habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' into dev

Browse Source 
* main: (43 commits)
  core, web: update translations (#11858)
  web/admin: fix code-based MFA toggle not working in wizard (#11854)
  sources/kerberos: add kiprop to ignored system principals (#11852)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#11846)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in it (#11845)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#11847)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#11848)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#11849)
  translate: Updates for file web/xliff/en.xlf in it (#11850)
  website: 2024.10 Release Notes (#11839)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#11814)
  core, web: update translations (#11821)
  core: bump goauthentik.io/api/v3 from 3.2024083.13 to 3.2024083.14 (#11830)
  core: bump service-identity from 24.1.0 to 24.2.0 (#11831)
  core: bump twilio from 9.3.5 to 9.3.6 (#11832)
  core: bump pytest-randomly from 3.15.0 to 3.16.0 (#11833)
  website/docs: Update social-logins github (#11822)
  website/docs: remove � (#11823)
  lifecycle: fix kdc5-config missing (#11826)
  website/docs: update preview status of different features (#11817)
  ...
This commit is contained in:
Ken Sternberg
2024-10-30 10:04:59 -07:00
parent 89dad07a66 2909a15009
commit 914993a788
87 changed files with 13245 additions and 736 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
authentik/flows/tests/test_inspector.py
View File

@ -46,6 +46,7 @@ class TestFlowInspector(APITestCase):
res.content,
{
"allow_show_password": False,
"captcha_stage": None,
"component": "ak-stage-identification",
"flow_info": {
"background": flow.background_url,

7
authentik/providers/scim/clients/groups.py
View File

@ -197,6 +197,8 @@ class SCIMGroupClient(SCIMClient[Group, SCIMProviderGroup, SCIMGroupSchema]):
chunk_size = self._config.bulk.maxOperations
if chunk_size < 1:
chunk_size = len(ops)
if len(ops) < 1:
return
for chunk in batched(ops, chunk_size):
req = PatchRequest(Operations=list(chunk))
self._request(
@ -237,13 +239,16 @@ class SCIMGroupClient(SCIMClient[Group, SCIMProviderGroup, SCIMGroupSchema]):
users_to_add = []
users_to_remove = []
# Check users currently in group and if they shouldn't be in the group and remove them
for user in current_group.members:
for user in current_group.members or []:
if user.value not in users_should:
users_to_remove.append(user.value)
# Check users that should be in the group and add them
for user in users_should:
if len([x for x in current_group.members if x.value == user]) < 1:
users_to_add.append(user)
# Only send request if we need to make changes
if len(users_to_add) < 1 and len(users_to_remove) < 1:
return
return self._patch_chunked(
scim_group.scim_id,
*[

3
authentik/stages/authenticator_validate/challenge.py
View File

@ -8,7 +8,7 @@ from django.http.response import Http404
from django.shortcuts import get_object_or_404
from django.utils.translation import gettext as __
from django.utils.translation import gettext_lazy as _
from rest_framework.fields import CharField
from rest_framework.fields import CharField, DateTimeField
from rest_framework.serializers import ValidationError
from structlog.stdlib import get_logger
from webauthn import options_to_json
@ -45,6 +45,7 @@ class DeviceChallenge(PassiveSerializer):
device_class = CharField()
device_uid = CharField()
challenge = JSONDictField()
last_used = DateTimeField(allow_null=True)
def get_challenge_for_device(

2
authentik/stages/authenticator_validate/stage.py
View File

@ -217,6 +217,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
"device_class": device_class,
"device_uid": device.pk,
"challenge": get_challenge_for_device(self.request, stage, device),
"last_used": device.last_used,
}
)
challenge.is_valid()
@ -237,6 +238,7 @@ class AuthenticatorValidateStageView(ChallengeStageView):
self.request,
self.executor.current_stage,
),
"last_used": None,
}
)
challenge.is_valid()

1
authentik/stages/authenticator_validate/tests/test_sms.py
View File

@ -107,6 +107,7 @@ class AuthenticatorValidateStageSMSTests(FlowTestCase):
"device_class": "sms",
"device_uid": str(device.pk),
"challenge": {},
"last_used": None,
},
},
)

2
authentik/stages/authenticator_validate/tests/test_stage.py
View File

@ -169,6 +169,7 @@ class AuthenticatorValidateStageTests(FlowTestCase):
"device_class": "baz",
"device_uid": "quox",
"challenge": {},
"last_used": None,
}
},
)
@ -188,6 +189,7 @@ class AuthenticatorValidateStageTests(FlowTestCase):
"device_class": "static",
"device_uid": "1",
"challenge": {},
"last_used": None,
},
},
)

3
authentik/stages/authenticator_validate/tests/test_webauthn.py
View File

@ -274,6 +274,7 @@ class AuthenticatorValidateStageWebAuthnTests(FlowTestCase):
"device_class": device.__class__.__name__.lower().replace("device", ""),
"device_uid": device.pk,
"challenge": {},
"last_used": None,
}
]
session[SESSION_KEY_PLAN] = plan
@ -352,6 +353,7 @@ class AuthenticatorValidateStageWebAuthnTests(FlowTestCase):
"device_class": device.__class__.__name__.lower().replace("device", ""),
"device_uid": device.pk,
"challenge": {},
"last_used": None,
}
]
session[SESSION_KEY_PLAN] = plan
@ -432,6 +434,7 @@ class AuthenticatorValidateStageWebAuthnTests(FlowTestCase):
"device_class": device.__class__.__name__.lower().replace("device", ""),
"device_uid": device.pk,
"challenge": {},
"last_used": None,
}
]
session[SESSION_KEY_PLAN] = plan

89
authentik/stages/captcha/stage.py
View File

@ -1,10 +1,11 @@
"""authentik captcha stage"""
from django.http.response import HttpResponse
from django.utils.translation import gettext_lazy as _
from django.utils.translation import gettext as _
from requests import RequestException
from rest_framework.fields import CharField
from rest_framework.serializers import ValidationError
from structlog.stdlib import get_logger
from authentik.flows.challenge import (
Challenge,
@ -16,6 +17,7 @@ from authentik.lib.utils.http import get_http_session
from authentik.root.middleware import ClientIPMiddleware
from authentik.stages.captcha.models import CaptchaStage
LOGGER = get_logger()
PLAN_CONTEXT_CAPTCHA = "captcha"
@ -27,6 +29,56 @@ class CaptchaChallenge(WithUserInfoChallenge):
component = CharField(default="ak-stage-captcha")
def verify_captcha_token(stage: CaptchaStage, token: str, remote_ip: str):
"""Validate captcha token"""
try:
response = get_http_session().post(
stage.api_url,
headers={
"Content-type": "application/x-www-form-urlencoded",
},
data={
"secret": stage.private_key,
"response": token,
"remoteip": remote_ip,
},
)
response.raise_for_status()
data = response.json()
if stage.error_on_invalid_score:
if not data.get("success", False):
error_codes = data.get("error-codes", ["unknown-error"])
LOGGER.warning("Failed to verify captcha token", error_codes=error_codes)
# These cases can usually be fixed by simply requesting a new token and retrying.
# [reCAPTCHA](https://developers.google.com/recaptcha/docs/verify#error_code_reference)
# [hCaptcha](https://docs.hcaptcha.com/#siteverify-error-codes-table)
# [Turnstile](https://developers.cloudflare.com/turnstile/get-started/server-side-validation/#error-codes)
retriable_error_codes = [
"missing-input-response",
"invalid-input-response",
"timeout-or-duplicate",
"expired-input-response",
"already-seen-response",
]
if set(error_codes).issubset(set(retriable_error_codes)):
error_message = _("Invalid captcha response. Retrying may solve this issue.")
else:
error_message = _("Invalid captcha response")
raise ValidationError(error_message)
if "score" in data:
score = float(data.get("score"))
if stage.score_max_threshold > -1 and score > stage.score_max_threshold:
raise ValidationError(_("Invalid captcha response"))
if stage.score_min_threshold > -1 and score < stage.score_min_threshold:
raise ValidationError(_("Invalid captcha response"))
except (RequestException, TypeError) as exc:
raise ValidationError(_("Failed to validate token")) from exc
return data
class CaptchaChallengeResponse(ChallengeResponse):
"""Validate captcha token"""
@ -36,38 +88,9 @@ class CaptchaChallengeResponse(ChallengeResponse):
def validate_token(self, token: str) -> str:
"""Validate captcha token"""
stage: CaptchaStage = self.stage.executor.current_stage
try:
response = get_http_session().post(
stage.api_url,
headers={
"Content-type": "application/x-www-form-urlencoded",
},
data={
"secret": stage.private_key,
"response": token,
"remoteip": ClientIPMiddleware.get_client_ip(self.stage.request),
},
)
response.raise_for_status()
data = response.json()
if stage.error_on_invalid_score:
if not data.get("success", False):
raise ValidationError(
_(
"Failed to validate token: {error}".format(
error=data.get("error-codes", _("Unknown error"))
)
)
)
if "score" in data:
score = float(data.get("score"))
if stage.score_max_threshold > -1 and score > stage.score_max_threshold:
raise ValidationError(_("Invalid captcha response"))
if stage.score_min_threshold > -1 and score < stage.score_min_threshold:
raise ValidationError(_("Invalid captcha response"))
except (RequestException, TypeError) as exc:
raise ValidationError(_("Failed to validate token")) from exc
return data
client_ip = ClientIPMiddleware.get_client_ip(self.stage.request)
return verify_captcha_token(stage, token, client_ip)
class CaptchaStageView(ChallengeStageView):

2
authentik/stages/identification/api.py
View File

@ -27,6 +27,7 @@ class IdentificationStageSerializer(StageSerializer):
fields = StageSerializer.Meta.fields + [
"user_fields",
"password_stage",
"captcha_stage",
"case_insensitive_matching",
"show_matched_user",
"enrollment_flow",
@ -46,6 +47,7 @@ class IdentificationStageViewSet(UsedByMixin, ModelViewSet):
filterset_fields = [
"name",
"password_stage",
"captcha_stage",
"case_insensitive_matching",
"show_matched_user",
"enrollment_flow",

26
authentik/stages/identification/migrations/0015_identificationstage_captcha_stage.py Normal file
View File

@ -0,0 +1,26 @@
# Generated by Django 5.0.8 on 2024-08-29 11:31
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_stages_captcha", "0003_captchastage_error_on_invalid_score_and_more"),
("authentik_stages_identification", "0014_identificationstage_pretend"),
]
operations = [
migrations.AddField(
model_name="identificationstage",
name="captcha_stage",
field=models.ForeignKey(
default=None,
help_text="When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.",
null=True,
on_delete=django.db.models.deletion.SET_NULL,
to="authentik_stages_captcha.captchastage",
),
),
]

14
authentik/stages/identification/models.py
View File

@ -8,6 +8,7 @@ from rest_framework.serializers import BaseSerializer
from authentik.core.models import Source
from authentik.flows.models import Flow, Stage
from authentik.stages.captcha.models import CaptchaStage
from authentik.stages.password.models import PasswordStage
@ -43,6 +44,19 @@ class IdentificationStage(Stage):
),
)
captcha_stage = models.ForeignKey(
CaptchaStage,
null=True,
default=None,
on_delete=models.SET_NULL,
help_text=_(
(
"When set, adds functionality exactly like a Captcha stage, but baked into the "
"Identification stage."
),
),
)
case_insensitive_matching = models.BooleanField(
default=True,
help_text=_("When enabled, user fields are matched regardless of their casing."),

25
authentik/stages/identification/stage.py
View File

@ -29,6 +29,7 @@ from authentik.flows.views.executor import SESSION_KEY_APPLICATION_PRE, SESSION_
from authentik.lib.utils.reflection import all_subclasses
from authentik.lib.utils.urls import reverse_with_qs
from authentik.root.middleware import ClientIPMiddleware
from authentik.stages.captcha.stage import CaptchaChallenge, verify_captcha_token
from authentik.stages.identification.models import IdentificationStage
from authentik.stages.identification.signals import identification_failed
from authentik.stages.password.stage import authenticate
@ -75,6 +76,7 @@ class IdentificationChallenge(Challenge):
allow_show_password = BooleanField(default=False)
application_pre = CharField(required=False)
flow_designation = ChoiceField(FlowDesignation.choices)
captcha_stage = CaptchaChallenge(required=False)
enroll_url = CharField(required=False)
recovery_url = CharField(required=False)
@ -91,14 +93,16 @@ class IdentificationChallengeResponse(ChallengeResponse):
uid_field = CharField()
password = CharField(required=False, allow_blank=True, allow_null=True)
captcha_token = CharField(required=False, allow_blank=True, allow_null=True)
component = CharField(default="ak-stage-identification")
pre_user: User | None = None
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
"""Validate that user exists, and optionally their password"""
"""Validate that user exists, and optionally their password and captcha token"""
uid_field = attrs["uid_field"]
current_stage: IdentificationStage = self.stage.executor.current_stage
client_ip = ClientIPMiddleware.get_client_ip(self.stage.request)
pre_user = self.stage.get_user(uid_field)
if not pre_user:
@ -113,7 +117,7 @@ class IdentificationChallengeResponse(ChallengeResponse):
self.stage.logger.info(
"invalid_login",
identifier=uid_field,
client_ip=ClientIPMiddleware.get_client_ip(self.stage.request),
client_ip=client_ip,
action="invalid_identifier",
context={
"stage": sanitize_item(self.stage),
@ -136,6 +140,15 @@ class IdentificationChallengeResponse(ChallengeResponse):
return attrs
raise ValidationError("Failed to authenticate.")
self.pre_user = pre_user
# Captcha check
if captcha_stage := current_stage.captcha_stage:
captcha_token = attrs.get("captcha_token", None)
if not captcha_token:
self.stage.logger.warning("Token not set for captcha attempt")
verify_captcha_token(captcha_stage, captcha_token, client_ip)
# Password check
if not current_stage.password_stage:
# No password stage select, don't validate the password
return attrs
@ -206,6 +219,14 @@ class IdentificationStageView(ChallengeStageView):
"primary_action": self.get_primary_action(),
"user_fields": current_stage.user_fields,
"password_fields": bool(current_stage.password_stage),
"captcha_stage": (
{
"js_url": current_stage.captcha_stage.js_url,
"site_key": current_stage.captcha_stage.public_key,
}
if current_stage.captcha_stage
else None
),
"allow_show_password": bool(current_stage.password_stage)
and current_stage.password_stage.allow_show_password,
"show_source_labels": current_stage.show_source_labels,

132
authentik/stages/identification/tests.py
View File

@ -1,6 +1,7 @@
"""identification tests"""
from django.urls import reverse
from requests_mock import Mocker
from rest_framework.exceptions import ValidationError
from authentik.core.tests.utils import create_test_admin_user, create_test_flow
@ -8,6 +9,8 @@ from authentik.flows.models import FlowDesignation, FlowStageBinding
from authentik.flows.tests import FlowTestCase
from authentik.lib.generators import generate_id
from authentik.sources.oauth.models import OAuthSource
from authentik.stages.captcha.models import CaptchaStage
from authentik.stages.captcha.tests import RECAPTCHA_PRIVATE_KEY, RECAPTCHA_PUBLIC_KEY
from authentik.stages.identification.api import IdentificationStageSerializer
from authentik.stages.identification.models import IdentificationStage, UserFields
from authentik.stages.password import BACKEND_INBUILT
@ -133,6 +136,135 @@ class TestIdentificationStage(FlowTestCase):
user_fields=["email"],
)
@Mocker()
def test_valid_with_captcha(self, mock: Mocker):
"""Test with valid email and captcha token in single step"""
mock.post(
"https://www.recaptcha.net/recaptcha/api/siteverify",
json={
"success": True,
"score": 0.5,
},
)
captcha_stage = CaptchaStage.objects.create(
name="captcha",
public_key=RECAPTCHA_PUBLIC_KEY,
private_key=RECAPTCHA_PRIVATE_KEY,
)
self.stage.captcha_stage = captcha_stage
self.stage.save()
form_data = {"uid_field": self.user.email, "captcha_token": "PASSED"}
url = reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
response = self.client.post(url, form_data)
self.assertEqual(response.status_code, 200)
self.assertStageRedirects(response, reverse("authentik_core:root-redirect"))
@Mocker()
def test_invalid_with_captcha(self, mock: Mocker):
"""Test with valid email and invalid captcha token in single step"""
mock.post(
"https://www.recaptcha.net/recaptcha/api/siteverify",
json={
"success": False,
"score": 0.5,
},
)
captcha_stage = CaptchaStage.objects.create(
name="captcha",
public_key=RECAPTCHA_PUBLIC_KEY,
private_key=RECAPTCHA_PRIVATE_KEY,
)
self.stage.captcha_stage = captcha_stage
self.stage.save()
form_data = {
"uid_field": self.user.email,
"captcha_token": "FAILED",
}
url = reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
response = self.client.post(url, form_data)
self.assertStageResponse(
response,
self.flow,
component="ak-stage-identification",
password_fields=False,
primary_action="Log in",
response_errors={
"non_field_errors": [{"code": "invalid", "string": "Invalid captcha response"}]
},
sources=[
{
"challenge": {
"component": "xak-flow-redirect",
"to": "/source/oauth/login/test/",
},
"icon_url": "/static/authentik/sources/default.svg",
"name": "test",
}
],
show_source_labels=False,
user_fields=["email"],
)
@Mocker()
def test_invalid_with_captcha_retriable(self, mock: Mocker):
"""Test with valid email and invalid captcha token in single step"""
mock.post(
"https://www.recaptcha.net/recaptcha/api/siteverify",
json={
"success": False,
"score": 0.5,
"error-codes": ["timeout-or-duplicate"],
},
)
captcha_stage = CaptchaStage.objects.create(
name="captcha",
public_key=RECAPTCHA_PUBLIC_KEY,
private_key=RECAPTCHA_PRIVATE_KEY,
)
self.stage.captcha_stage = captcha_stage
self.stage.save()
form_data = {
"uid_field": self.user.email,
"captcha_token": "FAILED",
}
url = reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
response = self.client.post(url, form_data)
self.assertStageResponse(
response,
self.flow,
component="ak-stage-identification",
password_fields=False,
primary_action="Log in",
response_errors={
"non_field_errors": [
{
"code": "invalid",
"string": "Invalid captcha response. Retrying may solve this issue.",
}
]
},
sources=[
{
"challenge": {
"component": "xak-flow-redirect",
"to": "/source/oauth/login/test/",
},
"icon_url": "/static/authentik/sources/default.svg",
"name": "test",
}
],
show_source_labels=False,
user_fields=["email"],
)
def test_invalid_with_username(self):
"""Test invalid with username (user exists but stage only allows email)"""
form_data = {"uid_field": self.user.username}

5
blueprints/schema.json
View File

@ -10679,6 +10679,11 @@
"title": "Password stage",
"description": "When set, shows a password field, instead of showing the password field as separate step."
},
"captcha_stage": {
"type": "integer",
"title": "Captcha stage",
"description": "When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage."
},
"case_insensitive_matching": {
"type": "boolean",
"title": "Case insensitive matching",

2
blueprints/system/sources-kerberos.yaml
View File

@ -38,7 +38,7 @@ entries:
name: "authentik default Kerberos User Mapping: Ignore system principals"
expression: |
localpart, realm = principal.rsplit("@", 1)
denied_prefixes = ["kadmin/", "krbtgt/", "K/M", "WELLKNOWN/"]
denied_prefixes = ["kadmin/", "krbtgt/", "K/M", "WELLKNOWN/", "kiprop/", "changepw/"]
for prefix in denied_prefixes:
if localpart.lower().startswith(prefix.lower()):
raise SkipObject

2
go.mod
View File

@ -29,7 +29,7 @@ require (
github.com/spf13/cobra v1.8.1
github.com/stretchr/testify v1.9.0
github.com/wwt/guac v1.3.2
goauthentik.io/api/v3 v3.2024083.11
goauthentik.io/api/v3 v3.2024083.14
golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab
golang.org/x/oauth2 v0.23.0
golang.org/x/sync v0.8.0

4
go.sum
View File

@ -299,8 +299,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y
go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
goauthentik.io/api/v3 v3.2024083.11 h1:kF5WAnS0dB2cq9Uldqel8e8PDepJg/824JC3YFsQVHU=
goauthentik.io/api/v3 v3.2024083.11/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
goauthentik.io/api/v3 v3.2024083.14 h1:8iLXkNpVS275S4DLMBr6WIeaMkkaIJbzlNRLCFe+k3A=
goauthentik.io/api/v3 v3.2024083.14/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=

3
internal/outpost/proxyv2/application/endpoint.go
View File

@ -82,6 +82,9 @@ func GetOIDCEndpoint(p api.ProxyOutpostConfig, authentikHost string, embedded bo
if embedded {
ep.Issuer = updateURL(ep.Issuer, newHost.Scheme, newHost.Host)
ep.JwksUri = updateURL(jwksUri, newHost.Scheme, newHost.Host)
} else {
// Fixes: https://github.com/goauthentik/authentik/issues/9622 / ep.Issuer must be the HostBrowser URL
ep.Issuer = updateURL(ep.Issuer, newBrowserHost.Scheme, newBrowserHost.Host)
}
return ep
}

2
internal/outpost/proxyv2/application/endpoint_test.go
View File

@ -55,7 +55,7 @@ func TestEndpointAuthentikHostBrowser(t *testing.T) {
assert.Equal(t, "https://browser.test.goauthentik.io/application/o/authorize/", ep.AuthURL)
assert.Equal(t, "https://browser.test.goauthentik.io/application/o/test-app/end-session/", ep.EndSessionEndpoint)
assert.Equal(t, "https://test.goauthentik.io/application/o/token/", ep.TokenURL)
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/", ep.Issuer)
assert.Equal(t, "https://browser.test.goauthentik.io/application/o/test-app/", ep.Issuer)
assert.Equal(t, "https://test.goauthentik.io/application/o/test-app/jwks/", ep.JwksUri)
assert.Equal(t, "https://test.goauthentik.io/application/o/introspect/", ep.TokenIntrospection)
}

4
lifecycle/ak
View File

@ -54,7 +54,9 @@ function cleanup {
}
function prepare_debug {
apt-get install -y --no-install-recommends krb5-kdc krb5-user krb5-admin-server
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y --no-install-recommends krb5-kdc krb5-user krb5-admin-server libkrb5-dev gcc
VIRTUAL_ENV=/ak-root/venv poetry install --no-ansi --no-interaction
touch /unittest.xml
chown authentik:authentik /unittest.xml

9
locale/en/LC_MESSAGES/django.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-10-23 16:39+0000\n"
"POT-Creation-Date: 2024-10-28 00:09+0000\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -2614,12 +2614,7 @@ msgid "Captcha Stages"
msgstr ""
#: authentik/stages/captcha/stage.py
msgid "Unknown error"
msgstr ""
#: authentik/stages/captcha/stage.py
#, python-brace-format
msgid "Failed to validate token: {error}"
msgid "Invalid captcha response. Retrying may solve this issue."
msgstr ""
#: authentik/stages/captcha/stage.py

149
locale/fr/LC_MESSAGES/django.po
View File

@ -19,7 +19,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-10-18 00:09+0000\n"
"POT-Creation-Date: 2024-10-23 16:39+0000\n"
"PO-Revision-Date: 2022-09-26 16:47+0000\n"
"Last-Translator: Marc Schmitt, 2024\n"
"Language-Team: French (https://app.transifex.com/authentik/teams/119923/fr/)\n"
@ -587,6 +587,30 @@ msgstr "Limite maximum de connection atteinte."
msgid "(You are already connected in another tab/window)"
msgstr "(Vous êtes déjà connecté dans un autre onglet/une autre fenêtre)"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stage"
msgstr ""
"Étape d'authentificateur d'appareil du connecteur de confiance des appareils"
" Google"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stages"
msgstr ""
"Étapes d'authentificateur d'appareil du connecteur de confiance des "
"appareils Google"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Device"
msgstr "Appareil point de terminaison"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Devices"
msgstr "Appareils point de terminaison"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/stage.py
msgid "Verifying your browser..."
msgstr "Vérification de votre navigateur..."
#: authentik/enterprise/stages/source/models.py
msgid ""
"Amount of time a user can take to return from the source to continue the "
@ -2029,6 +2053,125 @@ msgstr ""
msgid "Used recovery-link to authenticate."
msgstr "Utiliser un lien de récupération pour se connecter."
#: authentik/sources/kerberos/models.py
msgid "Kerberos realm"
msgstr "Realm Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Custom krb5.conf to use. Uses the system one by default"
msgstr ""
"krb5.conf personnalisé à utiliser. Utilise celui du système par défault"
#: authentik/sources/kerberos/models.py
msgid "Sync users from Kerberos into authentik"
msgstr "Synchroniser les utilisateurs Kerberos dans authentik"
#: authentik/sources/kerberos/models.py
msgid "When a user changes their password, sync it back to Kerberos"
msgstr ""
"Lorsqu'un utilisateur change son mot de passe, le synchroniser à nouveau "
"vers Kerberos."
#: authentik/sources/kerberos/models.py
msgid "Principal to authenticate to kadmin for sync."
msgstr "Principal pour s'authentifier à kadmin pour la synchronisation."
#: authentik/sources/kerberos/models.py
msgid "Password to authenticate to kadmin for sync"
msgstr "Mot de passe pour s'authentifier à kadmin pour la synchronisation."
#: authentik/sources/kerberos/models.py
msgid ""
"Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the "
"form TYPE:residual"
msgstr ""
"Keytab pour s'authentifier à kadmin pour la synchronisation. Doit être "
"encodé en base64 ou de la forme TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Credentials cache to authenticate to kadmin for sync. Must be in the form "
"TYPE:residual"
msgstr ""
"Credentials cache pour s'authentifier à kadmin pour la synchronisation. Doit"
" être de la forme TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Force the use of a specific server name for SPNEGO. Must be in the form "
"HTTP@hostname"
msgstr ""
"Force l'utilisation d'un nom de serveur spécifique pour SPNEGO. Doit être de"
" la forme HTTP@hostname"
#: authentik/sources/kerberos/models.py
msgid "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path"
msgstr ""
"Keytab SPNEGO encodée en base64 ou chemin vers la keytab de la forme "
"FILE:path"
#: authentik/sources/kerberos/models.py
msgid "Credential cache to use for SPNEGO in form type:residual"
msgstr "Credentials cache pour SPNEGO de la forme TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"If enabled, the authentik-stored password will be updated upon login with "
"the Kerberos password backend"
msgstr ""
"Si activé, le mot de passe stocké par authentik sera mis à jour à la "
"connexion avec le backend de mot de passe Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source"
msgstr "Source Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Sources"
msgstr "Sources Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mapping"
msgstr "Mappage de propriété source Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mappings"
msgstr "Mappages de propriété source Kerberos"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connection"
msgstr "Connexion de l'utilisateur à la source Kerberos"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connections"
msgstr "Connexions de l'utilisateur à la source Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connection"
msgstr "Connexion du groupe à la source Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connections"
msgstr "Connexions du groupe à la source Kerberos"
#: authentik/sources/kerberos/views.py
msgid "SPNEGO authentication required"
msgstr "Authentification SPNEGO requise"
#: authentik/sources/kerberos/views.py
msgid ""
"\n"
" Make sure you have valid tickets (obtainable via kinit)\n"
" and configured the browser correctly.\n"
" Please contact your administrator.\n"
" "
msgstr ""
"\n"
" Vérifiez que vous avez des tickets valides (qu'on peut obtenir via kinit)\n"
" et que le navigateur est configuré correctement.\n"
" Veuillez contacter votre administrateur.\n"
" "
#: authentik/sources/ldap/api.py
msgid "Only a single LDAP Source with password synchronization is allowed"
msgstr ""
@ -3121,6 +3264,10 @@ msgstr "Base de données utilisateurs + mots de passes applicatifs"
msgid "User database + LDAP password"
msgstr "Base de données utilisateurs + mot de passe LDAP"
#: authentik/stages/password/models.py
msgid "User database + Kerberos password"
msgstr "Base de données utilisateurs + mot de passe Kerberos"
#: authentik/stages/password/models.py
msgid "Selection of backends to test the password against."
msgstr "Sélection de backends pour tester le mot de passe."

161
locale/it/LC_MESSAGES/django.po
View File

@ -11,15 +11,17 @@
# Marco Vitale, 2024
# Kowalski Dragon (kowalski7cc) <kowalski.7cc@gmail.com>, 2024
# albanobattistella <albanobattistella@gmail.com>, 2024
# Nicola Mersi, 2024
# tom max, 2024
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-10-18 00:09+0000\n"
"POT-Creation-Date: 2024-10-28 00:09+0000\n"
"PO-Revision-Date: 2022-09-26 16:47+0000\n"
"Last-Translator: albanobattistella <albanobattistella@gmail.com>, 2024\n"
"Last-Translator: tom max, 2024\n"
"Language-Team: Italian (https://app.transifex.com/authentik/teams/119923/it/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
@ -583,6 +585,28 @@ msgstr "Limite massimo di connessioni raggiunto."
msgid "(You are already connected in another tab/window)"
msgstr "(Sei già connesso in un'altra scheda/finestra)"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stage"
msgstr ""
"Fase di autenticazione per la verifica dispositivo Google tramite endpoint"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stages"
msgstr ""
"Fasi di autenticazione per la verifica dispositivo Google tramite endpoint"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Device"
msgstr "Dispositivo di Accesso"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Devices"
msgstr "Dispositivi di Accesso"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/stage.py
msgid "Verifying your browser..."
msgstr "Verifica del tuo browser..."
#: authentik/enterprise/stages/source/models.py
msgid ""
"Amount of time a user can take to return from the source to continue the "
@ -2017,6 +2041,124 @@ msgstr ""
msgid "Used recovery-link to authenticate."
msgstr "Utilizzato il link di recupero per autenticarsi."
#: authentik/sources/kerberos/models.py
msgid "Kerberos realm"
msgstr "Dominio Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Custom krb5.conf to use. Uses the system one by default"
msgstr ""
"krb5.conf personalizzato da usare. Usa la configurazione di sistema per "
"default"
#: authentik/sources/kerberos/models.py
msgid "Sync users from Kerberos into authentik"
msgstr "Sincronizza utenti da Kerberos a authentik"
#: authentik/sources/kerberos/models.py
msgid "When a user changes their password, sync it back to Kerberos"
msgstr "Quando un utente cambia la sua password, sincronizzala in Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Principal to authenticate to kadmin for sync."
msgstr "Entità da autenticare su kadmin per la sincronizzazione."
#: authentik/sources/kerberos/models.py
msgid "Password to authenticate to kadmin for sync"
msgstr "Password per autenticarsi in kadmin per sincronizzare"
#: authentik/sources/kerberos/models.py
msgid ""
"Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the "
"form TYPE:residual"
msgstr ""
"Keytab per autenticarsi su kadmin per la sincronizzazione. Deve essere con "
"codifica base64 o nel formato TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Credentials cache to authenticate to kadmin for sync. Must be in the form "
"TYPE:residual"
msgstr ""
"Credenziali memorizzate nella cache per autenticarsi su kadmin per la "
"sincronizzazione. Devono essere nel formato TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Force the use of a specific server name for SPNEGO. Must be in the form "
"HTTP@hostname"
msgstr ""
"Forza l'uso di un nome server specifico per SPNEGO. Deve essere nel formato "
"HTTP@nomehost"
#: authentik/sources/kerberos/models.py
msgid "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path"
msgstr ""
"keytab SPNEGO con codifica base64 o percorso del keytab nel formato "
"FILE:percorso"
#: authentik/sources/kerberos/models.py
msgid "Credential cache to use for SPNEGO in form type:residual"
msgstr ""
"Cache delle credenziali da utilizzare per SPNEGO nella forma type:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"If enabled, the authentik-stored password will be updated upon login with "
"the Kerberos password backend"
msgstr ""
"Se abilitato, la password memorizzata in authentik verrà aggiornata al login"
" nel backend Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source"
msgstr "Sorgente Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Sources"
msgstr "Sorgenti Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mapping"
msgstr "Mappa delle proprietà della sorgente kerberos"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mappings"
msgstr "Mappe delle proprietà della sorgente kerberos"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connection"
msgstr "Connessione sorgente dell'utente kerberos"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connections"
msgstr " Connessioni alle sorgente dell'utente kerberos"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connection"
msgstr " Connessione sorgente del gruppo kerberos"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connections"
msgstr "Connessioni alle sorgenti del gruppo kerberos"
#: authentik/sources/kerberos/views.py
msgid "SPNEGO authentication required"
msgstr "autenticazione SPNEGO necessaria"
#: authentik/sources/kerberos/views.py
msgid ""
"\n"
" Make sure you have valid tickets (obtainable via kinit)\n"
" and configured the browser correctly.\n"
" Please contact your administrator.\n"
" "
msgstr ""
"\n"
"Assicurati di avere un ticket valido (ottenibile tramite kinit)\n"
" e di aver configurato correttamente il browser. \n"
"Contatta il tuo amministratore."
#: authentik/sources/ldap/api.py
msgid "Only a single LDAP Source with password synchronization is allowed"
msgstr ""
@ -2735,13 +2877,10 @@ msgid "Captcha Stages"
msgstr "Fasi Captcha"
#: authentik/stages/captcha/stage.py
msgid "Unknown error"
msgstr "Errore sconosciuto"
#: authentik/stages/captcha/stage.py
#, python-brace-format
msgid "Failed to validate token: {error}"
msgstr "Impossibile convalidare il token: {error}"
msgid "Invalid captcha response. Retrying may solve this issue."
msgstr ""
"Risposta captcha non valida. Un nuovo tentativo potrebbe risolvere il "
"problema."
#: authentik/stages/captcha/stage.py
msgid "Invalid captcha response"
@ -3114,6 +3253,10 @@ msgstr "Database utente + password app"
msgid "User database + LDAP password"
msgstr "Database utenti + password LDAP"
#: authentik/stages/password/models.py
msgid "User database + Kerberos password"
msgstr "Database utenti + password Kerberos"
#: authentik/stages/password/models.py
msgid "Selection of backends to test the password against."
msgstr "Selezione di backend su cui testare la password."

BIN
locale/zh-Hans/LC_MESSAGES/django.mo
View File

Binary file not shown.

141
locale/zh-Hans/LC_MESSAGES/django.po
View File

@ -15,7 +15,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-10-18 00:09+0000\n"
"POT-Creation-Date: 2024-10-28 00:09+0000\n"
"PO-Revision-Date: 2022-09-26 16:47+0000\n"
"Last-Translator: deluxghost, 2024\n"
"Language-Team: Chinese Simplified (https://app.transifex.com/authentik/teams/119923/zh-Hans/)\n"
@ -540,6 +540,26 @@ msgstr "已达到最大连接数。"
msgid "(You are already connected in another tab/window)"
msgstr "(您已经在另一个标签页/窗口连接了)"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stage"
msgstr "端点身份验证器 Google 设备信任连接器阶段"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stages"
msgstr "端点身份验证器 Google 设备信任连接器阶段"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Device"
msgstr "端点设备"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Devices"
msgstr "端点设备"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/stage.py
msgid "Verifying your browser..."
msgstr "正在验证您的浏览器…"
#: authentik/enterprise/stages/source/models.py
msgid ""
"Amount of time a user can take to return from the source to continue the "
@ -1848,6 +1868,112 @@ msgstr "创建一个密钥,可用于恢复对 authentik 的访问权限。"
msgid "Used recovery-link to authenticate."
msgstr "已使用恢复链接进行身份验证。"
#: authentik/sources/kerberos/models.py
msgid "Kerberos realm"
msgstr "Kerberos 领域"
#: authentik/sources/kerberos/models.py
msgid "Custom krb5.conf to use. Uses the system one by default"
msgstr "要使用的自定义 krb5.conf。默认使用系统自带"
#: authentik/sources/kerberos/models.py
msgid "Sync users from Kerberos into authentik"
msgstr "从 Kerberos 同步用户到 authentik"
#: authentik/sources/kerberos/models.py
msgid "When a user changes their password, sync it back to Kerberos"
msgstr "当用户修改密码时,将其同步回 Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Principal to authenticate to kadmin for sync."
msgstr "向 kadmin 进行身份验证以进行同步的主体。"
#: authentik/sources/kerberos/models.py
msgid "Password to authenticate to kadmin for sync"
msgstr "向 kadmin 进行身份验证以进行同步的密码"
#: authentik/sources/kerberos/models.py
msgid ""
"Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the "
"form TYPE:residual"
msgstr "向 kadmin 进行身份验证以进行同步的 Keytab。必须以 Base64 编码,或者形式为 TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Credentials cache to authenticate to kadmin for sync. Must be in the form "
"TYPE:residual"
msgstr "向 kadmin 进行身份验证以进行同步的凭据缓存。形式必须为 TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Force the use of a specific server name for SPNEGO. Must be in the form "
"HTTP@hostname"
msgstr "强制为 SPNEGO 使用特定服务器名称。形式必须为 HTTP@主机名"
#: authentik/sources/kerberos/models.py
msgid "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path"
msgstr "以 Base64 编码的 SPNEGO Keytab 或 FILE:path 形式的 Keytab 路径"
#: authentik/sources/kerberos/models.py
msgid "Credential cache to use for SPNEGO in form type:residual"
msgstr "SPNEGO 使用的凭据缓存,形式为 type:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"If enabled, the authentik-stored password will be updated upon login with "
"the Kerberos password backend"
msgstr "启用时authentik 存储的密码将会在使用 Kerberos 密码后端登录时更新"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source"
msgstr "Kerberos 源"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Sources"
msgstr "Kerberos 源"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mapping"
msgstr "Kerberos 源属性映射"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mappings"
msgstr "Kerberos 源属性映射"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connection"
msgstr "用户 Kerberos 源连接"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connections"
msgstr "用户 Kerberos 源连接"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connection"
msgstr "组 Kerberos 源连接"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connections"
msgstr "组 Kerberos 源连接"
#: authentik/sources/kerberos/views.py
msgid "SPNEGO authentication required"
msgstr "需要 SPNEGO 身份验证"
#: authentik/sources/kerberos/views.py
msgid ""
"\n"
" Make sure you have valid tickets (obtainable via kinit)\n"
" and configured the browser correctly.\n"
" Please contact your administrator.\n"
" "
msgstr ""
"\n"
" 请确认您拥有有效票据(通过 kinit 获得)\n"
" 并且已正确配置浏览器。\n"
" 请联系您的管理员。\n"
" "
#: authentik/sources/ldap/api.py
msgid "Only a single LDAP Source with password synchronization is allowed"
msgstr "仅允许使用密码同步的单个 LDAP 源"
@ -2523,13 +2649,8 @@ msgid "Captcha Stages"
msgstr "验证码阶段"
#: authentik/stages/captcha/stage.py
msgid "Unknown error"
msgstr "未知错误"
#: authentik/stages/captcha/stage.py
#, python-brace-format
msgid "Failed to validate token: {error}"
msgstr "验证令牌失败:{error}"
msgid "Invalid captcha response. Retrying may solve this issue."
msgstr "无效的验证码响应。重试可能会解决此问题。"
#: authentik/stages/captcha/stage.py
msgid "Invalid captcha response"
@ -2876,6 +2997,10 @@ msgstr "用户数据库 + 应用程序密码"
msgid "User database + LDAP password"
msgstr "用户数据库 + LDAP 密码"
#: authentik/stages/password/models.py
msgid "User database + Kerberos password"
msgstr "用户数据库 + Kerberos 密码"
#: authentik/stages/password/models.py
msgid "Selection of backends to test the password against."
msgstr "选择用于测试密码的后端。"

