mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-23 13:05:47 +00:00
1045 lines
43 KiB
Plaintext
1045 lines
43 KiB
Plaintext
|
# SOME DESCRIPTIVE TITLE.
|
||
|
# Copyright (C) 2018-2024, Slavi Pantaleev, Aine Etke, MDAD community
|
||
|
# members
|
||
|
# This file is distributed under the same license as the
|
||
|
# matrix-docker-ansible-deploy package.
|
||
|
# FIRST AUTHOR <EMAIL@ADDRESS>, 2024.
|
||
|
#
|
||
|
#, fuzzy
|
||
|
msgid ""
|
||
|
msgstr ""
|
||
|
"Project-Id-Version: matrix-docker-ansible-deploy \n"
|
||
|
"Report-Msgid-Bugs-To: \n"
|
||
|
"POT-Creation-Date: 2024-12-16 12:05+0900\n"
|
||
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||
|
"Language: jp\n"
|
||
|
"Language-Team: jp <LL@li.org>\n"
|
||
|
"MIME-Version: 1.0\n"
|
||
|
"Content-Type: text/plain; charset=utf-8\n"
|
||
|
"Content-Transfer-Encoding: 8bit\n"
|
||
|
"Generated-By: Babel 2.16.0\n"
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:1
|
||
|
msgid "Setting up Matrix Authentication Service (optional)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:3
|
||
|
msgid ""
|
||
|
"This playbook can install and configure [Matrix Authentication "
|
||
|
"Service](https://github.com/element-hq/matrix-authentication-service/) "
|
||
|
"(MAS) - a service operating alongside your existing [Synapse"
|
||
|
"](./configuring-playbook-synapse.md) homeserver and providing [better "
|
||
|
"authentication, session management and permissions in "
|
||
|
"Matrix](https://matrix.org/blog/2023/09/better-auth/)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:5
|
||
|
msgid ""
|
||
|
"Matrix Authentication Service is an implementation of [MSC3861: Next-"
|
||
|
"generation auth for Matrix, based on OAuth 2.0/OIDC](https://github.com"
|
||
|
"/matrix-org/matrix-spec-proposals/pull/3861) and still work in progress, "
|
||
|
"tracked at the [areweoidcyet.com](https://areweoidcyet.com/) website."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:7
|
||
|
msgid ""
|
||
|
"**Before going through with starting to use Matrix Authentication "
|
||
|
"Service**, make sure to read:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:9
|
||
|
msgid ""
|
||
|
"the [Reasons to use Matrix Authentication Service](#reasons-to-use-"
|
||
|
"matrix-authentication-service) section below"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:10
|
||
|
msgid "the [Expectations](#expectations) section below"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:11
|
||
|
msgid "the [FAQ section on areweoidcyet.com](https://areweoidcyet.com/#faqs)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:13
|
||
|
msgid ""
|
||
|
"**If you've already been using Synapse** and have user accounts in its "
|
||
|
"database, you can [migrate to Matrix Authentication Service](#migrating-"
|
||
|
"an-existing-synapse-homeserver-to-matrix-authentication-service)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:15
|
||
|
msgid "Reasons to use Matrix Authentication Service"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:17
|
||
|
msgid ""
|
||
|
"You may be wondering whether you should make the switch to Matrix "
|
||
|
"Authentication Service (MAS) or keep using your existing authentication "
|
||
|
"flow via Synapse (password-based or [OIDC](./configuring-playbook-"
|
||
|
"synapse.md#synapse--openid-connect-for-single-sign-on)-enabled)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:19
|
||
|
msgid ""
|
||
|
"Matrix Authentication Service is **still an experimental service** and "
|
||
|
"**not a default** for this Ansible playbook."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:21
|
||
|
msgid ""
|
||
|
"The [Expectations](#expectations) section contains a list of what works "
|
||
|
"and what doesn't (**some services don't work with MAS yet**), as well as "
|
||
|
"the **relative irreversability** of the migration process."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:23
|
||
|
msgid ""
|
||
|
"Below, we'll try to **highlight some potential reasons for switching** to"
|
||
|
" Matrix Authentication Service:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:25
|
||
|
msgid ""
|
||
|
"To use SSO in [Element X](https://element.io/blog/element-x-ignition/). "
|
||
|
"The old [Synapse OIDC](./configuring-playbook-synapse.md#synapse--openid-"
|
||
|
"connect-for-single-sign-on) login flow is only supported in old Element "
|
||
|
"clients and will not be supported in Element X. Element X will only "
|
||
|
"support the new SSO-based login flow provided by MAS, so if you want to "
|
||
|
"use SSO with Element X, you will need to switch to MAS."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:27
|
||
|
msgid ""
|
||
|
"To help drive adoption of the \"Next-generation auth for Matrix\" by "
|
||
|
"switching to what's ultimately coming anyway"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:29
|
||
|
msgid ""
|
||
|
"To help discover (and potentially fix) MAS integration issues with this "
|
||
|
"Ansible playbook"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:31
|
||
|
msgid ""
|
||
|
"To help discover (and potentially fix) MAS integration issues with "
|
||
|
"various other Matrix components (bridges, bots, clients, etc.)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:33
|
||
|
msgid ""
|
||
|
"To reap some of the security benefits that Matrix Authentication Service "
|
||
|
"offers, as outlined in the [Better authentication, session management and"
