db95dfe38d
* add flow authentication requirement Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add website for cve Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * flows: handle FlowNonApplicableException without policy result Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add release notes Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
39 lines
1.1 KiB
YAML
39 lines
1.1 KiB
YAML
version: 1
|
|
metadata:
|
|
name: Default - Source authentication flow
|
|
entries:
|
|
- attrs:
|
|
designation: authentication
|
|
name: Welcome to authentik!
|
|
title: Welcome to authentik!
|
|
authentication: require_unauthenticated
|
|
identifiers:
|
|
slug: default-source-authentication
|
|
model: authentik_flows.flow
|
|
id: flow
|
|
- attrs:
|
|
expression: |
|
|
# This policy ensures that this flow can only be used when the user
|
|
# is in a SSO Flow (meaning they come from an external IdP)
|
|
return ak_is_sso_flow
|
|
identifiers:
|
|
name: default-source-authentication-if-sso
|
|
id: default-source-authentication-if-sso
|
|
model: authentik_policies_expression.expressionpolicy
|
|
- attrs:
|
|
session_duration: seconds=0
|
|
identifiers:
|
|
name: default-source-authentication-login
|
|
id: default-source-authentication-login
|
|
model: authentik_stages_user_login.userloginstage
|
|
- identifiers:
|
|
order: 0
|
|
stage: !KeyOf default-source-authentication-login
|
|
target: !KeyOf flow
|
|
model: authentik_flows.flowstagebinding
|
|
- identifiers:
|
|
order: 0
|
|
policy: !KeyOf default-source-authentication-if-sso
|
|
target: !KeyOf flow
|
|
model: authentik_policies.policybinding
|