91 lines
2.6 KiB
YAML
91 lines
2.6 KiB
YAML
version: 1
|
|
entries:
|
|
- identifiers:
|
|
slug: default-authentication-flow
|
|
model: authentik_flows.flow
|
|
id: flow
|
|
attrs:
|
|
name: Default Authentication Flow
|
|
title: Welcome to authentik!
|
|
designation: authentication
|
|
- identifiers:
|
|
name: test-not-app-password
|
|
id: test-not-app-password
|
|
model: authentik_policies_expression.expressionpolicy
|
|
attrs:
|
|
execution_logging: false
|
|
expression: |
|
|
return context["auth_method"] != "app_password"
|
|
- identifiers:
|
|
name: default-authentication-login
|
|
id: default-authentication-login
|
|
model: authentik_stages_user_login.userloginstage
|
|
attrs:
|
|
session_duration: seconds=0
|
|
- identifiers:
|
|
name: default-authentication-identification
|
|
id: default-authentication-identification
|
|
model: authentik_stages_identification.identificationstage
|
|
attrs:
|
|
user_fields:
|
|
- email
|
|
- username
|
|
template: stages/identification/login.html
|
|
enrollment_flow: null
|
|
recovery_flow: null
|
|
- identifiers:
|
|
name: default-authentication-flow-mfa
|
|
id: default-authentication-flow-mfa
|
|
model: authentik_stages_authenticator_validate.AuthenticatorValidateStage
|
|
attrs: {}
|
|
- identifiers:
|
|
name: default-authentication-password
|
|
id: default-authentication-password
|
|
model: authentik_stages_password.passwordstage
|
|
attrs:
|
|
backends:
|
|
- authentik.core.auth.InbuiltBackend
|
|
- authentik.core.auth.TokenBackend
|
|
- authentik.sources.ldap.auth.LDAPBackend
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-identification
|
|
order: 10
|
|
model: authentik_flows.flowstagebinding
|
|
attrs:
|
|
re_evaluate_policies: false
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-password
|
|
order: 20
|
|
model: authentik_flows.flowstagebinding
|
|
attrs:
|
|
re_evaluate_policies: false
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-flow-mfa
|
|
order: 30
|
|
model: authentik_flows.flowstagebinding
|
|
id: flow-binding-mfa
|
|
attrs:
|
|
evaluate_on_plan: false
|
|
re_evaluate_policies: true
|
|
policy_engine_mode: any
|
|
invalid_response_action: retry
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-login
|
|
order: 100
|
|
model: authentik_flows.flowstagebinding
|
|
attrs:
|
|
re_evaluate_policies: false
|
|
- identifiers:
|
|
policy: !KeyOf test-not-app-password
|
|
target: !KeyOf flow-binding-mfa
|
|
order: 0
|
|
model: authentik_policies.policybinding
|
|
attrs:
|
|
negate: false
|
|
enabled: true
|
|
timeout: 30
|