mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2026-04-23 09:06:00 +00:00
Synapse Admin is Ketesa now! (#5113)
* Synapse Admin is Ketesa now! * i18n changes * add automatic migration * fix migration version in vars * add a note about routing for OIDC Auth * mention v1.0.0 announcement blog post * Update docs/container-images.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> * Update CHANGELOG.md Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com> --------- Co-authored-by: Suguru Hirahara <luixxiul@users.noreply.github.com>
This commit is contained in:
Aine
GitHub
@@ -10,7 +10,7 @@ msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: matrix-docker-ansible-deploy \n"
|
||||
"Report-Msgid-Bugs-To: \n"
|
||||
"POT-Creation-Date: 2025-01-27 09:54+0200\n"
|
||||
"POT-Creation-Date: 2026-04-03 11:56+0100\n"
|
||||
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
||||
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
||||
"Language: jp\n"
|
||||
@@ -18,150 +18,134 @@ msgstr ""
|
||||
"MIME-Version: 1.0\n"
|
||||
"Content-Type: text/plain; charset=utf-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Generated-By: Babel 2.16.0\n"
|
||||
"Generated-By: Babel 2.18.0\n"
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:1
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:8
|
||||
msgid "Setting up Matrix Authentication Service (optional)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:3
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:10
|
||||
msgid "The playbook can install and configure [Matrix Authentication Service](https://github.com/element-hq/matrix-authentication-service/) (MAS) — a service operating alongside your existing [Synapse](./configuring-playbook-synapse.md) homeserver and providing [better authentication, session management and permissions in Matrix](https://matrix.org/blog/2023/09/better-auth/)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:5
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:12
|
||||
msgid "Matrix Authentication Service is an implementation of [MSC3861: Next-generation auth for Matrix, based on OAuth 2.0/OIDC](https://github.com/matrix-org/matrix-spec-proposals/pull/3861) and still work in progress, tracked at the [areweoidcyet.com](https://areweoidcyet.com/) website."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:7
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:14
|
||||
msgid "**Before going through with starting to use Matrix Authentication Service**, make sure to read:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:9
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:16
|
||||
msgid "the [Reasons to use Matrix Authentication Service](#reasons-to-use-matrix-authentication-service) section below"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:10
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:17
|
||||
msgid "the [Expectations](#expectations) section below"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:11
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:18
|
||||
msgid "the [FAQ section on areweoidcyet.com](https://areweoidcyet.com/#faqs)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:13
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:20
|
||||
msgid "**If you've already been using Synapse** and have user accounts in its database, you can [migrate to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:15
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:22
|
||||
msgid "Reasons to use Matrix Authentication Service"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:17
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:24
|
||||
msgid "You may be wondering whether you should make the switch to Matrix Authentication Service (MAS) or keep using your existing authentication flow via Synapse (password-based or [OIDC](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on)-enabled)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:19
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:26
|
||||
msgid "Matrix Authentication Service is **still an experimental service** and **not a default** for this Ansible playbook."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:21
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:28
|
||||
msgid "The [Expectations](#expectations) section contains a list of what works and what doesn't (**some services don't work with MAS yet**), as well as the **relative irreversability** of the migration process."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:23
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:30
|
||||
msgid "Below, we'll try to **highlight some potential reasons for switching** to Matrix Authentication Service:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:25
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:32
|
||||
msgid "To use SSO in [Element X](https://element.io/blog/element-x-ignition/). The old [Synapse OIDC](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on) login flow is only supported in old Element clients and will not be supported in Element X. Element X will only support the new SSO-based login flow provided by MAS, so if you want to use SSO with Element X, you will need to switch to MAS."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:27
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:34
|
||||
msgid "To help drive adoption of the \"Next-generation auth for Matrix\" by switching to what's ultimately coming anyway"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:29
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:36
|
||||
msgid "To help discover (and potentially fix) MAS integration issues with this Ansible playbook"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:31
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:38
|
||||
msgid "To help discover (and potentially fix) MAS integration issues with various other Matrix components (bridges, bots, clients, etc.)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:33
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:40
|
||||
msgid "To reap some of the security benefits that Matrix Authentication Service offers, as outlined in the [Better authentication, session management and permissions in Matrix](https://matrix.org/blog/2023/09/better-auth/) article."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:35
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:42
|
||||
msgid "Prerequisites"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:37
|
||||
msgid "⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet."
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:44
|
||||
msgid "⚠️ the [Synapse](configuring-playbook-synapse.md) homeserver implementation (which is the default for this playbook). Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:39
|
||||
msgid "⚠️ **email sending** configured (see [Adjusting email-sending settings](./configuring-playbook-email.md)), because **Matrix Authentication Service [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user** going through the new SSO-based login flow. It's also possible to [work around email deliverability issues](#working-around-email-deliverability-issues) if your email configuration is not working."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:41
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:46
|
||||
msgid "❌ **disabling all password providers** for Synapse (things like [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc.) More details about this are available in the [Expectations](#expectations) section below."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:43
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:48
|
||||
msgid "Expectations"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:45
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:50
|
||||
msgid "This section details what you can expect when switching to the Matrix Authentication Service (MAS)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:47
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:52
|
||||
msgid "❌ **Synapse password providers will need to be disabled**. You can no longer use [shared-secret-auth](./configuring-playbook-shared-secret-auth.md), [rest-auth](./configuring-playbook-rest-auth.md), [LDAP auth](./configuring-playbook-ldap-auth.md), etc. When the authentication flow is handled by MAS (not by Synapse anymore), it doesn't make sense to extend the Synapse authentication flow with additional modules. Many bridges used to rely on shared-secret-auth for doing double-puppeting (impersonating other users), but most (at least the mautrix bridges) nowadays use [Appservice Double Puppet](./configuring-playbook-appservice-double-puppet.md) as a better alternative. Older/maintained bridges may still rely on shared-secret-auth, as do other services like [matrix-corporal](./configuring-playbook-matrix-corporal.md)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:49
|
||||
msgid "❌ Certain **tools like [synapse-admin](./configuring-playbook-synapse-admin.md) do not have full compatibility with MAS yet**. synapse-admin already supports [login with access token](https://github.com/etkecc/synapse-admin/pull/58), browsing users (which Synapse will internally fetch from MAS) and updating user avatars. However, editing users (passwords, etc.) now needs to happen directly against MAS using the [MAS Admin API](https://element-hq.github.io/matrix-authentication-service/api/index.html), which synapse-admin cannot interact with yet."
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:54
|
||||
msgid "✅ **[Ketesa](./configuring-playbook-ketesa.md) has full MAS integration**. Ketesa supports OIDC auth, user management, all session types (browser, OAuth2, compatibility), linked email addresses, upstream OAuth provider links, MAS policy data, and user creation through MAS. It is the recommended tool for managing homeservers running MAS."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:51
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:56
|
||||
msgid "❌ **Some services experience issues when authenticating via MAS**:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:53
|
||||
msgid "[Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:55
|
||||
msgid "cannot initialize matrix bot error=\"olm account is marked as shared, keys seem to have disappeared from the server\""
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:57
|
||||
msgid "[matrix-reminder-bot](./configuring-playbook-bot-matrix-reminder-bot.md) fails to start (see [element-hq/matrix-authentication-service#3439](https://github.com/element-hq/matrix-authentication-service/issues/3439))"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:58
|
||||
msgid "Other services may be similarly affected. This list is not exhaustive."
|
||||
msgid "[Reminder bot](configuring-playbook-bot-matrix-reminder-bot.md) seems to be losing some of its state on each restart and may reschedule old reminders once again"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:60
|
||||
msgid "❌ **Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting)."
|
||||
msgid "[Postmoogle](./configuring-playbook-bridge-postmoogle.md) works the first time around, but it consistently fails after restarting:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:62
|
||||
msgid "⚠️ **You will need to have email sending configured** (see [Adjusting email-sending settings](./configuring-playbook-email.md)), because **Matrix Authentication Service [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user** going through the new SSO-based login flow. It's also possible to [work around email deliverability issues](#working-around-email-deliverability-issues) if your email configuration is not working."