141
locale/zh_CN/LC_MESSAGES/django.po
View File

@ -14,7 +14,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-10-18 00:09+0000\n"
"POT-Creation-Date: 2024-10-28 00:09+0000\n"
"PO-Revision-Date: 2022-09-26 16:47+0000\n"
"Last-Translator: deluxghost, 2024\n"
"Language-Team: Chinese (China) (https://app.transifex.com/authentik/teams/119923/zh_CN/)\n"
@ -539,6 +539,26 @@ msgstr "已达到最大连接数。"
msgid "(You are already connected in another tab/window)"
msgstr "(您已经在另一个标签页/窗口连接了)"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stage"
msgstr "端点身份验证器 Google 设备信任连接器阶段"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Authenticator Google Device Trust Connector Stages"
msgstr "端点身份验证器 Google 设备信任连接器阶段"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Device"
msgstr "端点设备"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/models.py
msgid "Endpoint Devices"
msgstr "端点设备"
#: authentik/enterprise/stages/authenticator_endpoint_gdtc/stage.py
msgid "Verifying your browser..."
msgstr "正在验证您的浏览器…"
#: authentik/enterprise/stages/source/models.py
msgid ""
"Amount of time a user can take to return from the source to continue the "
@ -1847,6 +1867,112 @@ msgstr "创建一个密钥,可用于恢复对 authentik 的访问权限。"
msgid "Used recovery-link to authenticate."
msgstr "已使用恢复链接进行身份验证。"
#: authentik/sources/kerberos/models.py
msgid "Kerberos realm"
msgstr "Kerberos 领域"
#: authentik/sources/kerberos/models.py
msgid "Custom krb5.conf to use. Uses the system one by default"
msgstr "要使用的自定义 krb5.conf。默认使用系统自带"
#: authentik/sources/kerberos/models.py
msgid "Sync users from Kerberos into authentik"
msgstr "从 Kerberos 同步用户到 authentik"
#: authentik/sources/kerberos/models.py
msgid "When a user changes their password, sync it back to Kerberos"
msgstr "当用户修改密码时,将其同步回 Kerberos"
#: authentik/sources/kerberos/models.py
msgid "Principal to authenticate to kadmin for sync."
msgstr "向 kadmin 进行身份验证以进行同步的主体。"
#: authentik/sources/kerberos/models.py
msgid "Password to authenticate to kadmin for sync"
msgstr "向 kadmin 进行身份验证以进行同步的密码"
#: authentik/sources/kerberos/models.py
msgid ""
"Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the "
"form TYPE:residual"
msgstr "向 kadmin 进行身份验证以进行同步的 Keytab。必须以 Base64 编码,或者形式为 TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Credentials cache to authenticate to kadmin for sync. Must be in the form "
"TYPE:residual"
msgstr "向 kadmin 进行身份验证以进行同步的凭据缓存。形式必须为 TYPE:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"Force the use of a specific server name for SPNEGO. Must be in the form "
"HTTP@hostname"
msgstr "强制为 SPNEGO 使用特定服务器名称。形式必须为 HTTP@主机名"
#: authentik/sources/kerberos/models.py
msgid "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path"
msgstr "以 Base64 编码的 SPNEGO Keytab 或 FILE:path 形式的 Keytab 路径"
#: authentik/sources/kerberos/models.py
msgid "Credential cache to use for SPNEGO in form type:residual"
msgstr "SPNEGO 使用的凭据缓存,形式为 type:residual"
#: authentik/sources/kerberos/models.py
msgid ""
"If enabled, the authentik-stored password will be updated upon login with "
"the Kerberos password backend"
msgstr "启用时authentik 存储的密码将会在使用 Kerberos 密码后端登录时更新"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source"
msgstr "Kerberos 源"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Sources"
msgstr "Kerberos 源"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mapping"
msgstr "Kerberos 源属性映射"
#: authentik/sources/kerberos/models.py
msgid "Kerberos Source Property Mappings"
msgstr "Kerberos 源属性映射"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connection"
msgstr "用户 Kerberos 源连接"
#: authentik/sources/kerberos/models.py
msgid "User Kerberos Source Connections"
msgstr "用户 Kerberos 源连接"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connection"
msgstr "组 Kerberos 源连接"
#: authentik/sources/kerberos/models.py
msgid "Group Kerberos Source Connections"
msgstr "组 Kerberos 源连接"
#: authentik/sources/kerberos/views.py
msgid "SPNEGO authentication required"
msgstr "需要 SPNEGO 身份验证"
#: authentik/sources/kerberos/views.py
msgid ""
"\n"
" Make sure you have valid tickets (obtainable via kinit)\n"
" and configured the browser correctly.\n"
" Please contact your administrator.\n"
" "
msgstr ""
"\n"
" 请确认您拥有有效票据(通过 kinit 获得)\n"
" 并且已正确配置浏览器。\n"
" 请联系您的管理员。\n"
" "
#: authentik/sources/ldap/api.py
msgid "Only a single LDAP Source with password synchronization is allowed"
msgstr "仅允许使用密码同步的单个 LDAP 源"
@ -2522,13 +2648,8 @@ msgid "Captcha Stages"
msgstr "验证码阶段"
#: authentik/stages/captcha/stage.py
msgid "Unknown error"
msgstr "未知错误"
#: authentik/stages/captcha/stage.py
#, python-brace-format
msgid "Failed to validate token: {error}"
msgstr "验证令牌失败:{error}"
msgid "Invalid captcha response. Retrying may solve this issue."
msgstr "无效的验证码响应。重试可能会解决此问题。"
#: authentik/stages/captcha/stage.py
msgid "Invalid captcha response"
@ -2875,6 +2996,10 @@ msgstr "用户数据库 + 应用程序密码"
msgid "User database + LDAP password"
msgstr "用户数据库 + LDAP 密码"
#: authentik/stages/password/models.py
msgid "User database + Kerberos password"
msgstr "用户数据库 + Kerberos 密码"
#: authentik/stages/password/models.py
msgid "Selection of backends to test the password against."
msgstr "选择用于测试密码的后端。"

113
poetry.lock generated
View File

@ -1849,35 +1849,36 @@ grpc = ["grpcio (>=1.44.0,<2.0.0.dev0)"]
[[package]]
name = "gssapi"
version = "1.8.3"
version = "1.9.0"
description = "Python GSSAPI Wrapper"
optional = false
python-versions = ">=3.7"
python-versions = ">=3.8"
files = [
{file = "gssapi-1.8.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:4e4a83e9b275fe69b5d40be6d5479889866b80333a12c51a9243f2712d4f0554"},
{file = "gssapi-1.8.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:8d57d67547e18f4e44a688bfb20abbf176d1b8df547da2b31c3f2df03cfdc269"},
{file = "gssapi-1.8.3-cp310-cp310-win32.whl", hash = "sha256:3a3f63105f39c4af29ffc8f7b6542053d87fe9d63010c689dd9a9f5571facb8e"},
{file = "gssapi-1.8.3-cp310-cp310-win_amd64.whl", hash = "sha256:b031c0f186ab4275186da385b2c7470dd47c9b27522cb3b753757c9ac4bebf11"},
{file = "gssapi-1.8.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:b03d6b30f1fcd66d9a688b45a97e302e4dd3f1386d5c333442731aec73cdb409"},
{file = "gssapi-1.8.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ca6ceb17fc15eda2a69f2e8c6cf10d11e2edb32832255e5d4c65b21b6db4680a"},
{file = "gssapi-1.8.3-cp311-cp311-win32.whl", hash = "sha256:edc8ef3a9e397dbe18bb6016f8e2209969677b534316d20bb139da2865a38efe"},
{file = "gssapi-1.8.3-cp311-cp311-win_amd64.whl", hash = "sha256:8fdb1ff130cee49bc865ec1624dee8cf445cd6c6e93b04bffef2c6f363a60cb9"},
{file = "gssapi-1.8.3-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:19c373b3ba63ce19cd3163aa1495635e3d01b0de6cc4ff1126095eded1df6e01"},
{file = "gssapi-1.8.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:37f1a8046d695f2c9b8d640a6e385780d3945c0741571ed6fee6f94c31e431dc"},
{file = "gssapi-1.8.3-cp312-cp312-win32.whl", hash = "sha256:338db18612e3e6ed64e92b6d849242a535fdc98b365f21122992fb8cae737617"},
{file = "gssapi-1.8.3-cp312-cp312-win_amd64.whl", hash = "sha256:5731c5b40ecc3116cfe7fb7e1d1e128583ec8b3df1e68bf8cd12073160793acd"},
{file = "gssapi-1.8.3-cp37-cp37m-macosx_10_9_x86_64.whl", hash = "sha256:e556878da197ad115a566d36e46a8082d0079731d9c24d1ace795132d725ff2a"},
{file = "gssapi-1.8.3-cp37-cp37m-win32.whl", hash = "sha256:e2bb081f2db2111377effe7d40ba23f9a87359b9d2f4881552b731e9da88b36b"},
{file = "gssapi-1.8.3-cp37-cp37m-win_amd64.whl", hash = "sha256:4d9ed83f2064cda60aad90e6840ae282096801b2c814b8cbd390bf0df4635aab"},
{file = "gssapi-1.8.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:7d91fe6e2a5c89b32102ea8e374b8ae13b9031d43d7b55f3abc1f194ddce820d"},
{file = "gssapi-1.8.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:d5b28237afc0668046934792756dd4b6b7e957b0d95a608d02f296734a2819ad"},
{file = "gssapi-1.8.3-cp38-cp38-win32.whl", hash = "sha256:791e44f7bea602b8e3da1ec56fbdb383b8ee3326fdeb736f904c2aa9af13a67d"},
{file = "gssapi-1.8.3-cp38-cp38-win_amd64.whl", hash = "sha256:5b4bf84d0a6d7779a4bf11dacfd3db57ae02dd53562e2aeadac4219a68eaee07"},
{file = "gssapi-1.8.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:e40efc88ccefefd6142f8c47b8af498731938958b808bad49990442a91f45160"},
{file = "gssapi-1.8.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:ee74b9211c977b9181ff4652d886d7712c9a221560752a35393b58e5ea07887a"},
{file = "gssapi-1.8.3-cp39-cp39-win32.whl", hash = "sha256:465c6788f2ac6ef7c738394ba8fde1ede6004e5721766f386add63891d8c90af"},
{file = "gssapi-1.8.3-cp39-cp39-win_amd64.whl", hash = "sha256:8fb8ee70458f47b51ed881a6881f30b187c987c02af16cc0fff0079255d4d465"},
{file = "gssapi-1.8.3.tar.gz", hash = "sha256:aa3c8d0b1526f52559552bb2c9d2d6be013d76a8e5db00b39a1db5727e93b0b0"},
{file = "gssapi-1.9.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:261e00ac426d840055ddb2199f4989db7e3ce70fa18b1538f53e392b4823e8f1"},
{file = "gssapi-1.9.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:14a1ae12fdf1e4c8889206195ba1843de09fe82587fa113112887cd5894587c6"},
{file = "gssapi-1.9.0-cp310-cp310-win32.whl", hash = "sha256:2a9c745255e3a810c3e8072e267b7b302de0705f8e9a0f2c5abc92fe12b9475e"},
{file = "gssapi-1.9.0-cp310-cp310-win_amd64.whl", hash = "sha256:dfc1b4c0bfe9f539537601c9f187edc320daf488f694e50d02d0c1eb37416962"},
{file = "gssapi-1.9.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:67d9be5e34403e47fb5749d5a1ad4e5a85b568e6a9add1695edb4a5b879f7560"},
{file = "gssapi-1.9.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:11e9b92cef11da547fc8c210fa720528fd854038504103c1b15ae2a89dce5fcd"},
{file = "gssapi-1.9.0-cp311-cp311-win32.whl", hash = "sha256:6c5f8a549abd187687440ec0b72e5b679d043d620442b3637d31aa2766b27cbe"},
{file = "gssapi-1.9.0-cp311-cp311-win_amd64.whl", hash = "sha256:59e1a1a9a6c5dc430dc6edfcf497f5ca00cf417015f781c9fac2e85652cd738f"},
{file = "gssapi-1.9.0-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:b66a98827fbd2864bf8993677a039d7ba4a127ca0d2d9ed73e0ef4f1baa7fd7f"},
{file = "gssapi-1.9.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2bddd1cc0c9859c5e0fd96d4d88eb67bd498fdbba45b14cdccfe10bfd329479f"},
{file = "gssapi-1.9.0-cp312-cp312-win32.whl", hash = "sha256:10134db0cf01bd7d162acb445762dbcc58b5c772a613e17c46cf8ad956c4dfec"},
{file = "gssapi-1.9.0-cp312-cp312-win_amd64.whl", hash = "sha256:e28c7d45da68b7e36ed3fb3326744bfe39649f16e8eecd7b003b082206039c76"},
{file = "gssapi-1.9.0-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:cea344246935b5337e6f8a69bb6cc45619ab3a8d74a29fcb0a39fd1e5843c89c"},
{file = "gssapi-1.9.0-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:1a5786bd9fcf435bd0c87dc95ae99ad68cefcc2bcc80c71fef4cb0ccdfb40f1e"},
{file = "gssapi-1.9.0-cp313-cp313-win32.whl", hash = "sha256:c99959a9dd62358e370482f1691e936cb09adf9a69e3e10d4f6a097240e9fd28"},
{file = "gssapi-1.9.0-cp313-cp313-win_amd64.whl", hash = "sha256:a2e43f50450e81fe855888c53df70cdd385ada979db79463b38031710a12acd9"},
{file = "gssapi-1.9.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:c0e378d62b2fc352ca0046030cda5911d808a965200f612fdd1d74501b83e98f"},
{file = "gssapi-1.9.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:b74031c70864d04864b7406c818f41be0c1637906fb9654b06823bcc79f151dc"},
{file = "gssapi-1.9.0-cp38-cp38-win32.whl", hash = "sha256:f2f3a46784d8127cc7ef10d3367dedcbe82899ea296710378ccc9b7cefe96f4c"},
{file = "gssapi-1.9.0-cp38-cp38-win_amd64.whl", hash = "sha256:a81f30cde21031e7b1f8194a3eea7285e39e551265e7744edafd06eadc1c95bc"},
{file = "gssapi-1.9.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:cbc93fdadd5aab9bae594538b2128044b8c5cdd1424fe015a465d8a8a587411a"},
{file = "gssapi-1.9.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:5b2a3c0a9beb895942d4b8e31f515e52c17026e55aeaa81ee0df9bbfdac76098"},
{file = "gssapi-1.9.0-cp39-cp39-win32.whl", hash = "sha256:060b58b455d29ab8aca74770e667dca746264bee660ac5b6a7a17476edc2c0b8"},
{file = "gssapi-1.9.0-cp39-cp39-win_amd64.whl", hash = "sha256:11c9fe066edb0fa0785697eb0cecf2719c7ad1d9f2bf27be57b647a617bcfaa5"},
{file = "gssapi-1.9.0.tar.gz", hash = "sha256:f468fac8f3f5fca8f4d1ca19e3cd4d2e10bd91074e7285464b22715d13548afe"},
]
[package.dependencies]
@ -3895,13 +3896,13 @@ pytest = ">=4.0.0"
[[package]]
name = "pytest-randomly"
version = "3.15.0"
version = "3.16.0"
description = "Pytest plugin to randomly order tests and control random.seed."
optional = false
python-versions = ">=3.8"
python-versions = ">=3.9"
files = [
{file = "pytest_randomly-3.15.0-py3-none-any.whl", hash = "sha256:0516f4344b29f4e9cdae8bce31c4aeebf59d0b9ef05927c33354ff3859eeeca6"},
{file = "pytest_randomly-3.15.0.tar.gz", hash = "sha256:b908529648667ba5e54723088edd6f82252f540cc340d748d1fa985539687047"},
{file = "pytest_randomly-3.16.0-py3-none-any.whl", hash = "sha256:8633d332635a1a0983d3bba19342196807f6afb17c3eef78e02c2f85dade45d6"},
{file = "pytest_randomly-3.16.0.tar.gz", hash = "sha256:11bf4d23a26484de7860d82f726c0629837cf4064b79157bd18ec9d41d7feb26"},
]
[package.dependencies]
@ -4292,29 +4293,29 @@ pyasn1 = ">=0.1.3"
[[package]]
name = "ruff"
version = "0.7.0"
version = "0.7.1"
description = "An extremely fast Python linter and code formatter, written in Rust."
optional = false
python-versions = ">=3.7"
files = [
{file = "ruff-0.7.0-py3-none-linux_armv6l.whl", hash = "sha256:0cdf20c2b6ff98e37df47b2b0bd3a34aaa155f59a11182c1303cce79be715628"},
{file = "ruff-0.7.0-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:496494d350c7fdeb36ca4ef1c9f21d80d182423718782222c29b3e72b3512737"},
{file = "ruff-0.7.0-py3-none-macosx_11_0_arm64.whl", hash = "sha256:214b88498684e20b6b2b8852c01d50f0651f3cc6118dfa113b4def9f14faaf06"},
{file = "ruff-0.7.0-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:630fce3fefe9844e91ea5bbf7ceadab4f9981f42b704fae011bb8efcaf5d84be"},
{file = "ruff-0.7.0-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:211d877674e9373d4bb0f1c80f97a0201c61bcd1e9d045b6e9726adc42c156aa"},
{file = "ruff-0.7.0-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:194d6c46c98c73949a106425ed40a576f52291c12bc21399eb8f13a0f7073495"},
{file = "ruff-0.7.0-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:82c2579b82b9973a110fab281860403b397c08c403de92de19568f32f7178598"},
{file = "ruff-0.7.0-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:9af971fe85dcd5eaed8f585ddbc6bdbe8c217fb8fcf510ea6bca5bdfff56040e"},
{file = "ruff-0.7.0-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b641c7f16939b7d24b7bfc0be4102c56562a18281f84f635604e8a6989948914"},
{file = "ruff-0.7.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d71672336e46b34e0c90a790afeac8a31954fd42872c1f6adaea1dff76fd44f9"},
{file = "ruff-0.7.0-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:ab7d98c7eed355166f367597e513a6c82408df4181a937628dbec79abb2a1fe4"},
{file = "ruff-0.7.0-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:1eb54986f770f49edb14f71d33312d79e00e629a57387382200b1ef12d6a4ef9"},
{file = "ruff-0.7.0-py3-none-musllinux_1_2_i686.whl", hash = "sha256:dc452ba6f2bb9cf8726a84aa877061a2462afe9ae0ea1d411c53d226661c601d"},
{file = "ruff-0.7.0-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:4b406c2dce5be9bad59f2de26139a86017a517e6bcd2688da515481c05a2cb11"},
{file = "ruff-0.7.0-py3-none-win32.whl", hash = "sha256:f6c968509f767776f524a8430426539587d5ec5c662f6addb6aa25bc2e8195ec"},
{file = "ruff-0.7.0-py3-none-win_amd64.whl", hash = "sha256:ff4aabfbaaba880e85d394603b9e75d32b0693152e16fa659a3064a85df7fce2"},
{file = "ruff-0.7.0-py3-none-win_arm64.whl", hash = "sha256:10842f69c245e78d6adec7e1db0a7d9ddc2fff0621d730e61657b64fa36f207e"},
{file = "ruff-0.7.0.tar.gz", hash = "sha256:47a86360cf62d9cd53ebfb0b5eb0e882193fc191c6d717e8bef4462bc3b9ea2b"},
{file = "ruff-0.7.1-py3-none-linux_armv6l.whl", hash = "sha256:cb1bc5ed9403daa7da05475d615739cc0212e861b7306f314379d958592aaa89"},
{file = "ruff-0.7.1-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:27c1c52a8d199a257ff1e5582d078eab7145129aa02721815ca8fa4f9612dc35"},
{file = "ruff-0.7.1-py3-none-macosx_11_0_arm64.whl", hash = "sha256:588a34e1ef2ea55b4ddfec26bbe76bc866e92523d8c6cdec5e8aceefeff02d99"},
{file = "ruff-0.7.1-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:94fc32f9cdf72dc75c451e5f072758b118ab8100727168a3df58502b43a599ca"},
{file = "ruff-0.7.1-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:985818742b833bffa543a84d1cc11b5e6871de1b4e0ac3060a59a2bae3969250"},
{file = "ruff-0.7.1-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:32f1e8a192e261366c702c5fb2ece9f68d26625f198a25c408861c16dc2dea9c"},
{file = "ruff-0.7.1-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:699085bf05819588551b11751eff33e9ca58b1b86a6843e1b082a7de40da1565"},
{file = "ruff-0.7.1-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:344cc2b0814047dc8c3a8ff2cd1f3d808bb23c6658db830d25147339d9bf9ea7"},
{file = "ruff-0.7.1-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:4316bbf69d5a859cc937890c7ac7a6551252b6a01b1d2c97e8fc96e45a7c8b4a"},
{file = "ruff-0.7.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:79d3af9dca4c56043e738a4d6dd1e9444b6d6c10598ac52d146e331eb155a8ad"},
{file = "ruff-0.7.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:c5c121b46abde94a505175524e51891f829414e093cd8326d6e741ecfc0a9112"},
{file = "ruff-0.7.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:8422104078324ea250886954e48f1373a8fe7de59283d747c3a7eca050b4e378"},
{file = "ruff-0.7.1-py3-none-musllinux_1_2_i686.whl", hash = "sha256:56aad830af8a9db644e80098fe4984a948e2b6fc2e73891538f43bbe478461b8"},
{file = "ruff-0.7.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:658304f02f68d3a83c998ad8bf91f9b4f53e93e5412b8f2388359d55869727fd"},
{file = "ruff-0.7.1-py3-none-win32.whl", hash = "sha256:b517a2011333eb7ce2d402652ecaa0ac1a30c114fbbd55c6b8ee466a7f600ee9"},
{file = "ruff-0.7.1-py3-none-win_amd64.whl", hash = "sha256:f38c41fcde1728736b4eb2b18850f6d1e3eedd9678c914dede554a70d5241307"},
{file = "ruff-0.7.1-py3-none-win_arm64.whl", hash = "sha256:19aa200ec824c0f36d0c9114c8ec0087082021732979a359d6f3c390a6ff2a37"},
{file = "ruff-0.7.1.tar.gz", hash = "sha256:9d8a41d4aa2dad1575adb98a82870cf5db5f76b2938cf2206c22c940034a36f4"},
]
[[package]]
@ -4424,13 +4425,13 @@ tornado = ["tornado (>=6)"]
[[package]]
name = "service-identity"
version = "24.1.0"
version = "24.2.0"
description = "Service identity verification for pyOpenSSL & cryptography."
optional = false
python-versions = ">=3.8"
files = [
{file = "service_identity-24.1.0-py3-none-any.whl", hash = "sha256:a28caf8130c8a5c1c7a6f5293faaf239bbfb7751e4862436920ee6f2616f568a"},
{file = "service_identity-24.1.0.tar.gz", hash = "sha256:6829c9d62fb832c2e1c435629b0a8c476e1929881f28bee4d20bc24161009221"},
{file = "service_identity-24.2.0-py3-none-any.whl", hash = "sha256:6b047fbd8a84fd0bb0d55ebce4031e400562b9196e1e0d3e0fe2b8a59f6d4a85"},
{file = "service_identity-24.2.0.tar.gz", hash = "sha256:b8683ba13f0d39c6cd5d625d2c5f65421d6d707b013b375c355751557cbe8e09"},
]
[package.dependencies]
@ -4440,7 +4441,7 @@ pyasn1 = "*"
pyasn1-modules = "*"
[package.extras]
dev = ["pyopenssl", "service-identity[idna,mypy,tests]"]
dev = ["coverage[toml] (>=5.0.2)", "idna", "mypy", "pyopenssl", "pytest", "types-pyopenssl"]
docs = ["furo", "myst-parser", "pyopenssl", "sphinx", "sphinx-notfound-page"]
idna = ["idna"]
mypy = ["idna", "mypy", "types-pyopenssl"]
@ -4750,13 +4751,13 @@ wsproto = ">=0.14"
[[package]]
name = "twilio"
version = "9.3.4"
version = "9.3.6"
description = "Twilio API client and TwiML generator"
optional = false
python-versions = ">=3.7.0"
files = [
{file = "twilio-9.3.4-py2.py3-none-any.whl", hash = "sha256:2cae99f0f7aecbd9da02fa59ad8f11b360db4a9281fc3fb3237ad50be21d8a9b"},
{file = "twilio-9.3.4.tar.gz", hash = "sha256:38a6ab04752f44313dcf736eae45236a901528d3f53dfc21d3afd33539243c7f"},
{file = "twilio-9.3.6-py2.py3-none-any.whl", hash = "sha256:c5d7f4cfeb50a7928397b8f819c8f7fb2bb956a1a2cabbda1df1d7a40f9ce1d7"},
{file = "twilio-9.3.6.tar.gz", hash = "sha256:d42691f7fe1faaa5ba82942f169bfea4d7f01a0a542a456d82018fb49bd1f5b2"},
]
[package.dependencies]

38
schema.yml
View File

@ -33862,6 +33862,11 @@ paths:
operationId: stages_identification_list
description: IdentificationStage Viewset
parameters:
- in: query
name: captcha_stage
schema:
type: string
format: uuid
- in: query
name: case_insensitive_matching
schema:
@ -40204,10 +40209,15 @@ components:
challenge:
type: object
additionalProperties: {}
last_used:
type: string
format: date-time
nullable: true
required:
- challenge
- device_class
- device_uid
- last_used
DeviceChallengeRequest:
type: object
description: Single device challenge
@ -40221,10 +40231,15 @@ components:
challenge:
type: object
additionalProperties: {}
last_used:
type: string
format: date-time
nullable: true
required:
- challenge
- device_class
- device_uid
- last_used
DeviceClassesEnum:
enum:
- static
@ -42494,6 +42509,8 @@ components:
type: string
flow_designation:
$ref: '#/components/schemas/FlowDesignationEnum'
captcha_stage:
$ref: '#/components/schemas/CaptchaChallenge'
enroll_url:
type: string
recovery_url:
@ -42528,6 +42545,9 @@ components:
password:
type: string
nullable: true
captcha_token:
type: string
nullable: true
required:
- uid_field
IdentificationStage:
@ -42573,6 +42593,12 @@ components:
nullable: true
description: When set, shows a password field, instead of showing the password
field as separate step.
captcha_stage:
type: string
format: uuid
nullable: true
description: When set, adds functionality exactly like a Captcha stage,
but baked into the Identification stage.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
@ -42641,6 +42667,12 @@ components:
nullable: true
description: When set, shows a password field, instead of showing the password
field as separate step.
captcha_stage:
type: string
format: uuid
nullable: true
description: When set, adds functionality exactly like a Captcha stage,
but baked into the Identification stage.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.
@ -48231,6 +48263,12 @@ components:
nullable: true
description: When set, shows a password field, instead of showing the password
field as separate step.
captcha_stage:
type: string
format: uuid
nullable: true
description: When set, adds functionality exactly like a Captcha stage,
but baked into the Identification stage.
case_insensitive_matching:
type: boolean
description: When enabled, user fields are matched regardless of their casing.

8
web/package-lock.json generated
View File

@ -23,7 +23,7 @@
"@floating-ui/dom": "^1.6.11",
"@formatjs/intl-listformat": "^7.5.7",
"@fortawesome/fontawesome-free": "^6.6.0",
"@goauthentik/api": "^2024.8.3-1729699127",
"@goauthentik/api": "^2024.8.3-1729836831",
"@lit-labs/ssr": "^3.2.2",
"@lit/context": "^1.1.2",
"@lit/localize": "^0.12.2",
@ -1775,9 +1775,9 @@
}
},
"node_modules/@goauthentik/api": {
"version": "2024.8.3-1729699127",
"resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.8.3-1729699127.tgz",
"integrity": "sha512-luo0SAASR6BTTtLszDgfdwofBejv4F3hCHgPxeSoTSFgE8/A2+zJD8EtWPZaa1udDkwPa9lbIeJSSmbgFke3jA=="
"version": "2024.8.3-1729836831",
"resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2024.8.3-1729836831.tgz",
"integrity": "sha512-nOgvjYQiK+HhWuiZ635h/aSsq7Mfj5cDrIyBJt+IJRQuJFtnnHx8nscRXKK/8sBl9obH2zMCoZgeqytK8145bg=="
},
"node_modules/@goauthentik/web": {
"resolved": "",

2
web/package.json
View File

@ -11,7 +11,7 @@
"@floating-ui/dom": "^1.6.11",
"@formatjs/intl-listformat": "^7.5.7",
"@fortawesome/fontawesome-free": "^6.6.0",
"@goauthentik/api": "^2024.8.3-1729699127",
"@goauthentik/api": "^2024.8.3-1729836831",
"@lit-labs/ssr": "^3.2.2",
"@lit/context": "^1.1.2",
"@lit/localize": "^0.12.2",

2
web/src/admin/applications/wizard/methods/ldap/ak-application-wizard-authentication-by-ldap.ts
View File

@ -97,7 +97,7 @@ export class ApplicationWizardApplicationDetails extends WithBrandConfig(BasePro
</ak-radio-input>
<ak-switch-input
name="openInNewTab"
name="mfaSupport"
label=${msg("Code-based MFA Support")}
?checked=${provider?.mfaSupport ?? true}
help=${mfaSupportHelp}

62
web/src/admin/applications/wizard/methods/oauth/ak-application-wizard-authentication-by-oauth.ts
View File

@ -113,9 +113,8 @@ export class ApplicationWizardAuthenticationByOauth extends BaseProviderPanel {
<ak-text-input
name="clientSecret"
label=${msg("Client Secret")}
value=${
provider?.clientSecret ?? randomString(128, ascii_letters + digits)
}
value=${provider?.clientSecret ??
randomString(128, ascii_letters + digits)}
.errorMessages=${errors?.clientSecret ?? []}
?hidden=${!this.showClientSecret}
>
@ -150,35 +149,36 @@ export class ApplicationWizardAuthenticationByOauth extends BaseProviderPanel {
<ak-form-group>
<span slot="header"> ${msg("Advanced flow settings")} </span>
<ak-form-element-horizontal
name="authenticationFlow"
label=${msg("Authentication flow")}
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Authentication}
.currentFlow=${provider?.authenticationFlow}
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg(
"Flow used when a user access this provider and is not authenticated.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Invalidation flow")}
name="invalidationFlow"
required
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Invalidation}
.currentFlow=${provider?.invalidationFlow}
defaultFlowSlug="default-provider-invalidation-flow"
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
name="authenticationFlow"
label=${msg("Authentication flow")}
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Authentication}
.currentFlow=${provider?.authenticationFlow}
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg(
"Flow used when a user access this provider and is not authenticated.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Invalidation flow")}
name="invalidationFlow"
required
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg("Flow used when logging out of this provider.")}
</p>
</ak-form-element-horizontal>
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Invalidation}
.currentFlow=${provider?.invalidationFlow}
defaultFlowSlug="default-provider-invalidation-flow"
required
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg("Flow used when logging out of this provider.")}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>

65
web/src/admin/applications/wizard/methods/proxy/AuthenticationByProxyPage.ts
View File

@ -161,11 +161,9 @@ export class AkTypeProxyApplicationWizardPage extends BaseProviderPanel {
<ak-textarea-input
name="skipPathRegex"
label=${
this.mode === ProxyMode.ForwardDomain
? msg("Unauthenticated URLs")
: msg("Unauthenticated Paths")
}
label=${this.mode === ProxyMode.ForwardDomain
? msg("Unauthenticated URLs")
: msg("Unauthenticated Paths")}
value=${ifDefined(this.instance?.skipPathRegex)}
.errorMessages=${errors?.skipPathRegex ?? []}
.bighelp=${html` <p class="pf-c-form__helper-text">
@ -184,35 +182,36 @@ export class AkTypeProxyApplicationWizardPage extends BaseProviderPanel {
</ak-form-group>
<ak-form-group>
<span slot="header"> ${msg("Advanced flow settings")} </span>
<ak-form-element-horizontal
name="authenticationFlow"
label=${msg("Authentication flow")}
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Authentication}
.currentFlow=${this.instance?.authenticationFlow}
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg(
"Flow used when a user access this provider and is not authenticated.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Invalidation flow")}
name="invalidationFlow"
required
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Invalidation}
.currentFlow=${this.instance?.invalidationFlow}
defaultFlowSlug="default-provider-invalidation-flow"
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
name="authenticationFlow"
label=${msg("Authentication flow")}
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Authentication}
.currentFlow=${this.instance?.authenticationFlow}
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg(
"Flow used when a user access this provider and is not authenticated.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Invalidation flow")}
name="invalidationFlow"
required
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg("Flow used when logging out of this provider.")}
</p>
</ak-form-element-horizontal>
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Invalidation}
.currentFlow=${this.instance?.invalidationFlow}
defaultFlowSlug="default-provider-invalidation-flow"
required
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg("Flow used when logging out of this provider.")}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>

155
web/src/admin/applications/wizard/methods/saml/ak-application-wizard-authentication-by-saml-configuration.ts
View File

@ -146,36 +146,37 @@ export class ApplicationWizardProviderSamlConfiguration extends BaseProviderPane
</ak-form-group>
<ak-form-group>
<span slot="header"> ${msg("Advanced flow settings")} </span>
<ak-form-element-horizontal
name="authenticationFlow"
label=${msg("Authentication flow")}
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Authentication}
.currentFlow=${provider?.authenticationFlow}
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg(
"Flow used when a user access this provider and is not authenticated.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Invalidation flow")}
name="invalidationFlow"
required
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Invalidation}
.currentFlow=${provider?.invalidationFlow}
defaultFlowSlug="default-provider-invalidation-flow"
<span slot="header"> ${msg("Advanced flow settings")}</span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal
name="authenticationFlow"
label=${msg("Authentication flow")}
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Authentication}
.currentFlow=${provider?.authenticationFlow}
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg(
"Flow used when a user access this provider and is not authenticated.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal
label=${msg("Invalidation flow")}
name="invalidationFlow"
required
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg("Flow used when logging out of this provider.")}
</p>
</ak-form-element-horizontal>
>
<ak-flow-search
flowType=${FlowsInstancesListDesignationEnum.Invalidation}
.currentFlow=${provider?.invalidationFlow}
defaultFlowSlug="default-provider-invalidation-flow"
required
></ak-flow-search>
<p class="pf-c-form__helper-text">
${msg("Flow used when logging out of this provider.")}
</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
<ak-form-group>
@ -199,60 +200,52 @@ export class ApplicationWizardProviderSamlConfiguration extends BaseProviderPane
)}
</p>
</ak-form-element-horizontal>
${
this.hasSigningKp
? html` <ak-form-element-horizontal name="signAssertion">
<label class="pf-c-switch">
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${first(provider?.signAssertion, true)}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i
class="fas fa-check"
aria-hidden="true"
></i>
</span>
${this.hasSigningKp
? html` <ak-form-element-horizontal name="signAssertion">
<label class="pf-c-switch">
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${first(provider?.signAssertion, true)}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i>
</span>
<span class="pf-c-switch__label"
>${msg("Sign assertions")}</span
>
</label>
<p class="pf-c-form__helper-text">
${msg(
"When enabled, the assertion element of the SAML response will be signed.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="signResponse">
<label class="pf-c-switch">
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${first(provider?.signResponse, false)}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i
class="fas fa-check"
aria-hidden="true"
></i>
</span>
</span>
<span class="pf-c-switch__label"
>${msg("Sign assertions")}</span
>
</label>
<p class="pf-c-form__helper-text">
${msg(
"When enabled, the assertion element of the SAML response will be signed.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="signResponse">
<label class="pf-c-switch">
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${first(provider?.signResponse, false)}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i>
</span>
<span class="pf-c-switch__label"
>${msg("Sign responses")}</span
>
</label>
<p class="pf-c-form__helper-text">
${msg(
"When enabled, the assertion element of the SAML response will be signed.",
)}
</p>
</ak-form-element-horizontal>`
: nothing
}
</span>
<span class="pf-c-switch__label"
>${msg("Sign responses")}</span
>
</label>
<p class="pf-c-form__helper-text">
${msg(
"When enabled, the assertion element of the SAML response will be signed.",
)}
</p>
</ak-form-element-horizontal>`
: nothing}
<ak-form-element-horizontal
label=${msg("Verification Certificate")}

6
web/src/admin/providers/rac/RACProviderViewPage.ts
View File

@ -129,11 +129,7 @@ export class RACProviderViewPage extends AKElement {
if (!this.provider) {
return html``;
}
return html`<div slot="header" class="pf-c-banner pf-m-info">
${msg("RAC is in preview.")}
<a href="mailto:hello+feature/rac@goauthentik.io">${msg("Send us feedback!")}</a>
</div>
${this.provider?.assignedApplicationName
return html`${this.provider?.assignedApplicationName
? html``
: html`<div slot="header" class="pf-c-banner pf-m-warning">
${msg("Warning: Provider is not used by an Application.")}

7
web/src/admin/rbac/ObjectPermissionModal.ts
View File

@ -7,7 +7,6 @@ import { msg } from "@lit/localize";
import { CSSResult, TemplateResult, html } from "lit";
import { customElement, property } from "lit/decorators.js";
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
import PFButton from "@patternfly/patternfly/components/Button/button.css";
import PFBase from "@patternfly/patternfly/patternfly-base.css";
@ -53,17 +52,13 @@ export class ObjectPermissionModal extends AKElement {
objectPk?: string | number;
static get styles(): CSSResult[] {
return [PFBase, PFButton, PFBanner];
return [PFBase, PFButton];
}
render(): TemplateResult {
return html`
<ak-forms-modal .showSubmitButton=${false} cancelText=${msg("Close")}>
<span slot="header"> ${msg("Update Permissions")} </span>
<div class="pf-c-banner pf-m-info" slot="above-form">
${msg("RBAC is in preview.")}
<a href="mailto:hello@goauthentik.io">${msg("Send us feedback!")}</a>
</div>
<ak-rbac-object-permission-modal-form
slot="form"
.model=${this.model}

99
web/src/admin/rbac/ObjectPermissionsPage.ts
View File

@ -11,7 +11,6 @@ import { msg } from "@lit/localize";
import { html, nothing } from "lit";
import { customElement, property } from "lit/decorators.js";
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
import PFCard from "@patternfly/patternfly/components/Card/card.css";
import PFPage from "@patternfly/patternfly/components/Page/page.css";
import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
@ -31,66 +30,60 @@ export class ObjectPermissionPage extends AKElement {
embedded = false;
static get styles() {
return [PFBase, PFGrid, PFPage, PFCard, PFBanner];
return [PFBase, PFGrid, PFPage, PFCard];
}
render() {
return html`${!this.embedded
? html`<div class="pf-c-banner pf-m-info">
${msg("RBAC is in preview.")}
<a href="mailto:hello@goauthentik.io">${msg("Send us feedback!")}</a>
</div>`
return html` <ak-tabs pageIdentifier="permissionPage" ?vertical=${!this.embedded}>
${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser
? this.renderCoreUser()
: nothing}
<ak-tabs pageIdentifier="permissionPage" ?vertical=${!this.embedded}>
${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser
? this.renderCoreUser()
: nothing}
${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole
? this.renderRbacRole()
: nothing}
<section
slot="page-object-user"
data-tab-title="${msg("User Object Permissions")}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<div class="pf-l-grid pf-m-gutter">
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${msg("User Object Permissions")}</div>
<div class="pf-c-card__body">
${msg("Permissions set on users which affect this object.")}
</div>
<div class="pf-c-card__body">
<ak-rbac-user-object-permission-table
.model=${this.model}
.objectPk=${this.objectPk}
>
</ak-rbac-user-object-permission-table>
</div>
${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole
? this.renderRbacRole()
: nothing}
<section
slot="page-object-user"
data-tab-title="${msg("User Object Permissions")}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<div class="pf-l-grid pf-m-gutter">
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${msg("User Object Permissions")}</div>
<div class="pf-c-card__body">
${msg("Permissions set on users which affect this object.")}
</div>
<div class="pf-c-card__body">
<ak-rbac-user-object-permission-table
.model=${this.model}
.objectPk=${this.objectPk}
>
</ak-rbac-user-object-permission-table>
</div>
</div>
</section>
<section
slot="page-object-role"
data-tab-title="${msg("Role Object Permissions")}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<div class="pf-l-grid pf-m-gutter">
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${msg("Role Object Permissions")}</div>
<div class="pf-c-card__body">
${msg("Permissions set on roles which affect this object.")}
</div>
<div class="pf-c-card__body">
<ak-rbac-role-object-permission-table
.model=${this.model}
.objectPk=${this.objectPk}
>
</ak-rbac-role-object-permission-table>
</div>
</div>
</section>
<section
slot="page-object-role"
data-tab-title="${msg("Role Object Permissions")}"
class="pf-c-page__main-section pf-m-no-padding-mobile"
>
<div class="pf-l-grid pf-m-gutter">
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__title">${msg("Role Object Permissions")}</div>
<div class="pf-c-card__body">
${msg("Permissions set on roles which affect this object.")}
</div>
<div class="pf-c-card__body">
<ak-rbac-role-object-permission-table
.model=${this.model}
.objectPk=${this.objectPk}
>
</ak-rbac-role-object-permission-table>
</div>
</div>
</section>
</ak-tabs>`;
</div>
</section>
</ak-tabs>`;
}
renderCoreUser() {

12
web/src/admin/roles/RoleListPage.ts
View File

@ -9,12 +9,10 @@ import { TablePage } from "@goauthentik/elements/table/TablePage";
import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
import { msg } from "@lit/localize";
import { CSSResult, TemplateResult, html } from "lit";
import { TemplateResult, html } from "lit";
import { customElement, property } from "lit/decorators.js";
import { ifDefined } from "lit/directives/if-defined.js";
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
import { RbacApi, Role } from "@goauthentik/api";
@customElement("ak-role-list")
@ -37,10 +35,6 @@ export class RoleListPage extends TablePage<Role> {
@property()
order = "name";
static get styles(): CSSResult[] {
return [...super.styles, PFBanner];
}
async apiEndpoint(): Promise<PaginatedResponse<Role>> {
return new RbacApi(DEFAULT_CONFIG).rbacRolesList(await this.defaultEndpointConfig());
}
@ -78,10 +72,6 @@ export class RoleListPage extends TablePage<Role> {
description=${ifDefined(this.pageDescription())}
>
</ak-page-header>
<div class="pf-c-banner pf-m-info">
${msg("RBAC is in preview.")}
<a href="mailto:hello@goauthentik.io">${msg("Send us feedback!")}</a>
</div>
<section class="pf-c-page__main-section pf-m-no-padding-mobile">
<div class="pf-c-card">${this.renderTable()}</div>
</section>`;

19
web/src/admin/sources/kerberos/KerberosSourceViewPage.ts
View File

@ -18,6 +18,7 @@ import { msg } from "@lit/localize";
import { CSSResult, TemplateResult, html } from "lit";
import { customElement, property, state } from "lit/decorators.js";
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
import PFButton from "@patternfly/patternfly/components/Button/button.css";
import PFCard from "@patternfly/patternfly/components/Card/card.css";
import PFContent from "@patternfly/patternfly/components/Content/content.css";
@ -54,7 +55,17 @@ export class KerberosSourceViewPage extends AKElement {
syncState?: SyncStatus;
static get styles(): CSSResult[] {
return [PFBase, PFPage, PFButton, PFGrid, PFContent, PFCard, PFDescriptionList, PFList];
return [
PFBase,
PFPage,
PFButton,
PFGrid,
PFContent,
PFCard,
PFDescriptionList,
PFBanner,
PFList,
];
}
constructor() {
@ -121,6 +132,12 @@ export class KerberosSourceViewPage extends AKElement {
this.load();
}}
>
<div slot="header" class="pf-c-banner pf-m-info">
${msg("Kerberos Source is in preview.")}
<a href="mailto:hello+feature/kerberos-source@goauthentik.io"
>${msg("Send us feedback!")}</a
>
</div>
<div class="pf-l-grid pf-m-gutter">
<div class="pf-c-card pf-l-grid__item pf-m-12-col">
<div class="pf-c-card__body">

12
web/src/admin/stages/authenticator_endpoint_gdtc/AuthenticatorEndpointGDTCStageForm.ts
View File

@ -10,6 +10,8 @@ import { msg } from "@lit/localize";
import { TemplateResult, html } from "lit";
import { customElement } from "lit/decorators.js";
import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
import { AuthenticatorEndpointGDTCStage, StagesApi } from "@goauthentik/api";
@customElement("ak-stage-authenticator-endpoint-gdtc-form")
@ -33,8 +35,16 @@ export class AuthenticatorEndpointGDTCStageForm extends BaseStageForm<Authentica
}
}
static get styles() {
return super.styles.concat(PFBanner);
}
renderForm(): TemplateResult {
return html` <span>
return html`<div class="pf-c-banner pf-m-info">
${msg("Endpoint Google Chrome Device Trust is in preview.")}
<a href="mailto:hello+feature/gdtc@goauthentik.io">${msg("Send us feedback!")}</a>
</div>
<span>
${msg(
"Stage used to verify users' browsers using Google Chrome Device Trust. This stage can be used in authentication/authorization flows.",
)}

50
web/src/admin/stages/identification/IdentificationStageForm.ts
View File

@ -21,6 +21,7 @@ import {
SourcesApi,
Stage,
StagesApi,
StagesCaptchaListRequest,
StagesPasswordListRequest,
UserFieldsEnum,
} from "@goauthentik/api";
@ -140,19 +141,13 @@ export class IdentificationStageForm extends BaseStageForm<IdentificationStage>
).stagesPasswordList(args);
return stages.results;
}}
.groupBy=${(items: Stage[]) => {
return groupBy(items, (stage) => stage.verboseNamePlural);
}}
.renderElement=${(stage: Stage): string => {
return stage.name;
}}
.value=${(stage: Stage | undefined): string | undefined => {
return stage?.pk;
}}
.selected=${(stage: Stage): boolean => {
return stage.pk === this.instance?.passwordStage;
}}
?blankable=${true}
.groupBy=${(items: Stage[]) =>
groupBy(items, (stage) => stage.verboseNamePlural)}
.renderElement=${(stage: Stage): string => stage.name}
.value=${(stage: Stage | undefined): string | undefined => stage?.pk}
.selected=${(stage: Stage): boolean =>
stage.pk === this.instance?.passwordStage}
blankable
>
</ak-search-select>
<p class="pf-c-form__helper-text">
@ -161,6 +156,35 @@ export class IdentificationStageForm extends BaseStageForm<IdentificationStage>
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${msg("Captcha stage")} name="captchaStage">
<ak-search-select
.fetchObjects=${async (query?: string): Promise<Stage[]> => {
const args: StagesCaptchaListRequest = {
ordering: "name",
};
if (query !== undefined) {
args.search = query;
}
const stages = await new StagesApi(
DEFAULT_CONFIG,
).stagesCaptchaList(args);
return stages.results;
}}
.groupBy=${(items: Stage[]) =>
groupBy(items, (stage) => stage.verboseNamePlural)}
.renderElement=${(stage: Stage): string => stage.name}
.value=${(stage: Stage | undefined): string | undefined => stage?.pk}
.selected=${(stage: Stage): boolean =>
stage.pk === this.instance?.captchaStage}
blankable
>
</ak-search-select>
<p class="pf-c-form__helper-text">
${msg(
"When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.",
)}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="caseInsensitiveMatching">
<label class="pf-c-switch">
<input

170
web/src/flow/stages/authenticator_validate/AuthenticatorValidateStage.ts
View File

@ -6,7 +6,7 @@ import { BaseStage, StageHost, SubmitOptions } from "@goauthentik/flow/stages/ba
import { PasswordManagerPrefill } from "@goauthentik/flow/stages/identification/IdentificationStage";
import { msg } from "@lit/localize";
import { CSSResult, TemplateResult, css, html, nothing } from "lit";
import { CSSResult, PropertyValues, TemplateResult, css, html, nothing } from "lit";
import { customElement, state } from "lit/decorators.js";
import PFButton from "@patternfly/patternfly/components/Button/button.css";
@ -25,6 +25,37 @@ import {
FlowsApi,
} from "@goauthentik/api";
const customCSS = css`
ul {
padding-top: 1rem;
}
ul > li:not(:last-child) {
padding-bottom: 1rem;
}
.authenticator-button {
display: flex;
align-items: center;
}
:host([theme="dark"]) .authenticator-button {
color: var(--ak-dark-foreground) !important;
}
i {
font-size: 1.5rem;
padding: 1rem 0;
width: 3rem;
}
.right {
display: flex;
flex-direction: column;
justify-content: space-between;
height: 100%;
text-align: left;
}
.right > * {
height: 50%;
}
`;
@customElement("ak-stage-authenticator-validate")
export class AuthenticatorValidateStage
extends BaseStage<
@ -33,6 +64,10 @@ export class AuthenticatorValidateStage
>
implements StageHost
{
static get styles(): CSSResult[] {
return [PFBase, PFLogin, PFForm, PFFormControl, PFTitle, PFButton, customCSS];
}
flowSlug = "";
set loading(value: boolean) {
@ -47,14 +82,18 @@ export class AuthenticatorValidateStage
return this.host.brand;
}
@state()
_firstInitialized: boolean = false;
@state()
_selectedDeviceChallenge?: DeviceChallenge;
set selectedDeviceChallenge(value: DeviceChallenge | undefined) {
const previousChallenge = this._selectedDeviceChallenge;
this._selectedDeviceChallenge = value;
if (!value) return;
if (value === previousChallenge) return;
if (value === undefined || value === previousChallenge) {
return;
}
// We don't use this.submit here, as we don't want to advance the flow.
// We just want to notify the backend which challenge has been selected.
new FlowsApi(DEFAULT_CONFIG).flowsExecutorSolve({
@ -79,37 +118,39 @@ export class AuthenticatorValidateStage
return this.host?.submit(payload, options) || Promise.resolve();
}
static get styles(): CSSResult[] {
return [PFBase, PFLogin, PFForm, PFFormControl, PFTitle, PFButton].concat(css`
ul {
padding-top: 1rem;
}
ul > li:not(:last-child) {
padding-bottom: 1rem;
}
.authenticator-button {
display: flex;
align-items: center;
}
:host([theme="dark"]) .authenticator-button {
color: var(--ak-dark-foreground) !important;
}
i {
font-size: 1.5rem;
padding: 1rem 0;
width: 3rem;
}
.right {
display: flex;
flex-direction: column;
justify-content: space-between;
height: 100%;
text-align: left;
}
.right > * {
height: 50%;
}
`);
willUpdate(_changed: PropertyValues<this>) {
if (this._firstInitialized || !this.challenge) {
return;
}
this._firstInitialized = true;
// If user only has a single device, autoselect that device.
if (this.challenge.deviceChallenges.length === 1) {
this.selectedDeviceChallenge = this.challenge.deviceChallenges[0];
return;
}
// If TOTP is allowed from the backend and we have a pre-filled value
// from the password manager, autoselect TOTP.
const totpChallenge = this.challenge.deviceChallenges.find(
(challenge) => challenge.deviceClass === DeviceClassesEnum.Totp,
);
if (PasswordManagerPrefill.totp && totpChallenge) {
console.debug(
"authentik/stages/authenticator_validate: found prefill totp code, selecting totp challenge",
);
this.selectedDeviceChallenge = totpChallenge;
return;
}
// If the last used device is not Static, autoselect that device.
const lastUsedChallenge = this.challenge.deviceChallenges
.filter((deviceChallenge) => deviceChallenge.lastUsed)
.sort((a, b) => b.lastUsed!.valueOf() - a.lastUsed!.valueOf())[0];
if (lastUsedChallenge && lastUsedChallenge.deviceClass !== DeviceClassesEnum.Static) {
this.selectedDeviceChallenge = lastUsedChallenge;
}
}
renderDevicePickerSingle(deviceChallenge: DeviceChallenge) {
@ -228,45 +269,28 @@ export class AuthenticatorValidateStage
}
render(): TemplateResult {
if (!this.challenge) {
return html`<ak-empty-state loading> </ak-empty-state>`;
}
// User only has a single device class, so we don't show a picker
if (this.challenge?.deviceChallenges.length === 1) {
this.selectedDeviceChallenge = this.challenge.deviceChallenges[0];
}
// TOTP is a bit special, assuming that TOTP is allowed from the backend,
// and we have a pre-filled value from the password manager,
// directly set the the TOTP device Challenge as active.
const totpChallenge = this.challenge.deviceChallenges.find(
(challenge) => challenge.deviceClass === DeviceClassesEnum.Totp,
);
if (PasswordManagerPrefill.totp && totpChallenge) {
console.debug(
"authentik/stages/authenticator_validate: found prefill totp code, selecting totp challenge",
);
this.selectedDeviceChallenge = totpChallenge;
}
return html`<header class="pf-c-login__main-header">
<h1 class="pf-c-title pf-m-3xl">${this.challenge.flowInfo?.title}</h1>
</header>
${this.selectedDeviceChallenge
? this.renderDeviceChallenge()
: html`<div class="pf-c-login__main-body">
<form class="pf-c-form">
${this.renderUserInfo()}
${this.selectedDeviceChallenge
? ""
: html`<p>${msg("Select an authentication method.")}</p>`}
${this.challenge.configurationStages.length > 0
? this.renderStagePicker()
: html``}
</form>
${this.renderDevicePicker()}
</div>
<footer class="pf-c-login__main-footer">
<ul class="pf-c-login__main-footer-links"></ul>
</footer>`}`;
return this.challenge
? html`<header class="pf-c-login__main-header">
<h1 class="pf-c-title pf-m-3xl">${this.challenge.flowInfo?.title}</h1>
</header>
${this.selectedDeviceChallenge
? this.renderDeviceChallenge()
: html`<div class="pf-c-login__main-body">
<form class="pf-c-form">
${this.renderUserInfo()}
${this.selectedDeviceChallenge
? ""
: html`<p>${msg("Select an authentication method.")}</p>`}
${this.challenge.configurationStages.length > 0
? this.renderStagePicker()
: html``}
</form>
${this.renderDevicePicker()}
</div>
<footer class="pf-c-login__main-footer">
<ul class="pf-c-login__main-footer-links"></ul>
</footer>`}`
: html`<ak-empty-state loading> </ak-empty-state>`;
}
}

