diff --git a/docs/configuring-playbook-user-verification-service.md b/docs/configuring-playbook-user-verification-service.md index f3d3aa6e..e7fc9570 100644 --- a/docs/configuring-playbook-user-verification-service.md +++ b/docs/configuring-playbook-user-verification-service.md @@ -7,7 +7,7 @@ Currently, the main purpose of this role is to allow Jitsi to authenticate matri **Note**: enabling Matrix User Verification Service, means that the `openid` API endpoints will be exposed on the Matrix Federation port (usually `8448`), even if [federation](configuring-playbook-federation.md) is disabled. -If the Jitsi server is also configured by this collection, all plugging of variables and secrets is handled in `group_vars/matrix_servers`. +If the Jitsi server is also configured by this playbook, all plugging of variables and secrets is handled in `group_vars/matrix_servers`. __Some general concepts of UVS may be helpful to understand the rest, so here they are:__ @@ -18,7 +18,7 @@ UVS can be used to verify two claims: Verifying an OpenID token id done by finding the corresponding Homeserver via '.well-known/matrix/server' for the given domain. The configured `matrix_user_verification_service_uvs_homeserver_url` does **not** factor into this. -By default, this collection only checks against `matrix_server_fqn_matrix`. +By default, this playbook only checks against `matrix_server_fqn_matrix`. Therefore, the request will be made against the public openid API for `matrix_server_fqn_matrix`. Verifying RoomMembership and PowerLevel is done against `matrix_user_verification_service_uvs_homeserver_url` which is by default done via the docker network. @@ -74,7 +74,7 @@ To set your own Token, simply put the following in your host_vars. matrix_user_verification_service_uvs_auth_token: "TOKEN" ``` -In case Jitsi is also managed by this collection and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token. +In case Jitsi is also managed by this playbook and 'matrix' authentication in Jitsi is enabled, this collection will automatically configure Jitsi to use the configured auth token. ### (Optional) Federation diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 402e3cee..e7d55dec 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -3292,15 +3292,15 @@ matrix_user_verification_service_container_http_host_bind_port: "{{ '' if (matr # URL exposed in the docker network matrix_user_verification_service_container_url: "http://{{ matrix_user_verification_service_container_name }}:3000" -# Set the homeserver URL to the container name if synapse is managed by this collection +# Set the homeserver URL to the container name if synapse is managed by this playbook matrix_user_verification_service_uvs_homeserver_url: "{{ matrix_homeserver_container_url if matrix_synapse_enabled }}" -# If synapse is managed by this collection, we will connect via docker network, which is a private ip. +# If synapse is managed by this playbook, we will connect via docker network, which is a private ip. # Therefore we need to disable IP checks matrix_user_verification_service_uvs_disable_ip_blacklist: "{{'true' if matrix_synapse_enabled else 'false'}}" matrix_user_verification_service_uvs_auth_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'uvs.auth.token', rounds=655555) | to_uuid }}" -# Pin UVS to only check openId Tokens for the matrix_server_name configured by this collection. +# Pin UVS to only check openId Tokens for the matrix_server_name configured by this playbook. # This is not the homeserverURL, but rather the domain in the matrix "user ID" matrix_user_verification_service_uvs_openid_verify_server_name: "{{ matrix_domain }}" matrix_user_verification_service_uvs_log_level: warning