|
||||
msgid "cannot initialize matrix bot error=\"olm account is marked as shared, keys seem to have disappeared from the server\""
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:64
|
||||
msgid "⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break."
|
||||
msgid "❌ **Encrypted appservices** do not work yet (related to [MSC4190](https://github.com/matrix-org/matrix-spec-proposals/pull/4190) and [PR 17705 for Synapse](https://github.com/element-hq/synapse/pull/17705)), so all bridges/bots that rely on encryption will fail to start (see [this issue](https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/3658) for Hookshot). You can use these bridges/bots only if you **keep end-to-bridge encryption disabled** (which is the default setting)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:66
|
||||
msgid "⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) does not currently seem to preserve the \"admin\" flag for users (as found in the Synapse database). All users are imported as non-admin — see [element-hq/matrix-authentication-service#3440](https://github.com/element-hq/matrix-authentication-service/issues/3440). You may need update the Matrix Authentication Service's database manually and adjust the `can_request_admin` column in the `users` table to `true` for users that need to be administrators (e.g. `UPDATE users SET can_request_admin = true WHERE username = 'someone';`)"
|
||||
msgid "⚠️ [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) is **possible**, but requires **some playbook-assisted manual work**. Migration is **reversible with no or minor issues if done quickly enough**, but as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:68
|
||||
msgid "⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependant on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch."
|
||||
msgid "⚠️ Delegating user authentication to MAS causes **your Synapse server to be completely dependent on one more service** for its operations. MAS is quick & lightweight and should be stable enough already, but this is something to keep in mind when making the switch."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:70
|
||||
@@ -181,7 +165,7 @@ msgid "✅ Various clients ([Cinny](./configuring-playbook-client-cinny.md), [El
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:78
|
||||
msgid "✅ The **old login flow** (called `m.login.password`) **will still continue to work**, so clients (old Element Web, etc.) and bridges/bots that don't support the new OIDC-based login flow will still work. Going through the old login flow does not require users to have a verified email address, as [is the case](https://github.com/element-hq/matrix-authentication-service/issues/1505) for the new SSO-based login flow."
|
||||
msgid "✅ The **old login flow** (called `m.login.password`) **will still continue to work**, so clients (old Element Web, etc.) and bridges/bots that don't support the new OIDC-based login flow will still work"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:80
|
||||
@@ -209,7 +193,7 @@ msgid "Existing homeserver"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:92
|
||||
msgid "Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating wtih Matrix Authentication Service yet."
|
||||
msgid "Other homeserver implementations ([Dendrite](./configuring-playbook-dendrite.md), [Conduit](./configuring-playbook-conduit.md), etc.) do not support integrating with Matrix Authentication Service yet."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:94
|
||||
@@ -297,326 +281,346 @@ msgstr ""
|
||||
msgid "The playbook exposes a `matrix_authentication_service_config_upstream_oauth2_providers` variable for controlling this setting."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:269
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:273
|
||||
msgid "💡 Refer to the [`upstream_oauth2.providers` setting](https://element-hq.github.io/matrix-authentication-service/reference/configuration.html#upstream_oauth2providers) for the most up-to-date schema and example for providers. The value shown above here may be out of date."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:271
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:275
|
||||
msgid "⚠️ The syntax for existing [OIDC providers configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on) is slightly different, so you will need to adjust your configuration when switching from Synapse OIDC to MAS upstream OAuth2."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:273
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:277
|
||||
msgid "⚠️ When [migrating an existing homeserver](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) which contains OIDC-sourced users, you will need to:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:275
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:279
|
||||
msgid "[Configure upstream OIDC provider mapping for syn2mas](#configuring-upstream-oidc-provider-mapping-for-syn2mas)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:276
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:280
|
||||
msgid "go through the [migrating an existing homeserver](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) process"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:277
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:281
|
||||
msgid "remove all Synapse OIDC-related configuration (`matrix_synapse_oidc_*`) to prevent it being in conflict with the MAS OIDC configuration"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:279
|
||||
msgid "Installing"
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:283
|
||||
msgid "Extending the configuration"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:281
|
||||
msgid "Now that you've [adjusted the playbook configuration](#adjusting-the-playbook-configuration) and [your DNS records](#adjusting-dns-records), you can run the playbook with [playbook tags](playbook-tags.md) as below:"
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:285
|
||||
msgid "There are some additional things you may wish to configure about the component."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:288
|
||||
msgid "**Notes**:"
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:287
|
||||
msgid "Take a look at:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:289
|
||||
msgid "`roles/custom/matrix-authentication-service/defaults/main.yml` for some variables that you can customize via your `vars.yml` file"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:290
|
||||
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
|
||||
msgid "`roles/custom/matrix-authentication-service/templates/config.yaml.j2` for the component's default configuration. You can override settings (even those that don't have dedicated playbook variables) using the `matrix_authentication_service_configuration_extension_yaml` variable"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:292
|
||||
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
|
||||
msgid "Installing"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:294
|
||||
msgid "Now that you've [adjusted the playbook configuration](#adjusting-the-playbook-configuration) and [your DNS records](#adjusting-dns-records), you can run the playbook with [playbook tags](playbook-tags.md) as below:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:301
|
||||
msgid "**Notes**:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:303
|
||||
msgid "The shortcut commands with the [`just` program](just.md) are also available: `just install-all` or `just setup-all`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:305
|
||||
msgid "`just install-all` is useful for maintaining your setup quickly ([2x-5x faster](../CHANGELOG.md#2x-5x-performance-improvements-in-playbook-runtime) than `just setup-all`) when its components remain unchanged. If you adjust your `vars.yml` to remove other components, you'd need to run `just setup-all`, or these components will still remain installed. Note these shortcuts run the `ensure-matrix-users-created` tag too."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:307
|
||||
msgid "If you're in the process of migrating an existing Synapse homeserver to MAS, you should now follow the rest of the steps in the [Migrating an existing Synapse homeserver to Matrix Authentication Service](#migrating-an-existing-synapse-homeserver-to-matrix-authentication-service) guide."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:296
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:309
|
||||
msgid "💡 After installation, you should [verify that Matrix Authentication Service is installed correctly](#verify-that-matrix-authentication-service-is-installed-correctly)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:298
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:311
|
||||
msgid "Migrating an existing Synapse homeserver to Matrix Authentication Service"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:300
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:313
|
||||
msgid "Our migration guide is loosely based on the upstream [Migrating an existing homeserver](https://element-hq.github.io/matrix-authentication-service/setup/migration.html) guide."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:302
|
||||
msgid "Migration is done via a tool called `syn2mas`, which the playbook could run for you (in a container)."
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:315
|
||||
msgid "Migration is done via a sub-command called `syn2mas`, which the playbook could run for you (in a container)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:304
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:317
|
||||
msgid "The installation + migration steps are like this:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:306
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:319
|
||||
msgid "[Adjust your configuration](#adjusting-the-playbook-configuration) to **disable the integration between the homeserver and MAS**. This is done by **uncommenting** the `matrix_authentication_service_migration_in_progress: true` line."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:308
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:321
|
||||
msgid "Perform the initial [installation](#installing). At this point:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:310
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:323
|
||||
msgid "Matrix Authentication Service will be installed. Its database will be empty, so it cannot validate existing access tokens or authentication users yet."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:312
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:325
|
||||
msgid "The homeserver will still continue to use its local database for validating existing access tokens."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:314
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:327
|
||||
msgid "Various [compatibility layer URLs](https://element-hq.github.io/matrix-authentication-service/setup/homeserver.html#set-up-the-compatibility-layer) are not yet installed. New login sessions will still be forwarded to the homeserver, which is capable of completing them."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:316
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:329
|
||||
msgid "The `matrix-user-creator` role would be suppressed, so that it doesn't automatically attempt to create users (for bots, etc.) in the MAS database. These user accounts likely already exist in Synapse's user database and could be migrated over (via syn2mas, as per the steps below), so creating them in the MAS database would have been unnecessary and potentially problematic (conflicts during the syn2mas migration)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:318
|
||||
msgid "Consider taking a full [backup of your Postgres database](./maintenance-postgres.md#backing-up-postgresql). This is done just in case. The **syn2mas migration tool does not delete any data**, so it should be possible to revert to your previous setup by merely disabling MAS and re-running the playbook (no need to restore a Postgres backup). However, do note that as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break."