43
web/src/flow/stages/authenticator_validate/AuthenticatorValidateStageCode.ts
View File

@ -31,6 +31,34 @@ export class AuthenticatorValidateStageWebCode extends BaseDeviceStage<
`);
}
deviceMessage(): string {
switch (this.deviceChallenge?.deviceClass) {
case DeviceClassesEnum.Sms:
return msg("A code has been sent to you via SMS.");
case DeviceClassesEnum.Totp:
return msg(
"Open your two-factor authenticator app to view your authentication code.",
);
case DeviceClassesEnum.Static:
return msg("Enter a one-time recovery code for this user.");
}
return msg("Enter the code from your authenticator device.");
}
deviceIcon(): string {
switch (this.deviceChallenge?.deviceClass) {
case DeviceClassesEnum.Sms:
return "fa-key";
case DeviceClassesEnum.Totp:
return "fa-mobile-alt";
case DeviceClassesEnum.Static:
return "fa-sticky-note";
}
return "fa-mobile-alt";
}
render(): TemplateResult {
if (!this.challenge) {
return html`<ak-empty-state loading> </ak-empty-state>`;
@ -44,19 +72,8 @@ export class AuthenticatorValidateStageWebCode extends BaseDeviceStage<
>
${this.renderUserInfo()}
<div class="icon-description">
<i
class="fa ${this.deviceChallenge?.deviceClass == DeviceClassesEnum.Sms
? "fa-key"
: "fa-mobile-alt"}"
aria-hidden="true"
></i>
${this.deviceChallenge?.deviceClass == DeviceClassesEnum.Sms
? html`<p>${msg("A code has been sent to you via SMS.")}</p>`
: html`<p>
${msg(
"Open your two-factor authenticator app to view your authentication code.",
)}
</p>`}
<i class="fa ${this.deviceIcon()}" aria-hidden="true"></i>
<p>${this.deviceMessage()}</p>
</div>
<ak-form-element
label="${this.deviceChallenge?.deviceClass === DeviceClassesEnum.Static

2
web/src/flow/stages/authenticator_validate/base.ts
View File

@ -59,7 +59,7 @@ export class BaseDeviceStage<
(this.host as AuthenticatorValidateStage).selectedDeviceChallenge = undefined;
}}
>
${msg("Return to device picker")}
${msg("Select another authentication method")}
</button>`;
}
}

32
web/src/flow/stages/captcha/CaptchaStage.ts
View File

@ -6,8 +6,8 @@ import { BaseStage } from "@goauthentik/flow/stages/base";
import type { TurnstileObject } from "turnstile-types";
import { msg } from "@lit/localize";
import { CSSResult, PropertyValues, TemplateResult, html } from "lit";
import { customElement, state } from "lit/decorators.js";
import { CSSResult, PropertyValues, html } from "lit";
import { customElement, property, state } from "lit/decorators.js";
import { ifDefined } from "lit/directives/if-defined.js";
import PFButton from "@patternfly/patternfly/components/Button/button.css";
@ -22,6 +22,7 @@ import { CaptchaChallenge, CaptchaChallengeResponseRequest } from "@goauthentik/
interface TurnstileWindow extends Window {
turnstile: TurnstileObject;
}
type TokenHandler = (token: string) => void;
const captchaContainerID = "captcha-container";
@ -45,6 +46,11 @@ export class CaptchaStage extends BaseStage<CaptchaChallenge, CaptchaChallengeRe
@state()
scriptElement?: HTMLScriptElement;
@property()
onTokenChange: TokenHandler = (token: string) => {
this.host.submit({ component: "ak-stage-captcha", token });
};
constructor() {
super();
this.captchaContainer = document.createElement("div");
@ -102,11 +108,7 @@ export class CaptchaStage extends BaseStage<CaptchaChallenge, CaptchaChallengeRe
grecaptcha.ready(() => {
const captchaId = grecaptcha.render(this.captchaContainer, {
sitekey: this.challenge.siteKey,
callback: (token) => {
this.host?.submit({
token: token,
});
},
callback: this.onTokenChange,
size: "invisible",
});
grecaptcha.execute(captchaId);
@ -122,12 +124,8 @@ export class CaptchaStage extends BaseStage<CaptchaChallenge, CaptchaChallengeRe
document.body.appendChild(this.captchaContainer);
const captchaId = hcaptcha.render(this.captchaContainer, {
sitekey: this.challenge.siteKey,
callback: this.onTokenChange,
size: "invisible",
callback: (token) => {
this.host?.submit({
token: token,
});
},
});
hcaptcha.execute(captchaId);
return true;
@ -141,16 +139,12 @@ export class CaptchaStage extends BaseStage<CaptchaChallenge, CaptchaChallengeRe
document.body.appendChild(this.captchaContainer);
(window as unknown as TurnstileWindow).turnstile.render(`#${captchaContainerID}`, {
sitekey: this.challenge.siteKey,
callback: (token) => {
this.host?.submit({
token: token,
});
},
callback: this.onTokenChange,
});
return true;
}
renderBody(): TemplateResult {
renderBody() {
if (this.error) {
return html`<ak-empty-state icon="fa-times" header=${this.error}> </ak-empty-state>`;
}
@ -160,7 +154,7 @@ export class CaptchaStage extends BaseStage<CaptchaChallenge, CaptchaChallengeRe
return html`<ak-empty-state loading header=${msg("Verifying...")}></ak-empty-state>`;
}
render(): TemplateResult {
render() {
if (!this.challenge) {
return html`<ak-empty-state loading> </ak-empty-state>`;
}

18
web/src/flow/stages/identification/IdentificationStage.ts
View File

@ -4,10 +4,11 @@ import "@goauthentik/elements/EmptyState";
import "@goauthentik/elements/forms/FormElement";
import "@goauthentik/flow/components/ak-flow-password-input.js";
import { BaseStage } from "@goauthentik/flow/stages/base";
import "@goauthentik/flow/stages/captcha/CaptchaStage";
import { msg, str } from "@lit/localize";
import { CSSResult, PropertyValues, TemplateResult, css, html, nothing } from "lit";
import { customElement } from "lit/decorators.js";
import { customElement, state } from "lit/decorators.js";
import PFAlert from "@patternfly/patternfly/components/Alert/alert.css";
import PFButton from "@patternfly/patternfly/components/Button/button.css";
@ -46,6 +47,9 @@ export class IdentificationStage extends BaseStage<
> {
form?: HTMLFormElement;
@state()
captchaToken = "";
static get styles(): CSSResult[] {
return [
PFBase,
@ -274,6 +278,18 @@ export class IdentificationStage extends BaseStage<
`
: nothing}
${this.renderNonFieldErrors()}
${this.challenge.captchaStage
? html`
<input name="captchaToken" type="hidden" .value="${this.captchaToken}" />
<ak-stage-captcha
style="visibility: hidden; position:absolute;"
.challenge=${this.challenge.captchaStage}
.onTokenChange=${(token: string) => {
this.captchaToken = token;
}}
></ak-stage-captcha>
`
: nothing}
<div class="pf-c-form__group pf-m-action">
<button type="submit" class="pf-c-button pf-m-primary pf-m-block">
${this.challenge.primaryAction}

31
web/xliff/de.xlf
View File

@ -5036,10 +5036,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s3cd84e82e83e35ad">
<source>Please enter your code</source>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Zurück zur Geräteauswahl</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
<target>Authentifizierung erneut versuchen</target>
@ -5823,9 +5819,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="sfc31264ef7ff86ef">
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
</trans-unit>
@ -5970,9 +5963,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -7015,6 +7005,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

31
web/xliff/en.xlf
View File

@ -5294,10 +5294,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Please enter your code</source>
<target>Please enter your code</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Return to device picker</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
<target>Retry authentication</target>
@ -6088,9 +6084,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="sfc31264ef7ff86ef">
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
</trans-unit>
@ -6235,9 +6228,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -7280,6 +7270,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

31
web/xliff/es.xlf
View File

@ -4962,10 +4962,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s3cd84e82e83e35ad">
<source>Please enter your code</source>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Regresar al selector de dispositivos</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
<target>Reintentar la autenticación</target>
@ -5740,9 +5736,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="sfc31264ef7ff86ef">
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
</trans-unit>
@ -5887,9 +5880,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -6932,6 +6922,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

63
web/xliff/fr.xlf
View File

@ -6616,11 +6616,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
<source>Please enter your code</source>
<target>Veuillez saisir votre code</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Retourner à la sélection d'appareil</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7651,10 +7646,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>Pour nginx auth_request ou traefik forwardAuth par domaine racine</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>RBAC est en aperçu.</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>Type d'utilisateur pour les utilisateurs nouvellement créés.</target>
@ -7847,10 +7838,6 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
<source>Create Endpoint</source>
<target>Créer un point de terminaison</target>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
<target>RAC est en aperçu.</target>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
<target>Mettre à jour le fournisseur RAC</target>
@ -9131,90 +9118,140 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
</trans-unit>
<trans-unit id="sbfee780fa0a2c83e">
<source>Device type <x id="0" equiv-text="${device.verboseName}"/> cannot be deleted</source>
<target>Le type d'appareil <x id="0" equiv-text="${device.verboseName}"/> ne peut pas être supprimé</target>
</trans-unit>
<trans-unit id="s336936629cdeb3e5">
<source>Stage used to verify users' browsers using Google Chrome Device Trust. This stage can be used in authentication/authorization flows.</source>
<target>Étape utilisée pour vérifier le navigateur des utilisateurs avec le connecteur de confiance des appareils Google Chrome Enterprise. Cette étape peut être utilisée dans les flux d'authentification et d'autorisation.</target>
</trans-unit>
<trans-unit id="s85fe794c71b4ace8">
<source>Google Verified Access API</source>
<target>API Google Verified Access</target>
</trans-unit>
<trans-unit id="s013620384af7c8b4">
<source>Device type <x id="0" equiv-text="${device.verboseName}"/> cannot be edited</source>
<target>Le type d'appareil <x id="0" equiv-text="${device.verboseName}"/> ne peut pas être édité</target>
</trans-unit>
<trans-unit id="s4347135696fc7cde">
<source>Advanced flow settings</source>
<target>Paramètres avancés des flux</target>
</trans-unit>
<trans-unit id="sf52ff57fd136cc2f">
<source>Enable this option to write password changes made in authentik back to Kerberos. Ignored if sync is disabled.</source>
<target>Activer cette option pour écrire les changements de mot de passe fait dans authentik dans Kerberos. Ignoré si la synchronisation est désactivée.</target>
</trans-unit>
<trans-unit id="s14a16542f956e11d">
<source>Realm settings</source>
<target>Paramètres du realm</target>
</trans-unit>
<trans-unit id="s9c2eae548d3c1c30">
<source>Realm</source>
<target>Realm</target>
</trans-unit>
<trans-unit id="s6b032212997e2491">
<source>Kerberos 5 configuration</source>
<target>Configuration Kerberos 5</target>
</trans-unit>
<trans-unit id="sbf50181022f47de3">
<source>Kerberos 5 configuration. See man krb5.conf(5) for configuration format. If left empty, a default krb5.conf will be used.</source>
<target>Configuration Kerbers 5. Cf. man krb5.conf(5) pour le format de configuration. Si laissé vide, un krb5.conf par défaut sera utilisé.</target>
</trans-unit>
<trans-unit id="s2386539a0bd62fab">
<source>Sync connection settings</source>
<target>Paramètres de synchronisation</target>
</trans-unit>
<trans-unit id="s0d1a6f3fe81351f8">
<source>Sync principal</source>
<target>Principal de synchronisation</target>
</trans-unit>
<trans-unit id="sa691d6e1974295fa">
<source>Principal used to authenticate to the KDC for syncing.</source>
<target>Principal utilisé pour s'authentifier au KDC pour synchroniser.</target>
</trans-unit>
<trans-unit id="s977b9c629eed3d33">
<source>Sync password</source>
<target>Mot de passe de synchronisation</target>
</trans-unit>
<trans-unit id="s77772860385de948">
<source>Password used to authenticate to the KDC for syncing. Optional if Sync keytab or Sync credentials cache is provided.</source>
<target>Mot de passe utilisé pour s'authentifier au KDC pour synchroniser. Optional si une keytab de synchronisation ou un credentials cache de synchronisation est fourni.</target>
</trans-unit>
<trans-unit id="sc59ec59c3d5e74dc">
<source>Sync keytab</source>
<target>Keytab de synchronisation</target>
</trans-unit>
<trans-unit id="scd42997958453f05">
<source>Keytab used to authenticate to the KDC for syncing. Optional if Sync password or Sync credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.</source>
<target>Keytab utilisée pour s'authentifier au KDC pour synchroniser. Optional si un mot de passe de synchronisation ou un credentials cache de synchronisation est fourni. Doit être encodé en base64 ou de la forme TYPE:residual.</target>
</trans-unit>
<trans-unit id="s60eaf439ccdca1f2">
<source>Sync credentials cache</source>
<target>Credentials cache de synchronisation</target>
</trans-unit>
<trans-unit id="s95722900b0c9026f">
<source>Credentials cache used to authenticate to the KDC for syncing. Optional if Sync password or Sync keytab is provided. Must be in the form TYPE:residual.</source>
<target>Credentials cache utilisé pour s'authentifier au KDC pour synchroniser. Optional si un mot de passe de synchronisation ou une keytab de synchronisation est fourni. Doit être de la forme TYPE:residual.</target>
</trans-unit>
<trans-unit id="sf9c055db98d7994a">
<source>SPNEGO settings</source>
<target>Paramètres SPNEGO</target>
</trans-unit>
<trans-unit id="sab580a45dc46937f">
<source>SPNEGO server name</source>
<target>Nom de serveur SPNEGO</target>
</trans-unit>
<trans-unit id="s7a79d6174d17ab2d">
<source>Force the use of a specific server name for SPNEGO. Must be in the form HTTP@domain</source>
<target>Force l'utilisation d'un nom de serveur spécifique pour SPNEGO. Doit être de la forme HTTP@hostname</target>
</trans-unit>
<trans-unit id="sa4ba2b2081472ccd">
<source>SPNEGO keytab</source>
<target>Keytab SPNEGO</target>
</trans-unit>
<trans-unit id="s64adda975c1106c0">
<source>Keytab used for SPNEGO. Optional if SPNEGO credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.</source>
<target>Keytab utilisée pour SPNEGO. Optional si un credentials cache SPNEGO est fourni. Doit être encodé en base64 ou de la forme TYPE:residual.</target>
</trans-unit>
<trans-unit id="s92247825b92587b5">
<source>SPNEGO credentials cache</source>
<target>Credentials cache SPNEGO</target>
</trans-unit>
<trans-unit id="sd9757c345e4062f8">
<source>Credentials cache used for SPNEGO. Optional if SPNEGO keytab is provided. Must be in the form TYPE:residual.</source>
<target>Credentials cache utilisé pour SPNEGO. Optional si une keytab SPNEGO est fournie. Doit être de la forme TYPE:residual.</target>
</trans-unit>
<trans-unit id="s734ab8fbcae0b69e">
<source>Kerberos Attribute mapping</source>
<target>Mappage d'attributs Kerberos</target>
</trans-unit>
<trans-unit id="s2c378e86e025fdb2">
<source>Update Kerberos Source</source>
<target>Mettre à jour la source Kerberos</target>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
<target>Base de données utilisateurs + mot de passe Kerberos</target>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

9282
web/xliff/it.xlf Normal file
View File

File diff suppressed because it is too large Load Diff

33
web/xliff/ko.xlf
View File

@ -6590,11 +6590,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Please enter your code</source>
<target>코드를 입력하세요.</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>디바이스 선택기로 돌아가기</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7621,10 +7616,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>루트 도메인 당 Nginx의 auth_request 또는 Traefik의 forwardAuth 경우</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>RBAC 는 현재 프리뷰입니다.</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>새로 생성된 사용자에 사용되는 사용자 유형입니다.</target>
@ -7819,9 +7810,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -8849,6 +8837,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

32
web/xliff/nl.xlf
View File

@ -6575,11 +6575,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
<source>Please enter your code</source>
<target>Voer uw code in</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Terug naar apparaatkeuze</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7401,9 +7396,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
<trans-unit id="sf79f8681e5ffaee2">
<source>Assign to new user</source>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
</trans-unit>
<trans-unit id="saabeb4cab074b0b9">
<source>User Object Permissions</source>
</trans-unit>
@ -7491,9 +7483,6 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -8695,6 +8684,27 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

34
web/xliff/pl.xlf
View File

@ -6620,11 +6620,6 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
<source>Please enter your code</source>
<target>Proszę wprowadź swój kod</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Wróć do wyboru urządzeń</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7655,10 +7650,6 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>Dla nginx's auth_request lub traefik's forwardAuth dla domeny głównej</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>RBAC jest w fazie zapoznawczej.</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>Typ użytkownika używany dla nowo utworzonych użytkowników.</target>
@ -7851,10 +7842,6 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
<source>Create Endpoint</source>
<target>Utwórz punkt końcowy</target>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
<target>RAC jest w fazie zapoznawczej.</target>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
<target>Aktualizuj dostawcę RAC</target>
@ -9114,6 +9101,27 @@ Powiązania z grupami/użytkownikami są sprawdzane względem użytkownika zdarz
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

34
web/xliff/pseudo-LOCALE.xlf
View File

@ -6578,11 +6578,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Please enter your code</source>
<target>Ƥĺēàśē ēńţēŕ ŷōũŕ ćōďē</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Ŕēţũŕń ţō ďēvĩćē ƥĩćķēŕ</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7599,10 +7594,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>Ƒōŕ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś ƒōŕŵàŕďÀũţĥ ƥēŕ ŕōōţ ďōḿàĩń</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>ŔßÀĆ ĩś ĩń ƥŕēvĩēŵ.</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>Ũśēŕ ţŷƥē ũśēď ƒōŕ ńēŵĺŷ ćŕēàţēď ũśēŕś.</target>
@ -7795,10 +7786,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Create Endpoint</source>
<target>Ćŕēàţē Ēńďƥōĩńţ</target>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
<target>ŔÀĆ ĩś ĩń ƥŕēvĩēŵ.</target>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
<target>Ũƥďàţē ŔÀĆ Ƥŕōvĩďēŕ</target>
@ -9154,4 +9141,25 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body></file></xliff>

