Setting up Delegated Authentication with SAML on Microsoft Azure (WIP)

Before setting up the installer, you have to configure Microsoft Entra ID.

With an account with enough rights, go to : Enterprise Applications Portal

Click on New Application
Click on Create your own application on the top left corner
Choose a name for it, and select Integrate any other application you don't find in the gallery
Click on "Create"
Select Set up single sign on
Select SAML
Edit on Basic SAML Configuration
In Identifier , add the following URL : https://<synapse fqdn>/_synapse/client/saml2/metadata.xml
Remove the default URL
In Reply URL , add the following URL : https://<synapse fqdn>/_synapse/client/saml2/authn_response
Click on Save
Edit on Attributes & Claims
Remove all defaults additional claims
Click on Add new claim to add the following claims. The UID will be used as the MXID, the
value here is mostly a suggestion :
- Name: uid , Transformation : ExtractMailPrefix , Parameter 1 :user.userprincipalname
- Name: email , Source attribute : user.mail
- Name: displayName , Source attribute : user.displayname
Click on Save
In Users and Groups , add groups and users which may have access to element

Add a SAML provider in the 'Synapse' configuration after enabling Delegated Auth and set the following fields in the installer:

Allow Unknown Attributes
Under Attribute Map, select the Identifier - URN:Oasis:Names:TC:SAML:2.0:Attrname Format:Basic
Under Mapping add the following mappings:
- From: Primary Email To email
- From First Name To firstname
- From Last Name To lastname
Certificates????
Encryption??????
Under Entity, enter a description, the Entity ID (from Azure) and a name.
Under User Mapping Provider select the following:
- MXID Mapping: Dotreplace
- MXID Source Attribute: uid
Under Metadata URL, add the metadata URL from Azure