Include in SSO documentation that SSO redirect confirmation can be bypassed using the `sso.client_whitelist` option

matrix-org / synapse

Synapse: Matrix homeserver written in Python/Twisted.

https://matrix-org.github.io/synapse

Apache License 2.0

11.8k stars 2.13k forks source link

Include in SSO documentation that SSO redirect confirmation can be bypassed using the `sso.client_whitelist` option #11294

Open anoadragon453 opened 2 years ago

anoadragon453 commented 2 years ago

It's not currently obvious that the SSO redirection page (introduced as a security measure) can be bypassed by use of the sso.client_whitelist option. This option allows specifying a whitelist of client URIs, for which the redirection page won't appear if the client you are being redirected to during SSO login.

We should include some words about it on the yet-to-be-written Single Sign-On documentation page.

richvdh commented 2 years ago

We should include some words about it on the yet-to-be-written Single Sign-On documentation page.

@anoadragon453 would it be worth starting such a page (with just some very basic content like "Synapse supports single sign-on through the SAML, Open ID Connect or CAS protocols") to make this task less daunting for contributors?

anoadragon453 commented 2 years ago

@richvdh Excellent suggestion. In fact I think we should do that for all of our current "draft pages". It's much easier for contributors to hit a :pencil2: button on the docs site to add content rather than figuring out where to put files and how to update SUMMARY.md.

I've opened a PR to get the ball rolling for Single Sign-On related pages here: https://github.com/matrix-org/synapse/pull/11298.