providers/saml: add default RelayState value for IDP-initiated requests (#7100)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
b90ed6bab3
commit
6f3fc22c9b
|
@ -146,6 +146,7 @@ class SAMLProviderSerializer(ProviderSerializer):
|
||||||
"signing_kp",
|
"signing_kp",
|
||||||
"verification_kp",
|
"verification_kp",
|
||||||
"sp_binding",
|
"sp_binding",
|
||||||
|
"default_relay_state",
|
||||||
"url_download_metadata",
|
"url_download_metadata",
|
||||||
"url_sso_post",
|
"url_sso_post",
|
||||||
"url_sso_redirect",
|
"url_sso_redirect",
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Generated by Django 4.2.6 on 2023-10-08 20:29
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
dependencies = [
|
||||||
|
("authentik_providers_saml", "0012_managed"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="samlprovider",
|
||||||
|
name="default_relay_state",
|
||||||
|
field=models.TextField(
|
||||||
|
blank=True,
|
||||||
|
default="",
|
||||||
|
help_text="Default relay_state value for IDP-initiated logins",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -138,6 +138,10 @@ class SAMLProvider(Provider):
|
||||||
verbose_name=_("Signing Keypair"),
|
verbose_name=_("Signing Keypair"),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
default_relay_state = models.TextField(
|
||||||
|
default="", blank=True, help_text=_("Default relay_state value for IDP-initiated logins")
|
||||||
|
)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def launch_url(self) -> Optional[str]:
|
def launch_url(self) -> Optional[str]:
|
||||||
"""Use IDP-Initiated SAML flow as launch URL"""
|
"""Use IDP-Initiated SAML flow as launch URL"""
|
||||||
|
|
|
@ -175,4 +175,7 @@ class AuthNRequestParser:
|
||||||
|
|
||||||
def idp_initiated(self) -> AuthNRequest:
|
def idp_initiated(self) -> AuthNRequest:
|
||||||
"""Create IdP Initiated AuthNRequest"""
|
"""Create IdP Initiated AuthNRequest"""
|
||||||
return AuthNRequest()
|
relay_state = None
|
||||||
|
if self.provider.default_relay_state != "":
|
||||||
|
relay_state = self.provider.default_relay_state
|
||||||
|
return AuthNRequest(relay_state=relay_state)
|
||||||
|
|
|
@ -8,6 +8,7 @@ from authentik.blueprints.tests import apply_blueprint
|
||||||
from authentik.core.tests.utils import create_test_admin_user, create_test_cert, create_test_flow
|
from authentik.core.tests.utils import create_test_admin_user, create_test_cert, create_test_flow
|
||||||
from authentik.crypto.models import CertificateKeyPair
|
from authentik.crypto.models import CertificateKeyPair
|
||||||
from authentik.events.models import Event, EventAction
|
from authentik.events.models import Event, EventAction
|
||||||
|
from authentik.lib.generators import generate_id
|
||||||
from authentik.lib.tests.utils import get_request
|
from authentik.lib.tests.utils import get_request
|
||||||
from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
|
from authentik.providers.saml.models import SAMLPropertyMapping, SAMLProvider
|
||||||
from authentik.providers.saml.processors.assertion import AssertionProcessor
|
from authentik.providers.saml.processors.assertion import AssertionProcessor
|
||||||
|
@ -264,3 +265,10 @@ class TestAuthNRequest(TestCase):
|
||||||
events.first().context["message"],
|
events.first().context["message"],
|
||||||
"Failed to evaluate property-mapping: 'test'",
|
"Failed to evaluate property-mapping: 'test'",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_idp_initiated(self):
|
||||||
|
"""Test IDP-initiated login"""
|
||||||
|
self.provider.default_relay_state = generate_id()
|
||||||
|
request = AuthNRequestParser(self.provider).idp_initiated()
|
||||||
|
self.assertEqual(request.id, None)
|
||||||
|
self.assertEqual(request.relay_state, self.provider.default_relay_state)
|
||||||
|
|
|
@ -4826,6 +4826,11 @@
|
||||||
],
|
],
|
||||||
"title": "Service Provider Binding",
|
"title": "Service Provider Binding",
|
||||||
"description": "This determines how authentik sends the response back to the Service Provider."
|
"description": "This determines how authentik sends the response back to the Service Provider."
|
||||||
|
},
|
||||||
|
"default_relay_state": {
|
||||||
|
"type": "string",
|
||||||
|
"title": "Default relay state",
|
||||||
|
"description": "Default relay_state value for IDP-initiated logins"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": []
|
"required": []
|
||||||
|
@ -7427,146 +7432,32 @@
|
||||||
"model_authentik_stages_invitation.invitation": {
|
"model_authentik_stages_invitation.invitation": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
"name": {
|
||||||
|
"type": "string",
|
||||||
|
"maxLength": 50,
|
||||||
|
"minLength": 1,
|
||||||
|
"pattern": "^[-a-zA-Z0-9_]+$",
|
||||||
|
"title": "Name"
|
||||||
|
},
|
||||||
"expires": {
|
"expires": {
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"format": "date-time",
|
"format": "date-time",
|
||||||
"title": "Expires"
|
"title": "Expires"
|
||||||
},
|
},
|
||||||
"user": {
|
"fixed_data": {
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"username": {
|
|
||||||
"type": "string",
|
|
||||||
"maxLength": 150,
|
|
||||||
"minLength": 1,
|
|
||||||
"title": "Username"
|
|
||||||
},
|
|
||||||
"name": {
|
|
||||||
"type": "string",
|
|
||||||
"title": "Name",
|
|
||||||
"description": "User's display name."
|
|
||||||
},
|
|
||||||
"is_active": {
|
|
||||||
"type": "boolean",
|
|
||||||
"title": "Active",
|
|
||||||
"description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts."
|
|
||||||
},
|
|
||||||
"last_login": {
|
|
||||||
"type": [
|
|
||||||
"string",
|
|
||||||
"null"
|
|
||||||
],
|
|
||||||
"format": "date-time",
|
|
||||||
"title": "Last login"
|
|
||||||
},
|
|
||||||
"groups": {
|
|
||||||
"type": "array",
|
|
||||||
"items": {
|
|
||||||
"type": "integer"
|
|
||||||
},
|
|
||||||
"title": "Groups"
|
|
||||||
},
|
|
||||||
"email": {
|
|
||||||
"type": "string",
|
|
||||||
"format": "email",
|
|
||||||
"maxLength": 254,
|
|
||||||
"title": "Email address"
|
|
||||||
},
|
|
||||||
"attributes": {
|
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"additionalProperties": true,
|
"additionalProperties": true,
|
||||||
"title": "Attributes"
|
"title": "Fixed data"
|
||||||
},
|
},
|
||||||
"path": {
|
"single_use": {
|
||||||
"type": "string",
|
|
||||||
"minLength": 1,
|
|
||||||
"title": "Path"
|
|
||||||
},
|
|
||||||
"type": {
|
|
||||||
"type": "string",
|
|
||||||
"enum": [
|
|
||||||
"internal",
|
|
||||||
"external",
|
|
||||||
"service_account",
|
|
||||||
"internal_service_account"
|
|
||||||
],
|
|
||||||
"title": "Type"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"required": [
|
|
||||||
"username",
|
|
||||||
"name"
|
|
||||||
],
|
|
||||||
"title": "User"
|
|
||||||
},
|
|
||||||
"application": {
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"name": {
|
|
||||||
"type": "string",
|
|
||||||
"minLength": 1,
|
|
||||||
"title": "Name",
|
|
||||||
"description": "Application's display Name."
|
|
||||||
},
|
|
||||||
"slug": {
|
|
||||||
"type": "string",
|
|
||||||
"maxLength": 50,
|
|
||||||
"minLength": 1,
|
|
||||||
"pattern": "^[-a-zA-Z0-9_]+$",
|
|
||||||
"title": "Slug",
|
|
||||||
"description": "Internal application name, used in URLs."
|
|
||||||
},
|
|
||||||
"provider": {
|
|
||||||
"type": "integer",
|
|
||||||
"title": "Provider"
|
|
||||||
},
|
|
||||||
"backchannel_providers": {
|
|
||||||
"type": "array",
|
|
||||||
"items": {
|
|
||||||
"type": "integer"
|
|
||||||
},
|
|
||||||
"title": "Backchannel providers"
|
|
||||||
},
|
|
||||||
"open_in_new_tab": {
|
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"title": "Open in new tab",
|
"title": "Single use",
|
||||||
"description": "Open launch URL in a new browser tab or window."
|
"description": "When enabled, the invitation will be deleted after usage."
|
||||||
},
|
},
|
||||||
"meta_launch_url": {
|
"flow": {
|
||||||
"type": "string",
|
"type": "integer",
|
||||||
"title": "Meta launch url"
|
"title": "Flow",
|
||||||
},
|
"description": "When set, only the configured flow can use this invitation."
|
||||||
"meta_description": {
|
|
||||||
"type": "string",
|
|
||||||
"title": "Meta description"
|
|
||||||
},
|
|
||||||
"meta_publisher": {
|
|
||||||
"type": "string",
|
|
||||||
"title": "Meta publisher"
|
|
||||||
},
|
|
||||||
"policy_engine_mode": {
|
|
||||||
"type": "string",
|
|
||||||
"enum": [
|
|
||||||
"all",
|
|
||||||
"any"
|
|
||||||
],
|
|
||||||
"title": "Policy engine mode"
|
|
||||||
},
|
|
||||||
"group": {
|
|
||||||
"type": "string",
|
|
||||||
"title": "Group"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"required": [
|
|
||||||
"name",
|
|
||||||
"slug"
|
|
||||||
],
|
|
||||||
"title": "Application"
|
|
||||||
},
|
|
||||||
"permissions": {
|
|
||||||
"type": "string",
|
|
||||||
"minLength": 1,
|
|
||||||
"title": "Permissions"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": []
|
"required": []
|
||||||
|
|
13
schema.yml
13
schema.yml
|
@ -16292,6 +16292,10 @@ paths:
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
format: uuid
|
format: uuid
|
||||||
|
- in: query
|
||||||
|
name: default_relay_state
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
- in: query
|
- in: query
|
||||||
name: digest_algorithm
|
name: digest_algorithm
|
||||||
schema:
|
schema:
|
||||||
|
@ -36303,6 +36307,9 @@ components:
|
||||||
|
|
||||||
* `redirect` - Redirect
|
* `redirect` - Redirect
|
||||||
* `post` - Post
|
* `post` - Post
|
||||||
|
default_relay_state:
|
||||||
|
type: string
|
||||||
|
description: Default relay_state value for IDP-initiated logins
|
||||||
PatchedSAMLSourceRequest:
|
PatchedSAMLSourceRequest:
|
||||||
type: object
|
type: object
|
||||||
description: SAMLSource Serializer
|
description: SAMLSource Serializer
|
||||||
|
@ -38480,6 +38487,9 @@ components:
|
||||||
|
|
||||||
* `redirect` - Redirect
|
* `redirect` - Redirect
|
||||||
* `post` - Post
|
* `post` - Post
|
||||||
|
default_relay_state:
|
||||||
|
type: string
|
||||||
|
description: Default relay_state value for IDP-initiated logins
|
||||||
url_download_metadata:
|
url_download_metadata:
|
||||||
type: string
|
type: string
|
||||||
description: Get metadata download URL
|
description: Get metadata download URL
|
||||||
|
@ -38624,6 +38634,9 @@ components:
|
||||||
|
|
||||||
* `redirect` - Redirect
|
* `redirect` - Redirect
|
||||||
* `post` - Post
|
* `post` - Post
|
||||||
|
default_relay_state:
|
||||||
|
type: string
|
||||||
|
description: Default relay_state value for IDP-initiated logins
|
||||||
required:
|
required:
|
||||||
- acs_url
|
- acs_url
|
||||||
- authorization_flow
|
- authorization_flow
|
||||||
|
|
|
@ -318,6 +318,24 @@ export class SAMLProviderFormPage extends ModelForm<SAMLProvider, number> {
|
||||||
</p>
|
</p>
|
||||||
<ak-utils-time-delta-help></ak-utils-time-delta-help>
|
<ak-utils-time-delta-help></ak-utils-time-delta-help>
|
||||||
</ak-form-element-horizontal>
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-element-horizontal
|
||||||
|
label=${msg("Default relay state")}
|
||||||
|
?required=${true}
|
||||||
|
name="defaultRelayState"
|
||||||
|
>
|
||||||
|
<input
|
||||||
|
type="text"
|
||||||
|
value="${this.instance?.defaultRelayState || ""}"
|
||||||
|
class="pf-c-form-control"
|
||||||
|
required
|
||||||
|
/>
|
||||||
|
<p class="pf-c-form__helper-text">
|
||||||
|
${msg(
|
||||||
|
"When using IDP-initiated logins, the relay state will be set to this value.",
|
||||||
|
)}
|
||||||
|
</p>
|
||||||
|
<ak-utils-time-delta-help></ak-utils-time-delta-help>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
|
|
||||||
<ak-form-element-horizontal
|
<ak-form-element-horizontal
|
||||||
label=${msg("Digest algorithm")}
|
label=${msg("Digest algorithm")}
|
||||||
|
|
|
@ -994,10 +994,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>SSL-Zertifikate der Upstream-Server prüfen.</target>
|
<target>SSL-Zertifikate der Upstream-Server prüfen.</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>Verwenden Sie diesen Provider mit auth_request von Nginx oder forwardAuth von Traefik. Jede Anwendung/Domäne benötigt ihren eigenen Provider. Zusätzlich muss auf jeder Domain /outpost.goauthentik.io an den Außenposten weitergeleitet werden (wenn Sie einen gemanagten Außenposten verwenden, wird dies für Sie erledigt).</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
<target>Verwenden Sie diesen Anbieter mit auth_request von nginx oder forwardAuth von traefik. Pro Root-Domain wird nur ein einziger Anbieter benötigt. Sie können keine Autorisierung pro Anwendung vornehmen, aber Sie müssen nicht für jede Anwendung einen Anbieter erstellen.</target>
|
<target>Verwenden Sie diesen Anbieter mit auth_request von nginx oder forwardAuth von traefik. Pro Root-Domain wird nur ein einziger Anbieter benötigt. Sie können keine Autorisierung pro Anwendung vornehmen, aber Sie müssen nicht für jede Anwendung einen Anbieter erstellen.</target>
|
||||||
|
@ -5925,6 +5921,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -1041,10 +1041,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>Validate SSL Certificates of upstream servers.</target>
|
<target>Validate SSL Certificates of upstream servers.</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
<target>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</target>
|
<target>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</target>
|
||||||
|
@ -6239,6 +6235,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -976,10 +976,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>Validar los certificados SSL de los servidores ascendentes.</target>
|
<target>Validar los certificados SSL de los servidores ascendentes.</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Cada aplicación/dominio necesita su propio proveedor. Además, en cada dominio, /outpost.goauthentik.io debe enrutarse al puesto avanzado (cuando se usa un puesto avanzado administrado, esto se hace por usted).</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
<target>Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Solo se requiere un único proveedor por dominio raíz. No puede realizar la autorización por solicitud, pero no tiene que crear un proveedor para cada solicitud.</target>
|
<target>Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Solo se requiere un único proveedor por dominio raíz. No puede realizar la autorización por solicitud, pero no tiene que crear un proveedor para cada solicitud.</target>
|
||||||
|
@ -5833,6 +5829,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -1295,11 +1295,6 @@ Il y a <x id="0" equiv-text="${ago}"/> jour(s)</target>
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>Valider les certificats SSL des serveurs amonts.</target>
|
<target>Valider les certificats SSL des serveurs amonts.</target>
|
||||||
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous).</target>
|
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
|
@ -7816,6 +7811,15 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
<target>WebAuthn n'est pas supporté pas ce navigateur.</target>
|
<target>WebAuthn n'est pas supporté pas ce navigateur.</target>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -1002,10 +1002,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>Sprawdź poprawność certyfikatów SSL serwerów nadrzędnych.</target>
|
<target>Sprawdź poprawność certyfikatów SSL serwerów nadrzędnych.</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Każda aplikacja/domena potrzebuje własnego dostawcy. Dodatkowo w każdej domenie /outpost.goauthentik.io musi być przekierowany do placówki (w przypadku korzystania z zarządzanej placówki jest to zrobione za Ciebie).</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
<target>Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Tylko jeden dostawca jest wymagany na domenę główną. Nie możesz wykonać autoryzacji dla aplikacji, ale nie musisz tworzyć dostawcy dla każdej aplikacji.</target>
|
<target>Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Tylko jeden dostawca jest wymagany na domenę główną. Nie możesz wykonać autoryzacji dla aplikacji, ale nie musisz tworzyć dostawcy dla każdej aplikacji.</target>
|
||||||
|
@ -6072,6 +6068,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -1025,10 +1025,6 @@
|
||||||
<trans-unit id="s4a26798e1c3c37dd">
|
