I believe I assembled a first version, but got stuck with OpenID auth on Cloudron side: https://forum.cloudron.io/topic/13648/openid-uri-configuration-issue-for-synapse-s-mas
I would appreciate any help here - it would be beneficial for the work to be done by @vladimir.d or whoever would be solving the same task.