diff --git a/blueprints/email-recovery.yaml b/blueprints/email-recovery.yaml new file mode 100644 index 0000000..836d232 --- /dev/null +++ b/blueprints/email-recovery.yaml @@ -0,0 +1,158 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/instantiate: "true" + name: Example - Recovery with email verification +entries: + - identifiers: + slug: default-recovery-flow + id: flow + model: authentik_flows.flow + attrs: + name: Default recovery flow + title: Reset your password + designation: recovery + - identifiers: + field_key: password + label: Password + id: prompt-field-password + model: authentik_stages_prompt.prompt + attrs: + type: password + required: true + placeholder: Password + order: 0 + placeholder_expression: false + - identifiers: + field_key: password_repeat + label: Password (repeat) + id: prompt-field-password-repeat + model: authentik_stages_prompt.prompt + attrs: + type: password + required: true + placeholder: Password (repeat) + order: 1 + placeholder_expression: false + - identifiers: + name: default-recovery-skip-if-restored + id: default-recovery-skip-if-restored + model: authentik_policies_expression.expressionpolicy + attrs: + expression: | + return request.context.get('is_restored', False) + - identifiers: + name: default-recovery-email + id: default-recovery-email + model: authentik_stages_email.emailstage + attrs: + use_global_settings: true + host: localhost + port: 25 + username: "" + use_tls: false + use_ssl: false + timeout: 10 + from_address: system@authentik.local + token_expiry: 30 + subject: authentik + template: email/password_reset.html + activate_user_on_success: true + - identifiers: + name: default-recovery-user-write + id: default-recovery-user-write + model: authentik_stages_user_write.userwritestage + - identifiers: + name: default-recovery-identification + id: default-recovery-identification + model: authentik_stages_identification.identificationstage + attrs: + user_fields: + - email + - username + - identifiers: + name: default-recovery-user-login + id: default-recovery-user-login + model: authentik_stages_user_login.userloginstage + attrs: + session_duration: seconds=0 + - identifiers: + name: Change your password + id: stages-prompt-password + model: authentik_stages_prompt.promptstage + attrs: + fields: + - !KeyOf prompt-field-password + - !KeyOf prompt-field-password-repeat + validation_policies: [] + - identifiers: + target: !KeyOf flow + stage: !KeyOf default-recovery-identification + order: 10 + model: authentik_flows.flowstagebinding + id: flow-binding-identification + attrs: + evaluate_on_plan: true + re_evaluate_policies: true + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + target: !KeyOf flow + stage: !KeyOf default-recovery-email + order: 20 + model: authentik_flows.flowstagebinding + id: flow-binding-email + attrs: + evaluate_on_plan: true + re_evaluate_policies: true + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0 + target: !KeyOf flow + stage: !KeyOf stages-prompt-password + order: 30 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: false + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + target: !KeyOf flow + stage: !KeyOf default-recovery-user-write + order: 40 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: false + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + target: !KeyOf flow + stage: !KeyOf default-recovery-user-login + order: 100 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: false + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + policy: !KeyOf default-recovery-skip-if-restored + target: !KeyOf flow-binding-identification + order: 0 + model: authentik_policies.policybinding + attrs: + negate: false + enabled: true + timeout: 30 + - identifiers: + policy: !KeyOf default-recovery-skip-if-restored + target: !KeyOf flow-binding-email + order: 0 + model: authentik_policies.policybinding + attrs: + negate: false + enabled: true + timeout: 30 diff --git a/blueprints/exported_blueprints.yaml b/blueprints/exported_blueprints.yaml new file mode 100644 index 0000000..63da8b9 --- /dev/null +++ b/blueprints/exported_blueprints.yaml @@ -0,0 +1,1750 @@ +context: {} +entries: +- attrs: + managed: goauthentik.io/crypto/jwt-managed + name: authentik Internal JWT Certificate + id: null + identifiers: + pk: 3848c886-6d8b-4597-b8b4-29835603fce5 + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: 2cda5dd8-2de6-4b4c-aba2-0c80f4bd90a6 + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: 1288ab05-0796-450a-b65a-5de81aa901bc + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: 1b5ff416-d081-45dd-864e-d473ee04940f + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: ed428997-f3e5-4b17-9789-c58d0d23a902 + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: 9ed4f02a-768d-4efa-abb2-083894ce1dff + model: authentik_crypto.certificatekeypair +- attrs: + mode: email + name: default-email-transport + id: null + identifiers: + pk: 82102847-0463-4402-b975-c6ef06ed8309 + model: authentik_events.notificationtransport +- attrs: + mode: local + name: default-local-transport + id: null + identifiers: + pk: 92c70a55-3152-4ec4-870f-0a11df8015a8 + model: authentik_events.notificationtransport +- attrs: + event: + action: policy_exception + app: authentik.policies.process + client_ip: null + context: + binding: + app: authentik_policies + model_name: policybinding + name: 'Binding from Flow-stage binding #20 to 538adafa-4f3d-422f-af38-13df3a53f440 + #0 to Policy default-recovery-skip-if-restored' + pk: 67f2c73df504425f9deb2c1ee1897a32 + message: "Traceback (most recent call last):\n File \"default-recovery-skip-if-restored\"\ + , line 4, in \n File \"default-recovery-skip-if-restored\", line\ + \ 2, in handler\n File \"/authentik/lib/expression/evaluator.py\", line\ + \ 108, in expr_event_create\n if \"request\" in self._context and isinstance(PolicyRequest,\ + \ self._context[\"request\"]):\nbuiltins.TypeError: isinstance() arg 2 must\ + \ be a type, a tuple of types, or a union" + policy_uuid: b60d0f99fc7e47afaa6767f6ef9b1e36 + request: + context: + flow_plan: + bindings: [] + context: {} + flow_pk: 538adafa4f3d422faf3813df3a53f440 + markers: [] + debug: false + http_request: null + obj: + app: authentik_flows + model_name: flowstagebinding + name: 'Flow-stage binding #20 to 538adafa-4f3d-422f-af38-13df3a53f440' + pk: 8ade0bc9b65d477fa7fd2ce84afe3637 + user: + email: '' + pk: 2 + username: AnonymousUser + created: '2022-10-18T13:39:12.243668Z' + expires: '2023-10-18T13:39:12.240881Z' + pk: f38c7149-1161-416a-9e4d-4bb508a8564b + tenant: + app: authentik_tenants + model_name: tenant + name: Tenant fallback + pk: baa7b6434c2e40e0b4351f5633b9f395 + user: + email: '' + pk: 2 + username: AnonymousUser + id: null + identifiers: + pk: bce61bc2-5d96-4a4f-924a-1a9b89969246 + model: authentik_events.notification +- attrs: + event: + action: policy_exception + app: authentik.policies.process + client_ip: null + context: + binding: + app: authentik_policies + model_name: policybinding + name: 'Binding from Flow-stage binding #10 to 538adafa-4f3d-422f-af38-13df3a53f440 + #0 to Policy default-recovery-skip-if-restored' + pk: c603af7761424e37813b555243dd2e06 + message: "Traceback (most recent call last):\n File \"default-recovery-skip-if-restored\"\ + , line 4, in \n File \"default-recovery-skip-if-restored\", line\ + \ 2, in handler\n File \"/authentik/lib/expression/evaluator.py\", line\ + \ 108, in expr_event_create\n if \"request\" in self._context and isinstance(PolicyRequest,\ + \ self._context[\"request\"]):\nbuiltins.TypeError: isinstance() arg 2 must\ + \ be a type, a tuple of types, or a union" + policy_uuid: b60d0f99fc7e47afaa6767f6ef9b1e36 + request: + context: + flow_plan: + bindings: [] + context: {} + flow_pk: 538adafa4f3d422faf3813df3a53f440 + markers: [] + debug: false + http_request: null + obj: + app: authentik_flows + model_name: flowstagebinding + name: 'Flow-stage binding #10 to 538adafa-4f3d-422f-af38-13df3a53f440' + pk: 17fcdf350a3146259d4afff30540d0f9 + user: + email: '' + pk: 2 + username: AnonymousUser + created: '2022-10-18T13:39:12.067789Z' + expires: '2023-10-18T13:39:12.060737Z' + pk: cbfda625-c87e-40ce-8460-276f98674958 + tenant: + app: authentik_tenants + model_name: tenant + name: Tenant fallback + pk: baa7b6434c2e40e0b4351f5633b9f395 + user: + email: '' + pk: 2 + username: AnonymousUser + id: null + identifiers: + pk: 40ab1379-2370-4faf-a4ce-93ca7ac4f29f + model: authentik_events.notification +- attrs: + group: 1c015d64-1ace-467a-a3a5-021cbfcb27fe + name: default-notify-configuration-error + severity: alert + transports: + - 82102847-0463-4402-b975-c6ef06ed8309 + - 92c70a55-3152-4ec4-870f-0a11df8015a8 + id: null + identifiers: + pk: d7258490-54fe-49ae-ad5f-245700b64585 + model: authentik_events.notificationrule +- attrs: + group: 1c015d64-1ace-467a-a3a5-021cbfcb27fe + name: default-notify-update + severity: alert + transports: + - 82102847-0463-4402-b975-c6ef06ed8309 + - 92c70a55-3152-4ec4-870f-0a11df8015a8 + id: null + identifiers: + pk: 89570d12-8c96-4a81-af94-f25e177e385b + model: authentik_events.notificationrule +- attrs: + group: 1c015d64-1ace-467a-a3a5-021cbfcb27fe + name: default-notify-exception + severity: alert + transports: + - 82102847-0463-4402-b975-c6ef06ed8309 + - 92c70a55-3152-4ec4-870f-0a11df8015a8 + id: null + identifiers: + pk: f592a1d1-f42d-40cc-ba8a-43452415ef43 + model: authentik_events.notificationrule +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-authenticator-totp-setup + policy_engine_mode: any + slug: default-authenticator-totp-setup + title: Setup Two-Factor authentication + id: null + identifiers: + pk: 897d9c72-5a60-4b96-939c-e679a992febc + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authorization + layout: stacked + name: Authorize Application + policy_engine_mode: any + slug: default-provider-authorization-implicit-consent + title: Redirecting to %(app)s + id: null + identifiers: + pk: a8e00669-7733-41b7-acfe-cf1d92ba6502 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authentication + layout: stacked + name: Welcome to authentik! + policy_engine_mode: any + slug: default-source-authentication + title: Welcome to authentik! + id: null + identifiers: + pk: c5e3db36-be2a-4356-8027-242e7c4b2ee8 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-authenticator-static-setup + policy_engine_mode: any + slug: default-authenticator-static-setup + title: Setup Static OTP Tokens + id: null + identifiers: + pk: 4e0a9ae3-9316-4326-80d0-2fcae763a532 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-oobe-setup + policy_engine_mode: any + slug: initial-setup + title: Welcome to authentik! + id: null + identifiers: + pk: 41ba9148-389d-42a3-9b7b-8fe7d205ff67 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: enrollment + layout: stacked + name: Welcome to authentik! Please select a username. + policy_engine_mode: any + slug: default-source-enrollment + title: Welcome to authentik! Please select a username. + id: null + identifiers: + pk: b89cfaf2-7a6c-4084-aaa1-5100f8aa9fa8 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: Pre-Authentication + policy_engine_mode: any + slug: default-source-pre-authentication + title: Pre-authentication + id: null + identifiers: + pk: fe2f95dd-01b6-4813-a856-ec75d2fce45d + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-authenticator-webauthn-setup + policy_engine_mode: any + slug: default-authenticator-webauthn-setup + title: Setup WebAuthn + id: null + identifiers: + pk: 477399c2-45b1-4508-a3f9-cfd464ac1106 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: invalidation + layout: stacked + name: Logout + policy_engine_mode: any + slug: default-invalidation-flow + title: Default Invalidation Flow + id: null + identifiers: + pk: c1615301-4554-4e03-b787-80cb8d3fe826 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: User settings + policy_engine_mode: any + slug: default-user-settings-flow + title: Update your info + id: null + identifiers: + pk: 02b077e7-32c9-464d-96fe-f00b0d1d19fa + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authentication + layout: stacked + name: Welcome to authentik! + policy_engine_mode: any + slug: authentication + title: Welcome to authentik! + id: null + identifiers: + pk: abaa3539-fc23-41ec-9de1-d55684e92cae + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authorization + layout: stacked + name: Authorize Application + policy_engine_mode: any + slug: default-provider-authorization-explicit-consent + title: Redirecting to %(app)s + id: null + identifiers: + pk: bdd7c9f1-41cd-45b5-abef-bd389d43355e + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: Change Password + policy_engine_mode: any + slug: default-password-change + title: Change password + id: null + identifiers: + pk: 762ea28b-2942-43c1-8091-8761e561ed4e + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authentication + layout: stacked + name: Welcome to authentik! + policy_engine_mode: any + slug: default-authentication-flow + title: Welcome to authentik! + id: null + identifiers: + pk: 180a6841-2f07-4847-94e1-ace8b5fc53d6 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: recovery + layout: stacked + name: Default recovery flow + policy_engine_mode: any + slug: default-recovery-flow + title: Reset your password + id: null + identifiers: + pk: 538adafa-4f3d-422f-af38-13df3a53f440 + model: authentik_flows.flow +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 20 + policy_engine_mode: any + stage: 269aeb12-50d8-46f3-9121-e601f07e2364 + target: 02b077e7-32c9-464d-96fe-f00b0d1d19fa + id: null + identifiers: + pk: ee91e3d8-d483-4267-a5a4-612db1cf7ab5 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: 0f3df830-8c89-4951-a327-322e33b6f7ec + target: 02b077e7-32c9-464d-96fe-f00b0d1d19fa + id: null + identifiers: + pk: 06519694-0e8f-4ca3-b700-1b934d10ee90 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + stage: c372e498-e395-49d4-bb1f-33f3e181ba78 + target: 180a6841-2f07-4847-94e1-ace8b5fc53d6 + id: null + identifiers: + pk: ba57c033-b307-4a27-9d21-e50663c5703b + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 20 + policy_engine_mode: any + stage: e3236502-f903-4f53-869b-b12436c2c656 + target: 180a6841-2f07-4847-94e1-ace8b5fc53d6 + id: null + identifiers: + pk: 9b68cbb3-6324-4096-a092-6ca92c5a9d89 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 30 + policy_engine_mode: any + stage: e7360849-a135-4a4b-bfff-e10b24081307 + target: 180a6841-2f07-4847-94e1-ace8b5fc53d6 + id: null + identifiers: + pk: 00f9fcbe-9835-4ce6-9784-101ee077c3b6 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: b327e303-6799-48a9-9e6d-2c8ab832c81d + target: 180a6841-2f07-4847-94e1-ace8b5fc53d6 + id: null + identifiers: + pk: 733c9832-423d-4ea4-aa88-ac21559706a0 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + stage: b4dc2fd7-8e08-4b35-8158-46d8c42704e7 + target: 41ba9148-389d-42a3-9b7b-8fe7d205ff67 + id: null + identifiers: + pk: edef9c77-7b6d-498d-bec0-5659545040f9 + model: authentik_flows.flowstagebinding +- attrs: + invalid_response_action: retry + order: 20 + policy_engine_mode: any + re_evaluate_policies: true + stage: 0ab37c2c-ad8b-43c3-9427-e344e33bdd30 + target: 41ba9148-389d-42a3-9b7b-8fe7d205ff67 + id: null + identifiers: + pk: fb7c14b1-017c-4d3a-9307-5b0192fb18e3 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: b327e303-6799-48a9-9e6d-2c8ab832c81d + target: 41ba9148-389d-42a3-9b7b-8fe7d205ff67 + id: null + identifiers: + pk: c464632f-bba0-4577-a9c1-42bda7c15311 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: a9942b8e-4435-488f-9832-edc2e0c7d6a6 + target: 477399c2-45b1-4508-a3f9-cfd464ac1106 + id: null + identifiers: + pk: 29bd8417-985f-495c-b5f0-7ee49561e2b2 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: f0bc1cd7-240a-4fdb-bdd6-b6d5ded0a2f6 + target: 4e0a9ae3-9316-4326-80d0-2fcae763a532 + id: null + identifiers: + pk: d9c4f8a1-f582-42f9-aa94-0cd81ba345cd + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + re_evaluate_policies: true + stage: c729a2d8-31d3-41af-97cd-0354e10ee670 + target: 538adafa-4f3d-422f-af38-13df3a53f440 + id: null + identifiers: + pk: 17fcdf35-0a31-4625-9d4a-fff30540d0f9 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 20 + policy_engine_mode: any + re_evaluate_policies: true + stage: 80a4a8de-9103-4053-8397-64f8bef63854 + target: 538adafa-4f3d-422f-af38-13df3a53f440 + id: null + identifiers: + pk: 8ade0bc9-b65d-477f-a7fd-2ce84afe3637 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 30 + policy_engine_mode: any + stage: b3510f3f-2945-483e-b991-fc427b8c9a35 + target: 538adafa-4f3d-422f-af38-13df3a53f440 + id: null + identifiers: + pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 40 + policy_engine_mode: any + stage: 5e1ee94d-d238-43e9-8523-9fc594020614 + target: 538adafa-4f3d-422f-af38-13df3a53f440 + id: null + identifiers: + pk: a4be03bf-d811-4bd0-b71e-3f46cd76a47d + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: ba9e27f2-d632-4499-957a-33325548a9d4 + target: 538adafa-4f3d-422f-af38-13df3a53f440 + id: null + identifiers: + pk: d314550c-da21-4b2b-8237-5e30dcadd756 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: c51c70e8-2e47-4d4b-8511-923e8f301859 + target: 762ea28b-2942-43c1-8091-8761e561ed4e + id: null + identifiers: + pk: f276e19a-98ed-4799-abc6-a95dca0e5a3d + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 1 + policy_engine_mode: any + stage: 0ab37c2c-ad8b-43c3-9427-e344e33bdd30 + target: 762ea28b-2942-43c1-8091-8761e561ed4e + id: null + identifiers: + pk: e4c63fa7-ed15-44fe-8c78-73024d1d1743 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: 4c945d32-dfbd-4545-8835-6fd81ff4d78c + target: 897d9c72-5a60-4b96-939c-e679a992febc + id: null + identifiers: + pk: fdae54ee-3019-4715-a491-9cf9da576423 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + stage: 89168a16-ad92-4b1a-9ed2-1b09aabbe439 + target: abaa3539-fc23-41ec-9de1-d55684e92cae + id: null + identifiers: + pk: a75cb414-0227-492c-af8e-8213caa01e3e + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 30 + policy_engine_mode: any + stage: e7360849-a135-4a4b-bfff-e10b24081307 + target: abaa3539-fc23-41ec-9de1-d55684e92cae + id: null + identifiers: + pk: bcb626d8-f985-4744-915d-10bd8c6be100 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: b327e303-6799-48a9-9e6d-2c8ab832c81d + target: abaa3539-fc23-41ec-9de1-d55684e92cae + id: null + identifiers: + pk: 7c84ca53-8ac6-4cdb-b3ac-c35137d420f9 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + re_evaluate_policies: true + stage: 414ef8c6-dcc9-4e0c-8cfa-7352d2dcb271 + target: b89cfaf2-7a6c-4084-aaa1-5100f8aa9fa8 + id: null + identifiers: + pk: 470ab4ec-8b8e-4dd0-b84a-dbfabbdc5c23 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 1 + policy_engine_mode: any + stage: ea44a799-aa7a-4acb-9be6-a7283d549881 + target: b89cfaf2-7a6c-4084-aaa1-5100f8aa9fa8 + id: null + identifiers: + pk: fe48e256-ba3c-46c6-9559-c94694bd34ef + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 2 + policy_engine_mode: any + stage: 4a748ca8-3105-4365-a9b2-7968fb0a02d3 + target: b89cfaf2-7a6c-4084-aaa1-5100f8aa9fa8 + id: null + identifiers: + pk: 9e56ab52-46a0-44f0-83b0-43d888c25588 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: 527e55f0-b0df-4704-be05-649d1f600e5d + target: bdd7c9f1-41cd-45b5-abef-bd389d43355e + id: null + identifiers: + pk: 331e107d-f872-4458-a1c1-2705c2d3781e + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: c5a0d7c1-b3e4-43f9-84fe-115dace76337 + target: c1615301-4554-4e03-b787-80cb8d3fe826 + id: null + identifiers: + pk: 91c8b599-7f80-4e4e-9f34-af95c5e06007 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: e6850ae9-fb50-4cf1-8a8a-a3e1c77ede42 + target: c5e3db36-be2a-4356-8027-242e7c4b2ee8 + id: null + identifiers: + pk: e79d5d96-9176-4016-a4b4-a32b65c15063 + model: authentik_flows.flowstagebinding +- attrs: + expires: '2022-10-18T14:28:16.517400Z' + expiring: true + identifier: ak-email-stage-default-recovery-email-akadmin + intent: verification + managed: null + user: 1 + id: null + identifiers: + pk: 89d96ff9-09b3-42a7-b3ed-d8c43aae9dd9 + model: authentik_flows.flowtoken +- attrs: + local: true + name: Local Docker connection + url: /var/run/docker.sock + id: null + identifiers: + pk: cfd309d9-08e4-4991-bfec-839928e61a47 + model: authentik_outposts.dockerserviceconnection +- attrs: + config: + authentik_host: https://authentik.dev.local-it.cloud + authentik_host_browser: '' + authentik_host_insecure: false + container_image: null + docker_labels: null + docker_map_ports: true + docker_network: null + kubernetes_disabled_components: + - deployment + - secret + kubernetes_image_pull_secrets: [] + kubernetes_ingress_annotations: {} + kubernetes_ingress_secret_name: authentik-outpost-tls + kubernetes_namespace: default + kubernetes_replicas: 1 + kubernetes_service_type: ClusterIP + log_level: debug + object_naming_template: ak-outpost-%(name)s + managed: goauthentik.io/outposts/embedded + name: authentik Embedded Outpost + type: proxy + id: null + identifiers: + pk: f015a964-72e6-48f2-946b-ca284c3901ee + model: authentik_outposts.outpost +- attrs: + action: configuration_error + app: '' + name: default-match-configuration-error + id: null + identifiers: + pk: 983c28ca-d530-4d92-afaa-b962235f59de + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + action: update_available + app: '' + name: default-match-update + id: null + identifiers: + pk: abe398b0-4407-4c16-acad-48cf955b8666 + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + action: policy_exception + app: '' + name: default-match-policy-exception + id: null + identifiers: + pk: 466e8539-b360-452d-a053-5da2af42bd42 + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + action: property_mapping_exception + app: '' + name: default-match-property-mapping-exception + id: null + identifiers: + pk: c2ed61dc-0c85-45bd-af5c-7e4a22a8456c + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + expression: '# This policy ensures that this flow can only be used when the user + + # is in a SSO Flow (meaning they come from an external IdP) + + return ak_is_sso_flow' + name: default-source-authentication-if-sso + id: null + identifiers: + pk: f258caaf-88f9-4143-9072-bef9fbab0648 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# Check if we''''ve not been given a username by the external IdP + + # and trigger the enrollment flow + + return ''username'' not in context.get(''prompt_data'', {})' + name: default-source-enrollment-if-username + id: null + identifiers: + pk: 7da9d346-c56f-4dc8-a9be-97dfc70027d5 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# This policy sets the user for the currently running flow + + # by injecting "pending_user" + + akadmin = ak_user_by(username="akadmin") + + context["flow_plan"].context["pending_user"] = akadmin + + return True' + name: default-oobe-prefill-user + id: null + identifiers: + pk: 0dbbba63-4127-433b-aef6-3a5a01f1e851 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# This policy ensures that the setup flow can only be + + # executed when the admin user doesn''''t have a password set + + akadmin = ak_user_by(username="akadmin") + + return not akadmin.has_usable_password()' + name: default-oobe-password-usable + id: null + identifiers: + pk: 297d38f7-b80d-4282-8c82-d6d57bf2bf35 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: "from authentik.lib.config import CONFIG\nfrom authentik.core.models\ + \ import (\n USER_ATTRIBUTE_CHANGE_EMAIL,\n USER_ATTRIBUTE_CHANGE_NAME,\n\ + \ USER_ATTRIBUTE_CHANGE_USERNAME\n)\nprompt_data = request.context.get(\"\ + prompt_data\")\n\nif not request.user.group_attributes(request.http_request).get(\n\ + \ USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool(\"default_user_change_email\"\ + , True)\n):\n if prompt_data.get(\"email\") != request.user.email:\n \ + \ ak_message(\"Not allowed to change email address.\")\n return False\n\ + \nif not request.user.group_attributes(request.http_request).get(\n USER_ATTRIBUTE_CHANGE_NAME,\ + \ CONFIG.y_bool(\"default_user_change_name\", True)\n):\n if prompt_data.get(\"\ + name\") != request.user.name:\n ak_message(\"Not allowed to change name.\"\ + )\n return False\n\nif not request.user.group_attributes(request.http_request).get(\n\ + \ USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool(\"default_user_change_username\"\ + , True)\n):\n if prompt_data.get(\"username\") != request.user.username:\n\ + \ ak_message(\"Not allowed to change username.\")\n return False\n\ + \nreturn True" + name: default-user-settings-authorization + id: null + identifiers: + pk: 8e7bb115-dbe4-40b5-8df3-2b529f7f2c77 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# This policy ensures that this flow can only be used when the user + + # is in a SSO Flow (meaning they come from an external IdP) + + return ak_is_sso_flow' + name: default-source-enrollment-if-sso + id: null + identifiers: + pk: 0ec395ac-75a1-40f1-aa86-46f084ac241d + model: authentik_policies_expression.expressionpolicy +- attrs: + execution_logging: true + expression: return request.context.get('is_restored', False) + name: default-recovery-skip-if-restored + id: null + identifiers: + pk: b60d0f99-fc7e-47af-aa67-67f6ef9b1e36 + model: authentik_policies_expression.expressionpolicy +- attrs: + identifier: akadmin + ip: 95.90.253.247 + ip_geo_data: {} + pk: d20bcce4-74d4-4f81-a1dc-9c61a0a62eb4 + score: 1 + id: null + identifiers: + pk: d20bcce4-74d4-4f81-a1dc-9c61a0a62eb4 + model: authentik_policies_reputation.reputation +- attrs: + enabled: true + order: 0 + policy: 983c28ca-d530-4d92-afaa-b962235f59de + target: d7258490-54fe-49ae-ad5f-245700b64585 + timeout: 30 + id: null + identifiers: + pk: 62f7d22d-4a68-483b-a4bc-dc4f647e0520 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: abe398b0-4407-4c16-acad-48cf955b8666 + target: 89570d12-8c96-4a81-af94-f25e177e385b + timeout: 30 + id: null + identifiers: + pk: c6083fb1-2d56-44b4-a63d-a7fcb784d1d6 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 466e8539-b360-452d-a053-5da2af42bd42 + target: f592a1d1-f42d-40cc-ba8a-43452415ef43 + timeout: 30 + id: null + identifiers: + pk: 35ee3300-03c1-49bb-b56d-705430a9fe52 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 1 + policy: c2ed61dc-0c85-45bd-af5c-7e4a22a8456c + target: f592a1d1-f42d-40cc-ba8a-43452415ef43 + timeout: 30 + id: null + identifiers: + pk: b172c2f1-d0df-4bbe-a92a-e6633970f68b + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: f258caaf-88f9-4143-9072-bef9fbab0648 + target: c5e3db36-be2a-4356-8027-242e7c4b2ee8 + timeout: 30 + id: null + identifiers: + pk: c6218a20-3c93-4665-863e-0448fe8b1347 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 297d38f7-b80d-4282-8c82-d6d57bf2bf35 + target: 41ba9148-389d-42a3-9b7b-8fe7d205ff67 + timeout: 30 + id: null + identifiers: + pk: 0efe985b-0bd1-4879-b604-7d315f6adf81 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 7da9d346-c56f-4dc8-a9be-97dfc70027d5 + target: 470ab4ec-8b8e-4dd0-b84a-dbfabbdc5c23 + timeout: 30 + id: null + identifiers: + pk: 01645531-9dbf-4112-a4d9-fbbd75c9802e + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 0dbbba63-4127-433b-aef6-3a5a01f1e851 + target: fb7c14b1-017c-4d3a-9307-5b0192fb18e3 + timeout: 30 + id: null + identifiers: + pk: 4cb526ab-5549-4913-994e-7da7db5209ee + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 0ec395ac-75a1-40f1-aa86-46f084ac241d + target: b89cfaf2-7a6c-4084-aaa1-5100f8aa9fa8 + timeout: 30 + id: null + identifiers: + pk: c8072f02-2b1a-4a9c-84fa-e438fe13020f + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: b60d0f99-fc7e-47af-aa67-67f6ef9b1e36 + target: 17fcdf35-0a31-4625-9d4a-fff30540d0f9 + timeout: 30 + id: null + identifiers: + pk: c603af77-6142-4e37-813b-555243dd2e06 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: b60d0f99-fc7e-47af-aa67-67f6ef9b1e36 + target: 8ade0bc9-b65d-477f-a7fd-2ce84afe3637 + timeout: 30 + id: null + identifiers: + pk: 67f2c73d-f504-425f-9deb-2c1ee1897a32 + model: authentik_policies.policybinding +- attrs: + expression: '# This scope is required by the OpenID-spec, and must as such exist + in authentik. + + # The scope by itself does not grant any information + + return {}' + managed: goauthentik.io/providers/oauth2/scope-openid + name: 'authentik default OAuth Mapping: OpenID ''openid''' + scope_name: openid + id: null + identifiers: + pk: 02955534-5e88-431b-8949-6a1442804dea + model: authentik_providers_oauth2.scopemapping +- attrs: + description: Email address + expression: "return {\n \"email\": request.user.email,\n \"email_verified\"\ + : True\n}" + managed: goauthentik.io/providers/oauth2/scope-email + name: 'authentik default OAuth Mapping: OpenID ''email''' + scope_name: email + id: null + identifiers: + pk: e209e31a-b7d7-4746-b02a-a235179657e5 + model: authentik_providers_oauth2.scopemapping +- attrs: + description: General Profile Information + expression: "return {\n # Because authentik only saves the user's full name,\ + \ and has no concept of first and last names,\n # the full name is used as\ + \ given name.\n # You can override this behaviour in custom mappings, i.e.\ + \ `request.user.name.split(\" \")`\n \"name\": request.user.name,\n \"\ + given_name\": request.user.name,\n \"family_name\": \"\",\n \"preferred_username\"\ + : request.user.username,\n \"nickname\": request.user.username,\n # groups\ + \ is not part of the official userinfo schema, but is a quasi-standard\n \ + \ \"groups\": [group.name for group in request.user.ak_groups.all()],\n}" + managed: goauthentik.io/providers/oauth2/scope-profile + name: 'authentik default OAuth Mapping: OpenID ''profile''' + scope_name: profile + id: null + identifiers: + pk: b3807db0-13ff-44ea-b677-de695574193c + model: authentik_providers_oauth2.scopemapping +- attrs: + description: authentik Proxy - User information + expression: "# This mapping is used by the authentik proxy. It passes extra user\ + \ attributes,\n# which are used for example for the HTTP-Basic Authentication\ + \ mapping.\nreturn {\n \"ak_proxy\": {\n \"user_attributes\": request.user.group_attributes(request),\n\ + \ \"is_superuser\": request.user.is_superuser,\n }\n}" + managed: goauthentik.io/providers/proxy/scope-proxy + name: 'authentik default OAuth Mapping: Proxy outpost' + scope_name: ak_proxy + id: null + identifiers: + pk: 435241ac-245e-476d-9c82-1471dcf523c2 + model: authentik_providers_oauth2.scopemapping +- attrs: + expression: return request.user.attributes.get('upn', request.user.email) + friendly_name: null + managed: goauthentik.io/providers/saml/upn + name: 'authentik default SAML Mapping: UPN' + saml_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn + id: null + identifiers: + pk: 8abdcc4f-b0a7-44ae-88bc-e8d5adc1c2f9 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.name + friendly_name: null + managed: goauthentik.io/providers/saml/name + name: 'authentik default SAML Mapping: Name' + saml_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name + id: null + identifiers: + pk: 0321f7f4-d071-4f65-95d0-7586458b2387 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.email + friendly_name: null + managed: goauthentik.io/providers/saml/email + name: 'authentik default SAML Mapping: Email' + saml_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress + id: null + identifiers: + pk: 540fda9d-adb3-4df6-93b1-10271be2e0da + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.username + friendly_name: null + managed: goauthentik.io/providers/saml/username + name: 'authentik default SAML Mapping: Username' + saml_name: http://schemas.goauthentik.io/2021/02/saml/username + id: null + identifiers: + pk: 5d90b391-f5da-437e-a6f5-968ca5021a21 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.pk + friendly_name: null + managed: goauthentik.io/providers/saml/uid + name: 'authentik default SAML Mapping: User ID' + saml_name: http://schemas.goauthentik.io/2021/02/saml/uid + id: null + identifiers: + pk: ce08687c-57dc-45f8-b9fe-bcf3726d9412 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: "for group in request.user.ak_groups.all():\n yield group.name" + friendly_name: null + managed: goauthentik.io/providers/saml/groups + name: 'authentik default SAML Mapping: Groups' + saml_name: http://schemas.xmlsoap.org/claims/Group + id: null + identifiers: + pk: e408a557-7fd8-4409-97b9-fceb6231140e + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.username + friendly_name: null + managed: goauthentik.io/providers/saml/ms-windowsaccountname + name: 'authentik default SAML Mapping: WindowsAccountname (Username)' + saml_name: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname + id: null + identifiers: + pk: 674ea788-e0d0-4385-be83-3058ffd457be + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return ldap.get('name') + managed: goauthentik.io/sources/ldap/default-name + name: 'authentik default LDAP Mapping: Name' + object_field: name + id: null + identifiers: + pk: 539ba688-9544-47ad-a1a5-ed36841d0883 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('mail') + managed: goauthentik.io/sources/ldap/default-mail + name: 'authentik default LDAP Mapping: mail' + object_field: email + id: null + identifiers: + pk: e52d2587-a46c-49bf-9f73-51f84da5ce0c + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('sAMAccountName') + managed: goauthentik.io/sources/ldap/ms-samaccountname + name: 'authentik default Active Directory Mapping: sAMAccountName' + object_field: username + id: null + identifiers: + pk: 4d2560a1-737e-4248-8ff8-d1917b53b647 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return list_flatten(ldap.get('userPrincipalName')) + managed: goauthentik.io/sources/ldap/ms-userprincipalname + name: 'authentik default Active Directory Mapping: userPrincipalName' + object_field: attributes.upn + id: null + identifiers: + pk: 64fba85b-7930-4ba8-9e4c-5001b4d94066 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return list_flatten(ldap.get('givenName')) + managed: goauthentik.io/sources/ldap/ms-givenName + name: 'authentik default Active Directory Mapping: givenName' + object_field: attributes.givenName + id: null + identifiers: + pk: 18078c80-a196-4a16-8bfd-fb0c23f82603 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return list_flatten(ldap.get('sn')) + managed: goauthentik.io/sources/ldap/ms-sn + name: 'authentik default Active Directory Mapping: sn' + object_field: attributes.sn + id: null + identifiers: + pk: 2467356d-af52-4fa1-ae80-4dad2421249e + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('uid') + managed: goauthentik.io/sources/ldap/openldap-uid + name: 'authentik default OpenLDAP Mapping: uid' + object_field: username + id: null + identifiers: + pk: 5229377e-ed95-4ac8-9ecd-da886720afa8 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('cn') + managed: goauthentik.io/sources/ldap/openldap-cn + name: 'authentik default OpenLDAP Mapping: cn' + object_field: name + id: null + identifiers: + pk: 40f695ee-7a19-4845-995d-21e74b8f18c5 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + configure_flow: 4e0a9ae3-9316-4326-80d0-2fcae763a532 + name: default-authenticator-static-setup + token_count: 6 + id: null + identifiers: + pk: f0bc1cd7-240a-4fdb-bdd6-b6d5ded0a2f6 + model: authentik_stages_authenticator_static.authenticatorstaticstage +- attrs: + configure_flow: 897d9c72-5a60-4b96-939c-e679a992febc + digits: 6 + name: default-authenticator-totp-setup + id: null + identifiers: + pk: 4c945d32-dfbd-4545-8835-6fd81ff4d78c + model: authentik_stages_authenticator_totp.authenticatortotpstage +- attrs: + device_classes: + - static + - totp + - webauthn + - duo + - sms + last_auth_threshold: seconds=0 + name: default-authentication-mfa-validation + not_configured_action: skip + id: null + identifiers: + pk: e7360849-a135-4a4b-bfff-e10b24081307 + model: authentik_stages_authenticator_validate.authenticatorvalidatestage +- attrs: + configure_flow: 477399c2-45b1-4508-a3f9-cfd464ac1106 + name: default-authenticator-webauthn-setup + resident_key_requirement: preferred + user_verification: preferred + id: null + identifiers: + pk: a9942b8e-4435-488f-9832-edc2e0c7d6a6 + model: authentik_stages_authenticator_webauthn.authenticatewebauthnstage +- attrs: + consent_expire_in: weeks=4 + mode: expiring + name: default-provider-authorization-consent + id: null + identifiers: + pk: 527e55f0-b0df-4704-be05-649d1f600e5d + model: authentik_stages_consent.consentstage +- attrs: + activate_user_on_success: true + from_address: system@authentik.local + host: localhost + name: default-recovery-email + port: 25 + subject: authentik + template: email/password_reset.html + timeout: 10 + token_expiry: 30 + use_global_settings: true + id: null + identifiers: + pk: 80a4a8de-9103-4053-8397-64f8bef63854 + model: authentik_stages_email.emailstage +- attrs: + case_insensitive_matching: true + name: default-authentication-identification + show_matched_user: true + user_fields: + - email + - username + id: null + identifiers: + pk: c372e498-e395-49d4-bb1f-33f3e181ba78 + model: authentik_stages_identification.identificationstage +- attrs: + case_insensitive_matching: true + enrollment_flow: b89cfaf2-7a6c-4084-aaa1-5100f8aa9fa8 + name: authentication-identification + password_stage: e3236502-f903-4f53-869b-b12436c2c656 + passwordless_flow: c5e3db36-be2a-4356-8027-242e7c4b2ee8 + recovery_flow: 538adafa-4f3d-422f-af38-13df3a53f440 + show_matched_user: true + show_source_labels: true + sources: + - b2005c85-066b-4088-ada5-be8333c3b494 + user_fields: + - username + - email + id: null + identifiers: + pk: 89168a16-ad92-4b1a-9ed2-1b09aabbe439 + model: authentik_stages_identification.identificationstage +- attrs: + case_insensitive_matching: true + name: default-recovery-identification + show_matched_user: true + sources: + - b2005c85-066b-4088-ada5-be8333c3b494 + user_fields: + - username + - email + id: null + identifiers: + pk: c729a2d8-31d3-41af-97cd-0354e10ee670 + model: authentik_stages_identification.identificationstage +- attrs: + backends: + - authentik.core.auth.InbuiltBackend + - authentik.sources.ldap.auth.LDAPBackend + - authentik.core.auth.TokenBackend + configure_flow: 762ea28b-2942-43c1-8091-8761e561ed4e + failed_attempts_before_cancel: 5 + name: default-authentication-password + id: null + identifiers: + pk: e3236502-f903-4f53-869b-b12436c2c656 + model: authentik_stages_password.passwordstage +- attrs: + field_key: password + label: Password + order: 0 + placeholder: Password + required: true + type: password + id: null + identifiers: + pk: 57f7ed15-3c5b-4070-9304-41079848808e + model: authentik_stages_prompt.prompt +- attrs: + field_key: oobe-header-text + label: oobe-header-text + order: 100 + placeholder: Welcome to authentik! Please set a password for the default admin + user, akadmin. + required: true + type: static + id: null + identifiers: + pk: 1ffea93f-e9d5-44e9-98d5-f8cf0de21a25 + model: authentik_stages_prompt.prompt +- attrs: + field_key: password_repeat + label: Password (repeat) + order: 1 + placeholder: Password (repeat) + required: true + type: password + id: null + identifiers: + pk: 17c38aba-4e4d-4445-9a27-ae1956a2bdde + model: authentik_stages_prompt.prompt +- attrs: + field_key: username + label: Username + order: 200 + placeholder: "try:\n return user.username\nexcept:\n return ''" + placeholder_expression: true + required: true + type: text + id: null + identifiers: + pk: baf27142-6910-45d7-86c5-fe8306c1224f + model: authentik_stages_prompt.prompt +- attrs: + field_key: name + label: Name + order: 201 + placeholder: "try:\n return user.name\nexcept:\n return ''" + placeholder_expression: true + required: true + type: text + id: null + identifiers: + pk: fe70ae95-626c-43ec-b598-914beb7e22c6 + model: authentik_stages_prompt.prompt +- attrs: + field_key: email + label: Email + order: 202 + placeholder: "try:\n return user.email\nexcept:\n return ''" + placeholder_expression: true + required: true + type: email + id: null + identifiers: + pk: d9c1a530-2929-45e1-98db-a15ccce24756 + model: authentik_stages_prompt.prompt +- attrs: + field_key: attributes.settings.locale + label: Locale + order: 203 + placeholder: "try:\n return user.attributes.get(\"settings\", {}).get(\"locale\"\ + , \"\")\nexcept:\n return ''" + placeholder_expression: true + required: true + type: ak-locale + id: null + identifiers: + pk: 1a94a338-e5b9-4fe9-97f3-499a6428d0d3 + model: authentik_stages_prompt.prompt +- attrs: + fields: + - 57f7ed15-3c5b-4070-9304-41079848808e + - 17c38aba-4e4d-4445-9a27-ae1956a2bdde + name: default-password-change-prompt + id: null + identifiers: + pk: c51c70e8-2e47-4d4b-8511-923e8f301859 + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - baf27142-6910-45d7-86c5-fe8306c1224f + - d9c1a530-2929-45e1-98db-a15ccce24756 + - fe70ae95-626c-43ec-b598-914beb7e22c6 + - 1a94a338-e5b9-4fe9-97f3-499a6428d0d3 + name: default-user-settings + validation_policies: + - 8e7bb115-dbe4-40b5-8df3-2b529f7f2c77 + id: null + identifiers: + pk: 269aeb12-50d8-46f3-9121-e601f07e2364 + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - 57f7ed15-3c5b-4070-9304-41079848808e + - 1ffea93f-e9d5-44e9-98d5-f8cf0de21a25 + - d9c1a530-2929-45e1-98db-a15ccce24756 + - 17c38aba-4e4d-4445-9a27-ae1956a2bdde + name: stage-default-oobe-password + id: null + identifiers: + pk: b4dc2fd7-8e08-4b35-8158-46d8c42704e7 + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - baf27142-6910-45d7-86c5-fe8306c1224f + - d9c1a530-2929-45e1-98db-a15ccce24756 + - fe70ae95-626c-43ec-b598-914beb7e22c6 + name: default-source-enrollment-prompt + id: null + identifiers: + pk: 414ef8c6-dcc9-4e0c-8cfa-7352d2dcb271 + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - 57f7ed15-3c5b-4070-9304-41079848808e + - 17c38aba-4e4d-4445-9a27-ae1956a2bdde + name: Change your password + id: null + identifiers: + pk: b3510f3f-2945-483e-b991-fc427b8c9a35 + model: authentik_stages_prompt.promptstage +- attrs: + name: default-source-authentication-login + session_duration: seconds=0 + id: null + identifiers: + pk: e6850ae9-fb50-4cf1-8a8a-a3e1c77ede42 + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-source-enrollment-login + session_duration: seconds=0 + id: null + identifiers: + pk: 4a748ca8-3105-4365-a9b2-7968fb0a02d3 + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-authentication-login + session_duration: seconds=0 + id: null + identifiers: + pk: b327e303-6799-48a9-9e6d-2c8ab832c81d + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-recovery-user-login + session_duration: seconds=0 + id: null + identifiers: + pk: ba9e27f2-d632-4499-957a-33325548a9d4 + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-invalidation-logout + id: null + identifiers: + pk: c5a0d7c1-b3e4-43f9-84fe-115dace76337 + model: authentik_stages_user_logout.userlogoutstage +- attrs: + name: default-source-enrollment-write + id: null + identifiers: + pk: ea44a799-aa7a-4acb-9be6-a7283d549881 + model: authentik_stages_user_write.userwritestage +- attrs: + name: default-user-settings-write + id: null + identifiers: + pk: 0f3df830-8c89-4951-a327-322e33b6f7ec + model: authentik_stages_user_write.userwritestage +- attrs: + name: default-password-change-write + id: null + identifiers: + pk: 0ab37c2c-ad8b-43c3-9427-e344e33bdd30 + model: authentik_stages_user_write.userwritestage +- attrs: + name: default-recovery-user-write + id: null + identifiers: + pk: 5e1ee94d-d238-43e9-8523-9fc594020614 + model: authentik_stages_user_write.userwritestage +- attrs: + attributes: {} + branding_favicon: /static/dist/assets/icons/icon.png + branding_logo: /static/dist/assets/icons/icon_left_brand.svg + branding_title: authentik + default: true + domain: authentik-default + event_retention: days=365 + flow_authentication: abaa3539-fc23-41ec-9de1-d55684e92cae + flow_invalidation: c1615301-4554-4e03-b787-80cb8d3fe826 + flow_user_settings: 02b077e7-32c9-464d-96fe-f00b0d1d19fa + id: null + identifiers: + pk: 047cce35-aae2-4b02-9f96-078e155f803d + model: authentik_tenants.tenant +- attrs: + context: {} + enabled: true + name: System - SAML Provider - Mappings + path: system/providers-saml.yaml + id: null + identifiers: + pk: 63a654cc-1c9f-414a-8978-38f7bdd8024c + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Static MFA setup flow + path: default/20-flow-default-authenticator-static-setup.yaml + id: null + identifiers: + pk: 3622e2d3-bbd7-4d82-9029-7f19dc877586 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Invalidation flow + path: default/10-flow-default-invalidation-flow.yaml + id: null + identifiers: + pk: 7cc4e930-1efa-46db-96a8-a65ac57e461f + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - User settings flow + path: default/30-flow-default-user-settings-flow.yaml + id: null + identifiers: + pk: 17a61959-f244-4787-ab77-f61309c9ff7d + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Tenant + path: default/90-default-tenant.yaml + id: null + identifiers: + pk: ec25f7e5-2905-47b6-b215-b4fd14f3bf5b + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Password change flow + path: default/0-flow-password-change.yaml + id: null + identifiers: + pk: 0a8da061-3fb7-4dc2-994d-7bf68df820e5 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: System - OAuth2 Provider - Scopes + path: system/providers-oauth2.yaml + id: null + identifiers: + pk: d6b47904-6e90-4979-accf-46523196c578 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: System - Proxy Provider - Scopes + path: system/providers-proxy.yaml + id: null + identifiers: + pk: 4f5f57ad-f7c3-462f-80de-90914fac5354 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: System - LDAP Source - Mappings + path: system/sources-ldap.yaml + id: null + identifiers: + pk: 4ac67d5c-aba0-4342-968d-e397f05c01c7 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - TOTP MFA setup flow + path: default/20-flow-default-authenticator-totp-setup.yaml + id: null + identifiers: + pk: 9c78ee92-f8a2-4bb5-bbbe-75761383c18b + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Provider authorization flow (implicit consent) + path: default/20-flow-default-provider-authorization-implicit-consent.yaml + id: null + identifiers: + pk: 8dc8a3ae-3b16-4758-b91e-74d77bae9d2b + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Events Transport & Rules + path: default/40-events-default.yaml + id: null + identifiers: + pk: 8696e9fc-eed5-4c9f-be52-6fa68d92d2af + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Source authentication flow + path: default/20-flow-default-source-authentication.yaml + id: null + identifiers: + pk: 32d1e4fe-6e29-4ad1-af8b-907c53de49c6 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Provider authorization flow (explicit consent) + path: default/20-flow-default-provider-authorization-explicit-consent.yaml + id: null + identifiers: + pk: 8fbac00a-3b83-42ff-b953-91d9d2bfe3db + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Authentication flow + path: default/10-flow-default-authentication-flow.yaml + id: null + identifiers: + pk: 3d0278d8-09a7-49ac-85ac-a1f3c07c3952 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: email-verification + path: example/flows-recovery-email-verification.yaml + id: null + identifiers: + pk: 0bf89a7c-b081-42fd-b4ab-0894d109a117 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Source enrollment flow + path: default/20-flow-default-source-enrollment.yaml + id: null + identifiers: + pk: 7c0cda20-b9a9-48a5-8085-a7185be9117b + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Out-of-box-experience flow + path: default/91-flow-oobe.yaml + id: null + identifiers: + pk: f38b58cd-f8ea-4505-9dde-e1b8973327d0 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Source pre-authentication flow + path: default/20-flow-default-source-pre-authentication.yaml + id: null + identifiers: + pk: 94da9fcc-385d-440f-89c8-8398ff1a874e + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - WebAuthn MFA setup flow + path: default/20-flow-default-authenticator-webauthn-setup.yaml + id: null + identifiers: + pk: b8f9712e-1425-41ca-aea7-59540ecc8148 + model: authentik_blueprints.blueprintinstance +- attrs: + attributes: {} + is_superuser: true + name: authentik Admins + users: + - 1 + id: null + identifiers: + pk: 1c015d64-1ace-467a-a3a5-021cbfcb27fe + model: authentik_core.group +- attrs: + attributes: + goauthentik.io/user/override-ips: true + goauthentik.io/user/service-account: true + is_active: true + name: Outpost authentik Embedded Outpost Service-Account + path: goauthentik.io/outposts + username: ak-outpost-f015a96472e648f2946bca284c3901ee + id: null + identifiers: + pk: 3 + model: authentik_core.user +- attrs: + attributes: {} + email: root@localhost + groups: + - 1c015d64-1ace-467a-a3a5-021cbfcb27fe + is_active: true + last_login: '2022-10-18T12:28:44.378330Z' + name: authentik Default Admin + path: users + username: akadmin + id: null + identifiers: + pk: 1 + model: authentik_core.user +- attrs: + expires: '2022-10-10T11:57:05.304727Z' + identifier: authentik-bootstrap-token + intent: api + managed: null + user: 1 + id: null + identifiers: + pk: 4be7975c-3250-40fa-b261-9763dd8e3f45 + model: authentik_core.token +- attrs: + description: Autogenerated by authentik for Outpost authentik Embedded Outpost + expires: '2022-10-10T12:00:23.299437Z' + identifier: ak-outpost-f015a964-72e6-48f2-946b-ca284c3901ee-api + intent: api + managed: goauthentik.io/outpost/ak-outpost-f015a964-72e6-48f2-946b-ca284c3901ee-api + user: 3 + id: null + identifiers: + pk: 505a0559-4700-4e4e-ac31-80d8146e3ed3 + model: authentik_core.token +- attrs: + expires: '2022-10-18T14:28:16.517400Z' + expiring: true + identifier: ak-email-stage-default-recovery-email-akadmin + intent: verification + managed: null + user: 1 + id: null + identifiers: + pk: 89d96ff9-09b3-42a7-b3ed-d8c43aae9dd9 + model: authentik_core.token +metadata: + labels: + blueprints.goauthentik.io/generated: 'true' + name: authentik Export - 2022-10-18 14:06:02.330017+00:00 +version: 1 diff --git a/blueprints/exported_blueprints2.yaml b/blueprints/exported_blueprints2.yaml new file mode 100644 index 0000000..1e74721 --- /dev/null +++ b/blueprints/exported_blueprints2.yaml @@ -0,0 +1,1707 @@ +{"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1666178300.5160234, "file": "/authentik/lib/default.yml"} +{"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1666178300.51664, "count": 16} +{"event": "Booting authentik", "level": "info", "logger": "authentik.lib.config", "timestamp": 1666178301.7333906, "version": "2022.9.0"} +{"event": "Failed to load GeoIP database", "exc": "FileNotFoundError(2, 'No such file or directory')", "level": "warning", "logger": "authentik.events.geo", "pid": 258, "timestamp": "2022-10-19T11:18:22.561527"} +{"event": "Task published", "level": "info", "logger": "authentik.root.celery", "pid": 258, "task_id": "3a14eae8-c3fd-429f-ada3-962447fa3815", "task_name": "authentik.blueprints.v1.tasks.blueprints_discover", "timestamp": "2022-10-19T11:18:24.838210"} +context: {} +entries: +- attrs: + managed: goauthentik.io/crypto/jwt-managed + name: authentik Internal JWT Certificate + id: null + identifiers: + pk: b4266c32-0634-4ee2-a233-80cacd9990a2 + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: 666c55cf-9b16-46a1-b904-e268d3530b53 + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: 72f95724-4c43-48ab-9799-626585404c84 + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: 2cf82bfe-79aa-41d0-91f4-4263b2d7bc17 + model: authentik_crypto.certificatekeypair +- attrs: + managed: null + name: authentik Self-signed Certificate + id: null + identifiers: + pk: a86ed7eb-59ad-4380-917c-b47f68d7cb29 + model: authentik_crypto.certificatekeypair +- attrs: + mode: email + name: default-email-transport + id: null + identifiers: + pk: 5b4be411-5797-4344-8ef1-ed7517d340fb + model: authentik_events.notificationtransport +- attrs: + mode: local + name: default-local-transport + id: null + identifiers: + pk: 93d30c8b-17dd-490d-af57-cced0a08dccf + model: authentik_events.notificationtransport +- attrs: + group: b6c3df76-c6a1-47e9-bb27-00b653f46eb5 + name: default-notify-configuration-error + severity: alert + transports: + - 5b4be411-5797-4344-8ef1-ed7517d340fb + - 93d30c8b-17dd-490d-af57-cced0a08dccf + id: null + identifiers: + pk: 878f490c-b94e-4265-9df0-239bfcbac24a + model: authentik_events.notificationrule +- attrs: + group: b6c3df76-c6a1-47e9-bb27-00b653f46eb5 + name: default-notify-update + severity: alert + transports: + - 5b4be411-5797-4344-8ef1-ed7517d340fb + - 93d30c8b-17dd-490d-af57-cced0a08dccf + id: null + identifiers: + pk: fb441183-35ca-4ad6-8f57-ce069e32281a + model: authentik_events.notificationrule +- attrs: + group: b6c3df76-c6a1-47e9-bb27-00b653f46eb5 + name: default-notify-exception + severity: alert + transports: + - 5b4be411-5797-4344-8ef1-ed7517d340fb + - 93d30c8b-17dd-490d-af57-cced0a08dccf + id: null + identifiers: + pk: 06414c43-ebbc-4c8e-b821-56669d8978cd + model: authentik_events.notificationrule +- attrs: + denied_action: message_continue + designation: enrollment + layout: stacked + name: Welcome to authentik! Please select a username. + policy_engine_mode: any + slug: default-source-enrollment + title: Welcome to authentik! Please select a username. + id: null + identifiers: + pk: ef4c3d20-3756-4098-9db5-41a2a1f09f30 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-oobe-setup + policy_engine_mode: any + slug: initial-setup + title: Welcome to authentik! + id: null + identifiers: + pk: bdaf77dd-8da5-461d-9f19-eb3a680eb9ab + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: User settings + policy_engine_mode: any + slug: default-user-settings-flow + title: Update your info + id: null + identifiers: + pk: f2d9d6bf-df11-4e4b-98b7-6cc052601748 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authentication + layout: stacked + name: Welcome to authentik! + policy_engine_mode: any + slug: default-source-authentication + title: Welcome to authentik! + id: null + identifiers: + pk: 4fcb15e2-0331-4f56-a28c-739f0a91da70 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-authenticator-webauthn-setup + policy_engine_mode: any + slug: default-authenticator-webauthn-setup + title: Setup WebAuthn + id: null + identifiers: + pk: f0d270db-d599-44a9-8bfc-e5be699cf9c7 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-authenticator-totp-setup + policy_engine_mode: any + slug: default-authenticator-totp-setup + title: Setup Two-Factor authentication + id: null + identifiers: + pk: f0728bbc-cd8b-4f47-82e9-a772d3ee9aad + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authorization + layout: stacked + name: Authorize Application + policy_engine_mode: any + slug: default-provider-authorization-implicit-consent + title: Redirecting to %(app)s + id: null + identifiers: + pk: 16b0c549-e0d1-43ed-afdf-47764d902293 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: Change Password + policy_engine_mode: any + slug: default-password-change + title: Change password + id: null + identifiers: + pk: 02664d4c-6594-4298-bae9-1f7664a6fc19 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: Pre-Authentication + policy_engine_mode: any + slug: default-source-pre-authentication + title: Pre-authentication + id: null + identifiers: + pk: 6daf3bd2-ef4e-4b7d-a112-e993813819b5 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authentication + layout: stacked + name: Welcome to authentik! + policy_engine_mode: any + slug: default-authentication-flow + title: Welcome to authentik! + id: null + identifiers: + pk: 90bcc898-2683-4a74-90ef-0e88470f262e + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authorization + layout: stacked + name: Authorize Application + policy_engine_mode: any + slug: default-provider-authorization-explicit-consent + title: Redirecting to %(app)s + id: null + identifiers: + pk: aa9f3124-c246-4044-8dd2-4bb94f0c87ef + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: recovery + layout: stacked + name: Default recovery flow + policy_engine_mode: any + slug: default-recovery-flow + title: "Passwort Zur\xFCcksetzen" + id: null + identifiers: + pk: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: authentication + layout: stacked + name: custom-authentication-flow + policy_engine_mode: any + slug: custom-authentication-flow + title: Willkommen bei Local-IT + id: null + identifiers: + pk: 9bee257d-ceca-4f6c-adc7-a51a6d356253 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: stage_configuration + layout: stacked + name: default-authenticator-static-setup + policy_engine_mode: any + slug: default-authenticator-static-setup + title: Setup Static OTP Tokens + id: null + identifiers: + pk: c5d9eba1-702b-47ac-8a3e-b2c35a7b1c82 + model: authentik_flows.flow +- attrs: + denied_action: message_continue + designation: invalidation + layout: stacked + name: Logout + policy_engine_mode: any + slug: default-invalidation-flow + title: Default Invalidation Flow + id: null + identifiers: + pk: ee7ab351-e6d1-4b11-96a0-e457b1ccf8a7 + model: authentik_flows.flow +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: bc9fb006-115f-43f5-bb43-0ecfac6a5bbf + target: 02664d4c-6594-4298-bae9-1f7664a6fc19 + id: null + identifiers: + pk: ebffc95e-0434-426b-9828-ae8f8329f59a + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 1 + policy_engine_mode: any + stage: 2872f0e7-58d7-465a-8f62-8128a4a67cb4 + target: 02664d4c-6594-4298-bae9-1f7664a6fc19 + id: null + identifiers: + pk: 4fcc2938-a6c3-4240-8d12-ec9aef97e83d + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: 1fe73c6f-d427-4791-b021-3b58bcffa05c + target: 4fcb15e2-0331-4f56-a28c-739f0a91da70 + id: null + identifiers: + pk: 9a23dcfc-3e9d-46af-b87e-d92d00c6faf5 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + stage: 4df4c3c7-7163-4482-8356-648aa569d209 + target: 90bcc898-2683-4a74-90ef-0e88470f262e + id: null + identifiers: + pk: 34cd7b9e-638f-4a80-ad28-3f9ee063a51b + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 20 + policy_engine_mode: any + stage: 45874e17-22e1-443e-ab6d-c92672877e87 + target: 90bcc898-2683-4a74-90ef-0e88470f262e + id: null + identifiers: + pk: 77b05365-2f59-4ff5-93b8-4348e282f14a + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 30 + policy_engine_mode: any + stage: cfa80f3f-8155-4a39-8355-7c1009a6dd6e + target: 90bcc898-2683-4a74-90ef-0e88470f262e + id: null + identifiers: + pk: 1e0e7c4d-6b57-40e0-9924-d2ba3f39dc6f + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: 138912ad-310b-4eee-8a1b-623b351aa360 + target: 90bcc898-2683-4a74-90ef-0e88470f262e + id: null + identifiers: + pk: 73fe2f87-3662-4ba8-a454-06128100050f + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + re_evaluate_policies: true + stage: 1093580a-842d-4217-bfde-b21fe7765d0d + target: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + id: null + identifiers: + pk: d64768ef-e11f-40de-a690-350ffb2269ed + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 20 + policy_engine_mode: any + re_evaluate_policies: true + stage: 922056cc-10da-40f3-8da6-72e6f10fa9f9 + target: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + id: null + identifiers: + pk: dc645cf0-4317-4820-b2c5-5e47a568e927 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 30 + policy_engine_mode: any + stage: 834e7cb4-6a9c-4eac-a9de-c45cd5cc043a + target: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + id: null + identifiers: + pk: 706d0b7a-c025-42e2-ae90-5428d709bd3e + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 40 + policy_engine_mode: any + stage: f0be9ef7-ec83-4056-ba38-7d29d165dfd5 + target: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + id: null + identifiers: + pk: 16fb5f8a-9ac5-48b4-bb64-006514a3fc6a + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: eff9c74f-0b80-406d-b71d-5848bd478370 + target: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + id: null + identifiers: + pk: c6c6cd5e-9668-41f4-bff1-43283f8ce049 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + stage: 71b51661-0149-4d43-a4ce-5bffe6de2130 + target: 9bee257d-ceca-4f6c-adc7-a51a6d356253 + id: null + identifiers: + pk: 763793a0-d4b5-428d-8edd-7f00c030f78a + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 30 + policy_engine_mode: any + stage: c6c8ccf5-7c15-4e38-8268-55f3b5508289 + target: 9bee257d-ceca-4f6c-adc7-a51a6d356253 + id: null + identifiers: + pk: 66ae4027-cd72-4b72-a12c-f3549efa9398 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: f6d91eb0-a84b-4952-bbd3-5a3004adee68 + target: 9bee257d-ceca-4f6c-adc7-a51a6d356253 + id: null + identifiers: + pk: 3f452dfb-51e9-4039-abd5-a2d31b82adb4 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: d73fb82d-fed4-4226-848b-a5eff53de2df + target: aa9f3124-c246-4044-8dd2-4bb94f0c87ef + id: null + identifiers: + pk: 090d3f66-198e-443d-8b47-f8e43b9a1a9f + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 10 + policy_engine_mode: any + stage: 49cc0f58-21d9-4f77-a4f2-2a8788639cad + target: bdaf77dd-8da5-461d-9f19-eb3a680eb9ab + id: null + identifiers: + pk: 7bf0fa81-36a2-4030-a42c-6f779986f60f + model: authentik_flows.flowstagebinding +- attrs: + invalid_response_action: retry + order: 20 + policy_engine_mode: any + re_evaluate_policies: true + stage: 2872f0e7-58d7-465a-8f62-8128a4a67cb4 + target: bdaf77dd-8da5-461d-9f19-eb3a680eb9ab + id: null + identifiers: + pk: 4879d654-e003-44ca-bbf5-be171dcf68aa + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: 138912ad-310b-4eee-8a1b-623b351aa360 + target: bdaf77dd-8da5-461d-9f19-eb3a680eb9ab + id: null + identifiers: + pk: 5d3e3ccd-6669-413c-b997-06525e0a2639 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: f0ba6b97-9715-4e44-82d5-797a498f2670 + target: c5d9eba1-702b-47ac-8a3e-b2c35a7b1c82 + id: null + identifiers: + pk: d418a750-b314-436d-903a-72678d734c1a + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: c01f7216-23df-4eab-8111-195baa0adc85 + target: ee7ab351-e6d1-4b11-96a0-e457b1ccf8a7 + id: null + identifiers: + pk: cc9e17a7-2943-4b46-9c9d-1047cfe39b97 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + re_evaluate_policies: true + stage: 15f52945-429e-4599-a98d-8129facd4dc8 + target: ef4c3d20-3756-4098-9db5-41a2a1f09f30 + id: null + identifiers: + pk: af540f23-7a8a-4cd3-a0ef-59cbd2a0fd37 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 1 + policy_engine_mode: any + stage: 9971e30c-dbcb-4584-9d7c-bb1cbc304878 + target: ef4c3d20-3756-4098-9db5-41a2a1f09f30 + id: null + identifiers: + pk: 174fe0fe-4b85-4c28-a7c8-466ce85c33e0 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 2 + policy_engine_mode: any + stage: a42c8934-31ea-46f7-87b6-a053b01f3a4e + target: ef4c3d20-3756-4098-9db5-41a2a1f09f30 + id: null + identifiers: + pk: bd42bfa2-67e6-4373-bab3-4a7784bddfed + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: 5b558bd2-ffbc-4aa8-83f5-0efa8b5ff30f + target: f0728bbc-cd8b-4f47-82e9-a772d3ee9aad + id: null + identifiers: + pk: b4dbd7e3-14b9-4d46-8adf-4871db74749a + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 0 + policy_engine_mode: any + stage: 9b7a4c91-6141-4985-8256-6b54e5813fba + target: f0d270db-d599-44a9-8bfc-e5be699cf9c7 + id: null + identifiers: + pk: 4aa7a5e7-643c-42cc-8743-169d9b9e9aa0 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 20 + policy_engine_mode: any + stage: f9baffcb-ec9b-434a-b732-4b57a1e7febd + target: f2d9d6bf-df11-4e4b-98b7-6cc052601748 + id: null + identifiers: + pk: cf0c69a6-d911-41a9-9e1b-57e8c8912485 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + order: 100 + policy_engine_mode: any + stage: 34054180-4302-4317-8e06-3ddfcf3d5041 + target: f2d9d6bf-df11-4e4b-98b7-6cc052601748 + id: null + identifiers: + pk: 0c2f1c5e-cd97-46e0-b137-8ca0b59764ea + model: authentik_flows.flowstagebinding +- attrs: + local: true + name: Local Docker connection + url: /var/run/docker.sock + id: null + identifiers: + pk: ef3cbba4-34b0-4324-bfe5-e16bf198db5c + model: authentik_outposts.dockerserviceconnection +- attrs: + config: + authentik_host: https://authentik.dev.local-it.cloud + authentik_host_browser: '' + authentik_host_insecure: false + container_image: null + docker_labels: null + docker_map_ports: true + docker_network: null + kubernetes_disabled_components: + - deployment + - secret + kubernetes_image_pull_secrets: [] + kubernetes_ingress_annotations: {} + kubernetes_ingress_secret_name: authentik-outpost-tls + kubernetes_namespace: default + kubernetes_replicas: 1 + kubernetes_service_type: ClusterIP + log_level: info + object_naming_template: ak-outpost-%(name)s + managed: goauthentik.io/outposts/embedded + name: authentik Embedded Outpost + type: proxy + id: null + identifiers: + pk: b61d19f1-0aef-41ac-b601-825d490e4a07 + model: authentik_outposts.outpost +- attrs: + action: configuration_error + app: '' + name: default-match-configuration-error + id: null + identifiers: + pk: d88173c7-5d68-41ad-a8bf-c5a752cf1384 + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + action: update_available + app: '' + name: default-match-update + id: null + identifiers: + pk: 0b54969e-13da-432d-8c18-fb12d181d49c + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + action: policy_exception + app: '' + name: default-match-policy-exception + id: null + identifiers: + pk: 0524d47e-bb39-4ca0-af0d-c682f7b455ad + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + action: property_mapping_exception + app: '' + name: default-match-property-mapping-exception + id: null + identifiers: + pk: 7b17d1ad-606b-445c-aefd-1af5e7c68f2f + model: authentik_policies_event_matcher.eventmatcherpolicy +- attrs: + expression: return request.context.get('is_restored', False) + name: default-recovery-skip-if-restored + id: null + identifiers: + pk: b94592ad-2b5e-42dc-849f-676093945b9c + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# This policy ensures that this flow can only be used when the user + + # is in a SSO Flow (meaning they come from an external IdP) + + return ak_is_sso_flow' + name: default-source-authentication-if-sso + id: null + identifiers: + pk: 4496a397-10cf-4660-8d7a-4eaa9dce45d8 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# Check if we''''ve not been given a username by the external IdP + + # and trigger the enrollment flow + + return ''username'' not in context.get(''prompt_data'', {})' + name: default-source-enrollment-if-username + id: null + identifiers: + pk: b6c24ec5-9444-4e4a-94c1-72b683153742 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# This policy ensures that this flow can only be used when the user + + # is in a SSO Flow (meaning they come from an external IdP) + + return ak_is_sso_flow' + name: default-source-enrollment-if-sso + id: null + identifiers: + pk: eb53ba99-c1c0-4825-8a4c-4dc887b7f15d + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# This policy sets the user for the currently running flow + + # by injecting "pending_user" + + akadmin = ak_user_by(username="akadmin") + + context["flow_plan"].context["pending_user"] = akadmin + + return True' + name: default-oobe-prefill-user + id: null + identifiers: + pk: c4983938-2e4b-4169-b40a-8128d6e28c72 + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: '# This policy ensures that the setup flow can only be + + # executed when the admin user doesn''''t have a password set + + akadmin = ak_user_by(username="akadmin") + + return not akadmin.has_usable_password()' + name: default-oobe-password-usable + id: null + identifiers: + pk: 0d5270e1-5b4d-4855-aa6d-962f50fe5b5d + model: authentik_policies_expression.expressionpolicy +- attrs: + expression: "from authentik.lib.config import CONFIG\nfrom authentik.core.models\ + \ import (\n USER_ATTRIBUTE_CHANGE_EMAIL,\n USER_ATTRIBUTE_CHANGE_NAME,\n\ + \ USER_ATTRIBUTE_CHANGE_USERNAME\n)\nprompt_data = request.context.get(\"\ + prompt_data\")\n\nif not request.user.group_attributes(request.http_request).get(\n\ + \ USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool(\"default_user_change_email\"\ + , True)\n):\n if prompt_data.get(\"email\") != request.user.email:\n \ + \ ak_message(\"Not allowed to change email address.\")\n return False\n\ + \nif not request.user.group_attributes(request.http_request).get(\n USER_ATTRIBUTE_CHANGE_NAME,\ + \ CONFIG.y_bool(\"default_user_change_name\", True)\n):\n if prompt_data.get(\"\ + name\") != request.user.name:\n ak_message(\"Not allowed to change name.\"\ + )\n return False\n\nif not request.user.group_attributes(request.http_request).get(\n\ + \ USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool(\"default_user_change_username\"\ + , True)\n):\n if prompt_data.get(\"username\") != request.user.username:\n\ + \ ak_message(\"Not allowed to change username.\")\n return False\n\ + \nreturn True" + name: default-user-settings-authorization + id: null + identifiers: + pk: 73b3ed2b-878e-4bbf-98f1-b258a06572a1 + model: authentik_policies_expression.expressionpolicy +- attrs: + identifier: test + ip: 95.90.253.247 + ip_geo_data: {} + pk: bf773e74-c567-4b95-b58b-0abd476e366c + score: 2 + id: null + identifiers: + pk: bf773e74-c567-4b95-b58b-0abd476e366c + model: authentik_policies_reputation.reputation +- attrs: + identifier: akadmin + ip: 95.90.253.247 + ip_geo_data: {} + pk: cce20b23-a243-4522-96bb-fc70f90298cf + score: 1 + id: null + identifiers: + pk: cce20b23-a243-4522-96bb-fc70f90298cf + model: authentik_policies_reputation.reputation +- attrs: + enabled: true + order: 0 + policy: b94592ad-2b5e-42dc-849f-676093945b9c + target: d64768ef-e11f-40de-a690-350ffb2269ed + timeout: 30 + id: null + identifiers: + pk: a2ce2a7a-6519-4fc3-a331-379a39e69569 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: b94592ad-2b5e-42dc-849f-676093945b9c + target: dc645cf0-4317-4820-b2c5-5e47a568e927 + timeout: 30 + id: null + identifiers: + pk: 87baff64-57e3-4edf-964f-9fbf148eab1d + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: d88173c7-5d68-41ad-a8bf-c5a752cf1384 + target: 878f490c-b94e-4265-9df0-239bfcbac24a + timeout: 30 + id: null + identifiers: + pk: b60729f7-dbd5-4395-8c43-249c0445c2d7 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 0b54969e-13da-432d-8c18-fb12d181d49c + target: fb441183-35ca-4ad6-8f57-ce069e32281a + timeout: 30 + id: null + identifiers: + pk: e62eb574-4f55-4630-842e-001c084809f6 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 0524d47e-bb39-4ca0-af0d-c682f7b455ad + target: 06414c43-ebbc-4c8e-b821-56669d8978cd + timeout: 30 + id: null + identifiers: + pk: 6b5bfaa3-a67d-48b5-b430-a40c49106c77 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 1 + policy: 7b17d1ad-606b-445c-aefd-1af5e7c68f2f + target: 06414c43-ebbc-4c8e-b821-56669d8978cd + timeout: 30 + id: null + identifiers: + pk: be9a0e9a-9093-4129-9a8c-fd835ce796a5 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 4496a397-10cf-4660-8d7a-4eaa9dce45d8 + target: 4fcb15e2-0331-4f56-a28c-739f0a91da70 + timeout: 30 + id: null + identifiers: + pk: d22b5927-d354-49a4-b224-33a6b5683c03 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: eb53ba99-c1c0-4825-8a4c-4dc887b7f15d + target: ef4c3d20-3756-4098-9db5-41a2a1f09f30 + timeout: 30 + id: null + identifiers: + pk: d4ab3eec-c1bc-4878-a1d2-d4ae5e14732e + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: b6c24ec5-9444-4e4a-94c1-72b683153742 + target: af540f23-7a8a-4cd3-a0ef-59cbd2a0fd37 + timeout: 30 + id: null + identifiers: + pk: 704da497-9bc0-40a1-a8b7-427366ce2281 + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: 0d5270e1-5b4d-4855-aa6d-962f50fe5b5d + target: bdaf77dd-8da5-461d-9f19-eb3a680eb9ab + timeout: 30 + id: null + identifiers: + pk: 059ee0e6-a32a-4205-990c-5e9583575f5d + model: authentik_policies.policybinding +- attrs: + enabled: true + order: 0 + policy: c4983938-2e4b-4169-b40a-8128d6e28c72 + target: 4879d654-e003-44ca-bbf5-be171dcf68aa + timeout: 30 + id: null + identifiers: + pk: 074a28b7-150e-4260-b16b-5ea1f825b918 + model: authentik_policies.policybinding +- attrs: + description: authentik Proxy - User information + expression: "# This mapping is used by the authentik proxy. It passes extra user\ + \ attributes,\n# which are used for example for the HTTP-Basic Authentication\ + \ mapping.\nreturn {\n \"ak_proxy\": {\n \"user_attributes\": request.user.group_attributes(request),\n\ + \ \"is_superuser\": request.user.is_superuser,\n }\n}" + managed: goauthentik.io/providers/proxy/scope-proxy + name: 'authentik default OAuth Mapping: Proxy outpost' + scope_name: ak_proxy + id: null + identifiers: + pk: 833982c0-9e8b-495d-9040-13a12d5a40ed + model: authentik_providers_oauth2.scopemapping +- attrs: + expression: '# This scope is required by the OpenID-spec, and must as such exist + in authentik. + + # The scope by itself does not grant any information + + return {}' + managed: goauthentik.io/providers/oauth2/scope-openid + name: 'authentik default OAuth Mapping: OpenID ''openid''' + scope_name: openid + id: null + identifiers: + pk: 5cdd9356-991b-498c-b311-69bc73788055 + model: authentik_providers_oauth2.scopemapping +- attrs: + description: Email address + expression: "return {\n \"email\": request.user.email,\n \"email_verified\"\ + : True\n}" + managed: goauthentik.io/providers/oauth2/scope-email + name: 'authentik default OAuth Mapping: OpenID ''email''' + scope_name: email + id: null + identifiers: + pk: 9af3283b-8fdb-4ab7-8b9c-f498fbb15889 + model: authentik_providers_oauth2.scopemapping +- attrs: + description: General Profile Information + expression: "return {\n # Because authentik only saves the user's full name,\ + \ and has no concept of first and last names,\n # the full name is used as\ + \ given name.\n # You can override this behaviour in custom mappings, i.e.\ + \ `request.user.name.split(\" \")`\n \"name\": request.user.name,\n \"\ + given_name\": request.user.name,\n \"family_name\": \"\",\n \"preferred_username\"\ + : request.user.username,\n \"nickname\": request.user.username,\n # groups\ + \ is not part of the official userinfo schema, but is a quasi-standard\n \ + \ \"groups\": [group.name for group in request.user.ak_groups.all()],\n}" + managed: goauthentik.io/providers/oauth2/scope-profile + name: 'authentik default OAuth Mapping: OpenID ''profile''' + scope_name: profile + id: null + identifiers: + pk: 0cbb4859-99ec-4c0c-a872-3f722062060b + model: authentik_providers_oauth2.scopemapping +- attrs: + expression: return request.user.attributes.get('upn', request.user.email) + friendly_name: null + managed: goauthentik.io/providers/saml/upn + name: 'authentik default SAML Mapping: UPN' + saml_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn + id: null + identifiers: + pk: dec249d9-d281-4941-af13-8057b47ba3c7 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.name + friendly_name: null + managed: goauthentik.io/providers/saml/name + name: 'authentik default SAML Mapping: Name' + saml_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name + id: null + identifiers: + pk: 9c985bba-d2c2-486b-ae5e-0d7916a2af8e + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.email + friendly_name: null + managed: goauthentik.io/providers/saml/email + name: 'authentik default SAML Mapping: Email' + saml_name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress + id: null + identifiers: + pk: 11fdcfdc-b2c5-4833-b6d5-06747ceb9946 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.username + friendly_name: null + managed: goauthentik.io/providers/saml/username + name: 'authentik default SAML Mapping: Username' + saml_name: http://schemas.goauthentik.io/2021/02/saml/username + id: null + identifiers: + pk: 6d9f4ab9-b108-4743-9be3-c6f3379306c1 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.pk + friendly_name: null + managed: goauthentik.io/providers/saml/uid + name: 'authentik default SAML Mapping: User ID' + saml_name: http://schemas.goauthentik.io/2021/02/saml/uid + id: null + identifiers: + pk: f60ab43e-1939-45c0-b475-fb952141254d + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: "for group in request.user.ak_groups.all():\n yield group.name" + friendly_name: null + managed: goauthentik.io/providers/saml/groups + name: 'authentik default SAML Mapping: Groups' + saml_name: http://schemas.xmlsoap.org/claims/Group + id: null + identifiers: + pk: 0cd263e7-29b6-4726-8391-b52a13d4ac2e + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return request.user.username + friendly_name: null + managed: goauthentik.io/providers/saml/ms-windowsaccountname + name: 'authentik default SAML Mapping: WindowsAccountname (Username)' + saml_name: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname + id: null + identifiers: + pk: b8378ce3-8519-4518-a0d1-8d7e4eadfc11 + model: authentik_providers_saml.samlpropertymapping +- attrs: + expression: return ldap.get('name') + managed: goauthentik.io/sources/ldap/default-name + name: 'authentik default LDAP Mapping: Name' + object_field: name + id: null + identifiers: + pk: 7395ba40-5264-4bf5-b3fb-0782e244b258 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('mail') + managed: goauthentik.io/sources/ldap/default-mail + name: 'authentik default LDAP Mapping: mail' + object_field: email + id: null + identifiers: + pk: f5e0a3ad-3806-47c0-9287-10bc1024da64 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('sAMAccountName') + managed: goauthentik.io/sources/ldap/ms-samaccountname + name: 'authentik default Active Directory Mapping: sAMAccountName' + object_field: username + id: null + identifiers: + pk: f6332ce0-e097-4c7d-b630-e9738a5bc009 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return list_flatten(ldap.get('userPrincipalName')) + managed: goauthentik.io/sources/ldap/ms-userprincipalname + name: 'authentik default Active Directory Mapping: userPrincipalName' + object_field: attributes.upn + id: null + identifiers: + pk: a108d592-7bc3-4df2-95f7-c4ff069ac922 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return list_flatten(ldap.get('givenName')) + managed: goauthentik.io/sources/ldap/ms-givenName + name: 'authentik default Active Directory Mapping: givenName' + object_field: attributes.givenName + id: null + identifiers: + pk: 51116600-109c-4b19-99ee-c06d463d18eb + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return list_flatten(ldap.get('sn')) + managed: goauthentik.io/sources/ldap/ms-sn + name: 'authentik default Active Directory Mapping: sn' + object_field: attributes.sn + id: null + identifiers: + pk: fcca8174-3b2f-4186-b176-f6658073d767 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('uid') + managed: goauthentik.io/sources/ldap/openldap-uid + name: 'authentik default OpenLDAP Mapping: uid' + object_field: username + id: null + identifiers: + pk: aaf52a40-6823-47c2-804c-f8eded7b9727 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + expression: return ldap.get('cn') + managed: goauthentik.io/sources/ldap/openldap-cn + name: 'authentik default OpenLDAP Mapping: cn' + object_field: name + id: null + identifiers: + pk: 76054195-65e0-4f97-a774-7e8d9612f629 + model: authentik_sources_ldap.ldappropertymapping +- attrs: + configure_flow: c5d9eba1-702b-47ac-8a3e-b2c35a7b1c82 + name: default-authenticator-static-setup + token_count: 6 + id: null + identifiers: + pk: f0ba6b97-9715-4e44-82d5-797a498f2670 + model: authentik_stages_authenticator_static.authenticatorstaticstage +- attrs: + configure_flow: f0728bbc-cd8b-4f47-82e9-a772d3ee9aad + digits: 6 + name: default-authenticator-totp-setup + id: null + identifiers: + pk: 5b558bd2-ffbc-4aa8-83f5-0efa8b5ff30f + model: authentik_stages_authenticator_totp.authenticatortotpstage +- attrs: + device_classes: + - static + - totp + - webauthn + - duo + - sms + last_auth_threshold: seconds=0 + name: custom-authentication-mfa-validation + not_configured_action: skip + id: null + identifiers: + pk: c6c8ccf5-7c15-4e38-8268-55f3b5508289 + model: authentik_stages_authenticator_validate.authenticatorvalidatestage +- attrs: + device_classes: + - static + - totp + - webauthn + - duo + - sms + last_auth_threshold: seconds=0 + name: default-authentication-mfa-validation + not_configured_action: skip + id: null + identifiers: + pk: cfa80f3f-8155-4a39-8355-7c1009a6dd6e + model: authentik_stages_authenticator_validate.authenticatorvalidatestage +- attrs: + configure_flow: f0d270db-d599-44a9-8bfc-e5be699cf9c7 + name: default-authenticator-webauthn-setup + resident_key_requirement: preferred + user_verification: preferred + id: null + identifiers: + pk: 9b7a4c91-6141-4985-8256-6b54e5813fba + model: authentik_stages_authenticator_webauthn.authenticatewebauthnstage +- attrs: + consent_expire_in: weeks=4 + mode: expiring + name: default-provider-authorization-consent + id: null + identifiers: + pk: d73fb82d-fed4-4226-848b-a5eff53de2df + model: authentik_stages_consent.consentstage +- attrs: + activate_user_on_success: true + from_address: system@authentik.local + host: localhost + name: default-recovery-email + port: 25 + subject: authentik + template: email/password_reset.html + timeout: 10 + token_expiry: 30 + use_global_settings: true + id: null + identifiers: + pk: 922056cc-10da-40f3-8da6-72e6f10fa9f9 + model: authentik_stages_email.emailstage +- attrs: + case_insensitive_matching: true + name: default-recovery-identification + show_matched_user: true + user_fields: + - email + - username + id: null + identifiers: + pk: 1093580a-842d-4217-bfde-b21fe7765d0d + model: authentik_stages_identification.identificationstage +- attrs: + case_insensitive_matching: true + name: custom-authentication-identification + password_stage: 9bedff02-ff8e-4df3-ab64-8a510872ded1 + recovery_flow: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + show_matched_user: true + user_fields: + - email + - username + id: null + identifiers: + pk: 71b51661-0149-4d43-a4ce-5bffe6de2130 + model: authentik_stages_identification.identificationstage +- attrs: + case_insensitive_matching: true + name: default-authentication-identification + show_matched_user: true + user_fields: + - email + - username + id: null + identifiers: + pk: 4df4c3c7-7163-4482-8356-648aa569d209 + model: authentik_stages_identification.identificationstage +- attrs: + backends: + - authentik.core.auth.InbuiltBackend + - authentik.sources.ldap.auth.LDAPBackend + - authentik.core.auth.TokenBackend + configure_flow: 02664d4c-6594-4298-bae9-1f7664a6fc19 + failed_attempts_before_cancel: 5 + name: custom-authentication-password + id: null + identifiers: + pk: 9bedff02-ff8e-4df3-ab64-8a510872ded1 + model: authentik_stages_password.passwordstage +- attrs: + backends: + - authentik.core.auth.InbuiltBackend + - authentik.sources.ldap.auth.LDAPBackend + - authentik.core.auth.TokenBackend + configure_flow: 02664d4c-6594-4298-bae9-1f7664a6fc19 + failed_attempts_before_cancel: 5 + name: default-authentication-password + id: null + identifiers: + pk: 45874e17-22e1-443e-ab6d-c92672877e87 + model: authentik_stages_password.passwordstage +- attrs: + field_key: password + label: Passwort + order: 0 + placeholder: Passwort + required: true + type: password + id: null + identifiers: + pk: 2fb3f08b-5a41-4e3b-8151-958f9a07abca + model: authentik_stages_prompt.prompt +- attrs: + field_key: password_repeat + label: Passwort (wiederholen) + order: 1 + placeholder: Passwort (wiederholen) + required: true + type: password + id: null + identifiers: + pk: 973340b1-5d8c-4327-85a3-712e166a6295 + model: authentik_stages_prompt.prompt +- attrs: + field_key: oobe-header-text + label: oobe-header-text + order: 100 + placeholder: Welcome to authentik! Please set a password for the default admin + user, akadmin. + required: true + type: static + id: null + identifiers: + pk: 20708e7f-d731-4a64-8c58-6ede815f2e35 + model: authentik_stages_prompt.prompt +- attrs: + field_key: username + label: Username + order: 200 + placeholder: "try:\n return user.username\nexcept:\n return ''" + placeholder_expression: true + required: true + type: text + id: null + identifiers: + pk: bac98be9-5ddd-4f67-bfe1-c36735f82f2b + model: authentik_stages_prompt.prompt +- attrs: + field_key: name + label: Name + order: 201 + placeholder: "try:\n return user.name\nexcept:\n return ''" + placeholder_expression: true + required: true + type: text + id: null + identifiers: + pk: f69abb06-cb98-4125-b31b-d9c809caf56e + model: authentik_stages_prompt.prompt +- attrs: + field_key: email + label: Email + order: 202 + placeholder: "try:\n return user.email\nexcept:\n return ''" + placeholder_expression: true + required: true + type: email + id: null + identifiers: + pk: 6f5308cb-e8d9-40e2-96f5-6701b144b8c4 + model: authentik_stages_prompt.prompt +- attrs: + field_key: attributes.settings.locale + label: Locale + order: 203 + placeholder: "try:\n return user.attributes.get(\"settings\", {}).get(\"locale\"\ + , \"\")\nexcept:\n return ''" + placeholder_expression: true + required: true + type: ak-locale + id: null + identifiers: + pk: b0e20532-9cc5-4b31-a70a-52e32efcda70 + model: authentik_stages_prompt.prompt +- attrs: + field_key: password + label: Password + order: 0 + placeholder: Password + required: true + sub_text: Test + type: password + id: null + identifiers: + pk: c282043f-5761-4791-acbb-6e35900ad035 + model: authentik_stages_prompt.prompt +- attrs: + field_key: password_repeat + label: Password (repeat) + order: 1 + placeholder: Password (repeat) + required: true + type: password + id: null + identifiers: + pk: 96cb3e9e-6d71-468b-a748-5c92b177559e + model: authentik_stages_prompt.prompt +- attrs: + fields: + - 96cb3e9e-6d71-468b-a748-5c92b177559e + - c282043f-5761-4791-acbb-6e35900ad035 + name: default-password-change-prompt + id: null + identifiers: + pk: bc9fb006-115f-43f5-bb43-0ecfac6a5bbf + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - f69abb06-cb98-4125-b31b-d9c809caf56e + - 6f5308cb-e8d9-40e2-96f5-6701b144b8c4 + - b0e20532-9cc5-4b31-a70a-52e32efcda70 + - bac98be9-5ddd-4f67-bfe1-c36735f82f2b + name: default-user-settings + validation_policies: + - 73b3ed2b-878e-4bbf-98f1-b258a06572a1 + id: null + identifiers: + pk: f9baffcb-ec9b-434a-b732-4b57a1e7febd + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - 96cb3e9e-6d71-468b-a748-5c92b177559e + - 20708e7f-d731-4a64-8c58-6ede815f2e35 + - c282043f-5761-4791-acbb-6e35900ad035 + - 6f5308cb-e8d9-40e2-96f5-6701b144b8c4 + name: stage-default-oobe-password + id: null + identifiers: + pk: 49cc0f58-21d9-4f77-a4f2-2a8788639cad + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - bac98be9-5ddd-4f67-bfe1-c36735f82f2b + name: default-source-enrollment-prompt + id: null + identifiers: + pk: 15f52945-429e-4599-a98d-8129facd4dc8 + model: authentik_stages_prompt.promptstage +- attrs: + fields: + - 2fb3f08b-5a41-4e3b-8151-958f9a07abca + - 973340b1-5d8c-4327-85a3-712e166a6295 + name: Change your password + id: null + identifiers: + pk: 834e7cb4-6a9c-4eac-a9de-c45cd5cc043a + model: authentik_stages_prompt.promptstage +- attrs: + name: default-source-enrollment-login + session_duration: seconds=0 + id: null + identifiers: + pk: a42c8934-31ea-46f7-87b6-a053b01f3a4e + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-recovery-user-login + session_duration: seconds=0 + id: null + identifiers: + pk: eff9c74f-0b80-406d-b71d-5848bd478370 + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-authentication-login + session_duration: seconds=0 + id: null + identifiers: + pk: 138912ad-310b-4eee-8a1b-623b351aa360 + model: authentik_stages_user_login.userloginstage +- attrs: + name: custom-authentication-login + session_duration: seconds=0 + id: null + identifiers: + pk: f6d91eb0-a84b-4952-bbd3-5a3004adee68 + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-source-authentication-login + session_duration: seconds=0 + id: null + identifiers: + pk: 1fe73c6f-d427-4791-b021-3b58bcffa05c + model: authentik_stages_user_login.userloginstage +- attrs: + name: default-invalidation-logout + id: null + identifiers: + pk: c01f7216-23df-4eab-8111-195baa0adc85 + model: authentik_stages_user_logout.userlogoutstage +- attrs: + name: default-source-enrollment-write + id: null + identifiers: + pk: 9971e30c-dbcb-4584-9d7c-bb1cbc304878 + model: authentik_stages_user_write.userwritestage +- attrs: + name: default-user-settings-write + id: null + identifiers: + pk: 