website/docs: fix website build
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
d2e9683411
commit
d52cc30341
|
@ -42,7 +42,7 @@ import Objects from '../expressions/_objects.md'
|
||||||
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
|
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
|
||||||
- `geoip`: GeoIP object, which is added when GeoIP is enabled. See [GeoIP](https://geoip2.readthedocs.io/en/latest/#geoip2.models.City)
|
- `geoip`: GeoIP object, which is added when GeoIP is enabled. See [GeoIP](https://geoip2.readthedocs.io/en/latest/#geoip2.models.City)
|
||||||
- `ak_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
|
- `ak_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
|
||||||
- `ak_client_ip`: Client's IP Address or 255.255.255.255 if no IP Address could be extracted. Can be [compared](../expressions/index.md#comparing-ip-addresses), for example
|
- `ak_client_ip`: Client's IP Address or 255.255.255.255 if no IP Address could be extracted. Can be [compared](#comparing-ip-addresses), for example
|
||||||
|
|
||||||
```python
|
```python
|
||||||
return ak_client_ip in ip_network('10.0.0.0/24')
|
return ak_client_ip in ip_network('10.0.0.0/24')
|
||||||
|
|
|
@ -2,11 +2,7 @@
|
||||||
title: Policies
|
title: Policies
|
||||||
---
|
---
|
||||||
|
|
||||||
## Standard Policies
|
## Reputation Policy
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
### Reputation Policy
|
|
||||||
|
|
||||||
authentik keeps track of failed login attempts by source IP and attempted username. These values are saved as scores. Each failed login decreases the score for the client IP as well as the targeted username by 1 (one).
|
authentik keeps track of failed login attempts by source IP and attempted username. These values are saved as scores. Each failed login decreases the score for the client IP as well as the targeted username by 1 (one).
|
||||||
|
|
||||||
|
@ -14,13 +10,13 @@ This policy can be used, for example, to prompt clients with a low score to pass
|
||||||
|
|
||||||
## Expression Policy
|
## Expression Policy
|
||||||
|
|
||||||
See [Expression Policy](expression.md).
|
See [Expression Policy](expression.mdx).
|
||||||
|
|
||||||
## Password Policies
|
## Password Policies
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
### Password Policy
|
## Password Policy
|
||||||
|
|
||||||
This policy allows you to specify password rules, such as length and required characters.
|
This policy allows you to specify password rules, such as length and required characters.
|
||||||
The following rules can be set:
|
The following rules can be set:
|
||||||
|
@ -31,10 +27,10 @@ The following rules can be set:
|
||||||
- Minimum length.
|
- Minimum length.
|
||||||
- Symbol charset (define which characters are counted as symbols).
|
- Symbol charset (define which characters are counted as symbols).
|
||||||
|
|
||||||
### Have I Been Pwned Policy
|
## Have I Been Pwned Policy
|
||||||
|
|
||||||
This policy checks the hashed password against the [Have I Been Pwned](https://haveibeenpwned.com/) API. This only sends the first 5 characters of the hashed password. The remaining comparison is done within authentik.
|
This policy checks the hashed password against the [Have I Been Pwned](https://haveibeenpwned.com/) API. This only sends the first 5 characters of the hashed password. The remaining comparison is done within authentik.
|
||||||
|
|
||||||
### Password-Expiry Policy
|
## Password-Expiry Policy
|
||||||
|
|
||||||
This policy can enforce regular password rotation by expiring set passwords after a finite amount of time. This forces users to set a new password.
|
This policy can enforce regular password rotation by expiring set passwords after a finite amount of time. This forces users to set a new password.
|
||||||
|
|
Reference in New Issue