This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Include in SSO documentation that SSO redirect confirmation can be bypassed using the sso.client_whitelist option
#11294
Labels
A-Config
Configuration, or the documentation thereof
A-Docs
things relating to the documentation
A-Social Login
Login via external identity providers
O-Uncommon
Most users are unlikely to come across this or unexpected workflow
S-Tolerable
Minor significance, cosmetic issues, low or no impact to users.
T-Task
Refactoring, removal, replacement, enabling or disabling functionality, other engineering tasks.
Z-Help-Wanted
We know exactly how to fix this issue, and would be grateful for any contribution
Comments
anoadragon453
added
z-maintenance
A-Docs
@anoadragon453 would it be worth starting such a page (with just some very basic content like "Synapse supports single sign-on through the SAML, Open ID Connect or CAS protocols") to make this task less daunting for contributors? |
|
@richvdh Excellent suggestion. In fact I think we should do that for all of our current "draft pages". It's much easier for contributors to hit a ✏️ button on the docs site to add content rather than figuring out where to put files and how to update SUMMARY.md. I've opened a PR to get the ball rolling for Single Sign-On related pages here: #11298. |
DMRobertson
added
Z-Help-Wanted
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
It's not currently obvious that the SSO redirection page (introduced as a security measure) can be bypassed by use of the
sso.client_whitelistoption. This option allows specifying a whitelist of client URIs, for which the redirection page won't appear if the client you are being redirected to during SSO login.We should include some words about it on the yet-to-be-written Single Sign-On documentation page.
The text was updated successfully, but these errors were encountered: