From 17a20dca1e21cf621279ce2ee7360768450537c3 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 25 Oct 2024 09:34:41 +0300 Subject: [PATCH] Make it more obvious that the Synapse OIDC config needs to go when using MAS --- ...guring-playbook-matrix-authentication-service.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/docs/configuring-playbook-matrix-authentication-service.md b/docs/configuring-playbook-matrix-authentication-service.md index d6ddf5144..5ab1caca5 100644 --- a/docs/configuring-playbook-matrix-authentication-service.md +++ b/docs/configuring-playbook-matrix-authentication-service.md @@ -261,7 +261,11 @@ matrix_authentication_service_config_upstream_oauth2_providers: ⚠ The syntax for existing [OIDC providers configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on) is slightly different, so you will need to adjust your configuration when switching from Synapse OIDC to MAS upstream OAuth2. -⚠ When [migrating an existing homeserver](#migrating-an-existing-homeserver-to-matrix-authentication-service) which contains OIDC-sourced users, you will need to [Configure upstream OIDC provider mapping for syn2mas](#configuring-upstream-oidc-provider-mapping-for-syn2mas). +⚠ When [migrating an existing homeserver](#migrating-an-existing-homeserver-to-matrix-authentication-service) which contains OIDC-sourced users, you will need to: + +- [Configure upstream OIDC provider mapping for syn2mas](#configuring-upstream-oidc-provider-mapping-for-syn2mas) +- go through the [migrating an existing homeserver](#migrating-an-existing-homeserver-to-matrix-authentication-service) process +- remove all Synapse OIDC-related configuration (`matrix_synapse_oidc_*`) to prevent it being in conflict with the MAS OIDC configuration ## Adjusting DNS records @@ -272,6 +276,7 @@ See [Configuring DNS](configuring-dns.md) for details about DNS changes. If you've decided to use the default hostname, you won't need to do any extra DNS configuration. + ## Installing Now that you've [adjusted the playbook configuration](#adjusting-the-playbook-configuration) and [your DNS records](#adjusting-dns-records), you can run the [installation](installing.md) command: `just install-all` @@ -305,7 +310,11 @@ The installation + migration steps are like this: 4. [Migrate your data from Synapse to Matrix Authentication Service using syn2mas](#migrate-your-data-from-synapse-to-matrix-authentication-service-using-syn2mas) -5. [Adjust your configuration](#adjusting-the-playbook-configuration) again, removing the `matrix_authentication_service_migration_in_progress: false` line +5. [Adjust your configuration](#adjusting-the-playbook-configuration) again, to: + + - remove the `matrix_authentication_service_migration_in_progress: false` line + + - if you had been using [OIDC providers configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), remove all Synapse OIDC-related configuration (`matrix_synapse_oidc_*`) to prevent it being in conflict with the MAS OIDC configuration 5. Perform the [installation](#installing) again. At this point: