If the SAML metadata includes multiple IdPs it is necessary to
specify which IdP to redirect users to for authentication.

Updates the sample configuration with the pysaml2 configuration for
accepting clock skew/drift between the homeserver and IdP.

Signed-off-by: Adrian Wannenmacher <tfld@tfld.dev>

add some mdui:UIInfo element examples for saml2_config in homeserver.yaml

Signed-off-by: Mateusz Przybyłowicz <uamfhq@gmail.com>

Per https://github.com/matrix-org/matrix-doc/pull/2788

This allows for connecting to certain IdPs, e.g. GitLab.

Add a pair of federation metrics to track the delays in sending PDUs to/from 
particular servers.

Co-authored-by: Benjamin Koch <bbbsnowball@gmail.com>

This adds configuration flags that will match a user to pre-existing users
when logging in via OpenID Connect. This is useful when switching to
an existing SSO system.

This PR adds a confirmation step to resetting your user password between clicking the link in your email and your password actually being reset.

This is to better align our password reset flow with the industry standard of requiring a confirmation from the user after email validation.

This is a config option ported over from DINUM's Sydent: https://github.com/matrix-org/sydent/pull/285

They've switched to validating 3PIDs via Synapse rather than Sydent, and would like to retain this functionality.

This original purpose for this change is phishing prevention. This solution could also potentially be replaced by a similar one to https://github.com/matrix-org/synapse/pull/8004, but across all `*/submit_token` endpoint.

This option may still be useful to enterprise even with that safeguard in place though, if they want to be absolutely sure that their employees don't follow links to other domains.

Fixes https://github.com/matrix-org/synapse/issues/6583

Hopefully this mostly speaks for itself. I also did a bit of cleaning up of the
error handling.

Fixes #8047

Fixes #7901.

Signed-off-by: Niklas Tittjung <nik_t.01@web.de>

The [postgres setup docs](https://github.com/matrix-org/synapse/blob/develop/docs/postgres.md#set-up-database) recommend setting up your database with user `synapse_user`.

However, uncommenting the postgres defaults in the sample config leave you with user `synapse`.

This PR switches the sample config to recommend `synapse_user`. Took a me a second to figure this out, so assume this will beneficial to others.

Just a simple typo fix.

Signed-off-by: wondratsch <28294257+wondratsch@users.noreply.github.com>

Fixes https://github.com/matrix-org/synapse/issues/2431

Adds config option `encryption_enabled_by_default_for_room_type`, which determines whether encryption should be enabled with the default encryption algorithm in private or public rooms upon creation. Whether the room is private or public is decided based upon the room creation preset that is used.

Part of this PR is also pulling out all of the individual instances of `m.megolm.v1.aes-sha2` into a constant variable to eliminate typos ala https://github.com/matrix-org/synapse/pull/7637

Based on #7637

Fixes https://github.com/matrix-org/synapse/issues/3177

docs, default configs, comments. Nothing very significant.

* Expose `return_html_error`, and allow it to take a Jinja2 template instead of a raw string

* Clean up exception handling in SAML2ResponseResource

  * use the existing code in `return_html_error` instead of re-implementing it
    (giving it a jinja2 template rather than inventing a new form of template)

  * do the exception-catching in the REST layer rather than in the handler
    layer, to make sure we catch all exceptions.

'client_auth_method' commented out value was erronously 'client_auth_basic',
when code and docstring says it should be 'client_secret_basic'.

Signed-off-by: Jason Robinson <jasonr@matrix.org>