mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-22 01:25:44 +03:00
SAML: Document allowing a clock/time difference from IdP (#8731)
Updates the sample configuration with the pysaml2 configuration for accepting clock skew/drift between the homeserver and IdP.
This commit is contained in:
parent
b690542a34
commit
d356588339
3 changed files with 13 additions and 0 deletions
1
changelog.d/8731.misc
Normal file
1
changelog.d/8731.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add an example and documentation for clock skew to the SAML2 sample configuration to allow for clock/time difference between the homserver and IdP. Contributed by @localguru.
|
|
@ -1546,6 +1546,12 @@ saml2_config:
|
||||||
# remote:
|
# remote:
|
||||||
# - url: https://our_idp/metadata.xml
|
# - url: https://our_idp/metadata.xml
|
||||||
|
|
||||||
|
# Allowed clock difference in seconds between the homeserver and IdP.
|
||||||
|
#
|
||||||
|
# Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
|
||||||
|
#
|
||||||
|
#accepted_time_diff: 3
|
||||||
|
|
||||||
# By default, the user has to go to our login page first. If you'd like
|
# By default, the user has to go to our login page first. If you'd like
|
||||||
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
|
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
|
||||||
# 'service.sp' section:
|
# 'service.sp' section:
|
||||||
|
|
|
@ -256,6 +256,12 @@ class SAML2Config(Config):
|
||||||
# remote:
|
# remote:
|
||||||
# - url: https://our_idp/metadata.xml
|
# - url: https://our_idp/metadata.xml
|
||||||
|
|
||||||
|
# Allowed clock difference in seconds between the homeserver and IdP.
|
||||||
|
#
|
||||||
|
# Uncomment the below to increase the accepted time difference from 0 to 3 seconds.
|
||||||
|
#
|
||||||
|
#accepted_time_diff: 3
|
||||||
|
|
||||||
# By default, the user has to go to our login page first. If you'd like
|
# By default, the user has to go to our login page first. If you'd like
|
||||||
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
|
# to allow IdP-initiated login, set 'allow_unsolicited: true' in a
|
||||||
# 'service.sp' section:
|
# 'service.sp' section:
|
||||||
|
|
Loading…
Reference in a new issue