-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support matrix-authentication-service #3108
Comments
Is this what is needed for Element X to show the Sign In with (OIDC) button? I have oidc enabled and working in the web app, but Element X doesn't give me the option |
Yes exactly for that. I have the same issue. |
is there a reason why this is not picked up? i.e. can you use Element-X with synapse and SSO without MAS? |
That is exactly what is NOT possible. You have to have SSO via MAS if you want it to work with Element X. |
Hi, I was searching how I would be able to link my homeserver (currently using ma1sd authentication) with the elementX app, I found this ticket. I'm interested in consolidating my deployment management into a single playbook instead of having the OIDC elsewhere. To achieve this, I propose introducing a new role that would handle installing and spawning a service, such as Authentik or Hydra (open-source OIDC), using Docker. I've already conducted some research and outlined a plan for implementing this. I'd appreciate any suggestions or feedback on where I should start to do that. I'm novice with Ansible, playing with this playbook is my first experience. |
This has nothing whatsoever to do with ma1sd. The issue is that there exist two different OIDC implementations in synapse currently, the original one, not supported by Element X, and the newer one, currently in development, for Matrix 2.0 via MAS, which is supported by Element X. In the former case, synapse directly talks to an OIDC providers such as Authentik or Keycloak, whereas in the latter the authentication is handled through MAS which is what talks to the OIDC provider. In both cases though, an OIDC provider is still required. MAS currently does not, but will, support registering accounts directly within it. Setting up OIDC via this playbook seems frankly out of scope and incredibly complex, primarily because SSO doesn't make much sense unless you can also configure other services to use the same OIDC provider. I doubt the maintainers will support such an addition. |
Will MAS be coming to this playbook? |
Yes, OIDC is clearly out of scope, but MAS working with an external OIDC would be very helpful. |
Is your feature request related to a problem? Please describe.
Matrix authentication service has by now gained both support for migrating to it and can work with upstream OIDC providers. Particularly for users of legacy OIDC which want to move to Element X this is of interest, as Element X only supports the new native OIDC.
Describe the solution you'd like
Adding a configuration variable that optionally allows enabling matrix-authentication-service, taking the upstream OIDC configurations from
matrix_synapse_oidc_providers
perhaps.Describe alternatives you've considered
For Element X, the only other option is to enable traditional passwords, which is often undesirable.
Additional context
MAS is currently still under development, but it should by now be in a state where integrating it should be feasible, and a migration will likely be necessary eventually regardless.
The text was updated successfully, but these errors were encountered: