matrix-docker-ansible-deploy
matrix-docker-ansible-deploy copied to clipboard
spantaleev
Support matrix-authentication-service
Is your feature request related to a problem? Please describe. Matrix authentication service has by now gained both support for migrating to it and can work with upstream OIDC providers. Particularly for users of legacy OIDC which want to move to Element X this is of interest, as Element X only supports the new native OIDC.
Describe the solution you'd like
Adding a configuration variable that optionally allows enabling matrix-authentication-service, taking the upstream OIDC configurations from matrix_synapse_oidc_providers perhaps.
Describe alternatives you've considered For Element X, the only other option is to enable traditional passwords, which is often undesirable.
Additional context MAS is currently still under development, but it should by now be in a state where integrating it should be feasible, and a migration will likely be necessary eventually regardless.
Is this what is needed for Element X to show the Sign In with (OIDC) button? I have oidc enabled and working in the web app, but Element X doesn't give me the option
Is this what is needed for Element X to show the Sign In with button? I have oidc enabled and working in the web app, but Element X doesn't give me the option
Yes exactly for that. I have the same issue.
is there a reason why this is not picked up? i.e. can you use Element-X with synapse and SSO without MAS?
i.e. can you use Element-X with synapse and SSO without MAS?
That is exactly what is NOT possible. You have to have SSO via MAS if you want it to work with Element X.
Hi, I was searching how I would be able to link my homeserver (currently using ma1sd authentication) with the elementX app, I found this ticket. If I understand correctly, ma1sd isn't allowing OIDC, so if I configure a OIDC like Auth0, Hydra, or MAS (others), I will be able to register an account on my homeserver ? (right now I can only sign in from elementX on my homeserver)
I'm interested in consolidating my deployment management into a single playbook instead of having the OIDC elsewhere. To achieve this, I propose introducing a new role that would handle installing and spawning a service, such as Authentik or Hydra (open-source OIDC), using Docker. I've already conducted some research and outlined a plan for implementing this. I'd appreciate any suggestions or feedback on where I should start to do that. I'm novice with Ansible, playing with this playbook is my first experience.
This has nothing whatsoever to do with ma1sd. The issue is that there exist two different OIDC implementations in synapse currently, the original one, not supported by Element X, and the newer one, currently in development, for Matrix 2.0 via MAS, which is supported by Element X. In the former case, synapse directly talks to an OIDC providers such as Authentik or Keycloak, whereas in the latter the authentication is handled through MAS which is what talks to the OIDC provider. In both cases though, an OIDC provider is still required. MAS currently does not, but will, support registering accounts directly within it.
Setting up OIDC via this playbook seems frankly out of scope and incredibly complex, primarily because SSO doesn't make much sense unless you can also configure other services to use the same OIDC provider. I doubt the maintainers will support such an addition.
Yes, OIDC is clearly out of scope, but MAS working with an external OIDC would be very helpful.
I'm attempting to get MAS working with an existing playbook deplyment, but I'm thinking I need help with the Traefik config: https://matrix-org.github.io/matrix-authentication-service/setup/reverse-proxy.html
MAS wants a new endpoint to 8080 by default, but element web uses it be default it appears. so I need some guidance where to try to shove MAS in the Traefik setup
From my perspective MAS appears to become the future bread and butter of matrix auth, so adding it to the playbook is a great idea
matrix.org just released some more info (see Department of OIDC): https://matrix.org/blog/2024/08/16/this-week-in-matrix-2024-08-16/#continue-reading
I just setup my matrix/element servers using this great playbook (using Ansible for the first time). I really do appreciate the great work on the playbook as well as on the outstanding documentation. This is really incredible.
We also do really look forward having MAS integrated into the playbook. Is this on the roadmap and to be expected?
This would be a real help, since also my tries to get OICD working with matrix_synapse_oidc_enabled ended up in a matrix server not starting up any more ...
This would be a real help, since also my tries to get OICD working with matrix_synapse_oidc_enabled ended up in a matrix server not starting up any more ...
This is unrelated to MAS @Jens-TGS you need to look at your Synapse logs and figure out how OIDC is misconfigured. there are 100 ways to misconfigure the mapping on OIDC
Sure, @hanthor, I just wanted to express my appreciation for this great project and my interest in MAS. Got OIDC just now working.
@Jens-TGS Since you recently got this to work, can you briefly summarize the steps and configuration to get external oidc to work
Thanks
Sure. Did you find this section in the documentation? I did follow the described config straight forward.
Unfortunately I created problem (reported above) with the issuer URL in the first run. After correcting this everything did work out nicely.