From 168423a54eb6c29ff165eef03976c0c4af251853 Mon Sep 17 00:00:00 2001 From: Jens L Date: Wed, 23 Aug 2023 13:20:42 +0200 Subject: [PATCH] enterprise: licensing fixes (#6601) * enterprise: fix unique index for key, fix field names Signed-off-by: Jens Langhammer * enterprise: update UI to match Signed-off-by: Jens Langhammer * fix tests Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/enterprise/api.py | 20 +- ...e_users_license_internal_users_and_more.py | 29 + authentik/enterprise/models.py | 14 +- authentik/enterprise/signals.py | 2 +- authentik/enterprise/tests/test_license.py | 8 +- locale/en/LC_MESSAGES/django.po | 56 +- schema.yml | 16 +- .../enterprise/EnterpriseLicenseListPage.ts | 12 +- web/xliff/de.xlf | 8 +- web/xliff/en.xlf | 8 +- web/xliff/es.xlf | 8 +- web/xliff/fr_FR.xlf | 8 +- web/xliff/pl.xlf | 8 +- web/xliff/pseudo-LOCALE.xlf | 8 +- web/xliff/tr.xlf | 8 +- web/xliff/zh-Hans.xlf | 3048 +++++++++-------- web/xliff/zh-Hant.xlf | 8 +- web/xliff/zh_TW.xlf | 8 +- 18 files changed, 1684 insertions(+), 1593 deletions(-) create mode 100644 authentik/enterprise/migrations/0002_rename_users_license_internal_users_and_more.py diff --git a/authentik/enterprise/api.py b/authentik/enterprise/api.py index cdc63563c..6a215b1fe 100644 --- a/authentik/enterprise/api.py +++ b/authentik/enterprise/api.py @@ -35,13 +35,13 @@ class LicenseSerializer(ModelSerializer): "name", "key", "expiry", - "users", + "internal_users", "external_users", ] extra_kwargs = { "name": {"read_only": True}, "expiry": {"read_only": True}, - "users": {"read_only": True}, + "internal_users": {"read_only": True}, "external_users": {"read_only": True}, } @@ -49,7 +49,7 @@ class LicenseSerializer(ModelSerializer): class LicenseSummary(PassiveSerializer): """Serializer for license status""" - users = IntegerField(required=True) + internal_users = IntegerField(required=True) external_users = IntegerField(required=True) valid = BooleanField() show_admin_warning = BooleanField() @@ -62,9 +62,9 @@ class LicenseSummary(PassiveSerializer): class LicenseForecastSerializer(PassiveSerializer): """Serializer for license forecast""" - users = IntegerField(required=True) + internal_users = IntegerField(required=True) external_users = IntegerField(required=True) - forecasted_users = IntegerField(required=True) + forecasted_internal_users = IntegerField(required=True) forecasted_external_users = IntegerField(required=True) @@ -111,7 +111,7 @@ class LicenseViewSet(UsedByMixin, ModelViewSet): latest_valid = datetime.fromtimestamp(total.exp) response = LicenseSummary( data={ - "users": total.users, + "internal_users": total.internal_users, "external_users": total.external_users, "valid": total.is_valid(), "show_admin_warning": show_admin_warning, @@ -135,8 +135,8 @@ class LicenseViewSet(UsedByMixin, ModelViewSet): def forecast(self, request: Request) -> Response: """Forecast how many users will be required in a year""" last_month = now() - timedelta(days=30) - # Forecast for default users - users_in_last_month = User.objects.filter( + # Forecast for internal users + internal_in_last_month = User.objects.filter( type=UserTypes.INTERNAL, date_joined__gte=last_month ).count() # Forecast for external users @@ -144,9 +144,9 @@ class LicenseViewSet(UsedByMixin, ModelViewSet): forecast_for_months = 12 response = LicenseForecastSerializer( data={ - "users": LicenseKey.get_default_user_count(), + "internal_users": LicenseKey.get_default_user_count(), "external_users": LicenseKey.get_external_user_count(), - "forecasted_users": (users_in_last_month * forecast_for_months), + "forecasted_internal_users": (internal_in_last_month * forecast_for_months), "forecasted_external_users": (external_in_last_month * forecast_for_months), } ) diff --git a/authentik/enterprise/migrations/0002_rename_users_license_internal_users_and_more.py b/authentik/enterprise/migrations/0002_rename_users_license_internal_users_and_more.py new file mode 100644 index 000000000..e8ad7dc4e --- /dev/null +++ b/authentik/enterprise/migrations/0002_rename_users_license_internal_users_and_more.py @@ -0,0 +1,29 @@ +# Generated by Django 4.2.4 on 2023-08-23 10:06 + +import django.contrib.postgres.indexes +from django.db import migrations, models + + +class Migration(migrations.Migration): + dependencies = [ + ("authentik_enterprise", "0001_initial"), + ] + + operations = [ + migrations.RenameField( + model_name="license", + old_name="users", + new_name="internal_users", + ), + migrations.AlterField( + model_name="license", + name="key", + field=models.TextField(), + ), + migrations.AddIndex( + model_name="license", + index=django.contrib.postgres.indexes.HashIndex( + fields=["key"], name="authentik_e_key_523e13_hash" + ), + ), + ] diff --git a/authentik/enterprise/models.py b/authentik/enterprise/models.py index 103859b23..e8821d147 100644 --- a/authentik/enterprise/models.py +++ b/authentik/enterprise/models.py @@ -11,6 +11,7 @@ from uuid import uuid4 from cryptography.exceptions import InvalidSignature from cryptography.x509 import Certificate, load_der_x509_certificate, load_pem_x509_certificate from dacite import from_dict +from django.contrib.postgres.indexes import HashIndex from django.db import models from django.db.models.query import QuerySet from django.utils.timezone import now @@ -46,7 +47,7 @@ class LicenseKey: exp: int name: str - users: int + internal_users: int external_users: int flags: list[LicenseFlags] = field(default_factory=list) @@ -87,7 +88,7 @@ class LicenseKey: active_licenses = License.objects.filter(expiry__gte=now()) total = LicenseKey(get_license_aud(), 0, "Summarized license", 0, 0) for lic in active_licenses: - total.users += lic.users + total.internal_users += lic.internal_users total.external_users += lic.external_users exp_ts = int(mktime(lic.expiry.timetuple())) if total.exp == 0: @@ -123,7 +124,7 @@ class LicenseKey: Only checks the current count, no historical data is checked""" default_users = self.get_default_user_count() - if default_users > self.users: + if default_users > self.internal_users: return False active_users = self.get_external_user_count() if active_users > self.external_users: @@ -153,11 +154,11 @@ class License(models.Model): """An authentik enterprise license""" license_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4) - key = models.TextField(unique=True) + key = models.TextField() name = models.TextField() expiry = models.DateTimeField() - users = models.BigIntegerField() + internal_users = models.BigIntegerField() external_users = models.BigIntegerField() @property @@ -165,6 +166,9 @@ class License(models.Model): """Get parsed license status""" return LicenseKey.validate(self.key) + class Meta: + indexes = (HashIndex(fields=("key",)),) + def usage_expiry(): """Keep license usage records for 3 months""" diff --git a/authentik/enterprise/signals.py b/authentik/enterprise/signals.py index b891f8f2c..67e7c5745 100644 --- a/authentik/enterprise/signals.py +++ b/authentik/enterprise/signals.py @@ -13,6 +13,6 @@ def pre_save_license(sender: type[License], instance: License, **_): """Extract data from license jwt and save it into model""" status = instance.status instance.name = status.name - instance.users = status.users + instance.internal_users = status.internal_users instance.external_users = status.external_users instance.expiry = datetime.fromtimestamp(status.exp, tz=get_current_timezone()) diff --git a/authentik/enterprise/tests/test_license.py b/authentik/enterprise/tests/test_license.py index 6e21e6d11..dd91af1a6 100644 --- a/authentik/enterprise/tests/test_license.py +++ b/authentik/enterprise/tests/test_license.py @@ -23,7 +23,7 @@ class TestEnterpriseLicense(TestCase): aud="", exp=_exp, name=generate_id(), - users=100, + internal_users=100, external_users=100, ) ), @@ -32,7 +32,7 @@ class TestEnterpriseLicense(TestCase): """Check license verification""" lic = License.objects.create(key=generate_id()) self.assertTrue(lic.status.is_valid()) - self.assertEqual(lic.users, 100) + self.assertEqual(lic.internal_users, 100) def test_invalid(self): """Test invalid license""" @@ -46,7 +46,7 @@ class TestEnterpriseLicense(TestCase): aud="", exp=_exp, name=generate_id(), - users=100, + internal_users=100, external_users=100, ) ), @@ -58,7 +58,7 @@ class TestEnterpriseLicense(TestCase): lic2 = License.objects.create(key=generate_id()) self.assertTrue(lic2.status.is_valid()) total = LicenseKey.get_total() - self.assertEqual(total.users, 200) + self.assertEqual(total.internal_users, 200) self.assertEqual(total.external_users, 200) self.assertEqual(total.exp, _exp) self.assertTrue(total.is_valid()) diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po index ebdc06553..069fcadd6 100644 --- a/locale/en/LC_MESSAGES/django.po +++ b/locale/en/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-08-17 17:37+0000\n" +"POT-Creation-Date: 2023-08-23 10:04+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -98,125 +98,125 @@ msgstr "" msgid "Users added to this group will be superusers." msgstr "" -#: authentik/core/models.py:162 +#: authentik/core/models.py:142 msgid "User's display name." msgstr "" -#: authentik/core/models.py:256 authentik/providers/oauth2/models.py:294 +#: authentik/core/models.py:268 authentik/providers/oauth2/models.py:294 msgid "User" msgstr "" -#: authentik/core/models.py:257 +#: authentik/core/models.py:269 msgid "Users" msgstr "" -#: authentik/core/models.py:270 +#: authentik/core/models.py:282 msgid "" "Flow used for authentication when the associated application is accessed by " "an un-authenticated user." msgstr "" -#: authentik/core/models.py:280 +#: authentik/core/models.py:292 msgid "Flow used when authorizing this provider." msgstr "" -#: authentik/core/models.py:292 +#: authentik/core/models.py:304 msgid "" "Accessed from applications; optional backchannel providers for protocols " "like LDAP and SCIM." msgstr "" -#: authentik/core/models.py:347 +#: authentik/core/models.py:359 msgid "Application's display Name." msgstr "" -#: authentik/core/models.py:348 +#: authentik/core/models.py:360 msgid "Internal application name, used in URLs." msgstr "" -#: authentik/core/models.py:360 +#: authentik/core/models.py:372 msgid "Open launch URL in a new browser tab or window." msgstr "" -#: authentik/core/models.py:424 +#: authentik/core/models.py:436 msgid "Application" msgstr "" -#: authentik/core/models.py:425 +#: authentik/core/models.py:437 msgid "Applications" msgstr "" -#: authentik/core/models.py:431 +#: authentik/core/models.py:443 msgid "Use the source-specific identifier" msgstr "" -#: authentik/core/models.py:433 +#: authentik/core/models.py:445 msgid "" "Link to a user with identical email address. Can have security implications " "when a source doesn't validate email addresses." msgstr "" -#: authentik/core/models.py:437 +#: authentik/core/models.py:449 msgid "" "Use the user's email address, but deny enrollment when the email address " "already exists." msgstr "" -#: authentik/core/models.py:440 +#: authentik/core/models.py:452 msgid "" "Link to a user with identical username. Can have security implications when " "a username is used with another source." msgstr "" -#: authentik/core/models.py:444 +#: authentik/core/models.py:456 msgid "" "Use the user's username, but deny enrollment when the username already " "exists." msgstr "" -#: authentik/core/models.py:451 +#: authentik/core/models.py:463 msgid "Source's display Name." msgstr "" -#: authentik/core/models.py:452 +#: authentik/core/models.py:464 msgid "Internal source name, used in URLs." msgstr "" -#: authentik/core/models.py:471 +#: authentik/core/models.py:483 msgid "Flow to use when authenticating existing users." msgstr "" -#: authentik/core/models.py:480 +#: authentik/core/models.py:492 msgid "Flow to use when enrolling new users." msgstr "" -#: authentik/core/models.py:488 +#: authentik/core/models.py:500 msgid "" "How the source determines if an existing user should be authenticated or a " "new user enrolled." msgstr "" -#: authentik/core/models.py:660 +#: authentik/core/models.py:672 msgid "Token" msgstr "" -#: authentik/core/models.py:661 +#: authentik/core/models.py:673 msgid "Tokens" msgstr "" -#: authentik/core/models.py:702 +#: authentik/core/models.py:714 msgid "Property Mapping" msgstr "" -#: authentik/core/models.py:703 +#: authentik/core/models.py:715 msgid "Property Mappings" msgstr "" -#: authentik/core/models.py:738 +#: authentik/core/models.py:750 msgid "Authenticated Session" msgstr "" -#: authentik/core/models.py:739 +#: authentik/core/models.py:751 msgid "Authenticated Sessions" msgstr "" diff --git a/schema.yml b/schema.yml index 1e00f3a5d..daf3a9eba 100644 --- a/schema.yml +++ b/schema.yml @@ -31714,7 +31714,7 @@ components: type: string format: date-time readOnly: true - users: + internal_users: type: integer readOnly: true external_users: @@ -31723,27 +31723,27 @@ components: required: - expiry - external_users + - internal_users - key - license_uuid - name - - users LicenseForecast: type: object description: Serializer for license forecast properties: - users: + internal_users: type: integer external_users: type: integer - forecasted_users: + forecasted_internal_users: type: integer forecasted_external_users: type: integer required: - external_users - forecasted_external_users - - forecasted_users - - users + - forecasted_internal_users + - internal_users LicenseRequest: type: object description: License Serializer @@ -31757,7 +31757,7 @@ components: type: object description: Serializer for license status properties: - users: + internal_users: type: integer external_users: type: integer @@ -31777,11 +31777,11 @@ components: required: - external_users - has_license + - internal_users - latest_valid - read_only - show_admin_warning - show_user_warning - - users - valid Link: type: object diff --git a/web/src/admin/enterprise/EnterpriseLicenseListPage.ts b/web/src/admin/enterprise/EnterpriseLicenseListPage.ts index 248691708..27a0c1b67 100644 --- a/web/src/admin/enterprise/EnterpriseLicenseListPage.ts +++ b/web/src/admin/enterprise/EnterpriseLicenseListPage.ts @@ -170,11 +170,11 @@ export class EnterpriseLicenseListPage extends TablePage { icon="pf-icon pf-icon-user" header=${msg("Forecast internal users")} subtext=${msg( - str`Estimated user count one year from now based on ${this.forecast?.users} current internal users and ${this.forecast?.forecastedUsers} forecasted internal users.`, + str`Estimated user count one year from now based on ${this.forecast?.internalUsers} current internal users and ${this.forecast?.forecastedInternalUsers} forecasted internal users.`, )} > - ~ ${(this.forecast?.users || 0) + - (this.forecast?.forecastedUsers || 0)} + ~ ${(this.forecast?.internalUsers || 0) + + (this.forecast?.forecastedInternalUsers || 0)} { } return [ html`
${item.name}
`, - html`
- 0 / ${item.users} - 0 / ${item.externalUsers} -
`, + html`
${msg(str`Internal: ${item.internalUsers}`)}
+
${msg(str`External: ${item.externalUsers}`)}
`, html` ${item.expiry?.toLocaleString()} `, html` ${msg("Update")} diff --git a/web/xliff/de.xlf b/web/xliff/de.xlf index 5299c3cdc..0c20576ee 100644 --- a/web/xliff/de.xlf +++ b/web/xliff/de.xlf @@ -5806,7 +5806,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -5888,6 +5888,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index bd44a710e..3c446d2b7 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -6122,7 +6122,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -6204,6 +6204,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index 9d0f632c9..d65c380cd 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -5714,7 +5714,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -5796,6 +5796,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/fr_FR.xlf b/web/xliff/fr_FR.xlf index 0943d46a5..c53681fda 100644 --- a/web/xliff/fr_FR.xlf +++ b/web/xliff/fr_FR.xlf @@ -5821,7 +5821,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -5903,6 +5903,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index 8655c7a86..af4fdac5c 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -5953,7 +5953,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -6035,6 +6035,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index 5cff56dee..1cafdf97d 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -6057,7 +6057,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -6139,6 +6139,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index d259c0c55..61c5c297e 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -5704,7 +5704,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -5786,6 +5786,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index a09b06731..2b8880dc8 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -4,1628 +4,1628 @@ English 英语 - + French 法语 - + Turkish 土耳其语 - + Spanish 西班牙语 - + Polish 波兰语 - + Taiwanese Mandarin 台湾华语 - + Chinese (simplified) 简体中文 - + Chinese (traditional) 繁体中文 - + German 德语 - + Loading... 正在加载…… - + Application 应用程序 - + Logins 登录 - + Show less 显示更少 - + Show more 显示更多 - + UID UID - + Name 名称 - + App 应用 - + Model Name 模型名称 - + Message 消息 - + Subject 主题 - + From 来自 - + To - + Context 上下文 - + User 用户 - + Affected model: 受影响的模型: - + Authorized application: 已授权应用程序: - + Using flow 使用流程 - + Email info: 电子邮件信息: - + Secret: Secret: - + Open issue on GitHub... 在 GitHub 上提出议题... - + Exception 异常 - + Expression 表达式 - + Binding 绑定 - + Request 请求 - + Object 对象 - + Result 结果 - + Passing 通过 - + Messages 消息 - + New version available! 新版本可用! - + Using source 使用源 - + Attempted to log in as - 已尝试以 + 已尝试以 身份登录 - + No additional data available. 没有可用的额外数据。 - + Click to change value 点击以更改值 - + Select an object. 选择一个对象。 - + Loading options... 正在加载选项… - + Connection error, reconnecting... 连接错误,正在重新连接…… - + Login 登录 - + Failed login 登录失败 - + Logout 登出 - + User was written to 用户被写入 - + Suspicious request 可疑请求 - + Password set 密码已设置 - + Secret was viewed Secret 已查看 - + Secret was rotated Secret 已轮换 - + Invitation used 已使用邀请 - + Application authorized 应用程序已授权 - + Source linked 源已链接 - + Impersonation started 已开始模拟身份 - + Impersonation ended 已结束模拟身份 - + Flow execution 流程执行 - + Policy execution 策略执行 - + Policy exception 策略异常 - + Property Mapping exception 属性映射异常 - + System task execution 系统任务执行 - + System task exception 系统任务异常 - + General system exception 一般系统异常 - + Configuration error 配置错误 - + Model created 模型已创建 - + Model updated 模型已更新 - + Model deleted 模型已删除 - + Email sent 已发送电子邮件 - + Update available 更新可用 - + Unknown severity 未知严重程度 - + Alert 注意 - + Notice 通知 - + Warning 警告 - + no tabs defined 未定义选项卡 - + - of - - - / + - + / - + Go to previous page 前往上一页 - + Go to next page 前往下一页 - + Search... 搜索... - + Loading 正在加载 - + No objects found. 未找到对象。 - + Failed to fetch objects. 拉取对象失败。 - + Refresh 刷新 - + Select all rows 选择所有行 - + Action 操作 - + Creation Date 创建日期 - + Client IP 客户端 IP - + Tenant 租户 - + Recent events 近期事件 - + On behalf of - 代表 + 代表 - + - - - + No Events found. 未找到事件。 - + No matching events could be found. 未找到匹配的事件 - + Embedded outpost is not configured correctly. 嵌入式前哨配置不正确。 - + Check outposts. 检查前哨。 - + HTTPS is not detected correctly 未正确检测到 HTTPS - + Server and client are further than 5 seconds apart. 服务器和客户端的时间相差超过 5 秒。 - + OK 好的 - + Everything is ok. 一切正常。 - + System status 系统状态 - + Based on - 基于 + 基于 - + is available! 可用! - + Up-to-date! 最新! - + Version 版本 - + Workers Worker - + No workers connected. Background tasks will not run. 没有 Workers 连接,后台任务将无法运行。 - + hour(s) ago 小时前 - + day(s) ago 天前 - + Authorizations 授权 - + Failed Logins 失败登录 - + Successful Logins 成功登录 - + : - : + - + Cancel 取消 - + LDAP Source LDAP 源 - + SCIM Provider SCIM 提供程序 - + Healthy 健康 - + Healthy outposts 健康的前哨 - + Admin 管理员 - + Not found 未找到 - + The URL "" was not found. - 未找到 URL " + 未找到 URL " "。 - + Return home 返回主页 - + General system status 常规系统状态 - + Welcome, . - 欢迎, + 欢迎, - + Quick actions 快速操作 - + Create a new application 创建新应用程序 - + Check the logs 检查日志 - + Explore integrations 探索集成 - + Manage users 管理用户 - + Check release notes 查看发行日志 - + Outpost status 前哨状态 - + Sync status 同步状态 - + Logins and authorizations over the last week (per 8 hours) 过去一周的登录与身份验证次数(每 8 小时) - + Apps with most usage 使用率最高的应用 - + days ago 天前 - + Objects created 已创建对象 - + User statistics 用户统计 - + Users created per day in the last month 上个月中每天创建的用户 - + Logins per day in the last month 上个月中每天的登录次数 - + Failed Logins per day in the last month 上个月中每天的失败登录次数 - + Clear search 清除搜索 - + System Tasks 系统任务 - + Long-running operations which authentik executes in the background. authentik 在后台执行的长时间运行的操作。 - + Identifier 标识符 - + Description 描述 - + Last run 上次运行 - + Status 状态 - + Actions 操作 - + Successful 成功 - + Error 错误 - + Unknown 未知 - + Duration 时长 - + seconds - + Authentication 身份验证 - + Authorization 授权 - + Enrollment 注册 - + Invalidation 失效 - + Recovery 恢复 - + Stage Configuration 阶段配置 - + Unenrollment 删除账户 - + Unknown designation 未知用途 - + Stacked 叠放 - + Content left 内容左侧 - + Content right 内容右侧 - + Sidebar left 边栏左侧 - + Sidebar right 边栏右侧 - + Unknown layout 未知布局 - + Successfully updated provider. 已成功更新提供程序。 - + Successfully created provider. 已成功创建提供程序。 - + Bind flow Bind 流程 - + Flow used for users to authenticate. 用于验证用户身份的流程。 - + Search group 搜索组 - + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. 所选组中的用户可以执行搜索查询。如果未选择任何组,则不允许 LDAP 搜索。 - + Bind mode 绑定模式 - + Cached binding 缓存绑定 - + Flow is executed and session is cached in memory. Flow is executed when session expires 流程与会话会在内存中执行与缓存。会话过期时执行流程 - + Direct binding 直接绑定 - + Always execute the configured bind flow to authenticate the user 总是执行配置的绑定流程,以验证用户的身份。 - + Configure how the outpost authenticates requests. 配置前哨如何验证请求的身份。 - + Search mode 搜索模式 - + Cached querying 缓存查询 - + The outpost holds all users and groups in-memory and will refresh every 5 Minutes 前哨将所有用户和组保存在内存中,并每 5 分钟刷新一次 - + Direct querying 直接查询 - + Always returns the latest data, but slower than cached querying 总是返回最新数据,但比缓存查询慢。 - + Configure how the outpost queries the core authentik server's users. 配置前哨如何查询核心 authentik 服务器的用户。 - + Protocol settings 协议设置 - + Base DN Base DN - + LDAP DN under which bind requests and search requests can be made. 可以发出绑定请求和搜索请求的 LDAP DN。 - + Certificate 证书 - + UID start number UID 起始编号 - + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber 起始 uidNumbers,这个数字会被添加到 user.Pk 中,以确保对于 POSIX 用户来说,这个数字不会太低。默认值为 2000,以确保我们不会与本地用户的 uidNumber 发生冲突 - + GID start number GID 起始编号 - + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber 起始 gidNumbers,这个数字会被添加到从 group.Pk 生成的数字中,以确保对于 POSIX 用户来说,这个数字不会太低。默认值为 4000,以确保我们不会与本地群组或用户主组的 gidNumber 发生冲突 - + (Format: hours=-1;minutes=-2;seconds=-3). (格式:hours=-1;minutes=-2;seconds=-3)。 - + (Format: hours=1;minutes=2;seconds=3). (格式:hours=1;minutes=2;seconds=3)。 - + The following keywords are supported: 支持以下关键字: - + Authentication flow 身份验证流程 - + Flow used when a user access this provider and is not authenticated. 当用户访问此提供程序并且尚未验证身份时使用的流程。 - + Authorization flow 授权流程 - + Flow used when authorizing this provider. 授权此提供程序时使用的流程。 - + Client type 客户端类型 - + Confidential 机密 - + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets 机密客户端有能力维护其凭据例如客户端密钥的机密性。 - + Public 公开 - + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. 公开客户端没有能力维护其凭据的机密性,应该使用 PKCE 等方法。 - + Client ID 客户端 ID - + Client Secret 客户端 Secret - + Redirect URIs/Origins (RegEx) 重定向 URI/Origin(正则) - + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. 授权流程成功后有效的重定向 URL。还可以在此处为隐式流程指定任何来源。 - + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. 如果未指定显式重定向 URI,则将保存第一个成功使用的重定向 URI。 - + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 - + Signing Key 签名密钥 - + Key used to sign the tokens. 用于签名令牌的密钥。 - + Advanced protocol settings 高级协议设置 - + Access code validity 访问代码有效性 - + Configure how long access codes are valid for. 配置访问代码的有效期限。 - + Access Token validity 访问令牌有效性 - + Configure how long access tokens are valid for. 配置访问令牌的有效期限。 - + Refresh Token validity 刷新令牌有效性 - + Configure how long refresh tokens are valid for. 配置刷新令牌的有效期限。 - + Scopes 作用域 - + Select which scopes can be used by the client. The client still has to specify the scope to access the data. 选择客户端可以使用哪些作用域。客户端仍然需要指定访问数据的范围。 - + Hold control/command to select multiple items. 按住 ctrl/command 键可选择多个项目。 - + Subject mode Subject 模式 - + Based on the User's hashed ID 基于哈希过的用户 ID - + Based on the User's ID 基于用户 ID - + Based on the User's UUID 基于用户 UUID - + Based on the User's username 基于用户名 - + Based on the User's Email 基于用户电子邮箱 - + This is recommended over the UPN mode. 相比于 UPN,更推荐此模式。 - + Based on the User's UPN 基于用户 UPN - + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. 需要用户设置过“upn”属性,否则回退到哈希过的用户 ID。仅应在您拥有不同 UPN 和邮件域时使用此模式。 - + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. 配置应将哪些数据用作唯一用户标识符。在大多数情况下保持默认值即可。 - + Include claims in id_token 在 id_token 中包含声明 - + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. 对于不访问 userinfo 端点的应用程序,将来自作用域的用户声明包含在 id_token 中。 - + Issuer mode Issuer 模式 - + Each provider has a different issuer, based on the application slug 根据应用程序 Slug,每个提供程序都有不同的颁发者 - + Same identifier is used for all providers 所有提供程序都使用相同的标识符 - + Configure how the issuer field of the ID Token should be filled. 配置如何填写 ID 令牌的颁发者字段。 - + Machine-to-Machine authentication settings M2M(机器到机器)身份验证设置 - + Trusted OIDC Sources 信任的 OIDC 来源 - + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. 在选定源中配置的证书签名的 JWT 可以用于此提供程序的身份验证。 - + HTTP-Basic Username Key HTTP-Basic 用户名键 - + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. 用于 HTTP-Basic 标头用户名部分的用户/组属性。如果未设置,则使用用户的电子邮件地址。 - + HTTP-Basic Password Key HTTP-Basic 密码键 - + User/Group Attribute used for the password part of the HTTP-Basic Header. 用于 HTTP-Basic 标头的密码部分的用户/组属性。 - + Proxy 代理 - + Forward auth (single application) Forward Auth(单应用) - + Forward auth (domain level) Forward Auth(域名级) - + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. 除了请求必须经过身份验证外,此提供程序的行为类似于透明反向代理。如果您的上游应用程序使用 HTTPS,请确保连接到前哨时也使用 HTTPS。 - + External host 外部主机 - + The external URL you'll access the application at. Include any non-standard port. 您将通过此外部 URL 访问应用程序。请包括任何非标准端口。 - + Internal host 内部主机 - + Upstream host that the requests are forwarded to. 请求被转发到的上游主机。 - + Internal host SSL Validation 内部主机 SSL 验证 - + Validate SSL Certificates of upstream servers. 验证上游服务器的 SSL 证书。 - + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you). 与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用此提供程序。每个应用程序/域名都需要自己的提供程序。此外,在每个域名上,/outpost.goauthentik.io 必须路由到前哨(在使用托管的 Outpost 时,这已经为您处理好了)。 - + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. 与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用此提供程序。每个根域名只需要一个提供程序。您无法管理每个应用程序的授权,但不必为每个应用程序分别创建提供程序。 - + An example setup can look like this: 设置示例如下所示: - + authentik running on auth.example.com auth.example.com 上运行的 authentik - + app1 running on app1.example.com app1.example.com 上运行的 app1 - + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. 在这种情况下,您需要将身份验证 URL 设置为 auth.example.com,并将 Cookie 域名设置为 example.com。 - + Authentication URL 身份验证 URL - + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. 您将在此外部 URL 进行身份验证。通过此 URL 应该可以访问到 authentik 核心服务器。 - + Cookie domain Cookie 域名 - + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. 将此设置为您希望身份验证有效的域名。必须是上述 URL 的父域名。如果您的应用部署在 app1.domain.tld、app2.domain.tld,请将其设置为 'domain.tld'。 - + Unknown proxy mode 未知代理模式 - + Token validity 令牌有效性 - + Configure how long tokens are valid for. 配置令牌的有效期限。 - + Additional scopes 额外的作用域 - + Additional scope mappings, which are passed to the proxy. 传递给代理的额外作用域映射。 - + Unauthenticated URLs 不验证身份的 URL - + Unauthenticated Paths 不验证身份的路径 - + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. 用于描述何处不需要身份验证的正则表达式。每个新行都被解释为一个新的表达式。 - + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. 使用代理或 Forward Auth(单应用)模式时,将根据正则表达式检查请求的 URL 路径。使用 Forward Auth(域名模式)时,将根据正则表达式检查请求的完整 URL(包括协议和主机名)。 - + Authentication settings 身份验证设置 - + Intercept header authentication 拦截身份验证标头 - + When enabled, authentik will intercept the Authorization header to authenticate the request. 启用时,authentik 将会拦截 Authorization 标头以认证请求。 - + Send HTTP-Basic Authentication 发送 HTTP-Basic 身份验证 - + Send a custom HTTP-Basic Authentication header based on values from authentik. 根据来自 authentik 的值发送自定义 HTTP-Basic 身份验证标头。 - + ACS URL ACS URL - + Issuer 颁发者 - + Also known as EntityID. 也称为 EntityID。 - + Service Provider Binding 服务提供程序绑定 - + Redirect 重定向 - + Post Post - + Determines how authentik sends the response back to the Service Provider. 确定 authentik 如何将响应发送回服务提供程序。 - + Audience Audience - + Signing Certificate 签名证书 - + Certificate used to sign outgoing Responses going to the Service Provider. 证书,用于签署发送给服务提供程序的传出响应。 - + Verification Certificate 验证证书 - + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. 选中后,传入断言的签名将根据此证书进行验证。要允许未签名的请求,请保留默认值。 - + Property mappings 属性映射 - + NameID Property Mapping NameID 属性映射 - + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. 配置如何创建 NameID 值。如果留空,将遵守传入请求的 NameIDPolicy。 - + Assertion valid not before 不在此刻之前,断言有效 - + Configure the maximum allowed time drift for an assertion. 为断言配置允许的最大时间漂移。 - + Assertion valid not on or after 不在此刻或之后,断言有效 - + Assertion not valid on or after current time + this value. 从当前时间经过多久时或之后,断言无效。 - + Session valid not on or after 不在此刻或之后,会话有效 - + Session not valid on or after current time + this value. 从当前时间经过多久时或之后,会话无效。 - + Digest algorithm 摘要算法 - + Signature algorithm 签名算法 - + Successfully imported provider. 已成功导入提供程序。 - + Metadata 元数据 - + Apply changes 应用更改 - + Close 关闭 - + Finish 完成 - + Back 返回 - + No form found 未找到表单 - + Form didn't return a promise for submitting 表单提交未返回 Promise - + Select type 选择类型 - + Try the new application wizard 尝试新应用程序向导 - + The new application wizard greatly simplifies the steps required to create applications and providers. 新应用程序向导大幅度简化了创建应用程序和提供程序所需的操作步骤。 - + Try it now 现在尝试 - + Create 创建 - + New provider 新建提供程序 - + Create a new provider. 创建一个新提供程序。 - + Create - 创建 + 创建 - + Shared secret 共享密钥 - + Client Networks 客户端网络 - + List of CIDRs (comma-seperated) that clients can connect from. A more specific @@ -1637,104 +1637,104 @@ URL URL - + SCIM base url, usually ends in /v2. SCIM 基础 URL,通常以 /v2 结尾。 - + Token 令牌 - + Token to authenticate with. Currently only bearer authentication is supported. 用于验证身份的令牌。当前仅支持 Bearer 身份验证。 - + User filtering 用户过滤 - + Exclude service accounts 排除服务账户 - + Group - + Only sync users within the selected group. 只同步选定组中的用户。 - + Attribute mapping 属性映射 - + User Property Mappings 用户属性映射 - + Property mappings used to user mapping. 用于用户映射的属性映射。 - + Group Property Mappings 组属性映射 - + Property mappings used to group creation. 用于创建组的属性映射。 - + Not used by any other object. 不被任何其他对象使用。 - + object will be DELETED 对象将被删除 - + connection will be deleted 连接将被删除 - + reference will be reset to default value 引用将被重置为默认值 - + reference will be set to an empty value 引用将被设置为空值 - + () - ( + - + ID ID - + Successfully deleted @@ -1742,16 +1742,16 @@ Failed to delete : - 删除 - 失败: + 删除 + 失败: - + Delete - 删除 + 删除 - + Are you sure you want to delete ? @@ -1760,1108 +1760,1108 @@ Delete 删除 - + Providers 提供程序 - + Provide support for protocols like SAML and OAuth to assigned applications. 为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。 - + Type 类型 - + Provider(s) 提供程序 - + Assigned to application 分配给应用程序 - + Assigned to application (backchannel) 绑定到应用(反向通道) - + Warning: Provider not assigned to any application. 警告:提供程序未分配给任何应用程序。 - + Update 更新 - + Update - 更新 + 更新 - + Select providers to add to application 选择要添加到应用的提供程序 - + Add 添加 - + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 - + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. 创建用户的路径模板。使用占位符如 `%(slug)s` 插入源 Slug。 - + Successfully updated application. 已成功更新应用程序。 - + Successfully created application. 已成功创建应用程序。 - + Application's display Name. 应用的显示名称。 - + Slug Slug - + Internal application name, used in URLs. 应用的内部名称,在 URL 中使用。 - + Optionally enter a group name. Applications with identical groups are shown grouped together. 输入可选的分组名称。分组相同的应用程序会显示在一起。 - + Provider 提供程序 - + Select a provider that this application should use. 选择此应用应该使用的提供程序。 - + Backchannel providers 反向通道提供程序 - + Select backchannel providers which augment the functionality of the main provider. 选择可为主要提供程序增强功能的反向通道提供程序。 - + Policy engine mode 策略引擎模式 - + Any policy must match to grant access 必须匹配任意策略才能授予访问权限。 - + All policies must match to grant access 必须匹配所有策略才能授予访问权限 - + UI settings 用户界面设置 - + Launch URL 启动 URL - + If left empty, authentik will try to extract the launch URL based on the selected provider. 如果留空,authentik 将尝试根据选定的提供程序提取启动 URL。 - + Open in new tab 在新标签页中打开 - + If checked, the launch URL will open in a new browser tab or window from the user's application library. 如果勾选,在用户的应用程序库中时,启动 URL 将会在新浏览器标签页或窗口中打开。 - + Icon 图标 - + Currently set to: 当前设置为: - + Clear icon 清除图标 - + Publisher 发布者 - + Create Application 创建应用程序 - + Overview 总览 - + Changelog 更新日志 - + Warning: Provider is not used by any Outpost. 警告:提供程序未被任何前哨使用。 - + Assigned to application 分配给应用程序 - + Update LDAP Provider 更新 LDAP 提供程序 - + Edit 编辑 - + How to connect 如何连接 - + Connect to the LDAP Server on port 389: 通过端口 389 连接到 LDAP 服务器: - + Check the IP of the Kubernetes service, or 检查 Kubernetes 服务的 IP,或者 - + The Host IP of the docker host Docker 宿主机的主机 IP - + Bind DN Bind DN - + Bind Password Bind 密码 - + Search base 搜索 Base - + Preview 预览 - + Warning: Provider is not used by an Application. 警告:提供程序未被任何应用程序使用。 - + Redirect URIs 重定向 URI - + Update OAuth2 Provider 更新 OAuth2 提供程序 - + OpenID Configuration URL OpenID 配置 URL - + OpenID Configuration Issuer OpenID 配置颁发者 - + Authorize URL 授权 URL - + Token URL 令牌 URL - + Userinfo URL 用户信息 URL - + Logout URL 登出 URL - + JWKS URL JWKS URL - + Example JWT payload (for currently authenticated user) 示例 JWT 载荷(当前经过身份验证的用户) - + Forward auth (domain-level) Forward Auth(域名级) - + Nginx (Ingress) Nginx(Ingress) - + Nginx (Proxy Manager) Nginx(Proxy Manager) - + Nginx (standalone) Nginx(独立) - + Traefik (Ingress) Traefik(Ingress) - + Traefik (Compose) Traefik(Compose) - + Traefik (Standalone) Traefik(独立) - + Caddy (Standalone) Caddy(独立) - + Internal Host 内部主机 - + External Host 外部主机 - + Basic-Auth 基本身份验证 - + Yes - + Mode 模式 - + Update Proxy Provider 更新代理提供程序 - + Protocol Settings 协议设置 - + Allowed Redirect URIs 允许的重定向 URI - + Setup 设置 - + No additional setup is required. 无需进行额外设置。 - + Update Radius Provider 更新 Radius 提供程序 - + Download 下载 - + Copy download URL 复制下载 URL - + Download signing certificate 下载签名证书 - + Related objects 相关对象 - + Update SAML Provider 更新 SAML 提供程序 - + SAML Configuration SAML 配置 - + EntityID/Issuer EntityID/签发者 - + SSO URL (Post) SSO URL(Post) - + SSO URL (Redirect) SSO URL(重定向) - + SSO URL (IdP-initiated Login) SSO URL(IDP 发起的登录) - + SLO URL (Post) SLO URL(Post) - + SLO URL (Redirect) SLO URL(重定向) - + SAML Metadata SAML 元数据 - + Example SAML attributes 示例 SAML 属性 - + NameID attribute NameID 属性 - + SCIM provider is in preview. SCIM 提供程序处于预览状态。 - + Warning: Provider is not assigned to an application as backchannel provider. 警告:提供程序未作为反向通道分配给应用程序。 - + Update SCIM Provider 更新 SCIM 提供程序 - + Sync not run yet. 尚未同步过。 - + Run sync again 再次运行同步 - + Application details 应用程序详情 - + Create application 创建应用程序 - + Additional UI settings 其他界面设置 - + OAuth2/OIDC OAuth2/OIDC - + Modern applications, APIs and Single-page applications. 现代应用程序、API 与单页应用程序。 - + SAML SAML - + XML-based SSO standard. Use this if your application only supports SAML. 基于 XML 的 SSO 标准。如果您的应用程序仅支持 SAML 则应使用。 - + Legacy applications which don't natively support SSO. 不原生支持 SSO 的传统应用程序。 - + LDAP LDAP - + Provide an LDAP interface for applications and users to authenticate against. 为应用程序和用户提供 LDAP 接口以进行身份​​验证。 - + Link 链接 - + Authentication method 身份验证方法 - + LDAP details LDAP 详情 - + Create service account 创建服务账户 - + Create provider 创建提供程序 - + Application Link 应用程序链接 - + URL which will be opened when a user clicks on the application. 用户点击应用程序时将打开的 URL。 - + Method details 方法详情 - + This configuration can be used to authenticate to authentik with other APIs other otherwise programmatically. 此配置可用于通过其他 API 或以编程方式处理 authentik 身份验证。 - + By default, all service accounts can authenticate as this application, as long as they have a valid token of the type app-password. 默认情况下,所有服务账户都可以作为此应用程序进行身份验证,只要它们拥有 app-password 类型的有效令牌。 - + Web application Web 应用程序 - + Applications which handle the authentication server-side (for example, Python, Go, Rust, Java, PHP) 在服务端处理身份验证的应用程序(例如 Python、Go、Rust、Java、PHP) - + Single-page applications 单页应用程序 - + Single-page applications which handle authentication in the browser (for example, Javascript, Angular, React, Vue) 在浏览器内处理身份验证的单页应用程序(例如 Javascript、Angular、React、Vue) - + Native application 原生应用程序 - + Applications which redirect users to a non-web callback (for example, Android, iOS) 重定向用户到非 Web 回调的应用程序(例如 Android、iOS) - + API API - + Authentication without user interaction, or machine-to-machine authentication. 无需用户操作的身份验证,或 M2M(机器到机器)身份验证。 - + Application type 应用程序类型 - + Flow used when users access this application. 用户访问此应用程序时使用的流程。 - + Proxy details 代理详情 - + External domain 外部域名 - + External domain you will be accessing the domain from. 您将从此外部域名访问域名。 - + Import SAML Metadata 导入 SAML 元数据 - + Import the metadata document of the applicaation you want to configure. 导入您要配置的应用程序的元数据文档。 - + Manual configuration 手动配置 - + Manually configure SAML 手动配置 SAML - + SAML details SAML 详情 - + URL that authentik will redirect back to after successful authentication. 身份验证成功后,authentik 将重定向回的 URL。 - + Import SAML metadata 导入 SAML 元数据 - + New application 新应用程序 - + Create a new application. 创建一个新应用程序。 - + Applications 应用程序 - + External Applications which use authentik as Identity-Provider, utilizing protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. 利用 OAuth2 和 SAML 等协议,使用 authentik 作为身份提供程序的外部应用程序。此处显示了所有应用程序,即使您无法访问的也包括在内。 - + Provider Type 提供程序类型 - + Application(s) 应用程序 - + Application Icon 应用程序图标 - + Update Application 更新应用程序 - + Successfully sent test-request. 已成功发送测试请求。 - + Log messages 日志消息 - + No log messages. 没有日志消息。 - + Active 激活 - + Last login 上次登录 - + Select users to add 选择要添加的用户 - + Successfully updated group. 已成功更新组。 - + Successfully created group. 已成功创建组。 - + Is superuser 是超级用户 - + Users added to this group will be superusers. 添加到该组的用户均为超级用户。 - + Parent 父级 - + Attributes 属性 - + Set custom attributes using YAML or JSON. 使用 YAML 或 JSON 设置自定义属性。 - + Successfully updated binding. 已成功更新绑定。 - + Successfully created binding. 已成功创建绑定。 - + Policy 策略 - + Group mappings can only be checked if a user is already logged in when trying to access this source. 组绑定仅会在已登录用户访问此源时检查。 - + User mappings can only be checked if a user is already logged in when trying to access this source. 用户绑定仅会在已登录用户访问此源时检查。 - + Enabled 已启用 - + Negate result 反转结果 - + Negates the outcome of the binding. Messages are unaffected. 反转绑定的结果。消息不受影响。 - + Order 顺序 - + Timeout 超时 - + Successfully updated policy. 已成功更新策略。 - + Successfully created policy. 已成功创建策略。 - + A policy used for testing. Always returns the same result as specified below after waiting a random duration. 用于测试的策略。等待随机时长后,始终返回下面指定的结果。 - + Execution logging 记录执行日志 - + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. 启用此选项后,将记录此策略的所有执行日志。默认情况下,只记录执行错误。 - + Policy-specific settings 特定策略设置 - + Pass policy? 通过策略? - + Wait (min) 等待(最短) - + The policy takes a random time to execute. This controls the minimum time it will take. 策略需要一段随机时间来执行。这将控制所需的最短时间。 - + Wait (max) 等待(最长) - + Matches an event against a set of criteria. If any of the configured values match, the policy passes. 根据一组条件匹配事件。如果任何配置的值匹配,则策略将通过。 - + Match created events with this action type. When left empty, all action types will be matched. 将创建的事件与此操作类型匹配。留空时,所有操作类型都将匹配。 - + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. 匹配事件的客户端 IP(严格匹配,要网络匹配请使用表达式策略)。 - + Match events created by selected application. When left empty, all applications are matched. 匹配选定应用程序创建的事件。如果留空,则匹配所有应用程序。 - + Checks if the request's user's password has been changed in the last x days, and denys based on settings. 检查过去 x 天内请求的用户密码是否已更改,并根据设置拒绝。 - + Maximum age (in days) 最长使用期限(单位为天) - + Only fail the policy, don't invalidate user's password 仅使策略失败,不使用户的密码失效 - + Executes the python snippet to determine whether to allow or deny a request. 执行 Python 代码段以确定是允许还是拒绝请求。 - + Expression using Python. 使用 Python 的表达式。 - + See documentation for a list of all variables. 请阅读文档了解完整变量列表。 - + Static rules 静态规则 - + Minimum length 最小长度 - + Minimum amount of Uppercase Characters 最低大写字符数 - + Minimum amount of Lowercase Characters 最低小写字符数 - + Minimum amount of Digits 最低数字字符数 - + Minimum amount of Symbols Characters 最低符号字符数 - + Error message 错误消息 - + Symbol charset 符号字符集 - + Characters which are considered as symbols. 被视为符号的字符。 - + HaveIBeenPwned settings HaveIBeenPwned 设置 - + Allowed count 允许的计数 - + Allow up to N occurrences in the HIBP database. HIBP 数据库中最多允许 N 次出现。 - + zxcvbn settings zxcvbn 设置 - + Score threshold 分数阈值 - + If the password's score is less than or equal this value, the policy will fail. 如果密码分数小于等于此值,则策略失败。 - + 0: Too guessable: risky password. (guesses < 10^3) 0:过于易猜测:密码有风险。(猜测次数 < 10^3) - + 1: Very guessable: protection from throttled online attacks. (guesses < 10^6) 1:非常易猜测:可以防范受限的在线攻击。(猜测次数 < 10^6) - + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) 2:有些易猜测:可以防范不受限的在线攻击。(猜测次数 < 10^8) - + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10) 3:难以猜测:适度防范离线慢速哈希场景。(猜测次数 < 10^10) - + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10) 4:非常难以猜测:高度防范离线慢速哈希场景。(猜测次数 >= 10^10) - + Checks the value from the policy request against several rules, mostly used to ensure password strength. 根据多条规则检查策略请求中的值,这些规则主要用于确保密码强度。 - + Password field 密码字段 - + Field key to check, field keys defined in Prompt stages are available. 要检查的字段键,可以使用输入阶段中定义的字段键。 - + Check static rules 检查静态规则 - + Check haveibeenpwned.com 检查 haveibeenpwned.com - + For more info see: 更多信息请看: - + Check zxcvbn 检查 zxcvbn - + Password strength estimator created by Dropbox, see: Dropbox 制作的密码强度估算器,详见: - + Allows/denys requests based on the users and/or the IPs reputation. 根据用户和/或 IP 信誉允许/拒绝请求。 - + Invalid login attempts will decrease the score for the client's IP, and the @@ -2877,792 +2877,792 @@ doesn't pass when either or both of the selected options are equal or above the Check IP 检查 IP - + Check Username 检查用户名 - + Threshold 阈值 - + New policy 新建策略 - + Create a new policy. 创建一个新策略。 - + Create Binding 创建绑定 - + Superuser 超级用户 - + Members 成员 - + Select groups to add user to 选择要添加用户的组 - + Warning: Adding the user to the selected group(s) will give them superuser permissions. 警告:将用户添加到所选的组会使其获得超级用户权限。 - + Successfully updated user. 已成功更新用户。 - + Successfully created user. 已成功创建用户。 - + Username 用户名 - + User's primary identifier. 150 characters or fewer. 用户主标识符。不超过 150 个字符。 - + User's display name. 用户的显示名称 - + Email 电子邮箱 - + Is active 已激活 - + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. 指定是否应将此用户视为活动用户。取消选择此选项,而不是删除帐户。 - + Path 路径 - + Policy / User / Group 策略 / 用户 / 组 - + Policy - 策略 + 策略 - + Group - 组 + - + User - 用户 + 用户 - + Edit Policy 编辑策略 - + Update Group 更新组 - + Edit Group 编辑组 - + Update User 更新用户 - + Edit User 编辑用户 - + Policy binding(s) 策略绑定 - + Update Binding 更新绑定 - + Edit Binding 编辑绑定 - + No Policies bound. 未绑定策略。 - + No policies are currently bound to this object. 当前没有策略绑定到此对象。 - + Create & bind Policy 创建 & 绑定策略 - + Bind existing policy 绑定已有策略 - + Warning: Application is not used by any Outpost. 警告:应用程序未被任何前哨使用。 - + Related 相关 - + Backchannel Providers 反向通道提供程序 - + Check access 检查访问权限 - + Check 检查 - + Check Application access 检查应用程序访问权限 - + Test 测试 - + Launch 启动 - + Logins over the last week (per 8 hours) 过去一周的登录次数(每 8 小时) - + Policy / Group / User Bindings 策略 / 组 / 用户绑定 - + These policies control which users can access this application. 