|
||
|
" permissions in Matrix](https://matrix.org/blog/2023/09/better-auth/) "
|
||
|
"article."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:35
|
||
|
msgid "Prerequisites"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:37
|
||
|
msgid ""
|
||
|
"⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver "
|
||
|
"implementation (which is the default for this playbook). Other homeserver"
|
||
|
" implementations ([Dendrite](./configuring-playbook-dendrite.md), "
|
||
|
"[Conduit](./configuring-playbook-conduit.md), etc.) do not support "
|
||
|
"integrating wtih Matrix Authentication Service yet."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:39
|
||
|
msgid ""
|
||
|
"⚠️ **email sending** configured (see [Adjusting email-sending settings"
|
||
|
"](./configuring-playbook-email.md)), because **Matrix Authentication "
|
||
|
"Service [still insists](https://github.com/element-hq/matrix-"
|
||
|
"authentication-service/issues/1505) on having a verified email address "
|
||
|
"for each user** going through the new SSO-based login flow. It's also "
|
||
|
"possible to [work around email deliverability issues](#working-around-"
|
||
|
"email-deliverability-issues) if your email configuration is not working."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:41
|
||
|
msgid ""
|
||
|
"❌ **disabling all password providers** for Synapse (things like [shared-"
|
||
|
"secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth"
|
||
|
"](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-"
|
||
|
"playbook-ldap-auth.md), etc.) More details about this are available in "
|
||
|
"the [Expectations](#expectations) section below."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:43
|
||
|
msgid "Expectations"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:45
|
||
|
msgid ""
|
||
|
"This section details what you can expect when switching to the Matrix "
|
||
|
"Authentication Service (MAS)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:47
|
||
|
msgid ""
|
||
|
"❌ **Synapse password providers will need to be disabled**. You can no "
|
||
|
"longer use [shared-secret-auth](./configuring-playbook-shared-secret-"
|
||
|
"auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth"
|
||
|
"](./configuring-playbook-ldap-auth.md), etc. When the authentication flow"
|
||
|
" is handled by MAS (not by Synapse anymore), it doesn't make sense to "
|
||
|
"extend the Synapse authentication flow with additional modules. Many "
|
||
|
"bridges used to rely on shared-secret-auth for doing double-puppeting "
|
||
|
"(impersonating other users), but most (at least the mautrix bridges) "
|
||
|
"nowadays use [Appservice Double Puppet](./configuring-playbook-"
|
||
|
"appservice-double-puppet.md) as a better alternative. Older/maintained "
|
||
|
"bridges may still rely on shared-secret-auth, as do other services like "
|
||
|
"[matrix-corporal](./configuring-playbook-matrix-corporal.md)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:49
|
||
|
msgid ""
|
||
|
"❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-"
|
||
|
"admin.md) do not have full compatibility with MAS yet**. synapse-admin "
|
||
|
"already supports [login with access token](https://github.com/etkecc"
|
||
|
"/synapse-admin/pull/58), browsing users (which Synapse will internally "
|
||
|
"fetch from MAS) and updating user avatars. However, editing users "
|
||
|
"(passwords, etc.) now needs to happen directly against MAS using the [MAS"
|
||
|
" Admin API](https://element-hq.github.io/matrix-authentication-"
|
||
|
"service/api/index.html), which synapse-admin cannot interact with yet."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:51
|
||
|
msgid "❌ **Some services experience issues when authenticating via MAS**:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:53
|
||
|
msgid ""
|
||
|
"[Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first"
|
||
|
" time around, but it consistently fails after restarting:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:55
|
||
|
msgid ""
|
||
|
"cannot initialize matrix bot error=\"olm account is marked as shared, "
|
||
|
"keys seem to have disappeared from the server\""
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:57
|
||
|
msgid ""
|
||
|
"[matrix-reminder-bot](./configuring-playbook-bot-matrix-reminder-bot.md) "
|
||
|
"fails to start (see [element-hq/matrix-authentication-"
|
||
|
"service#3439](https://github.com/element-hq/matrix-authentication-"
|
||
|
"service/issues/3439))"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:58
|
||
|
msgid "Other services may be similarly affected. This list is not exhaustive."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:60
|
||
|
msgid ""
|
||
|
"❌ **Encrypted appservices** do not work yet (related to "
|
||
|
"[MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) "
|
||
|
"and [PR 17705 for Synapse](https://github.com/element-"
|
||
|
"hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will"
|
||
|
" fail to start (see [this issue](https://github.com/spantaleev/matrix-"
|
||
|
"docker-ansible-deploy/issues/3658) for Hookshot). You can use these "
|
||
|
"bridges/bots only if you **keep end-to-bridge encryption disabled** "
|
||
|
"(which is the default setting)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:62
|
||
|
msgid ""
|
||
|
"⚠️ **You will need to have email sending configured** (see [Adjusting "