34
web/xliff/ru.xlf
View File

@ -6619,11 +6619,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Please enter your code</source>
<target>Пожалуйста, введите ваш код</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Вернуться к выбору устройства</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7654,10 +7649,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>Для nginx's auth_request или traefik's forwardAuth для корневого домена</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>RBAC находится в предварительной версии.</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>Тип пользователя, используемый для вновь созданных пользователей.</target>
@ -7850,10 +7841,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Create Endpoint</source>
<target>Создать конечную точку</target>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
<target>RAC находится в предварительной версии.</target>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
<target>Обновить RAC провайдера</target>
@ -9177,6 +9164,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

31
web/xliff/tr.xlf
View File

@ -4955,10 +4955,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s3cd84e82e83e35ad">
<source>Please enter your code</source>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>Aygıt seçiciye geri dön</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
<target>Kimlik doğrulamayı yeniden deneyin</target>
@ -5733,9 +5729,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="sfc31264ef7ff86ef">
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
</trans-unit>
@ -5880,9 +5873,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -6925,6 +6915,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

30
web/xliff/zh-CN.xlf
View File

@ -1375,9 +1375,6 @@
<trans-unit id="s9fb28be12e2c6317">
<source>Superuser</source>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
</trans-unit>
<trans-unit id="sa1db89262360550b">
<source>Send us feedback!</source>
</trans-unit>
@ -1914,9 +1911,6 @@ doesn't pass when either or both of the selected options are equal or above the
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -4712,9 +4706,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s3cd84e82e83e35ad">
<source>Please enter your code</source>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
</trans-unit>
@ -5863,6 +5854,27 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>
</xliff>

70
web/xliff/zh-Hans.xlf
View File

@ -6618,11 +6618,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Please enter your code</source>
<target>请输入您的代码</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>返回设备选择器</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7653,10 +7648,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>适用于按根域名配置的 nginx 的 auth_request 或 traefik 的 forwardAuth</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>RBAC 目前处于预览状态。</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>新创建用户使用的用户类型。</target>
@ -7849,10 +7840,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Create Endpoint</source>
<target>创建端点</target>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
<target>RAC 目前处于预览状态。</target>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
<target>更新 RAC 提供程序</target>
@ -9133,90 +9120,147 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="sbfee780fa0a2c83e">
<source>Device type <x id="0" equiv-text="${device.verboseName}"/> cannot be deleted</source>
<target>设备类型 <x id="0" equiv-text="${device.verboseName}"/> 无法被删除</target>
</trans-unit>
<trans-unit id="s336936629cdeb3e5">
<source>Stage used to verify users' browsers using Google Chrome Device Trust. This stage can be used in authentication/authorization flows.</source>
<target>通过 Google Chrome 设备信任来验证用户浏览器的阶段。此阶段可在身份验证/授权流程中使用。</target>
</trans-unit>
<trans-unit id="s85fe794c71b4ace8">
<source>Google Verified Access API</source>
<target>Google Verified Access API</target>
</trans-unit>
<trans-unit id="s013620384af7c8b4">
<source>Device type <x id="0" equiv-text="${device.verboseName}"/> cannot be edited</source>
<target>设备类型 <x id="0" equiv-text="${device.verboseName}"/> 无法被编辑</target>
</trans-unit>
<trans-unit id="s4347135696fc7cde">
<source>Advanced flow settings</source>
<target>高级流程设置</target>
</trans-unit>
<trans-unit id="sf52ff57fd136cc2f">
<source>Enable this option to write password changes made in authentik back to Kerberos. Ignored if sync is disabled.</source>
<target>启用此选项会将 authentik 作出的密码修改写入回 Kerberos。如果未启用同步则忽略。</target>
</trans-unit>
<trans-unit id="s14a16542f956e11d">
<source>Realm settings</source>
<target>领域设置</target>
</trans-unit>
<trans-unit id="s9c2eae548d3c1c30">
<source>Realm</source>
<target>领域</target>
</trans-unit>
<trans-unit id="s6b032212997e2491">
<source>Kerberos 5 configuration</source>
<target>Kerberos 5 配置</target>
</trans-unit>
<trans-unit id="sbf50181022f47de3">
<source>Kerberos 5 configuration. See man krb5.conf(5) for configuration format. If left empty, a default krb5.conf will be used.</source>
<target>Kerberos 5 配置。请阅读 man krb5.conf(5) 了解配置格式。如果留空,则使用默认的 krb5.conf。</target>
</trans-unit>
<trans-unit id="s2386539a0bd62fab">
<source>Sync connection settings</source>
<target>同步连接设置</target>
</trans-unit>
<trans-unit id="s0d1a6f3fe81351f8">
<source>Sync principal</source>
<target>同步主体</target>
</trans-unit>
<trans-unit id="sa691d6e1974295fa">
<source>Principal used to authenticate to the KDC for syncing.</source>
<target>向 KDC 进行身份验证以进行同步的主体。</target>
</trans-unit>
<trans-unit id="s977b9c629eed3d33">
<source>Sync password</source>
<target>同步密码</target>
</trans-unit>
<trans-unit id="s77772860385de948">
<source>Password used to authenticate to the KDC for syncing. Optional if Sync keytab or Sync credentials cache is provided.</source>
<target>向 KDC 进行身份验证以进行同步的密码。如果提供了同步 Keytab 或同步凭据缓存,则此选项是可选的。</target>
</trans-unit>
<trans-unit id="sc59ec59c3d5e74dc">
<source>Sync keytab</source>
<target>同步 Keytab</target>
</trans-unit>
<trans-unit id="scd42997958453f05">
<source>Keytab used to authenticate to the KDC for syncing. Optional if Sync password or Sync credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.</source>
<target>向 KDC 进行身份验证以进行同步的 Keytab。如果提供了同步密码或同步凭据缓存则此选项是可选的。必须以 Base64 编码,或者形式为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="s60eaf439ccdca1f2">
<source>Sync credentials cache</source>
<target>同步凭据缓存</target>
</trans-unit>
<trans-unit id="s95722900b0c9026f">
<source>Credentials cache used to authenticate to the KDC for syncing. Optional if Sync password or Sync keytab is provided. Must be in the form TYPE:residual.</source>
<target>向 KDC 进行身份验证以进行同步的凭据缓存。如果提供了同步密码或同步 Keytab则此选项是可选的。形式必须为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="sf9c055db98d7994a">
<source>SPNEGO settings</source>
<target>SPNEGO 设置</target>
</trans-unit>
<trans-unit id="sab580a45dc46937f">
<source>SPNEGO server name</source>
<target>SPNEGO 服务器名称</target>
</trans-unit>
<trans-unit id="s7a79d6174d17ab2d">
<source>Force the use of a specific server name for SPNEGO. Must be in the form HTTP@domain</source>
<target>强制为 SPNEGO 使用特定服务器名称。形式必须为 HTTP@域名</target>
</trans-unit>
<trans-unit id="sa4ba2b2081472ccd">
<source>SPNEGO keytab</source>
<target>SPNEGO Keytab</target>
</trans-unit>
<trans-unit id="s64adda975c1106c0">
<source>Keytab used for SPNEGO. Optional if SPNEGO credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.</source>
<target>SPNEGO 使用的 Keytab。如果提供了 SPNEGO 凭据缓存,则此选项是可选的。必须以 Base64 编码,或者形式为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="s92247825b92587b5">
<source>SPNEGO credentials cache</source>
<target>SPNEGO 凭据缓存</target>
</trans-unit>
<trans-unit id="sd9757c345e4062f8">
<source>Credentials cache used for SPNEGO. Optional if SPNEGO keytab is provided. Must be in the form TYPE:residual.</source>
<target>SPNEGO 使用的凭据缓存。如果提供了 SPNEGO Keytab则此选项是可选的。形式必须为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="s734ab8fbcae0b69e">
<source>Kerberos Attribute mapping</source>
<target>Kerberos 属性映射</target>
</trans-unit>
<trans-unit id="s2c378e86e025fdb2">
<source>Update Kerberos Source</source>
<target>更新 Kerberos 源</target>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
<target>用户数据库 + Kerberos 密码</target>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
<target>选择另一种身份验证方法</target>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
<target>为此用户输入一次性恢复代码。</target>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
<target>请输入来自您身份验证设备的代码。</target>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
<target>Kerberos 源目前处于预览状态。</target>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
<target>验证码阶段</target>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
<target>设置后,添加与验证码阶段完全相同的功能,但融入识别阶段。</target>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
<target>端点 Google Chrome 设备信任处于预览状态。</target>
</trans-unit>
</body>
</file>

31
web/xliff/zh-Hant.xlf
View File

@ -4999,10 +4999,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s3cd84e82e83e35ad">
<source>Please enter your code</source>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>返回设备选择器</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
<target>重试身份验证</target>
@ -5781,9 +5777,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="sfc31264ef7ff86ef">
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
</trans-unit>
@ -5928,9 +5921,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -6973,6 +6963,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

157
web/xliff/zh_CN.xlf
View File

@ -6618,11 +6618,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Please enter your code</source>
<target>请输入您的代码</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>返回设备选择器</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7653,10 +7648,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>适用于按根域名配置的 nginx 的 auth_request 或 traefik 的 forwardAuth</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>RBAC 目前处于预览状态。</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>新创建用户使用的用户类型。</target>
@ -7849,10 +7840,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Create Endpoint</source>
<target>创建端点</target>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
<target>RAC 目前处于预览状态。</target>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
<target>更新 RAC 提供程序</target>
@ -9130,6 +9117,150 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s8a598f7aef81c3bc">
<source>Key used to encrypt the tokens.</source>
<target>用于加密令牌的密钥。</target>
</trans-unit>
<trans-unit id="sbfee780fa0a2c83e">
<source>Device type <x id="0" equiv-text="${device.verboseName}"/> cannot be deleted</source>
<target>设备类型 <x id="0" equiv-text="${device.verboseName}"/> 无法被删除</target>
</trans-unit>
<trans-unit id="s336936629cdeb3e5">
<source>Stage used to verify users' browsers using Google Chrome Device Trust. This stage can be used in authentication/authorization flows.</source>
<target>通过 Google Chrome 设备信任来验证用户浏览器的阶段。此阶段可在身份验证/授权流程中使用。</target>
</trans-unit>
<trans-unit id="s85fe794c71b4ace8">
<source>Google Verified Access API</source>
<target>Google Verified Access API</target>
</trans-unit>
<trans-unit id="s013620384af7c8b4">
<source>Device type <x id="0" equiv-text="${device.verboseName}"/> cannot be edited</source>
<target>设备类型 <x id="0" equiv-text="${device.verboseName}"/> 无法被编辑</target>
</trans-unit>
<trans-unit id="s4347135696fc7cde">
<source>Advanced flow settings</source>
<target>高级流程设置</target>
</trans-unit>
<trans-unit id="sf52ff57fd136cc2f">
<source>Enable this option to write password changes made in authentik back to Kerberos. Ignored if sync is disabled.</source>
<target>启用此选项会将 authentik 作出的密码修改写入回 Kerberos。如果未启用同步则忽略。</target>
</trans-unit>
<trans-unit id="s14a16542f956e11d">
<source>Realm settings</source>
<target>领域设置</target>
</trans-unit>
<trans-unit id="s9c2eae548d3c1c30">
<source>Realm</source>
<target>领域</target>
</trans-unit>
<trans-unit id="s6b032212997e2491">
<source>Kerberos 5 configuration</source>
<target>Kerberos 5 配置</target>
</trans-unit>
<trans-unit id="sbf50181022f47de3">
<source>Kerberos 5 configuration. See man krb5.conf(5) for configuration format. If left empty, a default krb5.conf will be used.</source>
<target>Kerberos 5 配置。请阅读 man krb5.conf(5) 了解配置格式。如果留空,则使用默认的 krb5.conf。</target>
</trans-unit>
<trans-unit id="s2386539a0bd62fab">
<source>Sync connection settings</source>
<target>同步连接设置</target>
</trans-unit>
<trans-unit id="s0d1a6f3fe81351f8">
<source>Sync principal</source>
<target>同步主体</target>
</trans-unit>
<trans-unit id="sa691d6e1974295fa">
<source>Principal used to authenticate to the KDC for syncing.</source>
<target>向 KDC 进行身份验证以进行同步的主体。</target>
</trans-unit>
<trans-unit id="s977b9c629eed3d33">
<source>Sync password</source>
<target>同步密码</target>
</trans-unit>
<trans-unit id="s77772860385de948">
<source>Password used to authenticate to the KDC for syncing. Optional if Sync keytab or Sync credentials cache is provided.</source>
<target>向 KDC 进行身份验证以进行同步的密码。如果提供了同步 Keytab 或同步凭据缓存,则此选项是可选的。</target>
</trans-unit>
<trans-unit id="sc59ec59c3d5e74dc">
<source>Sync keytab</source>
<target>同步 Keytab</target>
</trans-unit>
<trans-unit id="scd42997958453f05">
<source>Keytab used to authenticate to the KDC for syncing. Optional if Sync password or Sync credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.</source>
<target>向 KDC 进行身份验证以进行同步的 Keytab。如果提供了同步密码或同步凭据缓存则此选项是可选的。必须以 Base64 编码,或者形式为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="s60eaf439ccdca1f2">
<source>Sync credentials cache</source>
<target>同步凭据缓存</target>
</trans-unit>
<trans-unit id="s95722900b0c9026f">
<source>Credentials cache used to authenticate to the KDC for syncing. Optional if Sync password or Sync keytab is provided. Must be in the form TYPE:residual.</source>
<target>向 KDC 进行身份验证以进行同步的凭据缓存。如果提供了同步密码或同步 Keytab则此选项是可选的。形式必须为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="sf9c055db98d7994a">
<source>SPNEGO settings</source>
<target>SPNEGO 设置</target>
</trans-unit>
<trans-unit id="sab580a45dc46937f">
<source>SPNEGO server name</source>
<target>SPNEGO 服务器名称</target>
</trans-unit>
<trans-unit id="s7a79d6174d17ab2d">
<source>Force the use of a specific server name for SPNEGO. Must be in the form HTTP@domain</source>
<target>强制为 SPNEGO 使用特定服务器名称。形式必须为 HTTP@域名</target>
</trans-unit>
<trans-unit id="sa4ba2b2081472ccd">
<source>SPNEGO keytab</source>
<target>SPNEGO Keytab</target>
</trans-unit>
<trans-unit id="s64adda975c1106c0">
<source>Keytab used for SPNEGO. Optional if SPNEGO credentials cache is provided. Must be base64 encoded or in the form TYPE:residual.</source>
<target>SPNEGO 使用的 Keytab。如果提供了 SPNEGO 凭据缓存,则此选项是可选的。必须以 Base64 编码,或者形式为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="s92247825b92587b5">
<source>SPNEGO credentials cache</source>
<target>SPNEGO 凭据缓存</target>
</trans-unit>
<trans-unit id="sd9757c345e4062f8">
<source>Credentials cache used for SPNEGO. Optional if SPNEGO keytab is provided. Must be in the form TYPE:residual.</source>
<target>SPNEGO 使用的凭据缓存。如果提供了 SPNEGO Keytab则此选项是可选的。形式必须为 TYPE:residual。</target>
</trans-unit>
<trans-unit id="s734ab8fbcae0b69e">
<source>Kerberos Attribute mapping</source>
<target>Kerberos 属性映射</target>
</trans-unit>
<trans-unit id="s2c378e86e025fdb2">
<source>Update Kerberos Source</source>
<target>更新 Kerberos 源</target>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
<target>用户数据库 + Kerberos 密码</target>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
<target>选择另一种身份验证方法</target>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
<target>为此用户输入一次性恢复代码。</target>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
<target>请输入来自您身份验证设备的代码。</target>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
<target>Kerberos 源目前处于预览状态。</target>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
<target>验证码阶段</target>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
<target>设置后,添加与验证码阶段完全相同的功能,但融入识别阶段。</target>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
<target>端点 Google Chrome 设备信任处于预览状态。</target>
</trans-unit>
</body>
</file>

33
web/xliff/zh_TW.xlf
View File

@ -6566,11 +6566,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Please enter your code</source>
<target>請輸入您的認證碼</target>
</trans-unit>
<trans-unit id="s18b910437b73e8e8">
<source>Return to device picker</source>
<target>回到選擇裝置頁面</target>
</trans-unit>
<trans-unit id="se409d01b52c4e12f">
<source>Retry authentication</source>
@ -7595,10 +7590,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>For nginx's auth_request or traefik's forwardAuth per root domain</source>
<target>適用於每個主網域的 nginx 的「auth_request」或 traefik 的「forwardAuth」</target>
</trans-unit>
<trans-unit id="sc615309d10a9228c">
<source>RBAC is in preview.</source>
<target>RBAC 正處於預覽版本。</target>
</trans-unit>
<trans-unit id="s32babfed740fd3c1">
<source>User type used for newly created users.</source>
<target>用於建立使用者的使用者類型。</target>
@ -7765,9 +7756,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s38e7cd1a24e70faa">
<source>Create Endpoint</source>
</trans-unit>
<trans-unit id="s4770c10e5b1c028c">
<source>RAC is in preview.</source>
</trans-unit>
<trans-unit id="s168565f5ac74a89f">
<source>Update RAC Provider</source>
</trans-unit>
@ -8810,6 +8798,27 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit>
<trans-unit id="s03e4044abe0b556c">
<source>User database + Kerberos password</source>
</trans-unit>
<trans-unit id="s98bb2ae796f1ceef">
<source>Select another authentication method</source>
</trans-unit>
<trans-unit id="s21d95b4651ad7a1e">
<source>Enter a one-time recovery code for this user.</source>
</trans-unit>
<trans-unit id="s2e1d5a7d320c25ef">
<source>Enter the code from your authenticator device.</source>
</trans-unit>
<trans-unit id="scc1a17d28912e974">
<source>Kerberos Source is in preview.</source>
</trans-unit>
<trans-unit id="s54154a8d64a3597b">
<source>Captcha stage</source>
</trans-unit>
<trans-unit id="s0c250af62ddbf801">
<source>When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage.</source>
</trans-unit>
<trans-unit id="sabf8a430d504f8c8">
<source>Endpoint Google Chrome Device Trust is in preview.</source>
</trans-unit>
</body>
</file>

4
website/docs/add-secure-apps/flows-stages/flow/context/index.md
View File

@ -112,7 +112,7 @@ An optional list of all permissions that will be given to the application by gra
#### Deny stage
##### `deny_message` (string) <span class="badge badge--version">authentik 2023.10+</span>
##### `deny_message` (string) <span class="badge badge--version">authentik 2023.10+</span>
Optionally overwrite the deny message shown, has a higher priority than the message configured in the stage.
@ -128,7 +128,7 @@ If set, this must be a list of group objects and not group names.
Path the `pending_user` will be written to. If not set in the flow, falls back to the value set in the user_write stage, and otherwise to the `users` path.
##### `user_type` (string) <span class="badge badge--version">authentik 2023.10+</span>
##### `user_type` (string) <span class="badge badge--version">authentik 2023.10+</span>
Type the `pending_user` will be created as. Must be one of `internal`, `external` or `service_account`.