这些策略控制哪些用户可以访问此应用程序。 - + Successfully updated source. 已成功更新源。 - + Successfully created source. 已成功创建源。 - + Sync users 同步用户 - + User password writeback 用户密码写回 - + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. 登录密码会自动从 LDAP 同步到 authentik。启用此选项可将 authentik 中的密码更改写回至 LDAP。 - + Sync groups 同步组 - + Connection settings 连接设置 - + Server URI 服务器 URI - + Specify multiple server URIs by separating them with a comma. 通过用逗号分隔多个服务器 URI 来指定它们。 - + Enable StartTLS 启用 StartTLS - + To use SSL instead, use 'ldaps://' and disable this option. 要改用 SSL,请使用 'ldaps: //' 并禁用此选项。 - + TLS Verification Certificate TLS 验证证书 - + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. 使用 TLS 连接到 LDAP 服务器时,默认情况下不检查证书。指定密钥对以验证远程证书。 - + Bind CN Bind CN - + LDAP Attribute mapping LDAP 属性映射 - + Property mappings used to user creation. 用于创建用户的属性映射。 - + Additional settings 其他设置 - + Parent group for all the groups imported from LDAP. 从 LDAP 导入的所有组的父组。 - + User path 用户路径 - + Addition User DN 额外的用户 DN - + Additional user DN, prepended to the Base DN. 额外的用户 DN,添加到 Base DN 起始处。 - + Addition Group DN 额外的组 DN - + Additional group DN, prepended to the Base DN. 额外的组 DN,添加到 Base DN 起始处。 - + User object filter 用户对象筛选器 - + Consider Objects matching this filter to be Users. 将与此筛选器匹配的对象视为用户。 - + Group object filter 组对象过滤器 - + Consider Objects matching this filter to be Groups. 将与此过滤器匹配的对象视为组。 - + Group membership field 组成员资格字段 - + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' - + Object uniqueness field 对象唯一性字段 - + Field which contains a unique Identifier. 包含唯一标识符的字段。 - + Link users on unique identifier 使用唯一标识符链接用户 - + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses 链接到电子邮件地址相同的用户。当源不验证电子邮件地址时,可能会有安全隐患 - + Use the user's email address, but deny enrollment when the email address already exists 使用用户的电子邮件地址,但在电子邮件地址已存在时拒绝注册 - + Link to a user with identical username. Can have security implications when a username is used with another source 链接到用户名相同的用户。当其他源使用相同用户名时,可能会有安全隐患 - + Use the user's username, but deny enrollment when the username already exists 使用用户的用户名,但在用户名已存在时拒绝注册 - + Unknown user matching mode 未知用户匹配模式 - + URL settings URL 设置 - + Authorization URL 授权 URL - + URL the user is redirect to to consent the authorization. 用户被重定向到以同意授权的 URL。 - + Access token URL 访问令牌 URL - + URL used by authentik to retrieve tokens. authentik 用来获取令牌的 URL。 - + Profile URL 个人资料 URL - + URL used by authentik to get user information. authentik 用来获取用户信息的 URL。 - + Request token URL 请求令牌 URL - + URL used to request the initial token. This URL is only required for OAuth 1. 用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。 - + OIDC Well-known URL OIDC Well-known URL - + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. OIDC Well-known 配置 URL。可用于自动配置上述 URL。 - + OIDC JWKS URL OIDC JWKS URL - + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. JSON Web Key URL。来自此 URL 的 Key 将被用于验证此身份来源的 JWT。 - + OIDC JWKS OIDC JWKS - + Raw JWKS data. 原始 JWKS 数据。 - + User matching mode 用户匹配模式 - + Delete currently set icon. 删除当前设置的图标。 - + Consumer key 消费者 Key - + Consumer secret 消费者 Secret - + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. 要传递给 OAuth 提供程序的其他作用域,用空格分隔。要替换已存在的作用域,请添加前缀 *。 - + Flow settings 流程设置 - + Flow to use when authenticating existing users. 认证已存在用户时所使用的流程。 - + Enrollment flow 注册流程 - + Flow to use when enrolling new users. 新用户注册的流程。 - + Load servers 加载服务器 - + Re-authenticate with plex 使用 Plex 重新验证身份 - + Allow friends to authenticate via Plex, even if you don't share any servers 允许好友通过 Plex 进行身份验证,即使您不共享任何服务器。 - + Allowed servers 允许的服务器 - + Select which server a user has to be a member of to be allowed to authenticate. 选择用户必须是哪个服务器的成员才能进行身份验证。 - + SSO URL SSO URL - + URL that the initial Login request is sent to. 初始登录请求发送到的 URL。 - + SLO URL SLO URL - + Optional URL if the IDP supports Single-Logout. 如果 IDP 支持单点登出,则为可选 URL。 - + Also known as Entity ID. Defaults the Metadata URL. 也称为 Entity ID。 默认为元数据 URL。 - + Binding Type 绑定类型 - + Redirect binding 重定向绑定 - + Post-auto binding 自动 Post 绑定 - + Post binding but the request is automatically sent and the user doesn't have to confirm. Post 绑定,但请求会被自动发送,不需要用户确认。 - + Post binding Post 绑定 - + Signing keypair 签名密钥对 - + Keypair which is used to sign outgoing requests. Leave empty to disable signing. 用于签名传出请求的密钥对。留空则禁用签名。 - + Allow IDP-initiated logins 允许 IDP 发起的登录 - + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. 允许由 IdP 启动的身份验证流程。这可能存在安全风险,因为未对请求 ID 进行验证。 - + NameID Policy NameID 策略 - + Persistent 持久的 - + Email address 电子邮箱地址 - + Windows Windows - + X509 Subject X509 主题 - + Transient 暂时的 - + Delete temporary users after 多久后删除临时用户 - + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. 删除临时用户的时间偏移。这仅适用于您的 IDP 使用 NameID 格式 'transient' 且用户未手动登出的情况。 - + Pre-authentication flow 身份验证前流程 - + Flow used before authentication. 身份验证之前使用的流程。 - + New source 新建身份来源 - + Create a new source. 创建一个新身份来源。 - + Federation & Social login 联结与社交登录 - + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. 身份来源,既可以同步到 authentik 的数据库中,也可以被用户用来进行身份验证和注册。 - + Source(s) - + Disabled 已禁用 - + Built-in 内置 - + Update LDAP Source 更新 LDAP 源 - + Not synced yet. 尚未同步。 - + Task finished with warnings 任务已完成但有警告 - + Task finished with errors 任务已完成但有错误 - + Last sync: - 上次同步: + 上次同步: - + OAuth Source - OAuth 源 + OAuth 源 - + Generic OpenID Connect 通用 OpenID 连接 - + Unknown provider type 未知提供程序类型 - + Details 详情 - + Callback URL 回调 URL - + Access Key 访问密钥 - + Update OAuth Source 更新 OAuth 源 - + Diagram 流程图 - + Policy Bindings 策略绑定 - + These bindings control which users can access this source. @@ -3673,478 +3673,478 @@ doesn't pass when either or both of the selected options are equal or above the Update Plex Source 更新 Plex 源 - + Update SAML Source 更新 SAML 源 - + Successfully updated mapping. 已成功更新映射。 - + Successfully created mapping. 已成功创建映射。 - + Object field 对象字段 - + Field of the user object this value is written to. 写入此值的用户对象的字段。 - + SAML Attribute Name SAML 属性名称 - + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. 用于 SAML 断言的属性名称。可以是 URN OID、Schema Reference 或任何其他字符串。如果此属性映射用于 NameID 属性,则会丢弃此字段。 - + Friendly Name 显示名称 - + Optionally set the 'FriendlyName' value of the Assertion attribute. 可选,设置断言属性的 'FriendlyName' 值。 - + Scope name 作用域名称 - + Scope which the client can specify to access these properties. 客户端可以指定的访问这些属性的范围。 - + Description shown to the user when consenting. If left empty, the user won't be informed. 同意授权时向用户显示的描述。如果留空,则不会告知用户。 - + Example context data 示例上下文数据 - + Active Directory User Active Directory 用户 - + Active Directory Group Active Directory 组 - + New property mapping 新建属性映射 - + Create a new property mapping. 创建一个新属性映射。 - + Property Mappings 属性映射 - + Control how authentik exposes and interprets information. 控制 authentik 如何公开和处理信息。 - + Property Mapping(s) 属性映射 - + Test Property Mapping 测试属性映射 - + Hide managed mappings 隐藏管理映射 - + Successfully updated token. 已成功更新令牌。 - + Successfully created token. 已成功创建令牌。 - + Unique identifier the token is referenced by. 引用令牌的唯一标识符。 - + Intent 意图 - + API Token API Token - + Used to access the API programmatically 用于编程方式访问 API - + App password. 应用密码。 - + Used to login using a flow executor 使用流程执行器登录 - + Expiring 即将过期 - + If this is selected, the token will expire. Upon expiration, the token will be rotated. 如果选择此选项,令牌将能够过期。过期时,令牌将被轮换。 - + Expires on 过期时间 - + API Access API 访问权限 - + App password 应用密码 - + Verification 验证 - + Unknown intent 未知意图 - + Tokens 令牌 - + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. 令牌在整个 authentik 中用于电子邮件验证阶段、恢复密钥和 API 访问。 - + Expires? 过期? - + Expiry date 过期日期 - + Token(s) 令牌 - + Create Token 创建令牌 - + Token is managed by authentik. 令牌由 authentik 管理。 - + Update Token 更新令牌 - + Successfully updated tenant. 已成功更新租户。 - + Successfully created tenant. 已成功创建租户。 - + Domain 域名 - + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. 根据域名后缀完成匹配,因此,如果您输入 domain.tld,foo.domain.tld 仍将匹配。 - + Default 默认 - + Use this tenant for each domain that doesn't have a dedicated tenant. 所有未设置专用租户的域名都将使用此租户。 - + Branding settings 品牌设置 - + Title 标题 - + Branding shown in page title and several other places. 品牌信息显示在页面标题和其他几个地方。 - + Logo Logo - + Icon shown in sidebar/header and flow executor. 在侧边栏/标题和流程执行器中显示的图标。 - + Favicon 网站图标 - + Icon shown in the browser tab. 浏览器选项卡中显示的图标。 - + Default flows 默认流程 - + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. 用于对用户进行身份验证的流程。如果留空,则使用按 Slug 排序的第一个适用流程。 - + Invalidation flow 失效流程 - + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. 用于登出的流程。如果留空,则使用按 Slug 排序的第一个适用流程。 - + Recovery flow 恢复流程 - + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. 恢复流程。如果留空,则使用按 Slug 排序的第一个适用流程。 - + Unenrollment flow 删除账户流程 - + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. 如果已设置,则用户可以使用此流程自行删除账户。如果未设置流程,则不显示选项。 - + User settings flow 用户设置流程 - + If set, users are able to configure details of their profile. 设置后,用户可以配置他们个人资料的详细信息。 - + Device code flow 设备代码流程 - + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. 如果设置,则 OAuth 设备代码用户资料可用,并且选定的流程将会用于输入代码。 - + Other global settings 其他全局设置 - + Web Certificate Web 证书 - + Event retention 事件保留 - + Duration after which events will be deleted from the database. 事件从数据库中删除的时间,超过这个时间就会被删除。 - + When using an external logging solution for archiving, this can be set to "minutes=5". 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 - + This setting only affects new Events, as the expiration is saved per-event. 此设置仅影响新事件,因为过期时间是分事件保存的。 - + Format: "weeks=3;days=2;hours=3,seconds=2". 格式:"weeks=3;days=2;hours=3,seconds=2"。 - + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this tenant. 使用 YAML 或 JSON 格式设置自定义属性。如果请求由此租户处理,则用户会继承此处设置的任何自定义属性。 - + Tenants 租户 - + Configure visual settings and defaults for different domains. 配置不同域名的可视化设置和默认值。 - + Default? 默认? - + Tenant(s) 租户 - + Update Tenant 更新租户 - + Create Tenant 创建租户 - + Policies 策略 - + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. 允许用户根据属性使用应用程序、强制使用密码标准以及选择性地应用阶段。 - + Assigned to object(s). - 已分配给 + 已分配给 个对象。 - + Warning: Policy is not assigned. 警告:策略未分配。 - + Test Policy 测试策略 - + Policy / Policies 策略 - + Successfully cleared policy cache 已成功清除策略缓存 - + Failed to delete policy cache 删除策略缓存失败 - + Clear cache 清除缓存 - + Clear Policy cache 清除策略缓存 - + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. @@ -4153,93 +4153,93 @@ doesn't pass when either or both of the selected options are equal or above the Reputation scores 信誉分数 - + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. IP 和用户标识符的信誉。每次登录失败分数都会降低,每次登录成功分数都会增加。 - + IP IP - + Score 分数 - + Updated 已更新 - + Reputation 信誉 - + Groups - + Group users together and give them permissions based on the membership. 将用户分组在一起,并根据成员资格为他们授予权限。 - + Superuser privileges? 超级用户权限? - + Group(s) - + Create Group 创建组 - + Create group 创建组 - + Enabling this toggle will create a group named after the user, with the user as member. 启用此开关将创建一个以用户命名的组,用户为成员。 - + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. 使用下面的用户名和密码进行身份验证。密码可以稍后在令牌页面上获取。 - + Password 密码 - + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. 有效期为 360 天,之后密码将自动轮换。您可以从令牌列表中复制密码。 - + The following objects use - 以下对象使用 + 以下对象使用 - + connecting object will be deleted 连接对象将被删除 - + Successfully updated @@ -4247,635 +4247,635 @@ doesn't pass when either or both of the selected options are equal or above the Failed to update : - 更新 - 失败: + 更新 + 失败: - + Are you sure you want to update ""? - 您确定要更新 - " + 您确定要更新 + " " 吗? - + Successfully updated password. 已成功更新密码。 - + Successfully sent email. 已成功发送电子邮件。 - + Email stage 电子邮件阶段 - + Successfully added user(s). 成功添加用户。 - + Users to add 要添加的用户 - + User(s) 用户 - + Remove Users(s) 删除用户 - + Are you sure you want to remove the selected users from the group ? - 您确定要从组 + 您确定要从组 中删除选定的用户吗? - + Remove 删除 - + Impersonate 模拟身份 - + User status 用户状态 - + Change status 更改状态 - + Deactivate 停用 - + Update password 更新密码 - + Set password 设置密码 - + Successfully generated recovery link 已成功生成恢复链接 - + No recovery flow is configured. 未配置恢复流程。 - + Copy recovery link 复制恢复链接 - + Send link 发送链接 - + Send recovery link to user 向用户发送恢复链接 - + Email recovery link 电子邮件恢复链接 - + Recovery link cannot be emailed, user has no email address saved. 无法通过电子邮件发送恢复链接,用户没有保存电子邮件地址。 - + To let a user directly reset a their password, configure a recovery flow on the currently active tenant. 要让用户直接重置密码,请在当前活动的租户上配置恢复流程。 - + Add User 添加用户 - + Warning: This group is configured with superuser access. Added users will have superuser access. 警告:此组已配置为超级用户权限。加入的用户将会拥有超级用户权限。 - + Add existing user 添加已有用户 - + Create user 创建用户 - + Create User 创建用户 - + Create Service account 创建服务账户 - + Hide service-accounts 隐藏服务账户 - + Group Info 组信息 - + Notes 备注 - + Edit the notes attribute of this group to add notes here. 编辑该组的备注属性以在此处添加备注。 - + Users 用户 - + Root - + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - 警告:您即将删除当前登录的用户( + 警告:您即将删除当前登录的用户( )。如果继续,请自担风险。 - + Hide deactivated user 隐藏未激活的用户 - + User folders 用户目录 - + Successfully added user to group(s). 成功添加用户到组。 - + Groups to add 要添加的组 - + Remove from Group(s) 从组中删除 - + Are you sure you want to remove user from the following groups? - 您确定要从以下组中删除用户 + 您确定要从以下组中删除用户 吗? - + Add Group 添加组 - + Add to existing group 添加到已有组 - + Add new group 添加新组 - + Application authorizations 应用程序授权 - + Revoked? 已吊销? - + Expires 过期 - + ID Token ID 令牌 - + Refresh Tokens(s) 刷新令牌 - + Last IP 上次 IP - + Session(s) 会话 - + Expiry 过期 - + (Current session) (当前会话) - + Permissions 权限 - + Consent(s) 同意授权 - + Successfully updated device. 已成功更新设备。 - + Static tokens 静态令牌 - + TOTP Device TOTP 设备 - + Enroll 注册 - + Device(s) 设备 - + Update Device 更新设备 - + Confirmed 已确认 - + User Info 用户信息 - + To create a recovery link, the current tenant needs to have a recovery flow configured. 要创建恢复链接,当前租户需要配置恢复流程。 - + Reset Password 重置密码 - + Actions over the last week (per 8 hours) 过去一周的操作(每 8 小时) - + Edit the notes attribute of this user to add notes here. 编辑该用户的备注属性以在此处添加备注。 - + Sessions 会话 - + User events 用户事件 - + Explicit Consent 明确同意授权 - + OAuth Refresh Tokens OAuth 刷新令牌 - + MFA Authenticators MFA 身份验证器 - + Successfully updated invitation. 已成功更新邀请。 - + Successfully created invitation. 已成功创建邀请。 - + Flow 流程 - + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. 选中时,此邀请仅可在对应流程中使用。默认情况下,此邀请接受所有流程的邀请阶段。 - + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. 加载到流程的 'prompt_data' 上下文变量中的可选数据。YAML 或 JSON。 - + Single use 一次性使用 - + When enabled, the invitation will be deleted after usage. 启用后,邀请将在使用后被删除。 - + Select an enrollment flow 选择注册流程 - + Link to use the invitation. 使用邀请的链接。 - + Invitations 邀请 - + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. 创建邀请链接以注册用户,并可选地强制设置其账户的特定属性。 - + Created by 创建者 - + Invitation(s) 邀请 - + Invitation not limited to any flow, and can be used with any enrollment flow. 邀请没有限制到任何流程,可以用于任何注册流程。 - + Update Invitation 更新邀请 - + Create Invitation 创建邀请 - + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. 警告:没有邀请阶段绑定到任何流程。邀请将无法按预期工作。 - + Auto-detect (based on your browser) 自动检测(基于您的浏览器) - + Required. 必需。 - + Continue 继续 - + Successfully updated prompt. 已成功更新输入项。 - + Successfully created prompt. 已成功创建输入项。 - + Text: Simple Text input 文本:简单文本输入 - + Text Area: Multiline text input 文本框:多行文本输入。 - + Text (read-only): Simple Text input, but cannot be edited. 文本(只读):简单文本输入,但无法编辑。 - + Text Area (read-only): Multiline text input, but cannot be edited. 文本框(只读):多行文本输入,但无法编辑。 - + Username: Same as Text input, but checks for and prevents duplicate usernames. 用户名:与文本输入相同,但检查并防止用户名重复。 - + Email: Text field with Email type. 电子邮箱:电子邮箱类型的文本字段。 - + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. 密码:屏蔽显示输入内容,多个此类型的输入如果在同一个输入项下,则内容需要相同。 - + Number 数字 - + Checkbox 复选框 - + Radio Button Group (fixed choice) 单选按钮组(固定选项) - + Dropdown (fixed choice) 下拉框(固定选项) - + Date 日期 - + Date Time 日期时间 - + File 文件 - + Separator: Static Separator Line 分隔符:静态分隔线 - + Hidden: Hidden field, can be used to insert data into form. 隐藏:隐藏字段,可用于将数据插入表单。 - + Static: Static value, displayed as-is. 静态:静态值,按原样显示。 - + authentik: Locale: Displays a list of locales authentik supports. authentik:语言:显示 authentik 支持的语言设置。 - + Preview errors 预览错误 - + Data preview 数据预览 - + Unique name of this field, used for selecting fields in prompt stages. 此字段的唯一名称,用于选择输入阶段的字段。 - + Field Key 字段键 - + Name of the form field, also used to store the value. 表单域的名称,也用于存储值。 - + When used in conjunction with a User Write stage, use attributes.foo to write attributes. 当与用户写入阶段结合使用时,请使用 attributes.foo 来编写属性。 - + Label 标签 - + Label shown next to/above the prompt. 标签会显示在输入侧方/上方。 - + Required 必需 - + Interpret placeholder as expression 将占位符解释为表达式 - + When checked, the placeholder will be evaluated in the same way a property mapping is. @@ -4886,7 +4886,7 @@ doesn't pass when either or both of the selected options are equal or above the Placeholder 占位符 - + Optionally provide a short hint that describes the expected input value. @@ -4899,7 +4899,7 @@ doesn't pass when either or both of the selected options are equal or above the Interpret initial value as expression 将初始值解释为表达式 - + When checked, the initial value will be evaluated in the same way a property mapping is. @@ -4910,7 +4910,7 @@ doesn't pass when either or both of the selected options are equal or above the Initial value 初始值 - + Optionally pre-fill the input with an initial value. @@ -4923,152 +4923,152 @@ doesn't pass when either or both of the selected options are equal or above the Help text 帮助文本 - + Any HTML can be used. 可以使用任何 HTML。 - + Prompts 输入 - + Single Prompts that can be used for Prompt Stages. 可用于输入阶段的单个输入项。 - + Field 字段 - + Stages 阶段 - + Prompt(s) 输入 - + Update Prompt 更新输入项 - + Create Prompt 创建输入 - + Target 目标 - + Stage 阶段 - + Evaluate when flow is planned 流程被规划时评估 - + Evaluate policies during the Flow planning process. 在流程规划过程中评估策略。 - + Evaluate when stage is run 阶段被运行时评估 - + Evaluate policies before the Stage is present to the user. 在阶段即将呈现给用户时评估策略。 - + Invalid response behavior 无效响应行为 - + Returns the error message and a similar challenge to the executor 向执行器返回错误消息和类似的质询 - + Restarts the flow from the beginning 从头开始重新启动流程 - + Restarts the flow from the beginning, while keeping the flow context 从头开始重新启动流程,同时保留流程上下文 - + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. 针对由此绑定阶段提供的质询,配置流程执行器应如何处理对此质询的无效响应。 - + Successfully updated stage. 已成功更新阶段。 - + Successfully created stage. 已成功创建阶段。 - + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. 用来配置基于 Duo 的身份验证器的阶段。此阶段应该用于配置流程。 - + Authenticator type name 身份验证类型名称 - + Display name of this authenticator, used by users when they enroll an authenticator. 此验证器的显示名称,在用户注册验证器时使用。 - + API Hostname API 主机名 - + Duo Auth API Duo Auth API - + Integration key 集成密钥 - + Secret key Secret 密钥 - + Duo Admin API (optional) Duo Admin API(可选) - + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. @@ -5079,655 +5079,655 @@ doesn't pass when either or both of the selected options are equal or above the Stage-specific settings 阶段特定设置 - + Configuration flow 配置流程 - + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. 经过身份验证的用户用来配置此阶段的流程。如果为空,用户将无法配置此阶段。 - + Twilio Account SID Twilio 账户 SID - + Get this value from https://console.twilio.com 从 https://console.twilio.com 获取此值 - + Twilio Auth Token Twilio 身份验证令牌 - + Authentication Type 身份验证类型 - + Basic Auth 基本身份验证 - + Bearer Token Bearer 令牌 - + External API URL 外部 API URL - + This is the full endpoint to send POST requests to. 这是向其发送 POST 请求的完整终端节点。 - + API Auth Username API 身份验证用户名 - + This is the username to be used with basic auth or the token when used with bearer token 这是用于 Basic 身份验证的用户名,或是使用 Bearer 令牌时的令牌 - + API Auth password API 身份验证密码 - + This is the password to be used with basic auth 这是用于 Basic 身份验证的密码 - + Mapping 映射 - + Modify the payload sent to the custom provider. 修改发送到自定义提供程序的载荷。 - + Stage used to configure an SMS-based TOTP authenticator. 用来配置基于短信的 TOTP 身份验证器的阶段。 - + Twilio Twilio - + Generic 通用 - + From number 发信人号码 - + Number the SMS will be sent from. 短信的发信人号码。 - + Hash phone number 哈希电话号码 - + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. 如果启用,仅保存电话号码的哈希。这是出于数据保护的原因。如果设备创建自启用此选项的阶段,则无法在验证阶段使用身份验证器。 - + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. 用来配置静态身份验证器(即静态令牌)的阶段。此阶段应该用于配置流程。 - + Token count 令牌计数 - + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). 用来配置 TOTP 身份验证器(即 Authy/Google 身份验证器)的阶段。 - + Digits 数字 - + 6 digits, widely compatible 6 位数字,广泛兼容 - + 8 digits, not compatible with apps like Google Authenticator 8 位数字,与 Google 身份验证器等应用不兼容 - + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. 用来验证任何身份验证器的阶段。此阶段应在身份验证或授权流程中使用。 - + Device classes 设备类型 - + Static Tokens 静态令牌 - + TOTP Authenticators TOTP 身份验证器 - + WebAuthn Authenticators WebAuthn 身份验证器 - + Duo Authenticators Duo 身份验证器 - + SMS-based Authenticators 基于短信的身份验证器 - + Device classes which can be used to authenticate. 可用于进行身份验证的设备类型。 - + Last validation threshold 上次验证阈值 - + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. 如果上面所选类型的任意设备在此期限内被使用,此阶段会被跳过。 - + Not configured action 未配置操作 - + Force the user to configure an authenticator 强制用户配置身份验证器 - + Deny the user access 拒绝用户访问 - + WebAuthn User verification WebAuthn 用户验证 - + User verification must occur. 必须进行用户验证。 - + User verification is preferred if available, but not required. 如果可用,则首选用户验证,但不是必需的。 - + User verification should not occur. 不应进行用户验证。 - + Configuration stages 配置阶段 - + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. 当用户没有任何兼容的设备时,用来配置身份验证器的阶段。此阶段通过后,将不再请求此用户。 - + When multiple stages are selected, the user can choose which one they want to enroll. 选中多个阶段时,用户可以选择要注册哪个。 - + Stage used to configure a WebAutnn authenticator (i.e. Yubikey, FaceID/Windows Hello). 用来配置 WebAuthn 身份验证器(即 Yubikey、FaceID/Windows Hello)的阶段。 - + User verification 用户验证 - + Resident key requirement 常驻钥匙要求 - + The authenticator should not create a dedicated credential 身份验证器不应该创建专用凭据 - + The authenticator can create and store a dedicated credential, but if it doesn't that's alright too 身份验证器可以创建和存储专用凭据,但不创建也可以 - + The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur 身份验证器必须创建专用凭据。如果不能,RP 预期会发生错误 - + Authenticator Attachment 身份验证器附件 - + No preference is sent 不发送偏好 - + A non-removable authenticator, like TouchID or Windows Hello 不可移除的身份验证器,例如 TouchID 或 Windows Hello - + A "roaming" authenticator, like a YubiKey 像 YubiKey 这样的“漫游”身份验证器 - + This stage checks the user's current session against the Google reCaptcha (or compatible) service. 此阶段会根据 Google reCaptcha(或兼容的)服务检查用户的当前会话。 - + Public Key 公钥 - + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. 公钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 - + Private Key 私钥 - + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. 私钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 - + Advanced settings 高级设置 - + JS URL JS URL - + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. 拉取 JavaScript 的 URL,默认为 recaptcha。可以替换为任何兼容替代。 - + API URL API URL - + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. 用于校验验证码响应的 URL,默认为 recaptcha。可以替换为任何兼容替代。 - + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. 请求用户同意授权。同意授权可以是永久性的,也可以在规定的时间后过期。 - + Always require consent 始终需要征得同意授权 - + Consent given last indefinitely 无限期同意授权 - + Consent expires. 同意授权会过期。 - + Consent expires in 同意授权过期时间 - + Offset after which consent expires. 同意过期后的偏移。 - + Statically deny the flow. To use this stage effectively, disable *Evaluate on plan* on the respective binding. 静态拒绝流。要有效地使用此阶段,请在相应的绑定上禁用*规划时进行评估*。 - + Dummy stage used for testing. Shows a simple continue button and always passes. 用于测试的虚拟阶段。显示一个简单的“继续”按钮,并且始终通过。 - + Throw error? 抛出错误? - + SMTP Host SMTP 主机 - + SMTP Port SMTP 端口 - + SMTP Username SMTP 用户名 - + SMTP Password SMTP 密码 - + Use TLS 使用 TLS - + Use SSL 使用 SSL - + From address 发件人地址 - + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. 通过向用户发送一次性链接来验证用户的电子邮件地址。也可用于在恢复时验证用户的真实性。 - + Activate pending user on success 成功时激活待处理用户 - + When a user returns from the email successfully, their account will be activated. 当用户成功自电子邮件中返回时,其账户将被激活。 - + Use global settings 使用全局设置 - + When enabled, global Email connection settings will be used and connection settings below will be ignored. 启用后,将使用全局电子邮件连接设置,下面的连接设置将被忽略。 - + Token expiry 令牌过期 - + Time in minutes the token sent is valid. 发出令牌的有效时间(单位为分钟)。 - + Template 模板 - + Let the user identify themselves with their username or Email address. 让用户使用用户名或电子邮件地址来标识自己。 - + User fields 用户字段 - + UPN UPN - + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. 用户可以用来标识自己的字段。如果未选择任何字段,则用户将只能使用源。 - + Password stage 密码阶段 - + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. 选中后,密码字段将显示在同一页面,而不是单独的页面上。这样可以防止用户名枚举攻击。 - + Case insensitive matching 不区分大小写的匹配 - + When enabled, user fields are matched regardless of their casing. 启用后,无论大小写如何,都将匹配用户字段。 - + Show matched user 显示匹配的用户 - + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. 如果输入了有效的用户名/电子邮箱,并且启用了此选项,则会显示用户的用户名和头像。否则,将显示用户输入的文本。 - + Source settings 源设置 - + Sources - + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. 选择的源应显示给用户进行身份验证。这只会影响基于 Web 的源,而不影响 LDAP。 - + Show sources' labels 显示源的标签 - + By default, only icons are shown for sources. Enable this to show their full names. 默认情况下,只为源显示图标。启用此选项可显示它们的全名。 - + Passwordless flow 无密码流程 - + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. 可选的无密码流程,链接在页面底部。配置后,用户可以使用此流程通过 WebAuthn 身份验证器进行验证,无需输入任何详细信息。 - + Optional enrollment flow, which is linked at the bottom of the page. 可选注册流程,链接在页面底部。 - + Optional recovery flow, which is linked at the bottom of the page. 可选的恢复流程,链接在页面底部。 - + This stage can be included in enrollment flows to accept invitations. 此阶段可以包含在注册流程中以接受邀请。 - + Continue flow without invitation 在没有邀请的情况下继续流程 - + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. 如果设置了此标志,则当没有发出邀请时,此阶段将跳转到下一个阶段。默认情况下,当没有发出邀请时,此阶段将取消流程。 - + Validate the user's password against the selected backend(s). 根据选定的后端验证用户的密码。 - + Backends 后端 - + User database + standard password 用户数据库 + 标准密码 - + User database + app passwords 用户数据库 + 应用程序密码 - + User database + LDAP password 用户数据库 + LDAP 密码 - + Selection of backends to test the password against. 选择用于测试密码的后端。 - + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. 经过身份验证的用户用来配置其密码的流程。如果为空,用户将无法配置更改其密码。 - + Failed attempts before cancel 取消前的的尝试失败 - + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. 在取消流程之前,用户可以尝试多少次。要锁定用户,请使用信誉策略和 user_write 阶段。 - + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. 向用户显示任意输入字段,例如在注册期间。数据保存在流程上下文中的 'prompt_data' 变量下。 - + Fields 字段 - + ("", of type ) - (" - ",类型为 + (" + ",类型为 - + Validation Policies 验证策略 - + Selected policies are executed when the stage is submitted to validate the data. 当阶段被提交以验证数据时,执行选定的策略。 - + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. @@ -5736,52 +5736,52 @@ doesn't pass when either or both of the selected options are equal or above the Log the currently pending user in. 登录当前待处理的用户。 - + Session duration 会话持续时间 - + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. 确定会话持续多长时间。默认为 0 秒意味着会话持续到浏览器关闭为止。 - + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. 不同浏览器处理会话 Cookie 的方式不同,即使关闭浏览器,也不能保证它们会被删除。 - + See here. 详见这里。 - + Stay signed in offset 保持登录偏移量 - + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. 如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。 - + Terminate other sessions 终止其他会话 - + When enabled, all previous sessions of the user will be terminated. 启用时,此用户的所有过往会话将会被终止。 - + Remove the user from the current session. 从当前会话中移除用户。 - + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user @@ -5792,308 +5792,308 @@ doesn't pass when either or both of the selected options are equal or above the Never create users 从不创建用户 - + When no user is present in the flow context, the stage will fail. 如果流程上下文中没有出现用户,此阶段失败。 - + Create users when required 如果需要则创建用户 - + When no user is present in the the flow context, a new user is created. 如果流程上下文中没有出现用户,则创建新用户。 - + Always create new users 总是创建新用户 - + Create a new user even if a user is in the flow context. 即使用户在流程上下文中,仍然创建新用户。 - + Create users as inactive 创建未激活用户 - + Mark newly created users as inactive. 将新创建的用户标记为未激活。 - + User path template 用户路径模板 - + Path new users will be created under. If left blank, the default path will be used. 新用户将会在此路径下创建。如果留空,则使用默认路径。 - + Newly created users are added to this group, if a group is selected. 如果选择了组,则会将新创建的用户添加到该组。 - + New stage 新建阶段 - + Create a new stage. 创建一个新阶段。 - + Successfully imported device. 已成功导入设备。 - + The user in authentik this device will be assigned to. 此设备要绑定的 authentik 用户。 - + Duo User ID Duo 用户 ID - + The user ID in Duo, can be found in the URL after clicking on a user. Duo 中的用户 ID,可以点击用户之后,在 URL 中找到。 - + Automatic import 自动导入 - + Successfully imported devices. - 已成功导入 + 已成功导入 个设备。 - + Start automatic import 开始自动导入 - + Or manually import 或者手动导入 - + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. 阶段是引导用户完成流程的单个步骤。阶段只能在流程内部执行。 - + Flows 流程 - + Stage(s) 阶段 - + Import 导入 - + Import Duo device 导入 Duo 设备 - + Successfully updated flow. 已成功更新流程。 - + Successfully created flow. 已成功创建流程。 - + Shown as the Title in Flow pages. 显示为流程页面中的标题。 - + Visible in the URL. 在 URL 中可见。 - + Designation 指定 - + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. 决定此流程的用途。例如,当未经身份验证的用户访问 authentik 时,会重定向到身份验证流程。 - + No requirement 无要求 - + Require authentication 需要身份验证 - + Require no authentication. 需要无身份验证。 - + Require superuser. 需要管理员用户。 - + Required authentication level for this flow. 此流程需要身份验证等级。 - + Behavior settings 行为设置 - + Compatibility mode 兼容模式 - + Increases compatibility with password managers and mobile devices. 增强与移动设备与密码管理器的兼容性。 - + Denied action 拒绝操作 - + Will follow the ?next parameter if set, otherwise show a message 将会首先遵循 ?next 参数,如果不存在则显示一条消息 - + Will either follow the ?next parameter or redirect to the default interface 将会遵循 ?next 参数或者重定向到默认接口 - + Will notify the user the flow isn't applicable 将会通知用户此流程不适用 - + Decides the response when a policy denies access to this flow for a user. 当一条策略拒绝用户访问此流程时决定响应。 - + Appearance settings 外观设置 - + Layout 布局 - + Background 背景 - + Background shown during execution. 执行过程中显示的背景。 - + Clear background 清除背景 - + Delete currently set background image. 删除当前设置的背景图片。 - + Successfully imported flow. 已成功导入流程。 - + .yaml files, which can be found on goauthentik.io and can be exported by authentik. .yaml 文件,可以在 goauthentik.io 上找到,也可以通过 authentik 导出。 - + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. 流程描述了一系列用于对用户进行身份验证、注册或恢复的阶段。阶段是根据应用于它们的策略来选择的。 - + Flow(s) 流程 - + Update Flow 更新流程 - + Create Flow 创建流程 - + Import Flow 导入流程 - + Successfully cleared flow cache 已成功清除流程缓存 - + Failed to delete flow cache 删除流程缓存失败 - + Clear Flow cache 清除流程缓存 - + Are you sure you want to clear the flow cache? @@ -6104,263 +6104,263 @@ doesn't pass when either or both of the selected options are equal or above the Stage binding(s) 阶段绑定 - + Stage type 阶段类型 - + Edit Stage 编辑阶段 - + Update Stage binding 更新阶段绑定 - + These bindings control if this stage will be applied to the flow. 这些绑定控制是否将此阶段应用于流程。 - + No Stages bound 未绑定阶段 - + No stages are currently bound to this flow. 目前没有阶段绑定到此流程。 - + Create Stage binding 创建阶段绑定 - + Bind stage 绑定阶段 - + Create & bind Stage 创建 & 绑定阶段 - + Bind existing stage 绑定已有阶段 - + Flow Overview 流程总览 - + Related actions 相关操作 - + Execute flow 执行流程 - + Normal 正常 - + with current user 以当前用户 - + with inspector 附加检视器 - + Export flow 导出流程 - + Export 导出 - + Stage Bindings 阶段绑定 - + These bindings control which users can access this flow. 这些绑定控制哪些用户可以访问此流程。 - + Event Log 事件日志 - + Event - 事件 + 事件 - + Event info 事件信息 - + Created 创建时间 - + Successfully updated transport. 已成功更新传输。 - + Successfully created transport. 已成功创建传输。 - + Local (notifications will be created within authentik) 本地(通知在 authentik 内创建) - + Webhook (generic) Webhook(通用) - + Webhook (Slack/Discord) Webhook(Slack/Discord) - + Webhook URL Webhook URL - + Webhook Mapping Webhook 映射 - + Send once 发送一次 - + Only send notification once, for example when sending a webhook into a chat channel. 仅发送一次通知,例如在向聊天频道发送 Webhook 时。 - + Notification Transports 通知传输 - + Define how notifications are sent to users, like Email or Webhook. 定义如何向用户发送通知,例如电子邮件或 Webhook。 - + Notification transport(s) 通知传输 - + Update Notification Transport 更新通知传输 - + Create Notification Transport 创建通知传输 - + Successfully updated rule. 已成功更新规则。 - + Successfully created rule. 已成功创建规则。 - + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. 选择一组用于发送警告的用户。如果未选择组,则此规则被禁用。 - + Transports 传输 - + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. 选择应使用哪些传输方式来通知用户。如果未选择任何内容,则通知将仅显示在 authentik UI 中。 - + Severity 严重程度 - + Notification Rules 通知规则 - + Send notifications whenever a specific Event is created and matched by policies. 每当特定事件被创建并匹配策略时,都会发送通知。 - + Sent to group 已发送到组 - + Notification rule(s) 通知规则 - + None (rule disabled) 无(规则已禁用) - + Update Notification Rule 更新通知规则 - + Create Notification Rule 创建通知规则 - + These bindings control upon which events this rule triggers. @@ -6371,974 +6371,974 @@ Bindings to groups/users are checked against the user of the event. Outpost Deployment Info 前哨部署信息 - + View deployment documentation 查看部署文档 - + Click to copy token 点击复制令牌 - + If your authentik Instance is using a self-signed certificate, set this value. 