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:331
|
||||
msgid "Consider taking a full [backup of your Postgres database](./maintenance-postgres.md#backing-up-postgresql). This is done just in case. The **syn2mas migration command does not delete any data**, so it should be possible to revert to your previous setup by merely disabling MAS and re-running the playbook (no need to restore a Postgres backup). However, do note that as users start logging in (creating new login sessions) via the new MAS setup, disabling MAS and reverting back to the Synapse user database will cause these new sessions to break."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:320
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:333
|
||||
msgid "[Migrate your data from Synapse to Matrix Authentication Service using syn2mas](#migrate-your-data-from-synapse-to-matrix-authentication-service-using-syn2mas)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:322
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:335
|
||||
msgid "[Adjust your configuration](#adjusting-the-playbook-configuration) again, to:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:324
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:337
|
||||
msgid "remove the `matrix_authentication_service_migration_in_progress: false` line"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:326
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:339
|
||||
msgid "if you had been using [OIDC providers configured in Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), remove all Synapse OIDC-related configuration (`matrix_synapse_oidc_*`) to prevent it being in conflict with the MAS OIDC configuration"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:328
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:341
|
||||
msgid "Perform the [installation](#installing) again. At this point:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:330
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:343
|
||||
msgid "The homeserver will start delegating authentication to MAS."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:332
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:345
|
||||
msgid "The compatibility layer URLs will be installed. New login sessions will be completed by MAS."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:334
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:347
|
||||
msgid "[Verify that Matrix Authentication Service is installed correctly](#verify-that-matrix-authentication-service-is-installed-correctly)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:336
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:349
|
||||
msgid "Migrate your data from Synapse to Matrix Authentication Service using syn2mas"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:338
|
||||
msgid "We **don't** ask you to [run the `syn2mas` migration advisor command](https://element-hq.github.io/matrix-authentication-service/setup/migration.html#run-the-migration-advisor), because it only gives you the green light if your Synapse configuration (`homeserver.yaml`) is configured in a way that's compatible with MAS (delegating authentication to MAS; disabling Synapse's password config; etc.). Until we migrate your data with the `syn2mas` tool, we intentionally avoid doing these changes to allow existing user sessions to work."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:340
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:351
|
||||
msgid "You can invoke the `syn2mas` tool via the playbook by running the playbook's `matrix-authentication-service-mas-cli-syn2mas` tag. We recommend first doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:342
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:353
|
||||
msgid "Configuring syn2mas"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:344
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:355
|
||||
msgid "If you're using [OIDC with Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on), you will need to [Configuring upstream OIDC provider mapping for syn2mas](#configuring-upstream-oidc-provider-mapping-for-syn2mas)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:346
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:357
|
||||
msgid "If you only have local (non-OIDC) users in your Synapse database, you can likely run `syn2mas` as-is (without doing additional configuration changes)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:348
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:359
|
||||
msgid "When you're done with potentially configuring `syn2mas`, proceed to doing a [dry-run](#performing-a-syn2mas-dry-run) and then a [real migration](#performing-a-real-syn2mas-migration)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:350
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:361
|
||||
msgid "Configuring upstream OIDC provider mapping for syn2mas"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:352
|
||||
msgid "If you have existing OIDC users in your Synapse user database (which will be the case if when using [OIDC with Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on)), you may need to pass an additional `--upstreamProviderMapping` argument to the `syn2mas` tool to tell it which provider (on the Synapse side) maps to which other provider on the MAS side."
