-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenID Connect #411
Comments
+1 |
Maybe an easy way would be to install automatically https://github.com/YunoHost-Apps/dex_ynh along synapse to use Yunohost LDAP through OIDC in synapse? |
Well after some investigation dex or something else will be needed to link user with LDAP but it will be not enough as we also will need to manage user which was authenticated without yunohost (and is not in LDAP). For this we will need the matrix-authentication-service. But I really think installing There are already many discussion about this here: https://github.com/YunoHost/issues/issues?q=is%3Aissue+openid |
I agree with you about integrating openid to Yunohost's sso system. For what I understood, sliding sync proxy will be merged into synapse package at some point. In the mean time, it is possible to add it separately but I wonder if we have the ressources to focus on this temporary work just to benefit a faster app for thoose who are using Element X app before synapse integrate it. I think that working on integrating openid in SSO is a much more important long run investment. |
For me it's not urgent to add sliding proxy support until elementX is merged into element. It's nice to have it but it's not mandatory. On the openid side for me idealy we should migrate the authentication system on the same time than sliding proxy as it's all liked to the new matrix spec. But yes on other side on yunohost side there are some work to integrate oidc. Maybe it could be integrated into the work of the new yunohost portail. Anyway for me all of this (sliding proxy and oidc) are big project which will take time to integrate. Synapse package a used by many people so we can't release unstable things. We had many regression since some last PR and we really should avoid this. |
[info] Element has now a native oidc support : https://github.com/element-hq/element-web/releases/tag/v1.11.59-rc.0 |
The main issue about this is that yunohost don't support natively oidc cf YunoHost/issues#676 |
Does MAS change anything or the issue remain the same, "yunohost don't support natively oidc" ? |
MAS require a OIDC server to migrate to the "new" standard of matrix with a MAS server. To me we have theses 2 possibilities:
|
I guess the second option would be better. |
Well I'm not convinced by the idea to use dex, because if we will end with 2 different configuration to maintains and this for a undefined time. But yes it's a possibility to use dex even if don't really like this idea. I would really prefer to have correct implementation, as one day we more and more client will needed it and it don't make sense to say: by default it's not supported to need install an other app and than configure synapse to use it. |
Extract from matrix.org blog :
Will it work with yunohost sso and ldap functionality?
The text was updated successfully, but these errors were encountered: