89c84f10d0
* managed: move flowexporter to managed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * *: implement SerializerModel in all models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: add initial api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: start blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: spec Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * version blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * yep Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove v2, improve v1 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * start custom tag, more rebrand Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move blueprints out of website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * try new things Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add !lookup, fix web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update and cleanup default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tags in lists Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't save field if its set to default value Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more flow cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * format web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing serializer for sms Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ignore _set fields Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove custom file extension Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate default flow to tenant Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * include blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
92 lines
2.7 KiB
YAML
92 lines
2.7 KiB
YAML
version: 1
|
|
entries:
|
|
- identifiers:
|
|
slug: default-authentication-flow
|
|
model: authentik_flows.flow
|
|
id: flow
|
|
attrs:
|
|
name: Default Authentication Flow
|
|
title: Welcome to authentik!
|
|
designation: authentication
|
|
- identifiers:
|
|
name: test-not-app-password
|
|
id: test-not-app-password
|
|
model: authentik_policies_expression.expressionpolicy
|
|
attrs:
|
|
execution_logging: false
|
|
expression: |
|
|
return context["auth_method"] != "app_password"
|
|
- identifiers:
|
|
name: default-authentication-login
|
|
id: default-authentication-login
|
|
model: authentik_stages_user_login.userloginstage
|
|
attrs:
|
|
session_duration: seconds=0
|
|
- identifiers:
|
|
name: default-authentication-identification
|
|
id: default-authentication-identification
|
|
model: authentik_stages_identification.identificationstage
|
|
attrs:
|
|
user_fields:
|
|
- email
|
|
- username
|
|
template: stages/identification/login.html
|
|
enrollment_flow: null
|
|
recovery_flow: null
|
|
- identifiers:
|
|
name: default-authentication-flow-mfa
|
|
id: default-authentication-flow-mfa
|
|
model: authentik_stages_authenticator_validate.AuthenticatorValidateStage
|
|
attrs: {}
|
|
- identifiers:
|
|
pk: !KeyOf default-authentication-password
|
|
name: default-authentication-password
|
|
id: default-authentication-password
|
|
model: authentik_stages_password.passwordstage
|
|
attrs:
|
|
backends:
|
|
- authentik.core.auth.InbuiltBackend
|
|
- authentik.core.auth.TokenBackend
|
|
- authentik.sources.ldap.auth.LDAPBackend
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-identification
|
|
order: 10
|
|
model: authentik_flows.flowstagebinding
|
|
attrs:
|
|
re_evaluate_policies: false
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-password
|
|
order: 20
|
|
model: authentik_flows.flowstagebinding
|
|
attrs:
|
|
re_evaluate_policies: false
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-flow-mfa
|
|
order: 30
|
|
model: authentik_flows.flowstagebinding
|
|
id: flow-binding-mfa
|
|
attrs:
|
|
evaluate_on_plan: false
|
|
re_evaluate_policies: true
|
|
policy_engine_mode: any
|
|
invalid_response_action: retry
|
|
- identifiers:
|
|
target: !KeyOf flow
|
|
stage: !KeyOf default-authentication-login
|
|
order: 100
|
|
model: authentik_flows.flowstagebinding
|
|
attrs:
|
|
re_evaluate_policies: false
|
|
- identifiers:
|
|
policy: !KeyOf test-not-app-password
|
|
target: !KeyOf flow-binding-mfa
|
|
order: 0
|
|
model: authentik_policies.policybinding
|
|
attrs:
|
|
negate: false
|
|
enabled: true
|
|
timeout: 30
|