34054180-4302-4317-8e06-3ddfcf3d5041 + model: authentik_stages_user_write.userwritestage +- attrs: + name: default-recovery-user-write + id: null + identifiers: + pk: f0be9ef7-ec83-4056-ba38-7d29d165dfd5 + model: authentik_stages_user_write.userwritestage +- attrs: + name: default-password-change-write + id: null + identifiers: + pk: 2872f0e7-58d7-465a-8f62-8128a4a67cb4 + model: authentik_stages_user_write.userwritestage +- attrs: + attributes: + settings: + locale: de + branding_favicon: /static/dist/assets/icons/icon.png + branding_logo: /static/dist/assets/icons/icon_left_brand.svg + branding_title: authentik + domain: authentik.dev.local-it.cloud + event_retention: days=365 + flow_authentication: 9bee257d-ceca-4f6c-adc7-a51a6d356253 + flow_invalidation: ee7ab351-e6d1-4b11-96a0-e457b1ccf8a7 + flow_recovery: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + flow_user_settings: f2d9d6bf-df11-4e4b-98b7-6cc052601748 + id: null + identifiers: + pk: 047cce25-aae2-4b02-9f96-078e155f803d + model: authentik_tenants.tenant +- attrs: + attributes: {} + branding_favicon: /static/dist/assets/icons/icon.png + branding_logo: /static/dist/assets/icons/icon_left_brand.svg + branding_title: authentik + default: true + domain: authentik-default + event_retention: days=365 + flow_authentication: 90bcc898-2683-4a74-90ef-0e88470f262e + flow_invalidation: ee7ab351-e6d1-4b11-96a0-e457b1ccf8a7 + flow_recovery: 9b971fe6-cc8b-43d3-9644-68f0ed8732cb + flow_user_settings: f2d9d6bf-df11-4e4b-98b7-6cc052601748 + id: null + identifiers: + pk: 3751a7c9-117b-499e-8e81-1e1e2bd84355 + model: authentik_tenants.tenant +- attrs: + context: {} + enabled: true + name: Default - Tenant + path: default/90-default-tenant.yaml + id: null + identifiers: + pk: 21283d8f-f24c-40eb-97ce-4007245454c0 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - TOTP MFA setup flow + path: default/20-flow-default-authenticator-totp-setup.yaml + id: null + identifiers: + pk: 4b3faf02-2d24-4a3c-9566-4bb38a0c7268 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Static MFA setup flow + path: default/20-flow-default-authenticator-static-setup.yaml + id: null + identifiers: + pk: 764a61e5-df11-41da-9595-91104968bd72 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: System - LDAP Source - Mappings + path: system/sources-ldap.yaml + id: null + identifiers: + pk: f27613c3-c75f-4675-919b-e23b41f6229d + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Provider authorization flow (implicit consent) + path: default/20-flow-default-provider-authorization-implicit-consent.yaml + id: null + identifiers: + pk: 6d812adc-9e94-4d53-b220-e96878a9848d + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - User settings flow + path: default/30-flow-default-user-settings-flow.yaml + id: null + identifiers: + pk: 127ed55e-f3c7-4c1d-8866-35f37f94b587 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Password change flow + path: default/0-flow-password-change.yaml + id: null + identifiers: + pk: 98ac29b8-1f65-445d-88b0-7459f71a7f94 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: System - Proxy Provider - Scopes + path: system/providers-proxy.yaml + id: null + identifiers: + pk: 52dda310-6d08-484d-8955-9fe84225afd4 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: System - OAuth2 Provider - Scopes + path: system/providers-oauth2.yaml + id: null + identifiers: + pk: a8d97eaa-45ce-4731-aff0-e97548061146 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Events Transport & Rules + path: default/40-events-default.yaml + id: null + identifiers: + pk: 7dfd7b66-b5df-4142-bf23-191b11406620 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: System - SAML Provider - Mappings + path: system/providers-saml.yaml + id: null + identifiers: + pk: c44acd3d-1c28-41b5-b527-1b03638b6c2e + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Invalidation flow + path: default/10-flow-default-invalidation-flow.yaml + id: null + identifiers: + pk: 7b6378b8-4869-4b0f-8477-d7ec540eed6c + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Source authentication flow + path: default/20-flow-default-source-authentication.yaml + id: null + identifiers: + pk: f66d0a87-51c1-4a58-a058-baf818867e2c + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - WebAuthn MFA setup flow + path: default/20-flow-default-authenticator-webauthn-setup.yaml + id: null + identifiers: + pk: a0b467ac-d395-4191-8ae2-37da63dfa383 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Source pre-authentication flow + path: default/20-flow-default-source-pre-authentication.yaml + id: null + identifiers: + pk: ed816a50-6655-46ac-ba39-78e87251bca8 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Authentication flow + path: default/10-flow-default-authentication-flow.yaml + id: null + identifiers: + pk: 46e94312-0574-4670-a78f-f798ef76d122 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Provider authorization flow (explicit consent) + path: default/20-flow-default-provider-authorization-explicit-consent.yaml + id: null + identifiers: + pk: f36a27ed-320f-4169-bbe7-b766c33d4c0c + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Custom - Flows + path: custom_flows.yaml + id: null + identifiers: + pk: 2745bb8a-e4ec-4611-9de6-e1f70964a1d8 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Source enrollment flow + path: default/20-flow-default-source-enrollment.yaml + id: null + identifiers: + pk: 149ee347-dda0-4376-a050-569e6c99c046 + model: authentik_blueprints.blueprintinstance +- attrs: + context: {} + enabled: true + name: Default - Out-of-box-experience flow + path: default/91-flow-oobe.yaml + id: null + identifiers: + pk: bbc02abe-1c9d-4dda-acd5-a5594860a0c8 + model: authentik_blueprints.blueprintinstance +- attrs: + attributes: {} + is_superuser: true + name: authentik Admins + users: + - 1 + id: null + identifiers: + pk: b6c3df76-c6a1-47e9-bb27-00b653f46eb5 + model: authentik_core.group +- attrs: + attributes: + goauthentik.io/user/override-ips: true + goauthentik.io/user/service-account: true + is_active: true + name: Outpost authentik Embedded Outpost Service-Account + path: goauthentik.io/outposts + username: ak-outpost-b61d19f10aef41acb601825d490e4a07 + id: null + identifiers: + pk: 3 + model: authentik_core.user +- attrs: + attributes: {} + email: test@dev.local-it.cloud + is_active: true + last_login: '2022-10-19T09:09:52.905345Z' + name: test + path: users + username: test + id: null + identifiers: + pk: 4 + model: authentik_core.user +- attrs: + attributes: {} + email: root@localhost + groups: + - b6c3df76-c6a1-47e9-bb27-00b653f46eb5 + is_active: true + last_login: '2022-10-19T11:16:02.304642Z' + name: authentik Default Admin + path: users + username: akadmin + id: null + identifiers: + pk: 1 + model: authentik_core.user +- attrs: + expires: '2022-10-18T17:23:16.590077Z' + identifier: authentik-bootstrap-token + intent: api + managed: null + user: 1 + id: null + identifiers: + pk: b4136c84-e277-4d6c-902f-95d41da319dd + model: authentik_core.token +- attrs: + description: Autogenerated by authentik for Outpost authentik Embedded Outpost + expires: '2022-10-18T17:25:18.144406Z' + identifier: ak-outpost-b61d19f1-0aef-41ac-b601-825d490e4a07-api + intent: api + managed: goauthentik.io/outpost/ak-outpost-b61d19f1-0aef-41ac-b601-825d490e4a07-api + user: 3 + id: null + identifiers: + pk: f89fc74b-f948-4b81-b227-b1e36d05b472 + model: authentik_core.token +metadata: + labels: + blueprints.goauthentik.io/generated: 'true' + name: authentik Export - 2022-10-19 11:18:27.844859+00:00 +version: 1 + \ No newline at end of file diff --git a/blueprints/invitation-enrollment.yaml b/blueprints/invitation-enrollment.yaml new file mode 100644 index 0000000..1275eba --- /dev/null +++ b/blueprints/invitation-enrollment.yaml @@ -0,0 +1,151 @@ +context: {} +entries: +- attrs: + compatibility_mode: true + denied_action: message_continue + designation: enrollment + layout: stacked + name: Willkommen zur Heimatbund Cloud! + policy_engine_mode: any + title: Willkommen zur Heimatbund Cloud! + id: null + identifiers: + pk: 235f1d35-302e-426f-8875-bb75c40e8a96 + slug: invitation-enrollment + model: authentik_flows.flow +- attrs: + field_key: password + label: Passwort + order: 300 + placeholder: Passwort + required: true + type: password + id: null + identifiers: + pk: 872c7220-0c42-4cef-b21c-9896820d86a3 + model: authentik_stages_prompt.prompt +- attrs: + field_key: username + label: Benutzername + order: 0 + placeholder: Benutzername + required: true + type: username + id: null + identifiers: + pk: 8c7cca12-afd7-42f9-92b2-df06d29bc0b5 + model: authentik_stages_prompt.prompt +- attrs: + field_key: name + label: Vor- und Nachname + order: 0 + placeholder: Name + required: true + type: text + id: null + identifiers: + pk: 52777e44-cbe7-4187-abc3-7f44327e4577 + model: authentik_stages_prompt.prompt +- attrs: + field_key: password_repeat + label: Passwort (wiederholung) + order: 301 + placeholder: Passwort (wiederholung) + required: true + type: password + id: null + identifiers: + pk: 4c6820c2-711d-4450-b977-70d225c6cbd1 + model: authentik_stages_prompt.prompt +- attrs: + field_key: email + label: Email + order: 1 + placeholder: Email + required: true + type: email + id: null + identifiers: + pk: 0fd026ab-228a-4aff-adde-e566f1dcee6a + model: authentik_stages_prompt.prompt + +- attrs: + fields: + - 872c7220-0c42-4cef-b21c-9896820d86a3 + - 8c7cca12-afd7-42f9-92b2-df06d29bc0b5 + - 52777e44-cbe7-4187-abc3-7f44327e4577 + - 4c6820c2-711d-4450-b977-70d225c6cbd1 + - 0fd026ab-228a-4aff-adde-e566f1dcee6a + id: null + identifiers: + name: default-enrollment-prompt-first + pk: b96f518c-6313-4091-8b52-20dd7557e868 + model: authentik_stages_prompt.promptstage +- attrs: {} + id: null + identifiers: + name: invitation + pk: 9780069a-0f1d-4f0f-b7c4-4592a9cdb333 + model: authentik_stages_invitation.invitationstage +- attrs: {} + id: null + identifiers: + name: default-enrollment-user-write + pk: 21667fc4-05b2-4b2f-8861-c8b40a6331b1 + model: authentik_stages_user_write.userwritestage +- attrs: + session_duration: seconds=0 + id: null + identifiers: + name: default-enrollment-user-login + pk: 6cdec92f-cd1f-40b1-b808-d6a5d50877ed + model: authentik_stages_user_login.userloginstage +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + policy_engine_mode: any + id: null + identifiers: + order: 1 + pk: eac283e8-2342-405e-a592-72b950f307c0 + stage: 9780069a-0f1d-4f0f-b7c4-4592a9cdb333 + target: 235f1d35-302e-426f-8875-bb75c40e8a96 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + policy_engine_mode: any + id: null + identifiers: + order: 10 + pk: 56276785-e6f5-42c7-9201-e63ec44281aa + stage: b96f518c-6313-4091-8b52-20dd7557e868 + target: 235f1d35-302e-426f-8875-bb75c40e8a96 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + policy_engine_mode: any + id: null + identifiers: + order: 20 + pk: 471de0f4-3e03-4bc8-873d-689860dc9efb + stage: 21667fc4-05b2-4b2f-8861-c8b40a6331b1 + target: 235f1d35-302e-426f-8875-bb75c40e8a96 + model: authentik_flows.flowstagebinding +- attrs: + evaluate_on_plan: true + invalid_response_action: retry + policy_engine_mode: any + id: null + identifiers: + order: 100 + pk: 58903955-e33a-4d9a-b882-edd93f4261f9 + stage: 6cdec92f-cd1f-40b1-b808-d6a5d50877ed + target: 235f1d35-302e-426f-8875-bb75c40e8a96 + model: authentik_flows.flowstagebinding +metadata: + labels: + blueprints.goauthentik.io/generated: 'true' + name: authentik Export - 2022-10-19 12:52:52.154491+00:00 +version: 1 diff --git a/compose.yml b/compose.yml index f5fc950..da0c2c8 100644 --- a/compose.yml +++ b/compose.yml @@ -69,7 +69,7 @@ services: - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}" - - "coop-cloud.${STACK_NAME}.version=0.6.0+2022.10.1" + - "coop-cloud.${STACK_NAME}.version=1.0.0+2022.10.1" worker: image: ghcr.io/goauthentik/server:2022.10.1 diff --git a/releases/1.0.0+2022.10.1 b/releases/1.0.0+2022.10.1 new file mode 100644 index 0000000..4734bc9 --- /dev/null +++ b/releases/1.0.0+2022.10.1 @@ -0,0 +1,15 @@ +This upgrade replaces the passwords stored in env variables by docker secrets. +You need to insert the following passwords as secret: + +`POSTGRES_PASSWORD` / `AUTHENTIK_POSTGRESQL__PASSWORD`: + `abra app secret insert db_password v1 ` +`AUTHENTIK_SECRET_KEY`: + `abra app secret insert secret_key v1 ` +`AK_ADMIN_TOKEN`: + `abra app secret insert admin_token v1 ` +`AK_ADMIN_PASS`: + `abra app secret insert admin_pass v1 ` +`AUTHENTIK_EMAIL__PASSWORD`: + `abra app secret insert email_pass v1 ` + +These variables should be removed from the .env file.