Element-web: Missing support for SAML auth

Created on 30 Mar 2017  Â·  13Comments  Â·  Source: vector-im/element-web

Description

When SAML authentication is enabled in Synapse (saml2_config in homeserver.yaml) Riot clients no longer work for authentication.

Steps to reproduce

  • Uncomment "saml2_config" section of default homeserver.yaml config
  • Open Riot client (tested on Android, Windows, and https://riot.im/develop)
  • Select "Custom server" radio button
  • Enter "Home Server URL" of SAML-enabled Synapse server

Client will present an error message.

For Windows/Web client the message shown is:

Sorry, this homeserver is using a login which is not recognised (m.login.saml2)

For Android client the message shown is:

Log in with one of the following methods
Log in currently unavailable

Version information

  • Platform: Web, Desktop, & Mobile

For the web app:

  • Browser: Chrome 57.0.2987.110 (64-bit)
  • OS: Windows
  • URL: riot.im/develop /

For the desktop app:

  • OS: Windows 10
  • Version: matrix-react-sdk version: 0.8.6

For Mobile app:

  • OS: Android
  • Version: 7.1.0
feature p3 sso
Source
picture RyanMelenaNoesis
👍6

Most helpful comment

SAML would be extremely helpful for a group of organizations I belong to

picture TwoTwenty on 30 Nov 2018
👍9

All 13 comments

Very interested in this feature. Due to it's lack SAML support of matrix synapse is currently useless.

TechnicLab picture TechnicLab on 4 Apr 2018
👍8

Is there any progress regarding this issue?

Skons picture Skons on 10 May 2018

SAML would be extremely helpful for a group of organizations I belong to

TwoTwenty picture TwoTwenty on 30 Nov 2018
👍9

The SAML portion of this goes no where, since the reference ultimately points to OAUTH.

TwoTwenty picture TwoTwenty on 22 Mar 2019

Any news on SAML authentication?

localguru picture localguru on 3 May 2019

Does Riot Web currently support SAML2 or not?

menturion picture menturion on 6 May 2019

Maybe @richvdh or @ara4n could shed some light on this?

Morcin picture Morcin on 6 May 2019

@richvdh, @ara4n

Since SAML is only half implemented., ...

-1- Is there any (callback) function that can be called in a password provider to allow a custom SSO login when hitting the Riot Web index instead of SAML?

-2- Or is there any way to set the creds for Riot Web programmatically to establish a SSO, i.e. signing in the user in the backgound through the client-server API (https://matrix.org/docs/spec/client_server/r0.4.0.html#login) and handing over the creds to Riot Web (e.g. for function "Lifecycle.setLoggedIn([...})")?

menturion picture menturion on 6 May 2019

As I understand it, SAML support is now fully implemented in Riot and Synapse... However, we'll still missing good docs on how to assemble everything together. We'll keep this issue open to track the docs work that remains.

jryans picture jryans on 11 Sep 2019

see also https://github.com/matrix-org/synapse/issues/5764 on the docs front

richvdh picture richvdh on 11 Sep 2019

SSO with SAML now works. And SSO can be used for UIA. But if both password auth and SAML are enabled in synapse, Riot will apparently prefer password auth, even if the current user has no password set: https://github.com/matrix-org/synapse/issues/5667#issuecomment-632035981

ptman picture ptman on 22 May 2020

This should perhaps be consistent with login where if SSO and password are supported then Riot treats it as if only SSO existed.

t3chguy picture t3chguy on 22 May 2020

it's mostly a misconfiguration if you're advertising both as it's expected that your SSO system handle passwords for you.

I'm actually going to close this as the docs front should be a separate issue, and likely fall mostly on the Synapse side.

turt2live picture turt2live on 22 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

t3chguy picture t3chguy  Â·  3Comments
arthurlutz picture arthurlutz  Â·  3Comments
grahamperrin picture grahamperrin  Â·  3Comments
bagage picture bagage  Â·  3Comments
turt2live picture turt2live  Â·  3Comments