Synapse relies on the pysaml2 SAML implementation for SAML2 authentication.

In order to configure SAML for Synapse, you may copy then paste the following lines directly into your homeserver configuration file.

saml2_config:
    enabled: true
    sp_config:
        metadata:
        remote:
- url: {{ url_for("sso.saml_metadata", service_uuid=service.uuid, _external=True) }}

You should also disable password authentication if you wish to avoid desynchronization and username conflicts.

{% include "application_saml.html" %}