synapse change to oidc

synapse/main.yaml

@@ -12,11 +12,14 @@ data:
     [metrics]\n        compress: false\n\n  - port: 9093\n    tls: false\n    bind_addresses:
     [\"::\"]\n    type: http\n\n    resources:\n      - names: [replication]\n        compress:
     false\n\n## Files ##\n\nmedia_store_path: \"/synapse/data/media\"\nuploads_path:
-    \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: true\n\n##
+    \"/synapse/data/uploads\"\n\n## Registration ##\n\nenable_registration: false\n\n##
     Metrics ###\n\nenable_metrics: true\n\n## Signing Keys ##\n\nsigning_key_path:
     \"/synapse/keys/signing.key\"\n\n# The trusted servers to download signing keys
     from.\ntrusted_key_servers:\n  - server_name: matrix.org\n\n## Workers ##\n\n##
-    Extra config ##\n\nregistration_requires_token: true\n"
+    Extra config ##\n\noidc_providers:\n- client_id: synapse\n  client_secret: DOXPkkV2TUvgBBoQL4gng9e1pUvZeIFo\n
+    \ idp_id: keycloak\n  idp_name: Born In Pain\n  issuer: https://iam.borninpain.de/auth/realms/home\n
+    \ scopes:\n  - openid\n  - profile\n  user_mapping_provider:\n    config:\n      display_name_template:
+    '{{ user.name }}'\n      localpart_template: '{{ user.preferred_username }}'\n"
   log.yaml: |
     version: 1
     formatters:
@@ -59,7 +62,7 @@ metadata:
     helm.sh/chart: matrix-synapse-3.12.7
   name: synapse-matrix-synapse
 stringData:
-  config.yaml: "## Registration ##\n\nregistration_shared_secret: \"123654\"\n\n##
+  config.yaml: "## Registration ##\n\nregistration_shared_secret: \"0xxtKZ6gdJafYnju8HGf7hkW\"\n\n##
     API Configuration ##\n\n## Database configuration ##\n\ndatabase:\n  name: \"psycopg2\"\n
     \ args:\n    user: \"synapse\"\n    password: \"@@POSTGRES_PASSWORD@@\"\n    database:
     \"synapse\"\n    host: \"synapse-postgresql\"\n    port: 5432\n    sslmode: \"prefer\"\n
@@ -204,8 +207,8 @@ spec:
   template:
     metadata:
       annotations:
-        checksum/config: 77b1f5bbbbb36ca64dc91dedeba6fcef0d3bf40ba16b1c761e6d20a079252e2e
+        checksum/config: 857a63e706fd696b2e26fa9fbb0b7e72272ac46e878684456bf3c54260da3409
-        checksum/secrets: c6c3922611b50b1ee21f8d734a08725a1dd0d861f83ad711e3aff0f06bc6aa2a
+        checksum/secrets: a299d7b016aa05209a701a799dad5cf7ec27b7a59f098652799bc2154f522733
       labels:
         app.kubernetes.io/component: synapse
         app.kubernetes.io/instance: synapse

synapse/src/values.yaml

@@ -139,10 +139,10 @@ config:
   ## Registration configuration, note that registration with the
   ## container-internal register_new_matrix_user tool is always possible.
   ##
-  enableRegistration: true
+  enableRegistration: false
 
   ## NB; this value will default to a random string if not specified.
-  registrationSharedSecret: 123654
+  registrationSharedSecret: ''
 
   ## NB; Strongly recommended to set this to a secure value.
   # macaroonSecretKey: ''
@@ -181,7 +181,18 @@ config:
 ## Ref: https://github.com/matrix-org/synapse/blob/develop/docs/sample_config.yaml
 ##
 extraConfig:
-  registration_requires_token: true
+  oidc_providers:
+    - idp_id: keycloak
+      idp_name: "Born In Pain"
+      issuer: "https://iam.borninpain.de/auth/realms/home"
+      client_id: "synapse"
+      client_secret: "DOXPkkV2TUvgBBoQL4gng9e1pUvZeIFo"
+      scopes: ["openid", "profile"]
+      user_mapping_provider:
+        config:
+          localpart_template: "{{ user.preferred_username }}"
+          display_name_template: "{{ user.name }}"
+
 #  old_signing_keys:
 #    "ed25519:id": { key: "base64string", expired_ts: 123456789123 }
 #  use_presence: false