|
||
|
"email-sending settings](./configuring-playbook-email.md)), because "
|
||
|
"**Matrix Authentication Service [still insists](https://github.com"
|
||
|
"/element-hq/matrix-authentication-service/issues/1505) on having a "
|
||
|
"verified email address for each user** going through the new SSO-based "
|
||
|
"login flow. It's also possible to [work around email deliverability "
|
||
|
"issues](#working-around-email-deliverability-issues) if your email "
|
||
|
"configuration is not working."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:64
|
||
|
msgid ""
|
||
|
"⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication "
|
||
|
"Service](#migrating-an-existing-synapse-homeserver-to-matrix-"
|
||
|
"authentication-service) is **possible**, but requires **some playbook-"
|
||
|
"assisted manual work**. Migration is **reversible with no or minor issues"
|
||
|
" if done quickly enough**, but as users start logging in (creating new "
|
||
|
"login sessions) via the new MAS setup, disabling MAS and reverting back "
|
||
|
"to the Synapse user database will cause these new sessions to break."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:66
|
||
|
msgid ""
|
||
|
"⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication "
|
||
|
"Service](#migrating-an-existing-synapse-homeserver-to-matrix-"
|
||
|
"authentication-service) does not currently seem to preserve the \"admin\""
|
||
|
" flag for users (as found in the Synapse database). All users are "
|
||
|
"imported as non-admin - see [element-hq/matrix-authentication-"
|
||
|
"service#3440](https://github.com/element-hq/matrix-authentication-"
|
||
|
"service/issues/3440). You may need update the Matrix Authentication "
|
||
|
"Service's database manually and adjust the `can_request_admin` column in "
|
||
|
"the `users` table to `true` for users that need to be administrators "
|
||
|
"(e.g. `UPDATE users SET can_request_admin = true WHERE username = "
|
||
|
"'someone';`)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:68
|
||
|
msgid ""
|
||
|
"⚠️ Delegating user authentication to MAS causes **your Synapse server to "
|
||
|
"be completely dependant on one more service** for its operations. MAS is "
|
||
|
"quick & lightweight and should be stable enough already, but this is "
|
||
|
"something to keep in mind when making the switch."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:70
|
||
|
msgid ""
|
||
|
"⚠️ If you've got [OIDC configured in Synapse](./configuring-playbook-"
|
||
|
"synapse.md#synapse--openid-connect-for-single-sign-on), you will need to "
|
||
|
"migrate your OIDC configuration to MAS by adding an [Upstream OAuth2 "
|
||
|
"configuration](#upstream-oauth2-configuration)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:72
|
||
|
msgid ""
|
||
|
"⚠️ A [compatibility layer](https://element-hq.github.io/matrix-"
|
||
|
"authentication-service/setup/homeserver.html#set-up-the-compatibility-"
|
||
|
"layer) is installed - all `/_matrix/client/*/login` (etc.) requests will "
|
||
|
"be routed to MAS instead of going to the homeserver. This is done both "
|
||
|
"publicly (e.g. `https://matrix.example.com/_matrix/client/*/login`) and "
|
||
|
"on the internal Traefik entrypoint (e.g. `https://matrix-"
|
||
|
"traefik:8008/_matrix/client/*/login`) which helps addon services reach "
|
||
|
"the homeserver's Client-Server API. You typically don't need to do "
|
||
|
"anything to make this work, but it's good to be aware of it, especially "
|
||
|
"if you have a [custom webserver setup](./configuring-playbook-own-"
|
||
|
"webserver.md)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:74
|
||
|
msgid ""
|
||
|
"✅ Your **existing login sessions will continue to work** (you won't get "
|
||
|
"logged out). Migration will require a bit of manual work and minutes of "
|
||
|
"downtime, but it's not too bad."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:76
|
||
|
msgid ""
|
||
|
"✅ Various clients ([Cinny](./configuring-playbook-client-cinny.md), "
|
||
|
"[Element Web](./configuring-playbook-client-element-web.md), Element X, "
|
||
|
"FluffyChat) will be able to use the **new SSO-based login flow** provided"
|
||
|
" by Matrix Authentication Service"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:78
|
||
|
msgid ""
|
||
|
"✅ The **old login flow** (called `m.login.password`) **will still "
|
||
|
"continue to work**, so clients (old Element Web, etc.) and bridges/bots "
|
||
|
"that don't support the new OIDC-based login flow will still work. Going "
|
||
|
"through the old login flow does not require users to have a verified "
|
||
|
"email address, as [is the case](https://github.com/element-hq/matrix-"
|
||
|
"authentication-service/issues/1505) for the new SSO-based login flow."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:80
|
||
|
msgid ""
|
||
|
"✅ [Registering users](./registering-users.md) via **the playbook's "
|
||
|
"`register-user` tag remains unchanged**. The playbook automatically does "
|
||
|
"the right thing regardless of homeserver implementation (Synapse, "
|
||
|
"Dendrite, etc.) and whether MAS is enabled or not. When MAS is enabled, "
|
||
|
"the playbook will forward user-registration requests to MAS. Registering "
|
||
|
"users via the command-line is no longer done via the "
|
||
|
"`/matrix/synapse/bin/register` script, but via `/matrix/matrix-"
|
||
