CaZzzer/alpina
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

authentik: default auth flow modifications, add passwordless flow

Browse Source
This commit is contained in:
Iurii Tatishchev 2023-11-15 14:57:47 -08:00
parent be14ddd5fc
commit 3d1a509681
Signed by: CaZzzer
GPG Key ID: 9A156B7DA6398968
1 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
roles/alpina/collections/services/authentik/templates/blueprints/default-authentication.yaml.j2
View File

@ -2,16 +2,55 @@ version: 1
metadata: metadata:
labels: labels:
blueprints.goauthentik.io/instantiate: "true" blueprints.goauthentik.io/instantiate: "true"
name: Alpina - Default Identification Stage name: Alpina - Default Authentication Modifications
entries: entries:
# Add a new flow for passwordless WebAuthn authentication
- identifiers:
slug: authentication-passwordless-flow
model: authentik_flows.flow
attrs:
designation: authentication
name: WebAuthn Authentication Flow
title: Sign in with a passkey
# Add a new stage to the flow to validate just WebAuthn devices
- identifiers:
name: webauthn-validation
model: authentik_stages_authenticator_validate.authenticatorvalidatestage
attrs:
device_classes:
- webauthn
not_configured_action: deny
webauthn_user_verification: required
# Stage bindings for passwordless flow,
# 1. Validate WebAuthn key
- identifiers:
order: 10
stage: !Find [authentik_stages_authenticator_validate.authenticatorvalidatestage, [name, webauthn-validation]]
target: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
model: authentik_flows.flowstagebinding
# 2. Finish authenticating user
- identifiers:
order: 100
stage: !Find [authentik_stages_user_login.userloginstage, [name, default-authentication-login]]
target: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
model: authentik_flows.flowstagebinding
# Some modifications to the default identification stage
- identifiers: - identifiers:
name: default-authentication-identification name: default-authentication-identification
model: authentik_stages_identification.identificationstage model: authentik_stages_identification.identificationstage
attrs: attrs:
# Allow username and password fields to be on the same page
password_stage: !Find [authentik_stages_password.passwordstage, [name, default-authentication-password]]
# Add a button to use the passwordless WebAuthn flow
passwordless_flow: !Find [authentik_flows.flow, [slug, authentication-passwordless-flow]]
sources: sources:
- !Find [authentik_core.source, [slug, authentik-built-in]] - !Find [authentik_core.source, [slug, authentik-built-in]]
- !Find [authentik_sources_oauth.oauthsource, [slug, github]] - !Find [authentik_sources_oauth.oauthsource, [slug, github]]
# Enable compatibility mode for the default authentication flow for better autofill support
- identifiers: - identifiers:
slug: default-authentication-flow slug: default-authentication-flow
model: authentik_flows.flow model: authentik_flows.flow