4
website/docs/add-secure-apps/flows-stages/stages/authenticator_duo/index.md
View File

@ -10,7 +10,7 @@ Copy all of the integration key, secret key and API hostname, and paste them in
Devices created reference the stage they were created with, since the API credentials are needed to authenticate. This also means when the stage is deleted, all devices are removed.
## Importing users <span class="badge badge--version">authentik 2022.9+</span>
## Importing users <span class="badge badge--version">authentik 2022.9+</span>
:::info
Due to the way the Duo API works, authentik can only automatically import existing Duo users when a Duo MFA or higher license is active.
@ -20,7 +20,7 @@ To import a device, open the Stages list in the authentik Admin interface. On th
The Duo username can be found by navigating to your Duo Admin dashboard and selecting _Users_ in the sidebar. Optionally if you have multiple users with the same username, you can click on a User and copy their ID from the URL, and use that to import the device.
### Older versions <span class="badge badge--version">authentik 2021.9.1+</span>
### Older versions <span class="badge badge--version">authentik 2021.9.1+</span>
You can call the `/api/v3/stages/authenticator/duo/{stage_uuid}/import_devices/` endpoint ([see here](https://goauthentik.io/api/#post-/stages/authenticator/duo/-stage_uuid-/import_devices/)) using the following parameters:

1
website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md
View File

@ -3,6 +3,7 @@ title: Endpoint Authenticator Google Device Trust Connector Stage
---
<span class="badge badge--primary">Enterprise</span>
<span class="badge badge--preview">Preview</span>
<span class="badge badge--version">authentik 2024.10+</span>
---

10
website/docs/add-secure-apps/flows-stages/stages/authenticator_validate/index.md
View File

@ -5,10 +5,10 @@ title: Authenticator validation stage
This stage validates an already configured Authenticator Device. This device has to be configured using any of the other authenticator stages:
- [Duo authenticator stage](../authenticator_duo/index.md)
- [SMS authenticator stage](../authenticator_sms/index.md).
- [Static authenticator stage](../authenticator_static/index.md).
- [SMS authenticator stage](../authenticator_sms/index.md)
- [Static authenticator stage](../authenticator_static/index.md)
- [TOTP authenticator stage](../authenticator_totp/index.md)
- [WebAuth authenticator stage](../authenticator_webauthn/index.md).
- [WebAuthn authenticator stage](../authenticator_webauthn/index.md)
You can select which type of device classes are allowed.
@ -75,3 +75,7 @@ Optionally restrict which WebAuthn device types can be used to authenticate.
When no restriction is set, all WebAuthn devices a user has registered are allowed.
These restrictions only apply to WebAuthn devices created with authentik 2024.4 or later.
#### Automatic device selection
If the user has more than one device, the user is prompted to select which device they want to use for validation. After the user successfully authenticates with a certain device, that device is marked as "last used". In subsequent prompts by the Authenticator validation stage, the last used device is automatically selected for the user. Should they wish to use another device, the user can return to the device selection screen.

10
website/docs/add-secure-apps/flows-stages/stages/identification/index.md
View File

@ -16,7 +16,15 @@ Select which fields the user can use to identify themselves. Multiple fields can
## Password stage
To prompt users for their password on the same step as identifying themselves, a password stage can be selected here. If a password stage is selected in the Identification stage, the password stage should not be bound to the flow.
To prompt users for their password on the same step as identifying themselves, a Password stage can be selected here. If a Password stage is selected in the Identification stage, the Password stage should not be bound to the flow.
## CAPTCHA stage
:::warning
The CAPTCHA stage you use must be configured to use the "Invisible" mode, otherwise the widget will be rendered incorrectly.
:::
To run a CAPTCHA process in the background while the user is entering their identification, a CAPTCHA stage can be selected here. If a CAPTCHA stage is selected in the Identification stage, the CAPTCHA stage should not be bound to the flow.
## Enrollment/Recovery Flow

5
website/docs/add-secure-apps/providers/entra/add-entra-provider.md
View File

@ -3,15 +3,12 @@ title: Add an Entra ID provider
---
<span class="badge badge--primary">Enterprise</span>
<span class="badge badge--preview">Preview</span>
---
For more information about using an Entra ID provider, see the [Overview](./index.md) documentation.
:::info
This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
## Prerequisites
To create an Entra ID provider provider in authentik, you must have already [configured Entra ID](./setup-entra.md) to integrate with authentik. You will need to obtain from Entra three values: the Application (client) ID, the Directory (tenant) ID, and the Client secret. When adding an Entra ID provider in authentik, you must provide these values.

5
website/docs/add-secure-apps/providers/entra/index.md
View File

@ -3,13 +3,10 @@ title: Microsoft Entra ID provider
---
<span class="badge badge--primary">Enterprise</span>
<span class="badge badge--preview">Preview</span>
---
:::info
This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values.
- For instructions to configure your Entra ID tenant to integrate with authentik, refer to [Configure Entra ID](./setup-entra.md).

5
website/docs/add-secure-apps/providers/gws/add-gws-provider.md
View File

@ -3,13 +3,10 @@ title: Create a Google Workspace provider
---
<span class="badge badge--primary">Enterprise</span>
<span class="badge badge--preview">Preview</span>
---
:::info
This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
For more information about using a Google Workspace provider, see the [Overview](./index.md) documentation.
## Prerequisites

5
website/docs/add-secure-apps/providers/gws/index.md
View File

@ -3,13 +3,10 @@ title: Google Workspace provider
---
<span class="badge badge--primary">Enterprise</span>
<span class="badge badge--preview">Preview</span>
---
:::info
This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail.
- For instructions to configure your Google Workspace to integrate with authentik, refer to [Configure Google Workspace](./setup-gws.md).

7
website/docs/add-secure-apps/providers/proxy/server_caddy.mdx
View File

@ -1,7 +1,12 @@
---
title: Caddy
hide_title: true
---
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
# Caddy <span class="badge badge--version">authentik 2022.8+</span>
# Caddy <span class="badge badge--version">authentik 2022.8+</span>
The configuration template shown below apply to both single-application and domain-level forward auth.

7
website/docs/add-secure-apps/providers/proxy/server_envoy.mdx
View File

@ -1,7 +1,12 @@
---
title: Envoy
hide_title: true
---
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
# Envoy <span class="badge badge--version">authentik 2022.6+</span>
# Envoy <span class="badge badge--version">authentik 2022.6+</span>
The configuration template shown below apply to both single-application and domain-level forward auth.

6
website/docs/add-secure-apps/providers/rac/how-to-rac.md
View File

@ -2,17 +2,13 @@
title: Create a Remote Access Control (RAC) provider
---
:::info
This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
The RAC provider is a highly flexible feature for accessing remote machines. This document provides instructions for the basic creation and configuration of a RAC provider within a defined scenario.
Fow more information about using a RAC provider, see the [Overview](./index.md) documentation. You can also view our video on YouTube for setting up RAC.
<iframe width="560" height="315" src="https://www.youtube.com/embed/9wahIBRV6Ts;start=22" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
## Prereqisites
## Prerequisites
The RAC provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx).

4
website/docs/add-secure-apps/providers/rac/index.md
View File

@ -6,10 +6,6 @@ title: Remote Access Control (RAC) Provider
---
:::info
This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
:::info
This provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx).
:::

2
website/docs/customize/blueprints/index.md
View File

@ -2,7 +2,7 @@
title: Blueprints
---
<span class="badge badge--version">authentik 2022.8+</span>
<span class="badge badge--version">authentik 2022.8+</span>
---

12
website/docs/customize/blueprints/v1/models.md
View File

@ -26,7 +26,7 @@ For example:
## `authentik_core.user`
### `password` <span class="badge badge--version">authentik 2023.6+</span>
### `password` <span class="badge badge--version">authentik 2023.6+</span>
Via the standard API, a user's password can only be set via the separate `/api/v3/core/users/<id>/set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field.
@ -45,7 +45,7 @@ For example:
password: this-should-be-a-long-value
```
### `permissions` <span class="badge badge--version">authentik 2024.8+</span>
### `permissions` <span class="badge badge--version">authentik 2024.8+</span>
The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints.
@ -63,7 +63,7 @@ For example:
## `authentik_core.application`
### `icon` <span class="badge badge--version">authentik 2023.5+</span>
### `icon` <span class="badge badge--version">authentik 2023.5+</span>
Application icons can be directly set to URLs with the `icon` field.
@ -81,7 +81,7 @@ For example:
## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource`
### `icon` <span class="badge badge--version">authentik 2023.5+</span>
### `icon` <span class="badge badge--version">authentik 2023.5+</span>
Source icons can be directly set to URLs with the `icon` field.
@ -99,7 +99,7 @@ For example:
## `authentik_flows.flow`
### `icon` <span class="badge badge--version">authentik 2023.5+</span>
### `icon` <span class="badge badge--version">authentik 2023.5+</span>
Flow backgrounds can be directly set to URLs with the `background` field.
@ -119,7 +119,7 @@ For example:
## `authentik_rbac.role`
### `permissions` <span class="badge badge--version">authentik 2024.8+</span>
### `permissions` <span class="badge badge--version">authentik 2024.8+</span>
The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints.

8
website/docs/expressions/_functions.md
View File

@ -29,7 +29,7 @@ user = list_flatten(["foo"])
# user = "foo"
```
### `ak_call_policy(name: str, **kwargs) -> PolicyResult` <span class="badge badge--version">authentik 2021.12+</span>
### `ak_call_policy(name: str, **kwargs) -> PolicyResult` <span class="badge badge--version">authentik 2021.12+</span>
Call another policy with the name _name_. Current request is passed to policy. Key-word arguments
can be used to modify the request's context.
@ -70,7 +70,7 @@ Example:
other_user = ak_user_by(username="other_user")
```
### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` <span class="badge badge--version">authentik 2022.9+</span>
### `ak_user_has_authenticator(user: User, device_type: Optional[str] = None) -> bool` <span class="badge badge--version">authentik 2022.9+</span>
Check if a user has any authenticator devices. Only fully validated devices are counted.
@ -87,7 +87,7 @@ Example:
return ak_user_has_authenticator(request.user)
```
### `ak_create_event(action: str, **kwargs) -> None` <span class="badge badge--version">authentik 2022.9+</span>
### `ak_create_event(action: str, **kwargs) -> None` <span class="badge badge--version">authentik 2022.9+</span>
Create a new event with the action set to `action`. Any additional key-word parameters will be saved in the event context. Additionally, `context` will be set to the context in which this function is called.
@ -112,7 +112,7 @@ ip_address('192.0.2.1') in ip_network('192.0.2.0/24')
# evaluates to True
```
## DNS resolution and reverse DNS lookups <span class="badge badge--version">authentik 2023.3+</span>
## DNS resolution and reverse DNS lookups <span class="badge badge--version">authentik 2023.3+</span>
To resolve a hostname to a list of IP addresses, use the functions `resolve_dns(hostname)` and `resolve_dns(hostname, ip_version)`.

4
website/docs/install-config/automated-install.md
View File

@ -8,11 +8,11 @@ To install authentik automatically (skipping the Out-of-box experience), you can
Configure the default password for the `akadmin` user. Only read on the first startup. Can be used for any flow executor.
### `AUTHENTIK_BOOTSTRAP_TOKEN` <span class="badge badge--version">authentik 2021.8+</span>
### `AUTHENTIK_BOOTSTRAP_TOKEN` <span class="badge badge--version">authentik 2021.8+</span>
Create a token for the default `akadmin` user. Only read on the first startup. The string you specify for this variable is the token key you can use to authenticate yourself to the API.
### `AUTHENTIK_BOOTSTRAP_EMAIL` <span class="badge badge--version">authentik 2023.3+</span>
### `AUTHENTIK_BOOTSTRAP_EMAIL` <span class="badge badge--version">authentik 2023.3+</span>
Set the email address for the default `akadmin` user.

16
website/docs/install-config/configuration/configuration.mdx
View File

@ -299,47 +299,47 @@ Disable the inbuilt update-checker. Defaults to `false`.
- Kubeconfig
- Existence of a docker socket
### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` <span class="badge badge--version">authentik 2023.1+</span>
### `AUTHENTIK_LDAP__TASK_TIMEOUT_HOURS` <span class="badge badge--version">authentik 2023.1+</span>
Timeout in hours for LDAP synchronization tasks.
Defaults to `2`.
### `AUTHENTIK_LDAP__PAGE_SIZE` <span class="badge badge--version">authentik 2023.6.1+</span>
### `AUTHENTIK_LDAP__PAGE_SIZE` <span class="badge badge--version">authentik 2023.6.1+</span>
Page size for LDAP synchronization. Controls the number of objects created in a single task.
Defaults to `50`.
### `AUTHENTIK_LDAP__TLS__CIPHERS` <span class="badge badge--version">authentik 2022.7+</span>
### `AUTHENTIK_LDAP__TLS__CIPHERS` <span class="badge badge--version">authentik 2022.7+</span>
Allows configuration of TLS Cliphers for LDAP connections used by LDAP sources. Setting applies to all sources.
Defaults to `null`.
### `AUTHENTIK_REPUTATION__EXPIRY` <span class="badge badge--version">authentik 2023.8.2+</span>
### `AUTHENTIK_REPUTATION__EXPIRY` <span class="badge badge--version">authentik 2023.8.2+</span>
Configure how long reputation scores should be saved for in seconds. Note that this is different than [`AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION`](#redis-settings), as reputation is saved to the database every 5 minutes.
Defaults to `86400`.
### `AUTHENTIK_SESSION_STORAGE` <span class="badge badge--version">authentik 2024.4+</span>
### `AUTHENTIK_SESSION_STORAGE` <span class="badge badge--version">authentik 2024.4+</span>
Configure if the sessions are stored in the cache or the database. Defaults to `cache`. Allowed values are `cache` and `db`. Note that changing this value will invalidate all previous sessions.
### `AUTHENTIK_WEB__WORKERS` <span class="badge badge--version">authentik 2022.9+</span>
### `AUTHENTIK_WEB__WORKERS` <span class="badge badge--version">authentik 2022.9+</span>
Configure how many gunicorn worker processes should be started (see https://docs.gunicorn.org/en/stable/design.html).
Defaults to 2. A value below 2 workers is not recommended. In environments where scaling with multiple replicas of the authentik server is not possible, this number can be increased to handle higher loads.
### `AUTHENTIK_WEB__THREADS` <span class="badge badge--version">authentik 2022.9+</span>
### `AUTHENTIK_WEB__THREADS` <span class="badge badge--version">authentik 2022.9+</span>
Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html).
Defaults to 4.
### `AUTHENTIK_WORKER__CONCURRENCY` <span class="badge badge--version">authentik 2023.9+</span>
### `AUTHENTIK_WORKER__CONCURRENCY` <span class="badge badge--version">authentik 2023.9+</span>
Configure Celery worker concurrency for authentik worker (see https://docs.celeryq.dev/en/latest/userguide/configuration.html#worker-concurrency). This essentially defines the number of worker processes spawned for a single worker.

2015
website/docs/releases/2024/v2024.10.md
View File

File diff suppressed because it is too large Load Diff

5
website/docs/users-sources/sources/protocols/kerberos/index.md
View File

@ -2,6 +2,11 @@
title: Kerberos
---
<span class="badge badge--preview">Preview</span>
<span class="badge badge--version">authentik 2024.10+</span>
---
This source allows users to enroll themselves with an existing Kerberos identity.
## Preparation

6
website/docs/users-sources/sources/protocols/scim/index.md
View File

@ -2,9 +2,9 @@
title: SCIM Source
---
:::info
This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
:::
<span class="badge badge--preview">Preview</span>
---
The SCIM source allows other applications to directly create users and groups within authentik. SCIM provides predefined schema for users and groups, with a RESTful API, to enable automatic user provisioning and deprovisioning, SCIM is supported by applications such as Microsoft Entra ID, Google Workspace, and Okta.

8
website/docs/users-sources/sources/social-logins/github/index.md
View File

@ -20,8 +20,8 @@ The following placeholders will be used:
![Register OAuth App](./githubdeveloper1.png)
2. **Application Name:** Choose a name users will recognize ie: authentik
3. **Homepage URL**:: www.my.company
4. **Authorization callback URL**: https://authentik.company/source/oauth/callback/github
3. **Homepage URL:** www.my.company
4. **Authorization callback URL:**: https://authentik.company/source/oauth/callback/github
5. Click **Register Application**
Example screenshot
@ -35,8 +35,8 @@ Example screenshot
8. Under _Directory -> Federation & Social login_ Click **Create Github OAuth Source**
9. **Name**: Choose a name (For the example I use Github)
10. **Slug**: github (If you choose a different slug the URLs will need to be updated to reflect the change)
9. **Name:** Choose a name (For the example I use Github)
10. **Slug:** github (If you choose a different slug the URLs will need to be updated to reflect the change)
11. **Consumer Key:** Client ID from step 6
12. **Consumer Secret:** Client Secret from step 7

3
website/sidebars.js
View File

@ -2,13 +2,14 @@ import { generateVersionDropdown } from "./src/utils.js";
import apiReference from "./docs/developer-docs/api/reference/sidebar";
const releases = [
"releases/2024/v2024.10",
"releases/2024/v2024.8",
"releases/2024/v2024.6",
"releases/2024/v2024.4",
{
type: "category",
label: "Previous versions",
items: [
"releases/2024/v2024.4",
"releases/2024/v2024.2",
"releases/2023/v2023.10",
"releases/2023/v2023.8",

8
website/src/css/custom.css
View File

@ -125,3 +125,11 @@ body {
font-size: 0.75rem;
vertical-align: middle;
}
.badge--preview {
--ifm-badge-background-color: rgb(115, 188, 247);
color: var(--ifm-color-primary-contrast-foreground);
--ifm-badge-border-color: var(--ifm-badge-background-color);
font-size: 0.75rem;
vertical-align: middle;
}

19
website/src/pages/index.tsx
View File

@ -1,23 +1,8 @@
import React from "react";
import clsx from "clsx";
import Layout from "@theme/Layout";
import BrowserOnly from "@docusaurus/BrowserOnly";
import { Redirect } from "@docusaurus/router";
function Home() {
return (
<Layout title={`authentik Documentation`}>
<BrowserOnly>
{() => {
window.location.href = "/docs";
}}
</BrowserOnly>
<header className={clsx("hero hero--primary")}>
<div className="container">
<h1 className="hero__title">authentik Documentation</h1>
</div>
</header>
</Layout>
);
return <Redirect to="/docs" />;
}
export default Home;