如果您的 authentik 实例正在使用自签名证书,请设置此值。 - + If your authentik_host setting does not match the URL you want to login with, add this setting. 如果您的 authentik_host 设置与您要登录时使用的网址不匹配,请添加此设置。 - + Successfully updated outpost. 已成功更新前哨。 - + Successfully created outpost. 已成功创建前哨。 - + Radius Radius - + Integration 集成 - + Selecting an integration enables the management of the outpost by authentik. 选择集成使 authentik 能够管理前哨。 - + You can only select providers that match the type of the outpost. 您只能选择与前哨类型匹配的提供程序。 - + Configuration 配置 - + See more here: 了解更多: - + Documentation 文档 - + Last seen 上次出现 - + , should be - ,应该是 + ,应该是 - + Hostname 主机名 - + Not available 不可用 - + Last seen: - 上次出现: + 上次出现: - + Unknown type 未知类型 - + Outposts 前哨 - + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. 前哨是对 authentik 组件的部署,用于支持不同的环境和协议,例如反向代理。 - + Health and Version 健康状态与版本 - + Warning: authentik Domain is not configured, authentication will not work. 警告:未配置 authentik 域名,身份验证将不起作用。 - + Logging in via . - 通过 + 通过 登录。 - + No integration active 没有激活的集成 - + Update Outpost 更新前哨 - + View Deployment Info 查看部署信息 - + Detailed health (one instance per column, data is cached so may be out of date) 详细健康状况(每列一个实例,数据经过缓存,因此可能会过时) - + Outpost(s) 前哨 - + Create Outpost 创建前哨 - + Successfully updated integration. 已成功更新集成。 - + Successfully created integration. 已成功创建集成。 - + Local 本地 - + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. 如果启用,请使用本地连接。需要 Docker Socket/Kubernetes 集成。 - + Docker URL Docker URL - + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. 连接到本地 Docker 守护进程时可以采用 'unix://' 格式,通过 SSH 连接时采用 'ssh://' 格式,或者在连接到远程系统时采用 'https://:2376' 格式。 - + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. 验证端点证书所依据的 CA。可以留空,表示不进行验证。 - + TLS Authentication Certificate/SSH Keypair TLS 身份验证证书/SSH 密钥对 - + Certificate/Key used for authentication. Can be left empty for no authentication. 用于身份验证的证书/密钥。可以留空表示不验证。 - + When connecting via SSH, this keypair is used for authentication. 通过 SSH 连接时,此密钥对用于身份验证。 - + Kubeconfig Kubeconfig - + Verify Kubernetes API SSL Certificate 验证 Kubernetes API SSL 证书 - + New outpost integration 新建前哨集成 - + Create a new outpost integration. 创建一个新前哨集成。 - + State 状态 - + Unhealthy 不健康 - + Outpost integration(s) 前哨集成 - + Successfully generated certificate-key pair. 已成功生成证书密钥对。 - + Common Name 常用名 - + Subject-alt name 替代名称 - + Optional, comma-separated SubjectAlt Names. 可选,逗号分隔的替代名称。 - + Validity days 有效天数 - + Successfully updated certificate-key pair. 已成功更新证书密钥对。 - + Successfully created certificate-key pair. 已成功创建证书密钥对。 - + PEM-encoded Certificate data. PEM 编码的证书数据。 - + Optional Private Key. If this is set, you can use this keypair for encryption. 可选私钥。如果设置,则可以使用此密钥对来加密。 - + Certificate-Key Pairs 证书密钥对 - + Import certificates of external providers or create certificates to sign requests with. 导入外部提供商的证书或创建用于签名请求的证书。 - + Private key available? 私钥可用吗? - + Certificate-Key Pair(s) 证书密钥对 - + Managed by authentik 由 authentik 管理 - + Managed by authentik (Discovered) 由 authentik 管理(已发现) - + Yes () - 是( + 是( - + No - + Update Certificate-Key Pair 更新证书密钥对 - + Certificate Fingerprint (SHA1) 证书指纹(SHA1) - + Certificate Fingerprint (SHA256) 证书指纹(SHA256) - + Certificate Subject 证书主题 - + Download Certificate 下载证书 - + Download Private key 下载私钥 - + Create Certificate-Key Pair 创建证书密钥对 - + Generate 生成 - + Generate Certificate-Key Pair 生成证书密钥对 - + Successfully updated instance. 已成功更新实例。 - + Successfully created instance. 已成功创建实例。 - + Disabled blueprints are never applied. 禁用的蓝图永远不会应用。 - + Local path 本地路径 - + OCI Registry OCI Registry - + Internal 内部 - + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. OCI URL,格式为 oci://registry.domain.tld/path/to/manifest。 - + See more about OCI support here: 在这里了解更多 OCI 支持: - + Blueprint 蓝图 - + Configure the blueprint context, used for templating. 配置蓝图上下文,用于模板操作。 - + Orphaned 孤立 - + Blueprints 蓝图 - + Automate and template configuration within authentik. 在 authentik 内的自动化与模板配置。 - + Last applied 上次应用 - + Blueprint(s) 蓝图 - + Update Blueprint 更新蓝图 - + Create Blueprint Instance 创建蓝图实例 - + API Requests API 请求 - + Open API Browser 打开 API 浏览器 - + Notifications 通知 - + unread 未读 - + Successfully cleared notifications 已成功清除通知 - + Clear all 全部清除 - + A newer version of the frontend is available. 有较新版本的前端可用。 - + You're currently impersonating . Click to stop. - 您目前正在模拟 + 您目前正在模拟 的身份。点击以停止。 - + User interface 用户界面 - + Dashboards 仪表板 - + Events 事件 - + Logs 日志 - + Customisation 自定义 - + Flows & Stages 流程与阶段 - + Directory 目录 - + Tokens & App passwords 令牌和应用程序密码 - + System 系统 - + Certificates 证书 - + Outpost Integrations 前哨集成 - + API request failed API 请求失败 - + User's avatar 用户的头像 - + Something went wrong! Please try again later. 发生了某些错误!请稍后重试。 - + Request ID 请求 ID - + You may close this page now. 您可以关闭此页面了。 - + You're about to be redirect to the following URL. 您将被重定向到以下 URL。 - + Follow redirect 跟随重定向 - + Request has been denied. 请求被拒绝。 - + Not you? 不是您? - + Need an account? 需要一个账户? - + Sign up. 注册。 - + Forgot username or password? 忘记用户名或密码? - + Select one of the sources below to login. 选择以下源之一进行登录。 - + Or 或者 - + Use a security key 使用安全密钥 - + Login to continue to . - 登录以继续前往 + 登录以继续前往 - + Please enter your password 请输入您的密码 - + Forgot password? 忘记密码了吗? - + Application requires following permissions: 应用程序需要以下权限: - + Application already has access to the following permissions: 应用程序已经获得以下权限: - + Application requires following new permissions: 应用程序需要以下新权限: - + Check your Inbox for a verification email. 检查您的收件箱是否有验证电子邮件。 - + Send Email again. 再次发送电子邮件。 - + Successfully copied TOTP Config. 已成功复制 TOTP 配置。 - + Copy 复制 - + Code 代码 - + Please enter your TOTP Code 请输入您的 TOTP 代码 - + Duo activation QR code Duo 激活二维码 - + Alternatively, if your current device has Duo installed, click on this link: 或者,如果您当前的设备已安装 Duo,请点击此链接: - + Duo activation Duo 激活 - + Check status 检查状态 - + Make sure to keep these tokens in a safe place. 确保将这些令牌保存在安全的地方。 - + Phone number 电话号码 - + Please enter your Phone number. 请输入您的电话号码。 - + Please enter the code you received via SMS 请输入您通过短信收到的验证码 - + A code has been sent to you via SMS. 验证码已通过短信发送给您。 - + Open your two-factor authenticator app to view your authentication code. 打开您的两步验证应用查看身份验证代码。 - + Static token 静态令牌 - + Authentication code 身份验证代码 - + Please enter your code 请输入您的代码 - + Return to device picker 返回设备选择器 - + Sending Duo push notification 发送 Duo 推送通知 - + Assertions is empty 断言为空 - + Error when creating credential: - 创建凭据时出错: + 创建凭据时出错: - + Error when validating assertion on server: - 在服务器上验证断言时出错: + 在服务器上验证断言时出错: - + Retry authentication 重试身份验证 - + Duo push-notifications Duo 推送通知 - + Receive a push notification on your device. 在您的设备上接收推送通知。 - + Authenticator 身份验证器 - + Use a security key to prove your identity. 使用安全密钥证明您的身份。 - + Traditional authenticator 传统身份验证器 - + Use a code-based authenticator. 使用基于代码的身份验证器。 - + Recovery keys 恢复密钥 - + In case you can't access any other method. 以防万一您无法使用任何其他方法。 - + SMS 短信 - + Tokens sent via SMS. 通过短信发送的令牌。 - + Select an authentication method. 选择一种身份验证方法。 - + Stay signed in? 保持登录? - + Select Yes to reduce the number of times you're asked to sign in. 选择“是”以减少您被要求登录的次数。 - + Authenticating with Plex... 正在使用 Plex 进行身份验证... - + Waiting for authentication... 正在等待身份验证… - + If no Plex popup opens, click the button below. 如果 Plex 没有弹出窗口,则点击下面的按钮。 - + Open login 打开登录 - + Authenticating with Apple... 正在使用 Apple 进行身份验证... - + Retry 重试 - + Enter the code shown on your device. 请输入您设备上显示的代码。 - + Please enter your Code 请输入您的验证码 - + You've successfully authenticated your device. 您成功验证了此设备的身份。 - + Flow inspector 流程检视器 - + Next stage 下一阶段 - + Stage name 阶段名称 - + Stage kind 阶段种类 - + Stage object 阶段对象 - + This flow is completed. 此流程已完成。 - + Plan history 规划历史记录 - + Current plan context 当前计划上下文 - + Session ID 会话 ID - + Powered by authentik 由 authentik 强力驱动 - + Background image 背景图片 - + Error creating credential: - 创建凭据时出错: + 创建凭据时出错: - + Server validation of credential failed: - 服务器验证凭据失败: + 服务器验证凭据失败: - + Register device 注册设备 - + Refer to documentation @@ -7347,7 +7347,7 @@ Bindings to groups/users are checked against the user of the event. No Applications available. 没有可用的应用程序。 - + Either no applications are defined, or you don’t have access to any. @@ -7356,186 +7356,186 @@ Bindings to groups/users are checked against the user of the event. My Applications 我的应用 - + My applications 我的应用 - + Change your password 更改您的密码 - + Change password 更改密码 - + - + Save 保存 - + Delete account 删除账户 - + Successfully updated details 已成功更新详情 - + Open settings 打开设置 - + No settings flow configured. 未配置设置流程 - + Update details 更新详情 - + Successfully disconnected source 解绑成功 - + Failed to disconnected source: - 解绑失败: + 解绑失败: - + Disconnect 断开连接 - + Connect 连接 - + Error: unsupported source settings: - 错误:不支持的源设置: + 错误:不支持的源设置: - + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. 将您的用户账户连接到下面列出的服务,以允许您使用该服务而不是传统凭据登录。 - + No services available. 没有可用的服务。 - + Create App password 创建应用密码 - + User details 用户详情 - + Consent 同意授权 - + MFA Devices MFA 设备 - + Connected services 已连接服务 - + Tokens and App passwords 令牌和应用程序密码 - + Unread notifications 未读通知 - + Admin interface 管理员界面 - + Stop impersonation 停止模拟身份 - + Avatar image 头像图片 - + Failed 已失败 - + Unsynced / N/A 未同步 / N/A - + Outdated outposts 过时的前哨 - + Unhealthy outposts 不健康的前哨 - + Next 下一步 - + Inactive 未激活 - + Regular user 普通用户 - + Activate 激活 - + Use Server URI for SNI verification @@ -7658,8 +7658,8 @@ Bindings to groups/users are checked against the user of the event. 预测内部用户 - Estimated user count one year from now based on current internal users and forecasted internal users. - 根据当前 名内部用户和 名预测的内部用户,估算从此时起一年后的用户数。 + Estimated user count one year from now based on current internal users and forecasted internal users. + 根据当前 名内部用户和 名预测的内部用户,估算从此时起一年后的用户数。 Forecast external users @@ -7765,6 +7765,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index 967f4f9e4..4e2732f4a 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -5759,7 +5759,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -5841,6 +5841,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index 16a6fd25a..6fa6c4220 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -5758,7 +5758,7 @@ Bindings to groups/users are checked against the user of the event. Forecast internal users - Estimated user count one year from now based on current internal users and forecasted internal users. + Estimated user count one year from now based on current internal users and forecasted internal users. Forecast external users @@ -5840,6 +5840,12 @@ Bindings to groups/users are checked against the user of the event. The length of the individual generated tokens. Can be increased to improve security. + + + Internal: + + + External: