diff --git a/blueprints/default/flow-default-authentication-flow.yaml b/blueprints/default/flow-default-authentication-flow.yaml index 47cf27863..123c4e5a7 100644 --- a/blueprints/default/flow-default-authentication-flow.yaml +++ b/blueprints/default/flow-default-authentication-flow.yaml @@ -51,6 +51,8 @@ entries: order: 20 stage: !KeyOf default-authentication-password target: !KeyOf flow + attrs: + re_evaluate_policies: true id: default-authentication-flow-password-binding model: authentik_flows.flowstagebinding - identifiers: @@ -69,10 +71,12 @@ entries: name: default-authentication-flow-password-stage attrs: expression: | - flow_plan = request.context["flow_plan"] + flow_plan = request.context.get("flow_plan") + if not flow_plan: + return True # If the user does not have a backend attached to it, they haven't # been authenticated yet and we need the password stage - return not hasattr(flow_plan.context["pending_user"], "backend") + return not hasattr(flow_plan.context.get("pending_user"), "backend") - model: authentik_policies.policybinding identifiers: order: 10