This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/blueprints/default/20-flow-default-source-authentication.yaml
Jens L db95dfe38d
security: fix CVE 2022 46145 (#4140)
* add flow authentication requirement

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add website for cve

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* flows: handle FlowNonApplicableException without policy result

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 16:14:25 +01:00

39 lines
1.1 KiB
YAML

version: 1
metadata:
name: Default - Source authentication flow
entries:
- attrs:
designation: authentication
name: Welcome to authentik!
title: Welcome to authentik!
authentication: require_unauthenticated
identifiers:
slug: default-source-authentication
model: authentik_flows.flow
id: flow
- attrs:
expression: |
# This policy ensures that this flow can only be used when the user
# is in a SSO Flow (meaning they come from an external IdP)
return ak_is_sso_flow
identifiers:
name: default-source-authentication-if-sso
id: default-source-authentication-if-sso
model: authentik_policies_expression.expressionpolicy
- attrs:
session_duration: seconds=0
identifiers:
name: default-source-authentication-login
id: default-source-authentication-login
model: authentik_stages_user_login.userloginstage
- identifiers:
order: 0
stage: !KeyOf default-source-authentication-login
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- identifiers:
order: 0
policy: !KeyOf default-source-authentication-if-sso
target: !KeyOf flow
model: authentik_policies.policybinding