coop-cloud/authentik
coop-cloud/authentik
1
2
Fork 4
Code Issues 1 Pull Requests 1 Projects Releases Wiki Activity

feat: add logout redirection

Browse Source
This commit is contained in:
Moritz 2023-01-05 23:36:22 +01:00
parent 26d02d51dd
commit 99a90147ac
3 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.env.sample
View File

@ -34,6 +34,7 @@ AUTHENTIK_IMPERSONATION=true
WELCOME_MESSAGE="Welcome to Authentik" WELCOME_MESSAGE="Welcome to Authentik"
DEFAULT_LANGUAGE=en DEFAULT_LANGUAGE=en
AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]' AUTHENTIK_FOOTER_LINKS='[{"name": "My Organization","href":"https://example.com"}]'
LOGOUT_REDIRECT="https://$DOMAIN"
COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/" COPY_ASSETS="flow_background.jpg|app:/web/dist/assets/images/ icon_left_brand.svg|app:/web/dist/assets/icons/ icon.png|app:/web/dist/assets/icons/"
EMAIL_SUBJECT="Account Recovery" EMAIL_SUBJECT="Account Recovery"

2
compose.yml
View File

@ -26,6 +26,7 @@ x-env: &env
- EMAIL_SUBJECT - EMAIL_SUBJECT
- EMAIL_TOKEN_EXPIRY_MINUTES - EMAIL_TOKEN_EXPIRY_MINUTES
- DOMAIN - DOMAIN
- LOGOUT_REDIRECT
version: '3.8' version: '3.8'
services: services:
@ -91,6 +92,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- custom-templates:/templates - custom-templates:/templates
- /dev/null:/blueprints/default/10-flow-default-authentication-flow.yaml - /dev/null:/blueprints/default/10-flow-default-authentication-flow.yaml
- /dev/null:/blueprints/default/10-flow-default-invalidation-flow.yaml
configs: configs:
- source: custom_flows - source: custom_flows
target: /blueprints/custom_flows.yaml target: /blueprints/custom_flows.yaml

51
custom_flows.yaml.tmpl
View File

@ -334,6 +334,55 @@ entries:
target: !KeyOf invitation-enrollment-flow target: !KeyOf invitation-enrollment-flow
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
######## Invalidation Flow ########
- identifiers:
slug: logout-flow
id: logout-flow
model: authentik_flows.flow
attrs:
name: Logout
title: Logout Flow
designation: invalidation
### STAGES
- id: logout-stage
identifiers:
name: logout-stage
model: authentik_stages_user_logout.userlogoutstage
### STAGE BINDINGS
- identifiers:
order: 0
stage: !KeyOf logout-stage
target: !KeyOf logout-flow
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: true
id: logout-stage-binding
### POLICIES
- attrs:
execution_logging: true
expression: 'context[''flow_plan''].context[''redirect''] = ''{{ env "LOGOUT_REDIRECT" }}''
return True'
identifiers:
name: redirect-policy
id: redirect-policy
model: authentik_policies_expression.expressionpolicy
### POLICY BINDINGS
- identifiers:
policy: !KeyOf redirect-policy
target: !KeyOf logout-stage-binding
order: 0
model: authentik_policies.policybinding
attrs:
enabled: {{ if eq (env "LOGOUT_REDIRECT") "" }} false {{ else }} true {{ end }}
timeout: 30
######## System Tenant ########## ######## System Tenant ##########
- attrs: - attrs:
attributes: attributes:
@ -347,7 +396,7 @@ entries:
# event_retention: days=365 # event_retention: days=365
flow_authentication: !KeyOf authentication_flow flow_authentication: !KeyOf authentication_flow
flow_recovery: !KeyOf recovery_flow flow_recovery: !KeyOf recovery_flow
flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]] flow_invalidation: !KeyOf logout-flow
flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]] flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
identifiers: identifiers:
pk: 047cce25-aae2-4b02-9f96-078e155f803d pk: 047cce25-aae2-4b02-9f96-078e155f803d