|
"authentication-service/bin/register-user`."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:82
|
||
|
msgid ""
|
||
|
"✅ Users that are prepared by the playbook (for bots, bridges, etc.) will "
|
||
|
"continue to be registered automatically as expected. The playbook "
|
||
|
"automatically does the right thing regardless of homeserver "
|
||
|
"implementation (Synapse, Dendrite, etc.) and whether MAS is enabled or "
|
||
|
"not. When MAS is enabled, the playbook will forward user-registration "
|
||
|
"requests to MAS."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:84
|
||
|
msgid "Installation flows"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:86
|
||
|
msgid "New homeserver"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:88
|
||
|
msgid ""
|
||
|
"For new homeservers (which don't have any users in their Synapse database"
|
||
|
" yet), follow the [Adjusting the playbook configuration](#adjusting-the-"
|
||
|
"playbook-configuration) instructions and then proceed with "
|
||
|
"[Installing](#installing)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:90
|
||
|
msgid "Existing homeserver"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:92
|
||
|
msgid ""
|
||
|
"Other homeserver implementations ([Dendrite](./configuring-playbook-"
|
||
|
"dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not "
|
||
|
"support integrating wtih Matrix Authentication Service yet."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:94
|
||
|
msgid "For existing Synapse homeservers:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:96
|
||
|
msgid ""
|
||
|
"when following the [Adjusting the playbook configuration](#adjusting-the-"
|
||
|
"playbook-configuration) instructions, make sure to **disable the "
|
||
|
"integration between Synapse and MAS** by **uncommenting** the "
|
||
|
"`matrix_authentication_service_migration_in_progress: true` line as "
|
||
|
"described in the [Marking an existing homeserver for migration](#marking-"
|
||
|
"an-existing-homeserver-for-migration) section below."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:98
|
||
|
msgid ""
|
||
|
"then follow the [Migrating an existing Synapse homeserver to Matrix "
|
||
|
"Authentication Service](#migrating-an-existing-synapse-homeserver-to-"
|
||
|
"matrix-authentication-service) instructions to perform the installation "
|
||
|
"and migration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:100
|
||
|
msgid "Adjusting the playbook configuration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:102
|
||
|
msgid ""
|
||
|
"To enable Matrix Authentication Service, add the following configuration "
|
||
|
"to your `inventory/host_vars/matrix.example.com/vars.yml` file:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:116
|
||
|
msgid ""
|
||
|
"In the sub-sections that follow, we'll cover some additional "
|
||
|
"configuration options that you may wish to adjust."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:118
|
||
|
msgid ""
|
||
|
"There are many other configuration options available. Consult the "
|
||
|
"[`defaults/main.yml` file](../roles/custom/matrix-authentication-"
|
||
|
"service/defaults/main.yml) in the [matrix-authentication-service "
|
||
|
"role](../roles/custom/matrix-authentication-service/) to discover them."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:120
|
||
|
msgid "Adjusting the Matrix Authentication Service URL"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:122
|
||
|
msgid ""
|
||
|
"By default, this playbook installs the Matrix Authentication Service on "
|
||
|
"the `matrix.` subdomain, at the `/auth` path "
|
||
|
"(https://matrix.example.com/auth). This makes it easy to install it, "
|
||
|
"because it **doesn't require additional DNS records to be set up**. If "
|
||
|
"that's okay, you can skip this section."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:124
|
||
|
msgid ""
|
||
|
"By tweaking the `matrix_authentication_service_hostname` and "
|
||
|
"`matrix_authentication_service_path_prefix` variables, you can easily "
|
||
|
"make the service available at a **different hostname and/or path** than "
|
||
|
"the default one."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:126
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:149
|
||
|
msgid ""
|
||
|
"Example additional configuration for your "
|
||
|
"`inventory/host_vars/matrix.example.com/vars.yml` file:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:134
|
||
|
msgid "Marking an existing homeserver for migration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:136
|
||
|
msgid ""
|
||
|
"The [configuration above](#adjusting-the-playbook-configuration) "
|
||
|
"instructs existing users wishing to migrate to add "
|
||
|
"`matrix_authentication_service_migration_in_progress: true` to their "
|
||
|
"configuration."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:138
|
||
|
msgid ""
|
||
|
"This is done temporarily. The migration steps are described in more "
|
||
|
"detail in the [Migrating an existing Synapse homeserver to Matrix "
|
||
|
"Authentication Service](#migrating-an-existing-synapse-homeserver-to-"
|
||
|
"matrix-authentication-service) section below."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:140
|
||
|
msgid "Upstream OAuth2 configuration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:142
|
||
|
msgid ""
|
||
|
"To make Matrix Authentication Service delegate to an existing upstream "
|
||
|
"OAuth 2.0/OIDC provider, you can use its [`upstream_oauth2.providers` "
|
||
|
"setting](https://element-hq.github.io/matrix-authentication-"
|
||
|
"service/reference/configuration.html#upstream_oauth2providers)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:144
|
||
|
msgid ""
|
||
|
"The playbook exposes a "
|
||
|
"`matrix_authentication_service_config_upstream_oauth2_providers` variable"
|
||
|
" for controlling this setting."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:261
|
||
|
msgid ""
|
||
|
"💡 Refer to the [`upstream_oauth2.providers` setting](https://element-"
|
||
|
"hq.github.io/matrix-authentication-"
|
||
|
"service/reference/configuration.html#upstream_oauth2providers) for the "
|
||
|
"most up-to-date schema and example for providers. The value shown above "
|
||
|
"here may be out of date."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:263
|
||
|
msgid ""
|
||
|
"⚠️ The syntax for existing [OIDC providers configured in Synapse"
|
||
|
"](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-"
|
||
|
"sign-on) is slightly different, so you will need to adjust your "
|
||
|
"configuration when switching from Synapse OIDC to MAS upstream OAuth2."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:265
|
||
|
msgid ""
|
||
|
"⚠️ When [migrating an existing homeserver](#migrating-an-existing-"
|
||
|
"synapse-homeserver-to-matrix-authentication-service) which contains OIDC-"
|
||
|
"sourced users, you will need to:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:267
|
||
|
msgid ""
|
||
|
"[Configure upstream OIDC provider mapping for syn2mas](#configuring-"
|
||
|
"upstream-oidc-provider-mapping-for-syn2mas)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:268
|
||
|
msgid ""
|
||
|
"go through the [migrating an existing homeserver](#migrating-an-existing-"
|
||
|
"synapse-homeserver-to-matrix-authentication-service) process"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:269
|
||
|
msgid ""
|
||
|
"remove all Synapse OIDC-related configuration (`matrix_synapse_oidc_*`) "
|
||
|
"to prevent it being in conflict with the MAS OIDC configuration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:271
|
||
|
msgid "Adjusting DNS records"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:273
|
||
|
msgid ""
|
||
|
"If you've changed the default hostname, **you may need to adjust your "
|
||
|
"DNS** records to point the Matrix Authentication Service domain to the "
|
||
|
"Matrix server."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:275
|
||
|
msgid "See [Configuring DNS](configuring-dns.md) for details about DNS changes."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:277
|
||
|
msgid ""
|
||
|
"If you've decided to use the default hostname, you won't need to do any "
|
||
|
"extra DNS configuration."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:279
|
||
|
msgid "Installing"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:281
|
||
|
msgid ""
|
||
|
"Now that you've [adjusted the playbook configuration](#adjusting-the-"
|
||
|
"playbook-configuration) and [your DNS records](#adjusting-dns-records), "
|
||
|
"you can run the playbook with [playbook tags](playbook-tags.md) as below:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:288
|
||
|
msgid "**Notes**:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:290
|
||
|
msgid ""
|
||
|
"The shortcut commands with the [`just` program](just.md) are also "
|
||
|
"available: `just install-all` or `just setup-all`"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:292
|
||
|
msgid ""
|
||
|
"`just install-all` is useful for maintaining your setup quickly ([2x-5x "
|
||
|
"faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-"
|
||
|
"runtime) than `just setup-all`) when its components remain unchanged. If "
|
||
|
"you adjust your `vars.yml` to remove other components, you'd need to run "
|
||
|
"`just setup-all`, or these components will still remain installed. Note "
|
||
|
"these shortcuts run the `ensure-matrix-users-created` tag too."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:294
|
||
|
msgid ""
|
||
|
"If you're in the process of migrating an existing Synapse homeserver to "
|
||
|
"MAS, you should now follow the rest of the steps in the [Migrating an "
|
||
|
"existing Synapse homeserver to Matrix Authentication Service](#migrating-"
|
||
|
"an-existing-synapse-homeserver-to-matrix-authentication-service) guide."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:296
|
||
|
msgid ""
|
||
|
"💡 After installation, you should [verify that Matrix Authentication "
|
||
|
"Service is installed correctly](#verify-that-matrix-authentication-"
|
||
|
"service-is-installed-correctly)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:298
|
||
|
msgid "Migrating an existing Synapse homeserver to Matrix Authentication Service"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:300
|
||
|
msgid ""
|
||
|
"Our migration guide is loosely based on the upstream [Migrating an "
|
||
|
"existing homeserver](https://element-hq.github.io/matrix-authentication-"
|
||
|
"service/setup/migration.html) guide."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:302
|
||
|
msgid ""
|
||
|
"Migration is done via a tool called `syn2mas`, which the playbook could "
|
||
|
"run for you (in a container)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:304
|
||
|
msgid "The installation + migration steps are like this:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:306
|
||
|
msgid ""
|
||
|
"[Adjust your configuration](#adjusting-the-playbook-configuration) to "
|
||
|
"**disable the integration between the homeserver and MAS**. This is done "
|
||
|
"by **uncommenting** the "
|
||
|
"`matrix_authentication_service_migration_in_progress: true` line."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:308
|
||
|
msgid "Perform the initial [installation](#installing). At this point:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:310
|
||
|
msgid ""
|
||
|
"Matrix Authentication Service will be installed. Its database will be "
|
||
|
"empty, so it cannot validate existing access tokens or authentication "
|
||
|
"users yet."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:312
|
||
|
msgid ""
|
||
|
"The homeserver will still continue to use its local database for "
|
||
|
"validating existing access tokens."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:314
|
||
|
msgid ""
|
||
|
"Various [compatibility layer URLs](https://element-hq.github.io/matrix-"
|
||
|
"authentication-service/setup/homeserver.html#set-up-the-compatibility-"
|
||
|
"layer) are not yet installed. New login sessions will still be forwarded "
|
||
|
"to the homeserver, which is capable of completing them."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:316
|
||
|
msgid ""
|
||
|
"The `matrix-user-creator` role would be suppressed, so that it doesn't "
|
||
|
"automatically attempt to create users (for bots, etc.) in the MAS "
|
||
|
"database. These user accounts likely already exist in Synapse's user "
|
||
|
"database and could be migrated over (via syn2mas, as per the steps "
|
||
|
"below), so creating them in the MAS database would have been unnecessary "
|
||
|
"and potentially problematic (conflicts during the syn2mas migration)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:318
|
||
|
msgid ""
|
||
|
"Consider taking a full [backup of your Postgres database](./maintenance-"
|
||
|
"postgres.md#backing-up-postgresql). This is done just in case. The "
|
||
|
"**syn2mas migration tool does not delete any data**, so it should be "
|
||
|
"possible to revert to your previous setup by merely disabling MAS and re-"
|
||
|
"running the playbook (no need to restore a Postgres backup). However, do "
|
||
|
"note that as users start logging in (creating new login sessions) via the"
|
||
|
" new MAS setup, disabling MAS and reverting back to the Synapse user "
|
||
|
"database will cause these new sessions to break."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:320
|
||
|
msgid ""
|
||
|
"[Migrate your data from Synapse to Matrix Authentication Service using "
|
||
|
"syn2mas](#migrate-your-data-from-synapse-to-matrix-authentication-"
|
||
|
"service-using-syn2mas)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:322
|
||
|
msgid ""
|
||
|
"[Adjust your configuration](#adjusting-the-playbook-configuration) again,"
|
||
|
" to:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:324
|
||
|
msgid ""
|
||
|
"remove the `matrix_authentication_service_migration_in_progress: false` "
|
||
|
"line"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:326
|
||
|
msgid ""
|
||
|
"if you had been using [OIDC providers configured in Synapse"
|
||
|
"](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-"
|
||
|
"sign-on), remove all Synapse OIDC-related configuration "
|
||
|
"(`matrix_synapse_oidc_*`) to prevent it being in conflict with the MAS "
|
||
|
"OIDC configuration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:328
|
||
|
msgid "Perform the [installation](#installing) again. At this point:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:330
|
||
|
msgid "The homeserver will start delegating authentication to MAS."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:332
|
||
|
msgid ""
|
||
|
"The compatibility layer URLs will be installed. New login sessions will "
|
||
|
"be completed by MAS."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:334
|
||
|
msgid ""
|
||
|
"[Verify that Matrix Authentication Service is installed correctly"
|
||
|
"](#verify-that-matrix-authentication-service-is-installed-correctly)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:336
|
||
|
msgid ""
|
||
|
"Migrate your data from Synapse to Matrix Authentication Service using "
|
||
|
"syn2mas"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:338
|
||
|
msgid ""
|
||
|
"We **don't** ask you to [run the `syn2mas` migration advisor "
|
||
|
"command](https://element-hq.github.io/matrix-authentication-"
|
||
|
"service/setup/migration.html#run-the-migration-advisor), because it only "
|
||
|
"gives you the green light if your Synapse configuration "
|
||
|
"(`homeserver.yaml`) is configured in a way that's compatible with MAS "
|
||
|
"(delegating authentication to MAS; disabling Synapse's password config; "
|
||
|
"etc.). Until we migrate your data with the `syn2mas` tool, we "
|
||
|
"intentionally avoid doing these changes to allow existing user sessions "
|
||
|
"to work."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:340
|
||
|
msgid ""
|
||
|
"You can invoke the `syn2mas` tool via the playbook by running the "
|
||
|
"playbook's `matrix-authentication-service-syn2mas` tag. We recommend "
|
||
|
"first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real "