<trans-unit id="s4a26798e1c3c37dd">
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
|
@ -6174,6 +6170,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -975,10 +975,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>Yayın yukarı akış sunucularının SSL Sertifikalarını doğrulayın.</target>
|
<target>Yayın yukarı akış sunucularının SSL Sertifikalarını doğrulayın.</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>Bu sağlayıcıyı nginx'in auth_request veya traefik's forwardAuth ile kullanın. Her uygulama/etki alanının kendi sağlayıcısına ihtiyacı vardır. Ayrıca, her etki alanında /outpost.goauthentik.io üsse yönlendirilmelidir (manged bir üs kullanırken, bu sizin için yapılır).</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
<target>Bu sağlayıcıyı nginx'in auth_request veya traefik'in forwardAuth ile kullanın. Kök etki alanı başına yalnızca tek bir sağlayıcı gereklidir. Uygulama başına yetkilendirme yapamazsınız, ancak her uygulama için bir sağlayıcı oluşturmanız gerekmez.</target>
|
<target>Bu sağlayıcıyı nginx'in auth_request veya traefik'in forwardAuth ile kullanın. Kök etki alanı başına yalnızca tek bir sağlayıcı gereklidir. Uygulama başına yetkilendirme yapamazsınız, ancak her uygulama için bir sağlayıcı oluşturmanız gerekmez.</target>
|
||||||
|
@ -5826,6 +5822,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -1295,11 +1295,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>验证上游服务器的 SSL 证书。</target>
|
<target>验证上游服务器的 SSL 证书。</target>
|
||||||
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用此提供程序。每个应用程序/域名都需要自己的提供程序。此外,在每个域名上,/outpost.goauthentik.io 必须路由到前哨(在使用托管的 Outpost 时,这已经为您处理好了)。</target>
|
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
|
@ -7818,6 +7813,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
<target>浏览器不支持 WebAuthn。</target>
|
<target>浏览器不支持 WebAuthn。</target>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -983,10 +983,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>验证上游服务器的 SSL 证书。</target>
|
<target>验证上游服务器的 SSL 证书。</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/outpost.goauthentik.io必须路由到 Outpost(使用托管的 Outpost 时,这是为您完成的)。</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
<target>将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个根域只需要一个提供程序。您无法执行每个应用程序的授权,但不必为每个应用程序创建提供程序。</target>
|
<target>将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个根域只需要一个提供程序。您无法执行每个应用程序的授权,但不必为每个应用程序创建提供程序。</target>
|
||||||
|
@ -5878,6 +5874,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -983,10 +983,6 @@
|
||||||
<source>Validate SSL Certificates of upstream servers.</source>
|
<source>Validate SSL Certificates of upstream servers.</source>
|
||||||
<target>验证上游服务器的 SSL 证书。</target>
|
<target>验证上游服务器的 SSL 证书。</target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s9c73dced379c37a2">
|
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a manged outpost, this is done for you).</source>
|
|
||||||
<target>将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个应用程序/域都需要自己的提供商。此外,在每个域上,/outpost.goauthentik.io必须路由到 Outpost(使用托管的 Outpost 时,这是为您完成的)。</target>
|
|
||||||
</trans-unit>
|
|
||||||
<trans-unit id="s44c90273f08fb718">
|
<trans-unit id="s44c90273f08fb718">
|
||||||
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application.</source>
|
||||||
<target>将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个根域只需要一个提供程序。您无法执行每个应用程序的授权,但不必为每个应用程序创建提供程序。</target>
|
<target>将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个根域只需要一个提供程序。您无法执行每个应用程序的授权,但不必为每个应用程序创建提供程序。</target>
|
||||||
|
@ -5877,6 +5873,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="se9e9e1d6799b86a5">
|
<trans-unit id="se9e9e1d6799b86a5">
|
||||||
<source>WebAuthn not supported by browser.</source>
|
<source>WebAuthn not supported by browser.</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="sff0ac1ace2d90709">
|
||||||
|
<source>Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you).</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="scb58b8a60cad8762">
|
||||||
|
<source>Default relay state</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s6827a456c9dfc6ee">
|
||||||
|
<source>When using IDP-initiated logins, the relay state will be set to this value.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
Reference in a new issue