How to set SOCIAL_AUTH_OIDC_ENABLED_IDPS from compose yml?

[jamalsayedi]

The details of SOCIAL_AUTH_OIDC_ENABLED_IDPS generated in settings.py is an object, how we can set the details from compose yml?

SOCIAL_AUTH_OIDC_ENABLED_IDPS: Dict[str, Any] = {

This field (example: "idp_name") may appear in URLs during

## authentication, but is otherwise not user-visible.
"idp_name": {
    ## The base path to the provider's OIDC API. Zulip fetches the
    ## IdP's configuration from the discovery endpoint, which will be
    ## "{oidc_url}/.well-known/openid-configuration".
    "oidc_url": "https://example.com/api/openid",
    ## The display name, used for "Log in with <display name>" buttons.
    "display_name": "Example",
    ## Optional: URL of an icon to decorate "Log in with <display name>" buttons.
    "display_icon": None,
    ## The client_id and secret provided by your OIDC IdP. To keep
    ## settings.py free of secrets, the get_secret call below
    ## reads the secret with the specified name from zulip-secrets.conf.
    "client_id": "<your client id>",
    "secret": get_secret("social_auth_oidc_secret"),
    ## Determines whether "Log in with OIDC" will automatically
    ## register a new account if one does not already exist. By
    ## default, Zulip asks the user whether they want to create an
    ## account or try to log in again using another method.
    # "auto_signup": False,
}

}

[sevmonster]

You can't, it's not supported by entrypoint.sh. You can hack this together by applying this patch:

diff --git a/entrypoint.sh b/entrypoint.sh
index 77ff692..c9e2ef4 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -294,7 +294,9 @@ zulipConfiguration() {
[ "$setting_key" = "SECURE_PROXY_SSL_HEADER" ] || \
[[ "$setting_key" = "CSRF_"* ]] || \
[ "$setting_key" = "REALM_HOSTS" ] || \
-           [ "$setting_key" = "ALLOWED_HOSTS" ]; then
+           [ "$setting_key" = "ALLOWED_HOSTS" ] || \
+           [ "$setting_key" = "SOCIAL_AUTH_SAML_ENABLED_IDPS" ] || \
+           [ "$setting_key" = "SOCIAL_AUTH_SAML_ORG_INFO" ]; then
type="array"
fi
if [ "$SPECIAL_SETTING_DETECTION_MODE" = "True" ] || [ "$SPECIAL_SETTING_DETECTION_MODE" = "true" ] || \

And in your docker-compose.yml:

SETTING_SOCIAL_AUTH_SAML_SP_ENTITY_ID: "https://example"
SETTING_SOCIAL_AUTH_SAML_ORG_INFO: |
        {
            "en-US": {
            "displayname": "example",
            "name": "example",
            "url": "{}{}".format("https://", EXTERNAL_HOST)
        }
    }
SETTING_SOCIAL_AUTH_SAML_ENABLED_IDPS: |
    {
        "idp_example": {
            "entity_id": "https://example",
            "url": "https://example",
            "slo_url": "https://example",
            "display_name": "example",
            "auto_signup": True
        }
    }

But it would be much easier to enable LINK_SETTINGS_TO_DATA and MANUAL_CONFIGURATION and edit the settings.py by hand.

[alexmv]

The original post was about SOCIAL_AUTH_OIDC_ENABLED_IDPS (note OIDC), which was already supported by SETTING_SOCIAL_AUTH_OIDC_ENABLED_IDPS. #406 added SETTING_ SETTING_SOCIAL_AUTH_SAML_ENABLED_IDPS (note SAML). I just added SOCIAL_AUTH_SAML_ORG_INFO in 6883afbd3b1edf08bc804a02c121b826c5c67239.

In general, MANUAL_CONFIGURATION is going to be better-supported for any complicated configurations.

[sevmonster]

My bad, thanks. OP's issue still solved as YAML multiline syntax wasn't being used :)