我正在尝试通过 SSO(Open ID Connect)将 Synapse Matrix 与 ADFS 集成。我使用https://github.com/spantaleev/matrix-docker-ansible-deploy上提供的 ansible playbook 运行 Synapse 。我正在尝试如下配置:
matrix_synapse_configuration_extension_yaml: |
suppress_key_server_warning: true
oidc_providers:
- idp_id: adfs
idp_name: "ADFS"
discover: false
issuer: "https://example.domain/adfs/"
client_id: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
client_secret: "XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
#client_auth_method: client_secret_post
scopes: ["openid", "profile"]
authorization_endpoint: "https://adfs.example.domain/adfs/auth"
token_endpoint: "https://adfs.example.domain/adfs/token"
userinfo_endpoint: "https://adfs.example.domain/adfs/userinfo"
jwks_uri: "https://adfs.example.domain/adfs/discovery/keys"
skip_verification: true
user_mapping_provider:
config:
localpart_template: "{% raw %}{{ user.cn }}{% endraw %}"
display_name_template: "{% raw %}{{ user.displayName }}{% endraw %}"
我收到 503 错误:
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: 2022-02-11 08:24:08,353 - synapse.app._base - 243 - CRITICAL - sentinel - Error during startup
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: Traceback (most recent call last):
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: File "/usr/local/lib/python3.8/site-packages/synapse/handlers/oidc.py", line 121, in load_metadata
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: await p.load_jwks()
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: File "/usr/local/lib/python3.8/site-packages/synapse/handlers/oidc.py", line 499, in load_jwks
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: return await self._jwks.get()
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: File "/usr/local/lib/python3.8/site-packages/synapse/util/caches/cached_call.py", line 136, in get
Feb 11 00:24:08 synspse-virtual-machine matrix-synapse[107809]: return await self._cachedcall.get()
我在矩阵服务器和 adfs 之间建立了连接(ICMP 运行良好)。
有没有人为 Synapse 进行 ADFS 集成的示例配置?