Add initial support for a "pick your IdP" page (#9017)

During login, if there are multiple IdPs enabled, offer the user a choice of IdPs.
2025-05-04 12:24:58 -04:00 · 2021-01-05 11:25:28 +00:00 · 2021-01-05 11:25:28 +00:00 · 111b673fc1
commit 111b673fc1
parent d2c616a413
11 changed files with 194 additions and 3 deletions
--- a/synapse/config/sso.py
+++ b/synapse/config/sso.py
@ -31,6 +31,7 @@ class SSOConfig(Config):

        # Read templates from disk
        (
+            self.sso_login_idp_picker_template,
            self.sso_redirect_confirm_template,
            self.sso_auth_confirm_template,
            self.sso_error_template,
@ -38,6 +39,7 @@ class SSOConfig(Config):
            sso_auth_success_template,
        ) = self.read_templates(
            [
+                "sso_login_idp_picker.html",
                "sso_redirect_confirm.html",
                "sso_auth_confirm.html",
                "sso_error.html",
@ -98,6 +100,31 @@ class SSOConfig(Config):
            #
            # Synapse will look for the following templates in this directory:
            #
+            # * HTML page to prompt the user to choose an Identity Provider during
+            #   login: 'sso_login_idp_picker.html'.
+            #
+            #   This is only used if multiple SSO Identity Providers are configured.
+            #
+            #   When rendering, this template is given the following variables:
+            #     * redirect_url: the URL that the user will be redirected to after
+            #       login. Needs manual escaping (see
+            #       https://jinja.palletsprojects.com/en/2.11.x/templates/#html-escaping).
+            #
+            #     * server_name: the homeserver's name.
+            #
+            #     * providers: a list of available Identity Providers. Each element is
+            #       an object with the following attributes:
+            #         * idp_id: unique identifier for the IdP
+            #         * idp_name: user-facing name for the IdP
+            #
+            #   The rendered HTML page should contain a form which submits its results
+            #   back as a GET request, with the following query parameters:
+            #
+            #     * redirectUrl: the client redirect URI (ie, the `redirect_url` passed
+            #       to the template)
+            #
+            #     * idp: the 'idp_id' of the chosen IDP.
+            #
            # * HTML page for a confirmation step before redirecting back to the client
            #   with the login token: 'sso_redirect_confirm.html'.
            #