Reminder, it’s still here. #corona
TL;DR: Matrix & Nextcloud setup (geek warning)
This is the BARE minimum of the specific configuration of my setup. Read the detailed setup post here.
Synapse
Synapse runs locally on port 8008 and is served on matrix.sspaeth.de. The only change needed, is to set up MAS as the OIDC server. I put the below in a separate OIDC.yaml
file in the conf.d subdirectory of my synapse config:
experimental_features:
msc3861:
enabled: true
issuer: https://auth.sspaeth.de/
# Matches the `client_id` in the MAS config
client_id: 00000000000000000SYNAPSE00
# Matches the `client_auth_method` in the MAS config
client_auth_method: client_secret_basic
# Matches the `client_secret` in the MAS config
client_secret: 1234CLIENTSECRETHERE56789
# Matches the `matrix.secret` in the MAS config
admin_token: 0x97531ADMINTOKENHERE13579
MAS
MAS runs locally on port 8080 and is served on auth.sspaeth.de. Below are snippets that I either added to or where I modified the defaults in config.yaml
.
# Set up the client talking to Synapse.
clients:
- client_id: 00000000000000000SYNAPSE00
client_auth_method: client_secret_basic
client_secret: 1234CLIENTSECRETHERE56789
redirect_uris:
- https://openidconnect.net/callback
# Tell MAS about Synapse and how to talk locally to it:
matrix:
homeserver: sspaeth.de
secret: 0x97531ADMINTOKENHERE13579
endpoint: http://localhost:8008/
This should be OK for local password auth through MAS, but the next section is what I added to configure Nextcloud as an upstream OIDC provider:
upstream_oauth2:
providers:
- id: 01B2BSNY1QVVS9ZG3JTVDHNYYE
# Note, above value is used in the Nextcloud config in the Redirection URI
human_name: Nextcloud
issuer: "https://cloud.sspaeth.de"
client_id: "THISISMYLONGANDSECRETNEXTCLOUDCLIENTID" # needs to be configured in the Nextcloud OIDC settings
client_secret: "THISISMYLONGANDSECRETNEXTCLOUDCLIENSECRET" # needs to be configured in the Nextcloud OIDC settings
token_endpoint_auth_method: "client_secret_post"
scope: "openid profile email"
claims_imports:
localpart:
action: require
template: "{{ user.preferred_username }}"
displayname:
action: suggest
template: "{{ user.name }}"
email:
action: suggest
template: "{{ user.email }}"
set_email_verification: import
# Only allow upstream IdP, no local passwords
passwords:
enabled: false
Nextcloud
The OpenID Connect app/plugin adds the central config option OpenID Connect clients
. In this I have set:
Name auth.sspaeth.de
# Redirect URI uses the upstream_oauth2->providers->id value from my MAS config
Redirection URI: https://auth.sspaeth.de/upstream/callback/01B2BSNY1QVVS9ZG3JTVDHNYYE
Client Identifier: THISISMYLONGANDSECRETNEXTCLOUDCLIENTID
Secret: THISISMYLONGANDSECRETNEXTCLOUDCLIENTSECRET
Signing Algorithm: RS256
Type: confidential
Flows: Code & Implicit Authorization Flow
Limited to Groups: matrix # my choice to only allow specific users to log in.
That was simple wasn’t it? Again, this is just specific config changes to all components to get things running. Check out the detailed post on my setup and nginx proxy configuration.
Matrix server with Nextcloud login
This is a pretty geeky description of my matrix homeserver setup using Matrix-authentication-service and Nextcloud as the authentication source. It might be useful to others or future me. If not interested in technical details, please skip this post. A minimal version highlighting just the necessary configuration can be found in this TL;DR post. This is the slightly extended version explaining my setup.
Continue readingReisen mit der Bahn
Premiere: “Dieser Zug ist überfüllt und kann so nicht weiterfahren. Am nächsten Halt müssen alle Reisende ohne Reservierung aussteigen.”
Blue Man Group
Been at a #Blue_Man_Group show in Chicago, what an event. We had seats in the first row and were greeted with rain coats that we were supposed to put on (so much for nice evening outfits). And what a show! It is hard to describe as it was a firework of ideas. Pantomime, acrobatics, humor, and lots of liquid color. Mix in lots of interactivity with the audience (and pulling aufience members on stage)
P.S. I really need to start practicing catching Marshmallows with my mouth. It is an underdeveloped skill.
Sebastian Spaeth
2024/08/04
Cycling is dangerous
Biked to work this Monday. When crossing the street on a dedicated bike lane, a bus coming from the left hit me with its front corner. Fortunately, it threw me to the side and not in front under the bus. Lucky me!!!
P.S. yes, the traffic lights were green for me.
Lives used: 1 Lives left: 8
Sebastian Spaeth
2024/03/29
Fertig zum großen Osterfeuer in Volksdorf, wo ich morgen wieder einmal etliche tausend Bratwürste und hundert Kilo Pommes verputzen, ähh, verkaufen werde.
Making your blog a micro-blog
I like decentralized social media and I really like ActivityPub/Mastodon & co. But I have been running my blog since something around 2001 (b2evolution!) and I really do not feel like setting up a ruby server (pleroma is nice though). So it is very cool that you can convert your wordpress into a mastodon server, using the ActivityPub plugin to publish to the Fediverse, the Friends plugin to read and subscribe to ActivityPub content and the Enable Mastodon apps plugin, to post via a Mastodon App. Cool!
Almut ist als Musiklehrerin und Coach selbstständig
Almut hat sich Anfang dieses Jahres mit ihrer Musikschule selbständig gemacht! Sie ist jetzt unter https://almutspaeth.de/ zu finden und bietet online und offline Unterricht und Coaching für Musiker und Chöre an. Spannend und aufregend. Und kompliziert ein eigenes Business zu starten :-)! Toi Toi Toi!