1.8 KiB
1.8 KiB
Identity service Federation
Overview
+-------------------+ +-------------> +----------+
| mxisd | | | Backends |
| | | +------> +----------+
| | | |
| Invites / Lookups | | |
Federated | +--------+ | | | +-------------------+
Identity ---->| Remote |>-----------+ +------> | Remote Federated |
Server | +--------+ | | | mxisd servers |
| | | +-------------------+
| +--------+ | |
Homeserver --->| Local |>------------------+
and clients | +--------+ | | +--------------------------+
+-------------------+ +------> | Central Identity service |
| Matrix.org / Vector.im |
+--------------------------+
To allow other federated Identity Server to reach yours, the same algorithm used for Homeservers takes place:
- Check for the appropriate DNS SRV record
- If not found, use the base domain
Configuration
If your Identity Server public hostname does not match your Matrix domain, configure the following DNS SRV entry
and replace matrix.example.com by your Identity server public hostname - Make sure to end with a final dot!
_matrix-identity._tcp.example.com. 3600 IN SRV 10 0 443 matrix.example.com.
This would only apply for 3PID that are DNS-based, like e-mails. For anything else, like phone numbers, no federation is currently possible.
The port must be HTTPS capable which is what you get in a regular setup with a reverse proxy from 443 to TCP 8090 of mxisd.