|
||
|
"migration](#performing-a-real-syn2mas-migration)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:342
|
||
|
msgid "Configuring syn2mas"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:344
|
||
|
msgid ""
|
||
|
"If you're using [OIDC with Synapse](./configuring-playbook-"
|
||
|
"synapse.md#synapse--openid-connect-for-single-sign-on), you will need to "
|
||
|
"[Configuring upstream OIDC provider mapping for syn2mas](#configuring-"
|
||
|
"upstream-oidc-provider-mapping-for-syn2mas)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:346
|
||
|
msgid ""
|
||
|
"If you only have local (non-OIDC) users in your Synapse database, you can"
|
||
|
" likely run `syn2mas` as-is (without doing additional configuration "
|
||
|
"changes)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:348
|
||
|
msgid ""
|
||
|
"When you're done with potentially configuring `syn2mas`, proceed to doing"
|
||
|
" a [dry-run](#performing-a-syn2mas-dry-run) and then a [real "
|
||
|
"migration](#performing-a-real-syn2mas-migration)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:350
|
||
|
msgid "Configuring upstream OIDC provider mapping for syn2mas"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:352
|
||
|
msgid ""
|
||
|
"If you have existing OIDC users in your Synapse user database (which will"
|
||
|
" be the case if when using [OIDC with Synapse](./configuring-playbook-"
|
||
|
"synapse.md#synapse--openid-connect-for-single-sign-on)), you may need to "
|
||
|
"pass an additional `--upstreamProviderMapping` argument to the `syn2mas` "
|
||
|
"tool to tell it which provider (on the Synapse side) maps to which other "
|
||
|
"provider on the MAS side."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:354
|
||
|
msgid "If you don't do this, `syn2mas` would report errors like this one:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:356
|
||
|
msgid ""
|
||
|
"[FATAL] migrate - [Failed to import external id 4264b0f0-4f11-4ddd-aedb-"
|
||
|
"b500e4d07c25 with oidc-keycloak for user @alice:example.com: Error: "
|
||
|
"Unknown upstream provider oidc-keycloak]"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:358
|
||
|
msgid "Below is an example situation and a guide for how to solve it."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:360
|
||
|
msgid ""
|
||
|
"If in `matrix_synapse_oidc_providers` your provider `idp_id` is (was) "
|
||
|
"named `keycloak`, in the Synapse database users would be associated with "
|
||
|
"the `oidc-keycloak` provider (note the `oidc-` prefix that was added "
|
||
|
"automatically by Synapse to your `idp_id` value)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:362
|
||
|
msgid ""
|
||
|
"The same OIDC provider may have an `id` of `01HFVBY12TMNTYTBV8W921M5FA` "
|
||
|
"on the MAS side, as defined in "
|
||
|
"`matrix_authentication_service_config_upstream_oauth2_providers` (see the"
|
||
|
" [Upstream OAuth2 configuration](#upstream-oauth2-configuration) section "
|
||
|
"above)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:364
|
||
|
msgid ""
|
||
|
"To tell `syn2mas` how the Synapse-configured OIDC provider maps to the "
|
||
|
"new MAS-configured OIDC provider, add this additional configuration to "
|
||
|
"your `inventory/host_vars/matrix.example.com/vars.yml` file:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:373
|
||
|
msgid "Performing a syn2mas dry-run"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:375
|
||
|
msgid ""
|
||
|
"Having [configured syn2mas](#configuring-syn2mas), we recommend doing a "
|
||
|
"[dry-run](https://en.wikipedia.org/wiki/Dry_run_(testing)) first to "
|
||
|
"verify that everything will work out as expected."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:377
|
||
|
msgid "A dry-run would not cause downtime, because it avoids stopping Synapse."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:379
|
||
|
msgid "To perform a dry-run, run:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:385
|
||
|
msgid ""
|
||
|
"Observe the command output (especially the last line of the the syn2mas "
|
||
|
"output). If you are confident that the migration will work out as "
|
||
|
"expected, you can proceed with a [real migration](#performing-a-real-"
|
||
|
"syn2mas-migration)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:387
|
||
|
msgid "Performing a real syn2mas migration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:389
|
||
|
msgid "Before performing a real migration make sure:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:391
|
||
|
msgid "you've familiarized yourself with the [expectations](#expectations)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:393
|
||
|
msgid "you've performed a Postgres backup, just in case"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:395
|
||
|
msgid ""
|
||
|
"you're aware of the irreversibility of the migration process without "
|
||
|
"disruption after users have created new login sessions via the new MAS "
|
||
|
"setup"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:397
|
||
|
msgid ""
|
||
|
"you've [configured syn2mas](#configuring-syn2mas), especially if you've "
|
||
|
"used [OIDC with Synapse](./configuring-playbook-synapse.md#synapse"
|
||
|
"--openid-connect-for-single-sign-on)"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:399
|
||
|
msgid ""
|
||
|
"you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and "
|
||
|
"don't see any issues in its output"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:401
|
||
|
msgid ""
|
||
|
"To perform a real migration, run the `matrix-authentication-service-"
|
||
|
"syn2mas` tag **without** the "
|
||
|
"`matrix_authentication_service_syn2mas_dry_run` variable:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:407
|
||
|
msgid ""
|
||
|
"Having performed a `syn2mas` migration once, trying to do it again will "
|
||
|
"report errors for users that were already migrated (e.g. \"Error: Unknown"
|
||
|
" upstream provider oauth-delegated\")."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:409
|
||
|
msgid "Verify that Matrix Authentication Service is installed correctly"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:411
|
||
|
msgid ""
|
||
|
"After [installation](#installing), run the `doctor` subcommand of the "
|
||
|
"[`mas-cli` command-line tool](https://element-hq.github.io/matrix-"
|
||
|
"authentication-service/reference/cli/index.html) to verify that MAS is "
|
||
|
"installed correctly."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:413
|
||
|
msgid "You can do it:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:415
|
||
|
msgid ""
|
||
|
"either via the Ansible playbook's `matrix-authentication-service-mas-cli-"
|
||
|
"doctor` tag: `just run-tags matrix-authentication-service-mas-cli-doctor`"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:417
|
||
|
msgid ""
|
||
|
"or by running the `mas-cli` script on the server (which invokes the `mas-"
|
||
|
"cli` tool inside a container): `/matrix/matrix-authentication-service/bin"
|
||
|
"/mas-cli doctor`"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:419
|
||
|
msgid "If successful, you should see some output that looks like this:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:431
|
||
|
msgid "Management"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:433
|
||
|
msgid ""
|
||
|
"You can use the [`mas-cli` command-line tool](https://element-"
|
||
|
"hq.github.io/matrix-authentication-service/reference/cli/index.html) "
|
||
|
"(exposed via the `/matrix/matrix-authentication-service/bin/mas-cli` "
|
||
|
"script) to perform administrative tasks against MAS."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:435
|
||
|
msgid "This documentation page already mentions:"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:437
|
||
|
msgid ""
|
||
|
"the `mas-cli doctor` sub-command in the [Verify that Matrix "
|
||
|
"Authentication Service is installed correctly](#verify-that-matrix-"
|
||
|
"authentication-service-is-installed-correctly) section, which you can run"
|
||
|
" via the CLI and via the Ansible playbook's `matrix-authentication-"
|
||
|
"service-mas-cli-doctor` tag"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:439
|
||
|
msgid ""
|
||
|
"the `mas-cli manage register-user` sub-command in the [Registering users"
|
||
|
"](./registering-users.md) documentation"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:441
|
||
|
msgid ""
|
||
|
"There are other sub-commands available. Run `/matrix/matrix-"
|
||
|
"authentication-service/bin/mas-cli` to get an overview."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:443
|
||
|
msgid "User registration"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:445
|
||
|
msgid ""
|
||
|
"After Matrix Authentication Service is [installed](#installing), users "
|
||
|
"need to be managed there (unless you're managing them in an [upstream "
|
||
|
"OAuth2 provider](#upstream-oauth2-configuration))."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:447
|
||
|
msgid ""
|
||
|
"You can register users new users as described in the [Registering users"
|
||
|
"](./registering-users.md) documentation (via `mas-cli manage register-"
|
||
|
"user` or the Ansible playbook's `register-user` tag)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:449
|
||
|
msgid "Working around email deliverability issues"
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:451
|
||
|
msgid ""
|
||
|
"Because Matrix Authentication Service [still insists](https://github.com"
|
||
|
"/element-hq/matrix-authentication-service/issues/1505) on having a "
|
||
|
"verified email address for each user, you may need to work around email "
|
||
|
"deliverability issues if [your email-sending configuration"
|
||
|
"](./configuring-playbook-email.md) is not working."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:453
|
||
|
msgid ""
|
||
|
"Matrix Authentication Service attempts to verify email addresses by "
|
||
|
"sending a verification email to the address specified by the user "
|
||
|
"whenever they log in to an account without a verified email address."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:455
|
||
|
msgid ""
|
||
|
"If email delivery is not working, **you can retrieve the email "
|
||
|
"configuration code from the Matrix Authentication Service's logs** "
|
||
|
"(`journalctl -fu matrix-authentication-service`)."
|
||
|
msgstr ""
|
||
|
|
||
|
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:457
|
||
|
msgid ""
|
||
|
"Alternatively, you can use the [`mas-cli` management tool](#management) "
|
||
|
"to manually verify email addresses for users. Example: `/matrix/matrix-"
|
||
|
"authentication-service/bin/mas-cli manage verify-email some.username "
|
||
|
"email@example.com`"
|
||
|
msgstr ""
|
||
|
|