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:363
|
||||
msgid "Since Matrix Authentication Service v0.16.0 (which replaced the standalone `syn2mas` tool with a `mas-cli syn2mas` sub-command), OIDC configuration (mapping from your old OIDC configuration to your new one, etc) is meant to be configured in the Matrix Authentication Service configuration (via `matrix_authentication_service_config_upstream_oauth2_providers`) as a `synapse_idp_id` property for each provider."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:354
|
||||
msgid "If you don't do this, `syn2mas` would report errors like this one:"
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:365
|
||||
msgid "You can refer to the [Map any upstream SSO providers](https://element-hq.github.io/matrix-authentication-service/setup/migration.html#map-any-upstream-sso-providers) section of the MAS documentation for figuring out how to set the `synapse_idp_id` value in `matrix_authentication_service_config_upstream_oauth2_providers` correctly."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:356
|
||||
msgid "[FATAL] migrate - [Failed to import external id 4264b0f0-4f11-4ddd-aedb-b500e4d07c25 with oidc-keycloak for user @alice:example.com: Error: Unknown upstream provider oidc-keycloak]"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:358
|
||||
msgid "Below is an example situation and a guide for how to solve it."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:360
|
||||
msgid "If in `matrix_synapse_oidc_providers` your provider `idp_id` is (was) named `keycloak`, in the Synapse database users would be associated with the `oidc-keycloak` provider (note the `oidc-` prefix that was added automatically by Synapse to your `idp_id` value)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:362
|
||||
msgid "The same OIDC provider may have an `id` of `01HFVBY12TMNTYTBV8W921M5FA` on the MAS side, as defined in `matrix_authentication_service_config_upstream_oauth2_providers` (see the [Upstream OAuth2 configuration](#upstream-oauth2-configuration) section above)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:364
|
||||
msgid "To tell `syn2mas` how the Synapse-configured OIDC provider maps to the new MAS-configured OIDC provider, add this additional configuration to your `vars.yml` file:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:373
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:367
|
||||
msgid "Performing a syn2mas dry-run"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:375
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:369
|
||||
msgid "Having [configured syn2mas](#configuring-syn2mas), we recommend doing a [dry-run](https://en.wikipedia.org/wiki/Dry_run_(testing)) first to verify that everything will work out as expected."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:377
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:371
|
||||
msgid "A dry-run would not cause downtime, because it avoids stopping Synapse."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:379
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:373
|
||||
msgid "To perform a dry-run, run:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:385
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:379
|
||||
msgid "Observe the command output (especially the last line of the the syn2mas output). If you are confident that the migration will work out as expected, you can proceed with a [real migration](#performing-a-real-syn2mas-migration)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:387
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:381
|
||||
msgid "Performing a real syn2mas migration"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:389
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:383
|
||||
msgid "Before performing a real migration make sure:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:391
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:385
|
||||
msgid "you've familiarized yourself with the [expectations](#expectations)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:393
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:387
|
||||
msgid "you've performed a Postgres backup, just in case"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:395
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:389
|
||||
msgid "you're aware of the irreversibility of the migration process without disruption after users have created new login sessions via the new MAS setup"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:397
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:391
|
||||
msgid "you've [configured syn2mas](#configuring-syn2mas), especially if you've used [OIDC with Synapse](./configuring-playbook-synapse.md#synapse--openid-connect-for-single-sign-on)"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:399
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:393
|
||||
msgid "you've performed a [syn2mas dry-run](#performing-a-syn2mas-dry-run) and don't see any issues in its output"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:401
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:395
|
||||
msgid "To perform a real migration, run the `matrix-authentication-service-mas-cli-syn2mas` tag **without** the `matrix_authentication_service_syn2mas_migrate_dry_run` variable:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:407
|
||||
msgid "Having performed a `syn2mas` migration once, trying to do it again will report errors for users that were already migrated (e.g. \"Error: Unknown upstream provider oauth-delegated\")."
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:401
|
||||
msgid "After `syn2mas` completes, Synapse will intentionally remain stopped to avoid new registrations or other authentication changes from being accepted before the migration is completed. Continue with the next steps in this guide before re-running the installation."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:409
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:403
|
||||
msgid "Having performed a `syn2mas` migration once, trying to do it again will report errors (e.g. \"Error: The MAS database is not empty: rows found in at least `users`. Please drop and recreate the database, then try again.\")."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:405
|
||||
msgid "Verify that Matrix Authentication Service is installed correctly"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:411
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:407
|
||||
msgid "After [installation](#installing), run the `doctor` subcommand of the [`mas-cli` command-line tool](https://element-hq.github.io/matrix-authentication-service/reference/cli/index.html) to verify that MAS is installed correctly."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:413
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:409
|
||||
msgid "You can do it:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:415
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:411
|
||||
msgid "either via the Ansible playbook's `matrix-authentication-service-mas-cli-doctor` tag: `just run-tags matrix-authentication-service-mas-cli-doctor`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:417
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:413
|
||||
msgid "or by running the `mas-cli` script on the server (which invokes the `mas-cli` tool inside a container): `/matrix/matrix-authentication-service/bin/mas-cli doctor`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:419
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:415
|
||||
msgid "If successful, you should see some output that looks like this:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:431
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:427
|
||||
msgid "Usage"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:429
|
||||
msgid "Management"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:433
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:431
|
||||
msgid "You can use the [`mas-cli` command-line tool](https://element-hq.github.io/matrix-authentication-service/reference/cli/index.html) (exposed via the `/matrix/matrix-authentication-service/bin/mas-cli` script) to perform administrative tasks against MAS."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:435
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:433
|
||||
msgid "This documentation page already mentions:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:437
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:435
|
||||
msgid "the `mas-cli doctor` sub-command in the [Verify that Matrix Authentication Service is installed correctly](#verify-that-matrix-authentication-service-is-installed-correctly) section, which you can run via the CLI and via the Ansible playbook's `matrix-authentication-service-mas-cli-doctor` tag"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:439
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:437
|
||||
msgid "the `mas-cli manage register-user` sub-command in the [Registering users](./registering-users.md) documentation"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:441
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:439
|
||||
msgid "There are other sub-commands available. Run `/matrix/matrix-authentication-service/bin/mas-cli` to get an overview."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:443
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:441
|
||||
msgid "User registration"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:445
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:443
|
||||
msgid "After Matrix Authentication Service is [installed](#installing), users need to be managed there (unless you're managing them in an [upstream OAuth2 provider](#upstream-oauth2-configuration))."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:447
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:445
|
||||
msgid "You can register users new users as described in the [Registering users](./registering-users.md) documentation (via `mas-cli manage register-user` or the Ansible playbook's `register-user` tag)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:449
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:447
|
||||
msgid "Working around email deliverability issues"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:449
|
||||
msgid "Matrix Authentication Service only sends emails when:"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:451
|
||||
msgid "Because Matrix Authentication Service [still insists](https://github.com/element-hq/matrix-authentication-service/issues/1505) on having a verified email address for each user, you may need to work around email deliverability issues if [your email-sending configuration](./configuring-playbook-email.md) is not working."
|
||||
msgid "it verifies email addresses for users who are self-registering with a password"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:453
|
||||
msgid "Matrix Authentication Service attempts to verify email addresses by sending a verification email to the address specified by the user whenever they log in to an account without a verified email address."
|
||||
msgid "a user tries to add an email to their account"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:455
|
||||
msgid "If email delivery is not working, **you can retrieve the email configuration code from the Matrix Authentication Service's logs** (`journalctl -fu matrix-authentication-service`)."
|
||||
msgid "If Matrix Authentication Service tries to send an email and it fails because [your email-sending configuration](./configuring-playbook-email.md) is not working, you may need to work around email deliverability."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:457
|
||||
msgid "If email delivery is not working, **you can retrieve the email verification code from the Matrix Authentication Service's logs** (`journalctl -fu matrix-authentication-service`)."
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:459
|
||||
msgid "Alternatively, you can use the [`mas-cli` management tool](#management) to manually verify email addresses for users. Example: `/matrix/matrix-authentication-service/bin/mas-cli manage verify-email some.username email@example.com`"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:461
|
||||
msgid "Troubleshooting"
|
||||
msgstr ""
|
||||
|
||||
#: ../../../docs/configuring-playbook-matrix-authentication-service.md:463
|
||||
msgid "As with all other services, you can find the logs in [systemd-journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) by logging in to the server with SSH and running `journalctl -fu matrix-authentication-service`."
|
||||
msgstr ""
|
||||
|
||||
Reference in New Issue
Block a user