OU=dep1,OU=Company,DC=company,DC=lan'
    bindPassword: 'password'
    baseDNs:
      - 'ou=Company,dc=company,dc=lan'
  attribute:
    uid:
      type: 'uid'
      value: 'sAMAccountName'
    name: 'cn'

hashing:
  enabled: true 
  pepperLength: 20 
  rotationPolicy: per_requests
  hashStorageType: sql
  algorithms:
    - sha256 
  requests: 10 

logging:
  root: error     # default level for all loggers (apps and thirdparty libraries)
  app: info       # log level only for the ma1sd
  requests: false # or true to dump full requests and responses