Keycloak/SSO together with a Matrix - mxisd or matrix-synapse-rest-auth REST authentication password provider module?

spantaleev / matrix-docker-ansible-deploy

🐳 Matrix (An open network for secure, decentralized communication) server setup using Ansible and Docker

GNU Affero General Public License v3.0

4.76k stars 1.03k forks source link

Keycloak/SSO together with a Matrix - mxisd or matrix-synapse-rest-auth REST authentication password provider module? #96

Closed vilyaua closed 5 years ago

vilyaua commented 5 years ago

@spantaleev What would you suggest as a final solution to use Keycloak/SSO together with a Matrix ?

We see several auth options on the link https://github.com/spantaleev/matrix-docker-ansible-deploy

(optional, default) an mxisd Matrix Identity server
- (optional, advanced) the matrix-synapse-rest-auth REST authentication password provider module

Another words do we to deploy mxisd or we need matrix-synapse-rest-auth ?

Originally posted by @eorlovsky in https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/93#issuecomment-461758825

spantaleev commented 5 years ago

I'm not familiar with Keyclock, but looking at its website, it supports OpenId Connect and SAML.

It doesn't sound like a good fit for the REST Auth plugin.

Maybe you can use Synapse's integrated SAML SSO support? I'm not sure how well that works, but I've seen something about it in the Synapse config, so maybe it is supported.

The playbook does not support generating a Synapse config with SAML stuff in it (yet), but you can manually edit the /matrix/synapse/config/homeserver.yaml file and restart Synapse (systemctl restart matrix-synapse) and see if you can make it work.

If it's a good fit and it works, it should be easy to add SAML configuration support to this playbook.

vilyaua commented 5 years ago

Thank you, we'll try moving that direction.

vilyaua commented 5 years ago

Good afternoon. @spantaleev!

The access to the installation directory is restricted for the root. Which way is preferable to manually edit configs as you proposed earlier?

Didn't find the password for the matrix user, just UID and GID (991) Sorry, I'm a newbie as for the Ansible Playbook

spantaleev commented 5 years ago

You can edit configuration as root.

For such questions, it may be easier to just come to the support room: https://github.com/spantaleev/matrix-docker-ansible-deploy#support

spantaleev commented 5 years ago

I guess we can close this now.

The solution was to use mxisd and a new project available here: https://github.com/perfsys/matrix-mxisd-aws-keycloak-endpoints

hungrymonkey commented 4 years ago

https://github.com/matrix-org/synapse/pull/7256

Openid will added around matrix synapse 1.14 release

hungrymonkey commented 4 years ago

Keycloak docs added https://github.com/matrix-org/synapse/commit/5c5516f80ef08dc07c1a7c297614f455c1bc75d4