diff --git a/.dockerignore b/.dockerignore index 352faf761..8d20d66d6 100644 --- a/.dockerignore +++ b/.dockerignore @@ -9,3 +9,4 @@ blueprints/local .git !gen-ts-api/node_modules !gen-ts-api/dist/** +!gen-go-api/ diff --git a/.github/codespell-words.txt b/.github/codespell-words.txt index 71f2f1c2c..29fb24832 100644 --- a/.github/codespell-words.txt +++ b/.github/codespell-words.txt @@ -2,3 +2,4 @@ keypair keypairs hass warmup +ontext diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml index 282543d96..71bfc0d7a 100644 --- a/.github/workflows/ci-main.yml +++ b/.github/workflows/ci-main.yml @@ -249,12 +249,6 @@ jobs: VERSION_FAMILY=${{ steps.ev.outputs.versionFamily }} cache-from: type=gha cache-to: type=gha,mode=max - - name: Comment on PR - if: github.event_name == 'pull_request' - continue-on-error: true - uses: ./.github/actions/comment-pr-instructions - with: - tag: gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }} build-arm64: needs: ci-core-mark runs-on: ubuntu-latest @@ -303,3 +297,26 @@ jobs: platforms: linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max + pr-comment: + needs: + - build + - build-arm64 + runs-on: ubuntu-latest + if: ${{ github.event_name == 'pull_request' }} + permissions: + # Needed to write comments on PRs + pull-requests: write + timeout-minutes: 120 + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: prepare variables + uses: ./.github/actions/docker-push-variables + id: ev + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + - name: Comment on PR + uses: ./.github/actions/comment-pr-instructions + with: + tag: gh-${{ steps.ev.outputs.branchNameContainer }}-${{ steps.ev.outputs.timestamp }}-${{ steps.ev.outputs.shortHash }} diff --git a/.github/workflows/ci-outpost.yml b/.github/workflows/ci-outpost.yml index 196fa0b3b..35c83ac86 100644 --- a/.github/workflows/ci-outpost.yml +++ b/.github/workflows/ci-outpost.yml @@ -65,6 +65,7 @@ jobs: - proxy - ldap - radius + - rac runs-on: ubuntu-latest permissions: # Needed to upload contianer images to ghcr.io @@ -119,6 +120,7 @@ jobs: - proxy - ldap - radius + - rac goos: [linux] goarch: [amd64, arm64] steps: diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml index c3c6a0d48..c002ab8a5 100644 --- a/.github/workflows/release-publish.yml +++ b/.github/workflows/release-publish.yml @@ -65,6 +65,7 @@ jobs: - proxy - ldap - radius + - rac steps: - uses: actions/checkout@v4 - uses: actions/setup-go@v5 diff --git a/Makefile b/Makefile index cba39f96c..3c925de9d 100644 --- a/Makefile +++ b/Makefile @@ -58,7 +58,7 @@ test: ## Run the server tests and produce a coverage report (locally) lint-fix: ## Lint and automatically fix errors in the python source code. Reports spelling errors. isort $(PY_SOURCES) black $(PY_SOURCES) - ruff $(PY_SOURCES) + ruff --fix $(PY_SOURCES) codespell -w $(CODESPELL_ARGS) lint: ## Lint the python and golang sources diff --git a/authentik/blueprints/apps.py b/authentik/blueprints/apps.py index fc286eb7e..c90f9211e 100644 --- a/authentik/blueprints/apps.py +++ b/authentik/blueprints/apps.py @@ -42,7 +42,7 @@ class ManagedAppConfig(AppConfig): meth() self._logger.debug("Successfully reconciled", name=name) except (DatabaseError, ProgrammingError, InternalError) as exc: - self._logger.debug("Failed to run reconcile", name=name, exc=exc) + self._logger.warning("Failed to run reconcile", name=name, exc=exc) def reconcile_tenant(self) -> None: """reconcile ourselves for tenanted methods""" diff --git a/authentik/core/channels.py b/authentik/core/channels.py index 00f213efc..722e9e03f 100644 --- a/authentik/core/channels.py +++ b/authentik/core/channels.py @@ -1,22 +1,29 @@ """Channels base classes""" +from channels.db import database_sync_to_async from channels.exceptions import DenyConnection -from channels.generic.websocket import JsonWebsocketConsumer from rest_framework.exceptions import AuthenticationFailed from structlog.stdlib import get_logger from authentik.api.authentication import bearer_auth -from authentik.core.models import User LOGGER = get_logger() -class AuthJsonConsumer(JsonWebsocketConsumer): +class TokenOutpostMiddleware: """Authorize a client with a token""" - user: User + def __init__(self, inner): + self.inner = inner - def connect(self): - headers = dict(self.scope["headers"]) + async def __call__(self, scope, receive, send): + scope = dict(scope) + await self.auth(scope) + return await self.inner(scope, receive, send) + + @database_sync_to_async + def auth(self, scope): + """Authenticate request from header""" + headers = dict(scope["headers"]) if b"authorization" not in headers: LOGGER.warning("WS Request without authorization header") raise DenyConnection() @@ -32,4 +39,4 @@ class AuthJsonConsumer(JsonWebsocketConsumer): LOGGER.warning("Failed to authenticate", exc=exc) raise DenyConnection() - self.user = user + scope["user"] = user diff --git a/authentik/core/views/interface.py b/authentik/core/views/interface.py index 03d483183..faeb40b82 100644 --- a/authentik/core/views/interface.py +++ b/authentik/core/views/interface.py @@ -22,6 +22,7 @@ class InterfaceView(TemplateView): kwargs["version_family"] = f"{LOCAL_VERSION.major}.{LOCAL_VERSION.minor}" kwargs["version_subdomain"] = f"version-{LOCAL_VERSION.major}-{LOCAL_VERSION.minor}" kwargs["build"] = get_build_hash() + kwargs["url_kwargs"] = self.kwargs return super().get_context_data(**kwargs) diff --git a/authentik/enterprise/policy.py b/authentik/enterprise/policy.py index 0c714322a..20bf438a0 100644 --- a/authentik/enterprise/policy.py +++ b/authentik/enterprise/policy.py @@ -1,6 +1,8 @@ """Enterprise license policies""" from typing import Optional +from django.utils.translation import gettext_lazy as _ + from authentik.core.models import User, UserTypes from authentik.enterprise.models import LicenseKey from authentik.policies.types import PolicyRequest, PolicyResult @@ -13,10 +15,10 @@ class EnterprisePolicyAccessView(PolicyAccessView): def check_license(self): """Check license""" if not LicenseKey.get_total().is_valid(): - return False + return PolicyResult(False, _("Enterprise required to access this feature.")) if self.request.user.type != UserTypes.INTERNAL: - return False - return True + return PolicyResult(False, _("Feature only accessible for internal users.")) + return PolicyResult(True) def user_has_access(self, user: Optional[User] = None) -> PolicyResult: user = user or self.request.user @@ -24,7 +26,7 @@ class EnterprisePolicyAccessView(PolicyAccessView): request.http_request = self.request result = super().user_has_access(user) enterprise_result = self.check_license() - if not enterprise_result: + if not enterprise_result.passing: return enterprise_result return result diff --git a/authentik/enterprise/providers/__init__.py b/authentik/enterprise/providers/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/enterprise/providers/rac/__init__.py b/authentik/enterprise/providers/rac/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/enterprise/providers/rac/api/__init__.py b/authentik/enterprise/providers/rac/api/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/enterprise/providers/rac/api/endpoints.py b/authentik/enterprise/providers/rac/api/endpoints.py new file mode 100644 index 000000000..b0b0239c5 --- /dev/null +++ b/authentik/enterprise/providers/rac/api/endpoints.py @@ -0,0 +1,133 @@ +"""RAC Provider API Views""" +from typing import Optional + +from django.core.cache import cache +from django.db.models import QuerySet +from django.urls import reverse +from drf_spectacular.types import OpenApiTypes +from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema +from rest_framework.fields import SerializerMethodField +from rest_framework.request import Request +from rest_framework.response import Response +from rest_framework.serializers import ModelSerializer +from rest_framework.viewsets import ModelViewSet +from structlog.stdlib import get_logger + +from authentik.core.api.used_by import UsedByMixin +from authentik.core.models import Provider +from authentik.enterprise.providers.rac.api.providers import RACProviderSerializer +from authentik.enterprise.providers.rac.models import Endpoint +from authentik.policies.engine import PolicyEngine +from authentik.rbac.filters import ObjectFilter + +LOGGER = get_logger() + + +def user_endpoint_cache_key(user_pk: str) -> str: + """Cache key where endpoint list for user is saved""" + return f"goauthentik.io/providers/rac/endpoint_access/{user_pk}" + + +class EndpointSerializer(ModelSerializer): + """Endpoint Serializer""" + + provider_obj = RACProviderSerializer(source="provider", read_only=True) + launch_url = SerializerMethodField() + + def get_launch_url(self, endpoint: Endpoint) -> Optional[str]: + """Build actual launch URL (the provider itself does not have one, just + individual endpoints)""" + try: + # pylint: disable=no-member + return reverse( + "authentik_providers_rac:start", + kwargs={"app": endpoint.provider.application.slug, "endpoint": endpoint.pk}, + ) + except Provider.application.RelatedObjectDoesNotExist: + return None + + class Meta: + model = Endpoint + fields = [ + "pk", + "name", + "provider", + "provider_obj", + "protocol", + "host", + "settings", + "property_mappings", + "auth_mode", + "launch_url", + ] + + +class EndpointViewSet(UsedByMixin, ModelViewSet): + """Endpoint Viewset""" + + queryset = Endpoint.objects.all() + serializer_class = EndpointSerializer + filterset_fields = ["name", "provider"] + search_fields = ["name", "protocol"] + ordering = ["name", "protocol"] + + def _filter_queryset_for_list(self, queryset: QuerySet) -> QuerySet: + """Custom filter_queryset method which ignores guardian, but still supports sorting""" + for backend in list(self.filter_backends): + if backend == ObjectFilter: + continue + queryset = backend().filter_queryset(self.request, queryset, self) + return queryset + + def _get_allowed_endpoints(self, queryset: QuerySet) -> list[Endpoint]: + endpoints = [] + for endpoint in queryset: + engine = PolicyEngine(endpoint, self.request.user, self.request) + engine.build() + if engine.passing: + endpoints.append(endpoint) + return endpoints + + @extend_schema( + parameters=[ + OpenApiParameter( + "search", + OpenApiTypes.STR, + ), + OpenApiParameter( + name="superuser_full_list", + location=OpenApiParameter.QUERY, + type=OpenApiTypes.BOOL, + ), + ], + responses={ + 200: EndpointSerializer(many=True), + 400: OpenApiResponse(description="Bad request"), + }, + ) + def list(self, request: Request, *args, **kwargs) -> Response: + """List accessible endpoints""" + should_cache = request.GET.get("search", "") == "" + + superuser_full_list = str(request.GET.get("superuser_full_list", "false")).lower() == "true" + if superuser_full_list and request.user.is_superuser: + return super().list(request) + + queryset = self._filter_queryset_for_list(self.get_queryset()) + self.paginate_queryset(queryset) + + allowed_endpoints = [] + if not should_cache: + allowed_endpoints = self._get_allowed_endpoints(queryset) + if should_cache: + allowed_endpoints = cache.get(user_endpoint_cache_key(self.request.user.pk)) + if not allowed_endpoints: + LOGGER.debug("Caching allowed endpoint list") + allowed_endpoints = self._get_allowed_endpoints(queryset) + cache.set( + user_endpoint_cache_key(self.request.user.pk), + allowed_endpoints, + timeout=86400, + ) + serializer = self.get_serializer(allowed_endpoints, many=True) + return self.get_paginated_response(serializer.data) diff --git a/authentik/enterprise/providers/rac/api/property_mappings.py b/authentik/enterprise/providers/rac/api/property_mappings.py new file mode 100644 index 000000000..35daec95c --- /dev/null +++ b/authentik/enterprise/providers/rac/api/property_mappings.py @@ -0,0 +1,35 @@ +"""RAC Provider API Views""" +from rest_framework.fields import CharField +from rest_framework.viewsets import ModelViewSet + +from authentik.core.api.propertymappings import PropertyMappingSerializer +from authentik.core.api.used_by import UsedByMixin +from authentik.core.api.utils import JSONDictField +from authentik.enterprise.providers.rac.models import RACPropertyMapping + + +class RACPropertyMappingSerializer(PropertyMappingSerializer): + """RACPropertyMapping Serializer""" + + static_settings = JSONDictField() + expression = CharField(allow_blank=True, required=False) + + def validate_expression(self, expression: str) -> str: + """Test Syntax""" + if expression == "": + return expression + return super().validate_expression(expression) + + class Meta: + model = RACPropertyMapping + fields = PropertyMappingSerializer.Meta.fields + ["static_settings"] + + +class RACPropertyMappingViewSet(UsedByMixin, ModelViewSet): + """RACPropertyMapping Viewset""" + + queryset = RACPropertyMapping.objects.all() + serializer_class = RACPropertyMappingSerializer + search_fields = ["name"] + ordering = ["name"] + filterset_fields = ["name", "managed"] diff --git a/authentik/enterprise/providers/rac/api/providers.py b/authentik/enterprise/providers/rac/api/providers.py new file mode 100644 index 000000000..6dd4f9f82 --- /dev/null +++ b/authentik/enterprise/providers/rac/api/providers.py @@ -0,0 +1,31 @@ +"""RAC Provider API Views""" +from rest_framework.fields import CharField, ListField +from rest_framework.viewsets import ModelViewSet + +from authentik.core.api.providers import ProviderSerializer +from authentik.core.api.used_by import UsedByMixin +from authentik.enterprise.providers.rac.models import RACProvider + + +class RACProviderSerializer(ProviderSerializer): + """RACProvider Serializer""" + + outpost_set = ListField(child=CharField(), read_only=True, source="outpost_set.all") + + class Meta: + model = RACProvider + fields = ProviderSerializer.Meta.fields + ["settings", "outpost_set", "connection_expiry"] + extra_kwargs = ProviderSerializer.Meta.extra_kwargs + + +class RACProviderViewSet(UsedByMixin, ModelViewSet): + """RACProvider Viewset""" + + queryset = RACProvider.objects.all() + serializer_class = RACProviderSerializer + filterset_fields = { + "application": ["isnull"], + "name": ["iexact"], + } + search_fields = ["name"] + ordering = ["name"] diff --git a/authentik/enterprise/providers/rac/apps.py b/authentik/enterprise/providers/rac/apps.py new file mode 100644 index 000000000..973159bb9 --- /dev/null +++ b/authentik/enterprise/providers/rac/apps.py @@ -0,0 +1,17 @@ +"""RAC app config""" +from authentik.blueprints.apps import ManagedAppConfig + + +class AuthentikEnterpriseProviderRAC(ManagedAppConfig): + """authentik enterprise rac app config""" + + name = "authentik.enterprise.providers.rac" + label = "authentik_providers_rac" + verbose_name = "authentik Enterprise.Providers.RAC" + default = True + mountpoint = "" + ws_mountpoint = "authentik.enterprise.providers.rac.urls" + + def reconcile_load_rac_signals(self): + """Load rac signals""" + self.import_module("authentik.enterprise.providers.rac.signals") diff --git a/authentik/enterprise/providers/rac/consumer_client.py b/authentik/enterprise/providers/rac/consumer_client.py new file mode 100644 index 000000000..57fef7d74 --- /dev/null +++ b/authentik/enterprise/providers/rac/consumer_client.py @@ -0,0 +1,163 @@ +"""RAC Client consumer""" +from asgiref.sync import async_to_sync +from channels.db import database_sync_to_async +from channels.exceptions import ChannelFull, DenyConnection +from channels.generic.websocket import AsyncWebsocketConsumer +from django.http.request import QueryDict +from structlog.stdlib import BoundLogger, get_logger + +from authentik.enterprise.providers.rac.models import ConnectionToken, RACProvider +from authentik.outposts.consumer import OUTPOST_GROUP_INSTANCE +from authentik.outposts.models import Outpost, OutpostState, OutpostType + +# Global broadcast group, which messages are sent to when the outpost connects back +# to authentik for a specific connection +# The `RACClientConsumer` consumer adds itself to this group on connection, +# and removes itself once it has been assigned a specific outpost channel +RAC_CLIENT_GROUP = "group_enterprise_rac_client" +# A group for all connections in a given authentik session ID +# A disconnect message is sent to this group when the session expires/is deleted +RAC_CLIENT_GROUP_SESSION = "group_enterprise_rac_client_%(session)s" +# A group for all connections with a specific token, which in almost all cases +# is just one connection, however this is used to disconnect the connection +# when the token is deleted +RAC_CLIENT_GROUP_TOKEN = "group_enterprise_rac_token_%(token)s" # nosec + +# Step 1: Client connects to this websocket endpoint +# Step 2: We prepare all the connection args for Guac +# Step 3: Send a websocket message to a single outpost that has this provider assigned +# (Currently sending to all of them) +# (Should probably do different load balancing algorithms) +# Step 4: Outpost creates a websocket connection back to authentik +# with /ws/outpost_rac// +# Step 5: This consumer transfers data between the two channels + + +class RACClientConsumer(AsyncWebsocketConsumer): + """RAC client consumer the browser connects to""" + + dest_channel_id: str = "" + provider: RACProvider + token: ConnectionToken + logger: BoundLogger + + async def connect(self): + await self.accept("guacamole") + await self.channel_layer.group_add(RAC_CLIENT_GROUP, self.channel_name) + await self.channel_layer.group_add( + RAC_CLIENT_GROUP_SESSION % {"session": self.scope["session"].session_key}, + self.channel_name, + ) + await self.init_outpost_connection() + + async def disconnect(self, code): + self.logger.debug("Disconnecting") + # Tell the outpost we're disconnecting + await self.channel_layer.send( + self.dest_channel_id, + { + "type": "event.disconnect", + }, + ) + + @database_sync_to_async + def init_outpost_connection(self): + """Initialize guac connection settings""" + self.token = ConnectionToken.filter_not_expired( + token=self.scope["url_route"]["kwargs"]["token"] + ).first() + if not self.token: + raise DenyConnection() + self.provider = self.token.provider + params = self.token.get_settings() + self.logger = get_logger().bind( + endpoint=self.token.endpoint.name, user=self.scope["user"].username + ) + msg = { + "type": "event.provider.specific", + "sub_type": "init_connection", + "dest_channel_id": self.channel_name, + "params": params, + "protocol": self.token.endpoint.protocol, + } + query = QueryDict(self.scope["query_string"].decode()) + for key in ["screen_width", "screen_height", "screen_dpi", "audio"]: + value = query.get(key, None) + if not value: + continue + msg[key] = str(value) + outposts = Outpost.objects.filter( + type=OutpostType.RAC, + providers__in=[self.provider], + ) + if not outposts.exists(): + self.logger.warning("Provider has no outpost") + raise DenyConnection() + for outpost in outposts: + # Sort all states for the outpost by connection count + states = sorted( + OutpostState.for_outpost(outpost), + key=lambda state: int(state.args.get("active_connections", 0)), + ) + if len(states) < 1: + continue + self.logger.debug("Sending out connection broadcast") + async_to_sync(self.channel_layer.group_send)( + OUTPOST_GROUP_INSTANCE % {"outpost_pk": str(outpost.pk), "instance": states[0].uid}, + msg, + ) + + async def receive(self, text_data=None, bytes_data=None): + """Mirror data received from client to the dest_channel_id + which is the channel talking to guacd""" + if self.dest_channel_id == "": + return + if self.token.is_expired: + await self.event_disconnect({"reason": "token_expiry"}) + return + try: + await self.channel_layer.send( + self.dest_channel_id, + { + "type": "event.send", + "text_data": text_data, + "bytes_data": bytes_data, + }, + ) + except ChannelFull: + pass + + async def event_outpost_connected(self, event: dict): + """Handle event broadcasted from outpost consumer, and check if they + created a connection for us""" + outpost_channel = event.get("outpost_channel") + if event.get("client_channel") != self.channel_name: + return + if self.dest_channel_id != "": + # We've already selected an outpost channel, so tell the other channel to disconnect + # This should never happen since we remove ourselves from the broadcast group + await self.channel_layer.send( + outpost_channel, + { + "type": "event.disconnect", + }, + ) + return + self.logger.debug("Connected to a single outpost instance") + self.dest_channel_id = outpost_channel + # Since we have a specific outpost channel now, we can remove + # ourselves from the global broadcast group + await self.channel_layer.group_discard(RAC_CLIENT_GROUP, self.channel_name) + + async def event_send(self, event: dict): + """Handler called by outpost websocket that sends data to this specific + client connection""" + if self.token.is_expired: + await self.event_disconnect({"reason": "token_expiry"}) + return + await self.send(text_data=event.get("text_data"), bytes_data=event.get("bytes_data")) + + async def event_disconnect(self, event: dict): + """Disconnect when the session ends""" + self.logger.info("Disconnecting RAC connection", reason=event.get("reason")) + await self.close() diff --git a/authentik/enterprise/providers/rac/consumer_outpost.py b/authentik/enterprise/providers/rac/consumer_outpost.py new file mode 100644 index 000000000..8fa42d859 --- /dev/null +++ b/authentik/enterprise/providers/rac/consumer_outpost.py @@ -0,0 +1,48 @@ +"""RAC consumer""" +from channels.exceptions import ChannelFull +from channels.generic.websocket import AsyncWebsocketConsumer + +from authentik.enterprise.providers.rac.consumer_client import RAC_CLIENT_GROUP + + +class RACOutpostConsumer(AsyncWebsocketConsumer): + """Consumer the outpost connects to, to send specific data back to a client connection""" + + dest_channel_id: str + + async def connect(self): + self.dest_channel_id = self.scope["url_route"]["kwargs"]["channel"] + await self.accept() + await self.channel_layer.group_send( + RAC_CLIENT_GROUP, + { + "type": "event.outpost.connected", + "outpost_channel": self.channel_name, + "client_channel": self.dest_channel_id, + }, + ) + + async def receive(self, text_data=None, bytes_data=None): + """Mirror data received from guacd running in the outpost + to the dest_channel_id which is the channel talking to the browser""" + try: + await self.channel_layer.send( + self.dest_channel_id, + { + "type": "event.send", + "text_data": text_data, + "bytes_data": bytes_data, + }, + ) + except ChannelFull: + pass + + async def event_send(self, event: dict): + """Handler called by client websocket that sends data to this specific + outpost connection""" + await self.send(text_data=event.get("text_data"), bytes_data=event.get("bytes_data")) + + async def event_disconnect(self, event: dict): + """Tell outpost we're about to disconnect""" + await self.send(text_data="0.authentik.disconnect") + await self.close() diff --git a/authentik/enterprise/providers/rac/controllers/__init__.py b/authentik/enterprise/providers/rac/controllers/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/enterprise/providers/rac/controllers/docker.py b/authentik/enterprise/providers/rac/controllers/docker.py new file mode 100644 index 000000000..8dac04d06 --- /dev/null +++ b/authentik/enterprise/providers/rac/controllers/docker.py @@ -0,0 +1,11 @@ +"""RAC Provider Docker Controller""" +from authentik.outposts.controllers.docker import DockerController +from authentik.outposts.models import DockerServiceConnection, Outpost + + +class RACDockerController(DockerController): + """RAC Provider Docker Controller""" + + def __init__(self, outpost: Outpost, connection: DockerServiceConnection): + super().__init__(outpost, connection) + self.deployment_ports = [] diff --git a/authentik/enterprise/providers/rac/controllers/kubernetes.py b/authentik/enterprise/providers/rac/controllers/kubernetes.py new file mode 100644 index 000000000..f7768735e --- /dev/null +++ b/authentik/enterprise/providers/rac/controllers/kubernetes.py @@ -0,0 +1,13 @@ +"""RAC Provider Kubernetes Controller""" +from authentik.outposts.controllers.k8s.service import ServiceReconciler +from authentik.outposts.controllers.kubernetes import KubernetesController +from authentik.outposts.models import KubernetesServiceConnection, Outpost + + +class RACKubernetesController(KubernetesController): + """RAC Provider Kubernetes Controller""" + + def __init__(self, outpost: Outpost, connection: KubernetesServiceConnection): + super().__init__(outpost, connection) + self.deployment_ports = [] + del self.reconcilers[ServiceReconciler.reconciler_name()] diff --git a/authentik/enterprise/providers/rac/migrations/0001_initial.py b/authentik/enterprise/providers/rac/migrations/0001_initial.py new file mode 100644 index 000000000..ef8702886 --- /dev/null +++ b/authentik/enterprise/providers/rac/migrations/0001_initial.py @@ -0,0 +1,164 @@ +# Generated by Django 4.2.8 on 2023-12-29 15:58 + +import uuid + +import django.db.models.deletion +from django.db import migrations, models + +import authentik.core.models +import authentik.lib.utils.time + + +class Migration(migrations.Migration): + initial = True + + dependencies = [ + ("authentik_policies", "0011_policybinding_failure_result_and_more"), + ("authentik_core", "0032_group_roles"), + ] + + operations = [ + migrations.CreateModel( + name="RACPropertyMapping", + fields=[ + ( + "propertymapping_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_core.propertymapping", + ), + ), + ("static_settings", models.JSONField(default=dict)), + ], + options={ + "verbose_name": "RAC Property Mapping", + "verbose_name_plural": "RAC Property Mappings", + }, + bases=("authentik_core.propertymapping",), + ), + migrations.CreateModel( + name="RACProvider", + fields=[ + ( + "provider_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_core.provider", + ), + ), + ("settings", models.JSONField(default=dict)), + ( + "auth_mode", + models.TextField( + choices=[("static", "Static"), ("prompt", "Prompt")], default="prompt" + ), + ), + ( + "connection_expiry", + models.TextField( + default="hours=8", + help_text="Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)", + validators=[authentik.lib.utils.time.timedelta_string_validator], + ), + ), + ], + options={ + "verbose_name": "RAC Provider", + "verbose_name_plural": "RAC Providers", + }, + bases=("authentik_core.provider",), + ), + migrations.CreateModel( + name="Endpoint", + fields=[ + ( + "policybindingmodel_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_policies.policybindingmodel", + ), + ), + ("name", models.TextField()), + ("host", models.TextField()), + ( + "protocol", + models.TextField(choices=[("rdp", "Rdp"), ("vnc", "Vnc"), ("ssh", "Ssh")]), + ), + ("settings", models.JSONField(default=dict)), + ( + "auth_mode", + models.TextField(choices=[("static", "Static"), ("prompt", "Prompt")]), + ), + ( + "property_mappings", + models.ManyToManyField( + blank=True, default=None, to="authentik_core.propertymapping" + ), + ), + ( + "provider", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + to="authentik_providers_rac.racprovider", + ), + ), + ], + options={ + "verbose_name": "RAC Endpoint", + "verbose_name_plural": "RAC Endpoints", + }, + bases=("authentik_policies.policybindingmodel", models.Model), + ), + migrations.CreateModel( + name="ConnectionToken", + fields=[ + ( + "expires", + models.DateTimeField(default=authentik.core.models.default_token_duration), + ), + ("expiring", models.BooleanField(default=True)), + ( + "connection_token_uuid", + models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False), + ), + ("token", models.TextField(default=authentik.core.models.default_token_key)), + ("settings", models.JSONField(default=dict)), + ( + "endpoint", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + to="authentik_providers_rac.endpoint", + ), + ), + ( + "provider", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + to="authentik_providers_rac.racprovider", + ), + ), + ( + "session", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + to="authentik_core.authenticatedsession", + ), + ), + ], + options={ + "abstract": False, + }, + ), + ] diff --git a/authentik/enterprise/providers/rac/migrations/__init__.py b/authentik/enterprise/providers/rac/migrations/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/enterprise/providers/rac/models.py b/authentik/enterprise/providers/rac/models.py new file mode 100644 index 000000000..d79bbd54c --- /dev/null +++ b/authentik/enterprise/providers/rac/models.py @@ -0,0 +1,191 @@ +"""RAC Models""" +from typing import Optional +from uuid import uuid4 + +from deepmerge import always_merger +from django.db import models +from django.db.models import QuerySet +from django.utils.translation import gettext as _ +from rest_framework.serializers import Serializer +from structlog.stdlib import get_logger + +from authentik.core.exceptions import PropertyMappingExpressionException +from authentik.core.models import ExpiringModel, PropertyMapping, Provider, default_token_key +from authentik.events.models import Event, EventAction +from authentik.lib.models import SerializerModel +from authentik.lib.utils.time import timedelta_string_validator +from authentik.policies.models import PolicyBindingModel + +LOGGER = get_logger() + + +class Protocols(models.TextChoices): + """Supported protocols""" + + RDP = "rdp" + VNC = "vnc" + SSH = "ssh" + + +class AuthenticationMode(models.TextChoices): + """Authentication modes""" + + STATIC = "static" + PROMPT = "prompt" + + +class RACProvider(Provider): + """Remotely access computers/servers""" + + settings = models.JSONField(default=dict) + auth_mode = models.TextField( + choices=AuthenticationMode.choices, default=AuthenticationMode.PROMPT + ) + connection_expiry = models.TextField( + default="hours=8", + validators=[timedelta_string_validator], + help_text=_( + "Determines how long a session lasts. Default of 0 means " + "that the sessions lasts until the browser is closed. " + "(Format: hours=-1;minutes=-2;seconds=-3)" + ), + ) + + @property + def launch_url(self) -> Optional[str]: + """URL to this provider and initiate authorization for the user. + Can return None for providers that are not URL-based""" + return "goauthentik.io://providers/rac/launch" + + @property + def component(self) -> str: + return "ak-provider-rac-form" + + @property + def serializer(self) -> type[Serializer]: + from authentik.enterprise.providers.rac.api.providers import RACProviderSerializer + + return RACProviderSerializer + + class Meta: + verbose_name = _("RAC Provider") + verbose_name_plural = _("RAC Providers") + + +class Endpoint(SerializerModel, PolicyBindingModel): + """Remote-accessible endpoint""" + + name = models.TextField() + host = models.TextField() + protocol = models.TextField(choices=Protocols.choices) + settings = models.JSONField(default=dict) + auth_mode = models.TextField(choices=AuthenticationMode.choices) + provider = models.ForeignKey("RACProvider", on_delete=models.CASCADE) + + property_mappings = models.ManyToManyField( + "authentik_core.PropertyMapping", default=None, blank=True + ) + + @property + def serializer(self) -> type[Serializer]: + from authentik.enterprise.providers.rac.api.endpoints import EndpointSerializer + + return EndpointSerializer + + def __str__(self): + return f"RAC Endpoint {self.name}" + + class Meta: + verbose_name = _("RAC Endpoint") + verbose_name_plural = _("RAC Endpoints") + + +class RACPropertyMapping(PropertyMapping): + """Configure settings for remote access endpoints.""" + + static_settings = models.JSONField(default=dict) + + @property + def component(self) -> str: + return "ak-property-mapping-rac-form" + + @property + def serializer(self) -> type[Serializer]: + from authentik.enterprise.providers.rac.api.property_mappings import ( + RACPropertyMappingSerializer, + ) + + return RACPropertyMappingSerializer + + class Meta: + verbose_name = _("RAC Property Mapping") + verbose_name_plural = _("RAC Property Mappings") + + +class ConnectionToken(ExpiringModel): + """Token for a single connection to a specified endpoint""" + + connection_token_uuid = models.UUIDField(default=uuid4, primary_key=True) + provider = models.ForeignKey(RACProvider, on_delete=models.CASCADE) + endpoint = models.ForeignKey(Endpoint, on_delete=models.CASCADE) + token = models.TextField(default=default_token_key) + settings = models.JSONField(default=dict) + session = models.ForeignKey("authentik_core.AuthenticatedSession", on_delete=models.CASCADE) + + def get_settings(self) -> dict: + """Get settings""" + default_settings = {} + if ":" in self.endpoint.host: + host, _, port = self.endpoint.host.partition(":") + default_settings["hostname"] = host + default_settings["port"] = str(port) + else: + default_settings["hostname"] = self.endpoint.host + default_settings["client-name"] = "authentik" + # default_settings["enable-drive"] = "true" + # default_settings["drive-name"] = "authentik" + settings = {} + always_merger.merge(settings, default_settings) + always_merger.merge(settings, self.endpoint.provider.settings) + always_merger.merge(settings, self.endpoint.settings) + always_merger.merge(settings, self.settings) + + def mapping_evaluator(mappings: QuerySet): + for mapping in mappings: + mapping: RACPropertyMapping + if len(mapping.static_settings) > 0: + always_merger.merge(settings, mapping.static_settings) + continue + try: + mapping_settings = mapping.evaluate( + self.session.user, None, endpoint=self.endpoint, provider=self.provider + ) + always_merger.merge(settings, mapping_settings) + except PropertyMappingExpressionException as exc: + Event.new( + EventAction.CONFIGURATION_ERROR, + message=f"Failed to evaluate property-mapping: '{mapping.name}'", + provider=self.provider, + mapping=mapping, + ).set_user(self.session.user).save() + LOGGER.warning("Failed to evaluate property mapping", exc=exc) + + mapping_evaluator( + RACPropertyMapping.objects.filter(provider__in=[self.provider]).order_by("name") + ) + mapping_evaluator( + RACPropertyMapping.objects.filter(endpoint__in=[self.endpoint]).order_by("name") + ) + + settings["drive-path"] = f"/tmp/connection/{self.token}" # nosec + settings["create-drive-path"] = "true" + # Ensure all values of the settings dict are strings + for key, value in settings.items(): + if isinstance(value, str): + continue + # Special case for bools + if isinstance(value, bool): + settings[key] = str(value).lower() + continue + settings[key] = str(value) + return settings diff --git a/authentik/enterprise/providers/rac/signals.py b/authentik/enterprise/providers/rac/signals.py new file mode 100644 index 000000000..21f727690 --- /dev/null +++ b/authentik/enterprise/providers/rac/signals.py @@ -0,0 +1,54 @@ +"""RAC Signals""" +from asgiref.sync import async_to_sync +from channels.layers import get_channel_layer +from django.contrib.auth.signals import user_logged_out +from django.core.cache import cache +from django.db.models import Model +from django.db.models.signals import post_save, pre_delete +from django.dispatch import receiver +from django.http import HttpRequest + +from authentik.core.models import User +from authentik.enterprise.providers.rac.api.endpoints import user_endpoint_cache_key +from authentik.enterprise.providers.rac.consumer_client import ( + RAC_CLIENT_GROUP_SESSION, + RAC_CLIENT_GROUP_TOKEN, +) +from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint + + +@receiver(user_logged_out) +def user_logged_out_session(sender, request: HttpRequest, user: User, **_): + """Disconnect any open RAC connections""" + layer = get_channel_layer() + async_to_sync(layer.group_send)( + RAC_CLIENT_GROUP_SESSION + % { + "session": request.session.session_key, + }, + {"type": "event.disconnect", "reason": "session_logout"}, + ) + + +@receiver(pre_delete, sender=ConnectionToken) +def pre_delete_connection_token_disconnect(sender, instance: ConnectionToken, **_): + """Disconnect session when connection token is deleted""" + layer = get_channel_layer() + async_to_sync(layer.group_send)( + RAC_CLIENT_GROUP_TOKEN + % { + "token": instance.token, + }, + {"type": "event.disconnect", "reason": "token_delete"}, + ) + + +@receiver(post_save, sender=Endpoint) +def post_save_application(sender: type[Model], instance, created: bool, **_): + """Clear user's application cache upon application creation""" + if not created: # pragma: no cover + return + + # Delete user endpoint cache + keys = cache.keys(user_endpoint_cache_key("*")) + cache.delete_many(keys) diff --git a/authentik/enterprise/providers/rac/templates/if/rac.html b/authentik/enterprise/providers/rac/templates/if/rac.html new file mode 100644 index 000000000..1d1a03398 --- /dev/null +++ b/authentik/enterprise/providers/rac/templates/if/rac.html @@ -0,0 +1,18 @@ +{% extends "base/skeleton.html" %} + +{% load static %} + +{% block head %} + + + + + +{% include "base/header_js.html" %} +{% endblock %} + +{% block body %} + + + +{% endblock %} diff --git a/authentik/enterprise/providers/rac/tests/__init__.py b/authentik/enterprise/providers/rac/tests/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/authentik/enterprise/providers/rac/tests/test_endpoints_api.py b/authentik/enterprise/providers/rac/tests/test_endpoints_api.py new file mode 100644 index 000000000..0a659bccd --- /dev/null +++ b/authentik/enterprise/providers/rac/tests/test_endpoints_api.py @@ -0,0 +1,168 @@ +"""Test Endpoints API""" + +from django.urls import reverse +from rest_framework.test import APITestCase + +from authentik.core.models import Application +from authentik.core.tests.utils import create_test_admin_user +from authentik.enterprise.providers.rac.models import Endpoint, Protocols, RACProvider +from authentik.lib.generators import generate_id +from authentik.policies.dummy.models import DummyPolicy +from authentik.policies.models import PolicyBinding + + +class TestEndpointsAPI(APITestCase): + """Test endpoints API""" + + def setUp(self) -> None: + self.user = create_test_admin_user() + self.provider = RACProvider.objects.create( + name=generate_id(), + ) + self.app = Application.objects.create( + name=generate_id(), + slug=generate_id(), + provider=self.provider, + ) + self.allowed = Endpoint.objects.create( + name=f"a-{generate_id()}", + host=generate_id(), + protocol=Protocols.RDP, + provider=self.provider, + ) + self.denied = Endpoint.objects.create( + name=f"b-{generate_id()}", + host=generate_id(), + protocol=Protocols.RDP, + provider=self.provider, + ) + PolicyBinding.objects.create( + target=self.denied, + policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), + order=0, + ) + + def test_list(self): + """Test list operation without superuser_full_list""" + self.client.force_login(self.user) + response = self.client.get(reverse("authentik_api:endpoint-list")) + self.assertJSONEqual( + response.content.decode(), + { + "pagination": { + "next": 0, + "previous": 0, + "count": 2, + "current": 1, + "total_pages": 1, + "start_index": 1, + "end_index": 2, + }, + "results": [ + { + "pk": str(self.allowed.pk), + "name": self.allowed.name, + "provider": self.provider.pk, + "provider_obj": { + "pk": self.provider.pk, + "name": self.provider.name, + "authentication_flow": None, + "authorization_flow": None, + "property_mappings": [], + "connection_expiry": "hours=8", + "component": "ak-provider-rac-form", + "assigned_application_slug": self.app.slug, + "assigned_application_name": self.app.name, + "verbose_name": "RAC Provider", + "verbose_name_plural": "RAC Providers", + "meta_model_name": "authentik_providers_rac.racprovider", + "settings": {}, + "outpost_set": [], + }, + "protocol": "rdp", + "host": self.allowed.host, + "settings": {}, + "property_mappings": [], + "auth_mode": "", + "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", + }, + ], + }, + ) + + def test_list_superuser_full_list(self): + """Test list operation with superuser_full_list""" + self.client.force_login(self.user) + response = self.client.get( + reverse("authentik_api:endpoint-list") + "?superuser_full_list=true" + ) + self.assertJSONEqual( + response.content.decode(), + { + "pagination": { + "next": 0, + "previous": 0, + "count": 2, + "current": 1, + "total_pages": 1, + "start_index": 1, + "end_index": 2, + }, + "results": [ + { + "pk": str(self.allowed.pk), + "name": self.allowed.name, + "provider": self.provider.pk, + "provider_obj": { + "pk": self.provider.pk, + "name": self.provider.name, + "authentication_flow": None, + "authorization_flow": None, + "property_mappings": [], + "component": "ak-provider-rac-form", + "assigned_application_slug": self.app.slug, + "assigned_application_name": self.app.name, + "connection_expiry": "hours=8", + "verbose_name": "RAC Provider", + "verbose_name_plural": "RAC Providers", + "meta_model_name": "authentik_providers_rac.racprovider", + "settings": {}, + "outpost_set": [], + }, + "protocol": "rdp", + "host": self.allowed.host, + "settings": {}, + "property_mappings": [], + "auth_mode": "", + "launch_url": f"/application/rac/{self.app.slug}/{str(self.allowed.pk)}/", + }, + { + "pk": str(self.denied.pk), + "name": self.denied.name, + "provider": self.provider.pk, + "provider_obj": { + "pk": self.provider.pk, + "name": self.provider.name, + "authentication_flow": None, + "authorization_flow": None, + "property_mappings": [], + "component": "ak-provider-rac-form", + "assigned_application_slug": self.app.slug, + "assigned_application_name": self.app.name, + "connection_expiry": "hours=8", + "verbose_name": "RAC Provider", + "verbose_name_plural": "RAC Providers", + "meta_model_name": "authentik_providers_rac.racprovider", + "settings": {}, + "outpost_set": [], + }, + "protocol": "rdp", + "host": self.denied.host, + "settings": {}, + "property_mappings": [], + "auth_mode": "", + "launch_url": f"/application/rac/{self.app.slug}/{str(self.denied.pk)}/", + }, + ], + }, + ) diff --git a/authentik/enterprise/providers/rac/tests/test_models.py b/authentik/enterprise/providers/rac/tests/test_models.py new file mode 100644 index 000000000..48218f41b --- /dev/null +++ b/authentik/enterprise/providers/rac/tests/test_models.py @@ -0,0 +1,144 @@ +"""Test RAC Models""" +from django.test import TransactionTestCase + +from authentik.core.models import Application, AuthenticatedSession +from authentik.core.tests.utils import create_test_admin_user +from authentik.enterprise.providers.rac.models import ( + ConnectionToken, + Endpoint, + Protocols, + RACPropertyMapping, + RACProvider, +) +from authentik.lib.generators import generate_id + + +class TestModels(TransactionTestCase): + """Test RAC Models""" + + def setUp(self): + self.user = create_test_admin_user() + self.provider = RACProvider.objects.create( + name=generate_id(), + ) + self.app = Application.objects.create( + name=generate_id(), + slug=generate_id(), + provider=self.provider, + ) + self.endpoint = Endpoint.objects.create( + name=generate_id(), + host=f"{generate_id()}:1324", + protocol=Protocols.RDP, + provider=self.provider, + ) + + def test_settings_merge(self): + """Test settings merge""" + token = ConnectionToken.objects.create( + provider=self.provider, + endpoint=self.endpoint, + session=AuthenticatedSession.objects.create( + user=self.user, + session_key=generate_id(), + ), + ) + path = f"/tmp/connection/{token.token}" # nosec + self.assertEqual( + token.get_settings(), + { + "hostname": self.endpoint.host.split(":")[0], + "port": "1324", + "client-name": "authentik", + "drive-path": path, + "create-drive-path": "true", + }, + ) + # Set settings in provider + self.provider.settings = {"level": "provider"} + self.provider.save() + self.assertEqual( + token.get_settings(), + { + "hostname": self.endpoint.host.split(":")[0], + "port": "1324", + "client-name": "authentik", + "drive-path": path, + "create-drive-path": "true", + "level": "provider", + }, + ) + # Set settings in endpoint + self.endpoint.settings = { + "level": "endpoint", + } + self.endpoint.save() + self.assertEqual( + token.get_settings(), + { + "hostname": self.endpoint.host.split(":")[0], + "port": "1324", + "client-name": "authentik", + "drive-path": path, + "create-drive-path": "true", + "level": "endpoint", + }, + ) + # Set settings in token + token.settings = { + "level": "token", + } + token.save() + self.assertEqual( + token.get_settings(), + { + "hostname": self.endpoint.host.split(":")[0], + "port": "1324", + "client-name": "authentik", + "drive-path": path, + "create-drive-path": "true", + "level": "token", + }, + ) + # Set settings in property mapping (provider) + mapping = RACPropertyMapping.objects.create( + name=generate_id(), + expression="""return { + "level": "property_mapping_provider" + }""", + ) + self.provider.property_mappings.add(mapping) + self.assertEqual( + token.get_settings(), + { + "hostname": self.endpoint.host.split(":")[0], + "port": "1324", + "client-name": "authentik", + "drive-path": path, + "create-drive-path": "true", + "level": "property_mapping_provider", + }, + ) + # Set settings in property mapping (endpoint) + mapping = RACPropertyMapping.objects.create( + name=generate_id(), + static_settings={ + "level": "property_mapping_endpoint", + "foo": True, + "bar": 6, + }, + ) + self.endpoint.property_mappings.add(mapping) + self.assertEqual( + token.get_settings(), + { + "hostname": self.endpoint.host.split(":")[0], + "port": "1324", + "client-name": "authentik", + "drive-path": path, + "create-drive-path": "true", + "level": "property_mapping_endpoint", + "foo": "true", + "bar": "6", + }, + ) diff --git a/authentik/enterprise/providers/rac/tests/test_views.py b/authentik/enterprise/providers/rac/tests/test_views.py new file mode 100644 index 000000000..e2fb14a11 --- /dev/null +++ b/authentik/enterprise/providers/rac/tests/test_views.py @@ -0,0 +1,132 @@ +"""RAC Views tests""" +from datetime import timedelta +from json import loads +from time import mktime +from unittest.mock import MagicMock, patch + +from django.urls import reverse +from django.utils.timezone import now +from rest_framework.test import APITestCase + +from authentik.core.models import Application +from authentik.core.tests.utils import create_test_admin_user, create_test_flow +from authentik.enterprise.models import License, LicenseKey +from authentik.enterprise.providers.rac.models import Endpoint, Protocols, RACProvider +from authentik.lib.generators import generate_id +from authentik.policies.denied import AccessDeniedResponse +from authentik.policies.dummy.models import DummyPolicy +from authentik.policies.models import PolicyBinding + + +class TestRACViews(APITestCase): + """RAC Views tests""" + + def setUp(self): + self.user = create_test_admin_user() + self.flow = create_test_flow() + self.provider = RACProvider.objects.create(name=generate_id(), authorization_flow=self.flow) + self.app = Application.objects.create( + name=generate_id(), + slug=generate_id(), + provider=self.provider, + ) + self.endpoint = Endpoint.objects.create( + name=generate_id(), + host=f"{generate_id()}:1324", + protocol=Protocols.RDP, + provider=self.provider, + ) + + @patch( + "authentik.enterprise.models.LicenseKey.validate", + MagicMock( + return_value=LicenseKey( + aud="", + exp=int(mktime((now() + timedelta(days=3000)).timetuple())), + name=generate_id(), + internal_users=100, + external_users=100, + ) + ), + ) + def test_no_policy(self): + """Test request""" + License.objects.create(key=generate_id()) + self.client.force_login(self.user) + response = self.client.get( + reverse( + "authentik_providers_rac:start", + kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, + ) + ) + self.assertEqual(response.status_code, 302) + flow_response = self.client.get( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) + ) + body = loads(flow_response.content) + next_url = body["to"] + final_response = self.client.get(next_url) + self.assertEqual(final_response.status_code, 200) + + @patch( + "authentik.enterprise.models.LicenseKey.validate", + MagicMock( + return_value=LicenseKey( + aud="", + exp=int(mktime((now() + timedelta(days=3000)).timetuple())), + name=generate_id(), + internal_users=100, + external_users=100, + ) + ), + ) + def test_app_deny(self): + """Test request (deny on app level)""" + PolicyBinding.objects.create( + target=self.app, + policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), + order=0, + ) + License.objects.create(key=generate_id()) + self.client.force_login(self.user) + response = self.client.get( + reverse( + "authentik_providers_rac:start", + kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, + ) + ) + self.assertIsInstance(response, AccessDeniedResponse) + + @patch( + "authentik.enterprise.models.LicenseKey.validate", + MagicMock( + return_value=LicenseKey( + aud="", + exp=int(mktime((now() + timedelta(days=3000)).timetuple())), + name=generate_id(), + internal_users=100, + external_users=100, + ) + ), + ) + def test_endpoint_deny(self): + """Test request (deny on endpoint level)""" + PolicyBinding.objects.create( + target=self.endpoint, + policy=DummyPolicy.objects.create(name="deny", result=False, wait_min=1, wait_max=2), + order=0, + ) + License.objects.create(key=generate_id()) + self.client.force_login(self.user) + response = self.client.get( + reverse( + "authentik_providers_rac:start", + kwargs={"app": self.app.slug, "endpoint": str(self.endpoint.pk)}, + ) + ) + self.assertEqual(response.status_code, 302) + flow_response = self.client.get( + reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}) + ) + body = loads(flow_response.content) + self.assertEqual(body["component"], "ak-stage-access-denied") diff --git a/authentik/enterprise/providers/rac/urls.py b/authentik/enterprise/providers/rac/urls.py new file mode 100644 index 000000000..383619a3a --- /dev/null +++ b/authentik/enterprise/providers/rac/urls.py @@ -0,0 +1,47 @@ +"""rac urls""" +from channels.auth import AuthMiddleware +from channels.sessions import CookieMiddleware +from django.urls import path +from django.views.decorators.csrf import ensure_csrf_cookie + +from authentik.core.channels import TokenOutpostMiddleware +from authentik.enterprise.providers.rac.api.endpoints import EndpointViewSet +from authentik.enterprise.providers.rac.api.property_mappings import RACPropertyMappingViewSet +from authentik.enterprise.providers.rac.api.providers import RACProviderViewSet +from authentik.enterprise.providers.rac.consumer_client import RACClientConsumer +from authentik.enterprise.providers.rac.consumer_outpost import RACOutpostConsumer +from authentik.enterprise.providers.rac.views import RACInterface, RACStartView +from authentik.root.asgi_middleware import SessionMiddleware +from authentik.root.middleware import ChannelsLoggingMiddleware + +urlpatterns = [ + path( + "application/rac///", + ensure_csrf_cookie(RACStartView.as_view()), + name="start", + ), + path( + "if/rac//", + ensure_csrf_cookie(RACInterface.as_view()), + name="if-rac", + ), +] + +websocket_urlpatterns = [ + path( + "ws/rac//", + ChannelsLoggingMiddleware( + CookieMiddleware(SessionMiddleware(AuthMiddleware(RACClientConsumer.as_asgi()))) + ), + ), + path( + "ws/outpost_rac//", + ChannelsLoggingMiddleware(TokenOutpostMiddleware(RACOutpostConsumer.as_asgi())), + ), +] + +api_urlpatterns = [ + ("providers/rac", RACProviderViewSet), + ("propertymappings/rac", RACPropertyMappingViewSet), + ("rac/endpoints", EndpointViewSet), +] diff --git a/authentik/enterprise/providers/rac/views.py b/authentik/enterprise/providers/rac/views.py new file mode 100644 index 000000000..31a25c721 --- /dev/null +++ b/authentik/enterprise/providers/rac/views.py @@ -0,0 +1,115 @@ +"""RAC Views""" +from typing import Any + +from django.http import Http404, HttpRequest, HttpResponse +from django.shortcuts import get_object_or_404, redirect +from django.urls import reverse +from django.utils.timezone import now + +from authentik.core.models import Application, AuthenticatedSession +from authentik.core.views.interface import InterfaceView +from authentik.enterprise.policy import EnterprisePolicyAccessView +from authentik.enterprise.providers.rac.models import ConnectionToken, Endpoint, RACProvider +from authentik.flows.challenge import RedirectChallenge +from authentik.flows.exceptions import FlowNonApplicableException +from authentik.flows.models import in_memory_stage +from authentik.flows.planner import FlowPlanner +from authentik.flows.stage import RedirectStage +from authentik.flows.views.executor import SESSION_KEY_PLAN +from authentik.lib.utils.time import timedelta_from_string +from authentik.lib.utils.urls import redirect_with_qs +from authentik.policies.engine import PolicyEngine + + +class RACStartView(EnterprisePolicyAccessView): + """Start a RAC connection by checking access and creating a connection token""" + + endpoint: Endpoint + + def resolve_provider_application(self): + self.application = get_object_or_404(Application, slug=self.kwargs["app"]) + # Endpoint permissions are validated in the RACFinalStage below + self.endpoint = get_object_or_404(Endpoint, pk=self.kwargs["endpoint"]) + self.provider = RACProvider.objects.get(application=self.application) + + def get(self, request: HttpRequest, *args, **kwargs) -> HttpResponse: + """Start flow planner for RAC provider""" + planner = FlowPlanner(self.provider.authorization_flow) + planner.allow_empty_flows = True + try: + plan = planner.plan(self.request) + except FlowNonApplicableException: + raise Http404 + plan.insert_stage( + in_memory_stage( + RACFinalStage, + endpoint=self.endpoint, + provider=self.provider, + ) + ) + request.session[SESSION_KEY_PLAN] = plan + return redirect_with_qs( + "authentik_core:if-flow", + request.GET, + flow_slug=self.provider.authorization_flow.slug, + ) + + +class RACInterface(InterfaceView): + """Start RAC connection""" + + template_name = "if/rac.html" + token: ConnectionToken + + def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: + # Early sanity check to ensure token still exists + token = ConnectionToken.filter_not_expired(token=self.kwargs["token"]).first() + if not token: + return redirect("authentik_core:if-user") + self.token = token + return super().dispatch(request, *args, **kwargs) + + def get_context_data(self, **kwargs: Any) -> dict[str, Any]: + kwargs["token"] = self.token + return super().get_context_data(**kwargs) + + +class RACFinalStage(RedirectStage): + """RAC Connection final stage, set the connection token in the stage""" + + def dispatch(self, request: HttpRequest, *args: Any, **kwargs: Any) -> HttpResponse: + endpoint: Endpoint = self.executor.current_stage.endpoint + engine = PolicyEngine(endpoint, self.request.user, self.request) + engine.use_cache = False + engine.build() + passing = engine.result + if not passing.passing: + return self.executor.stage_invalid(", ".join(passing.messages)) + return super().dispatch(request, *args, **kwargs) + + def get_challenge(self, *args, **kwargs) -> RedirectChallenge: + endpoint: Endpoint = self.executor.current_stage.endpoint + provider: RACProvider = self.executor.current_stage.provider + token = ConnectionToken.objects.create( + provider=provider, + endpoint=endpoint, + settings=self.executor.plan.context.get("connection_settings", {}), + session=AuthenticatedSession.objects.filter( + session_key=self.request.session.session_key + ).first(), + expires=now() + timedelta_from_string(provider.connection_expiry), + expiring=True, + ) + setattr( + self.executor.current_stage, + "destination", + self.request.build_absolute_uri( + reverse( + "authentik_providers_rac:if-rac", + kwargs={ + "token": str(token.token), + }, + ) + ), + ) + return super().get_challenge(*args, **kwargs) diff --git a/authentik/enterprise/settings.py b/authentik/enterprise/settings.py index 87aaea71b..f83a327dc 100644 --- a/authentik/enterprise/settings.py +++ b/authentik/enterprise/settings.py @@ -10,3 +10,7 @@ CELERY_BEAT_SCHEDULE = { "options": {"queue": "authentik_scheduled"}, } } + +INSTALLED_APPS = [ + "authentik.enterprise.providers.rac", +] diff --git a/authentik/events/api/events.py b/authentik/events/api/events.py index 758d03e53..dbec7a514 100644 --- a/authentik/events/api/events.py +++ b/authentik/events/api/events.py @@ -6,6 +6,7 @@ import django_filters from django.db.models.aggregates import Count from django.db.models.fields.json import KeyTextTransform, KeyTransform from django.db.models.functions import ExtractDay, ExtractHour +from django.db.models.query_utils import Q from drf_spectacular.types import OpenApiTypes from drf_spectacular.utils import OpenApiParameter, extend_schema from guardian.shortcuts import get_objects_for_user @@ -87,7 +88,12 @@ class EventsFilter(django_filters.FilterSet): we need to remove the dashes that a client may send. We can't use a UUIDField for this, as some models might not have a UUID PK""" value = str(value).replace("-", "") - return queryset.filter(context__model__pk=value) + query = Q(context__model__pk=value) + try: + query |= Q(context__model__pk=int(value)) + except ValueError: + pass + return queryset.filter(query) class Meta: model = Event diff --git a/authentik/events/tests/test_api.py b/authentik/events/tests/test_api.py index 1225d0665..98df7bc69 100644 --- a/authentik/events/tests/test_api.py +++ b/authentik/events/tests/test_api.py @@ -1,4 +1,5 @@ """Event API tests""" +from json import loads from django.urls import reverse from rest_framework.test import APITestCase @@ -11,6 +12,9 @@ from authentik.events.models import ( NotificationSeverity, TransportMode, ) +from authentik.events.utils import model_to_dict +from authentik.lib.generators import generate_id +from authentik.providers.oauth2.models import OAuth2Provider class TestEventsAPI(APITestCase): @@ -20,6 +24,25 @@ class TestEventsAPI(APITestCase): self.user = create_test_admin_user() self.client.force_login(self.user) + def test_filter_model_pk_int(self): + """Test event list with context_model_pk and integer PKs""" + provider = OAuth2Provider.objects.create( + name=generate_id(), + ) + event = Event.new(EventAction.MODEL_CREATED, model=model_to_dict(provider)) + event.save() + response = self.client.get( + reverse("authentik_api:event-list"), + data={ + "context_model_pk": provider.pk, + "context_model_app": "authentik_providers_oauth2", + "context_model_name": "oauth2provider", + }, + ) + self.assertEqual(response.status_code, 200) + body = loads(response.content) + self.assertEqual(body["pagination"]["count"], 1) + def test_top_n(self): """Test top_per_user""" event = Event.new(EventAction.AUTHORIZE_APPLICATION) diff --git a/authentik/outposts/api/outposts.py b/authentik/outposts/api/outposts.py index 4e9925029..182ec4dbf 100644 --- a/authentik/outposts/api/outposts.py +++ b/authentik/outposts/api/outposts.py @@ -17,8 +17,9 @@ from authentik.core.api.providers import ProviderSerializer from authentik.core.api.used_by import UsedByMixin from authentik.core.api.utils import JSONDictField, PassiveSerializer from authentik.core.models import Provider +from authentik.enterprise.providers.rac.models import RACProvider from authentik.outposts.api.service_connections import ServiceConnectionSerializer -from authentik.outposts.apps import MANAGED_OUTPOST +from authentik.outposts.apps import MANAGED_OUTPOST, MANAGED_OUTPOST_NAME from authentik.outposts.models import ( Outpost, OutpostConfig, @@ -47,12 +48,23 @@ class OutpostSerializer(ModelSerializer): source="service_connection", read_only=True ) + def validate_name(self, name: str) -> str: + """Validate name (especially for embedded outpost)""" + if not self.instance: + return name + if self.instance.managed == MANAGED_OUTPOST and name != MANAGED_OUTPOST_NAME: + raise ValidationError("Embedded outpost's name cannot be changed") + if self.instance.name == MANAGED_OUTPOST_NAME: + self.instance.managed = MANAGED_OUTPOST + return name + def validate_providers(self, providers: list[Provider]) -> list[Provider]: """Check that all providers match the type of the outpost""" type_map = { OutpostType.LDAP: LDAPProvider, OutpostType.PROXY: ProxyProvider, OutpostType.RADIUS: RadiusProvider, + OutpostType.RAC: RACProvider, None: Provider, } for provider in providers: diff --git a/authentik/outposts/apps.py b/authentik/outposts/apps.py index 3efce8294..75b4eb046 100644 --- a/authentik/outposts/apps.py +++ b/authentik/outposts/apps.py @@ -18,6 +18,7 @@ GAUGE_OUTPOSTS_LAST_UPDATE = Gauge( ["tenant", "outpost", "uid", "version"], ) MANAGED_OUTPOST = "goauthentik.io/outposts/embedded" +MANAGED_OUTPOST_NAME = "authentik Embedded Outpost" class AuthentikOutpostConfig(ManagedAppConfig): @@ -38,15 +39,18 @@ class AuthentikOutpostConfig(ManagedAppConfig): DockerServiceConnection, KubernetesServiceConnection, Outpost, - OutpostConfig, OutpostType, ) if not CONFIG.get_bool("outposts.disable_embedded_outpost", False): + if outpost := Outpost.objects.filter(name=MANAGED_OUTPOST_NAME, managed="").first(): + outpost.managed = MANAGED_OUTPOST + outpost.save() + return outpost, updated = Outpost.objects.update_or_create( defaults={ - "name": "authentik Embedded Outpost", "type": OutpostType.PROXY, + "name": MANAGED_OUTPOST_NAME, }, managed=MANAGED_OUTPOST, ) @@ -55,12 +59,6 @@ class AuthentikOutpostConfig(ManagedAppConfig): outpost.service_connection = KubernetesServiceConnection.objects.first() elif DockerServiceConnection.objects.exists(): outpost.service_connection = DockerServiceConnection.objects.first() - outpost.config = OutpostConfig( - kubernetes_disabled_components=[ - "deployment", - "secret", - ] - ) outpost.save() else: Outpost.objects.filter(managed=MANAGED_OUTPOST).delete() diff --git a/authentik/outposts/consumer.py b/authentik/outposts/consumer.py index bd210f1db..03738b88f 100644 --- a/authentik/outposts/consumer.py +++ b/authentik/outposts/consumer.py @@ -6,17 +6,19 @@ from typing import Any, Optional from asgiref.sync import async_to_sync from channels.exceptions import DenyConnection +from channels.generic.websocket import JsonWebsocketConsumer from dacite.core import from_dict from dacite.data import Data from django.db import connection +from django.http.request import QueryDict from guardian.shortcuts import get_objects_for_user from structlog.stdlib import BoundLogger, get_logger -from authentik.core.channels import AuthJsonConsumer from authentik.outposts.apps import GAUGE_OUTPOSTS_CONNECTED, GAUGE_OUTPOSTS_LAST_UPDATE from authentik.outposts.models import OUTPOST_HELLO_INTERVAL, Outpost, OutpostState OUTPOST_GROUP = "group_outpost_%(outpost_pk)s" +OUTPOST_GROUP_INSTANCE = "group_outpost_%(outpost_pk)s_%(instance)s" class WebsocketMessageInstruction(IntEnum): @@ -43,25 +45,23 @@ class WebsocketMessage: args: dict[str, Any] = field(default_factory=dict) -class OutpostConsumer(AuthJsonConsumer): +class OutpostConsumer(JsonWebsocketConsumer): """Handler for Outposts that connect over websockets for health checks and live updates""" outpost: Optional[Outpost] = None logger: BoundLogger - last_uid: Optional[str] = None + instance_uid: Optional[str] = None def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.logger = get_logger() def connect(self): - super().connect() uuid = self.scope["url_route"]["kwargs"]["pk"] + user = self.scope["user"] outpost = ( - get_objects_for_user(self.user, "authentik_outposts.view_outpost") - .filter(pk=uuid) - .first() + get_objects_for_user(user, "authentik_outposts.view_outpost").filter(pk=uuid).first() ) if not outpost: raise DenyConnection() @@ -72,14 +72,20 @@ class OutpostConsumer(AuthJsonConsumer): self.logger.warning("runtime error during accept", exc=exc) raise DenyConnection() self.outpost = outpost - self.last_uid = self.channel_name + query = QueryDict(self.scope["query_string"].decode()) + self.instance_uid = query.get("instance_uuid", self.channel_name) async_to_sync(self.channel_layer.group_add)( OUTPOST_GROUP % {"outpost_pk": str(self.outpost.pk)}, self.channel_name ) + async_to_sync(self.channel_layer.group_add)( + OUTPOST_GROUP_INSTANCE + % {"outpost_pk": str(self.outpost.pk), "instance": self.instance_uid}, + self.channel_name, + ) GAUGE_OUTPOSTS_CONNECTED.labels( tenant=connection.schema_name, outpost=self.outpost.name, - uid=self.last_uid, + uid=self.instance_uid, expected=self.outpost.config.kubernetes_replicas, ).inc() @@ -88,36 +94,39 @@ class OutpostConsumer(AuthJsonConsumer): async_to_sync(self.channel_layer.group_discard)( OUTPOST_GROUP % {"outpost_pk": str(self.outpost.pk)}, self.channel_name ) - if self.outpost and self.last_uid: + if self.instance_uid: + async_to_sync(self.channel_layer.group_discard)( + OUTPOST_GROUP_INSTANCE + % {"outpost_pk": str(self.outpost.pk), "instance": self.instance_uid}, + self.channel_name, + ) + if self.outpost and self.instance_uid: GAUGE_OUTPOSTS_CONNECTED.labels( tenant=connection.schema_name, outpost=self.outpost.name, - uid=self.last_uid, + uid=self.instance_uid, expected=self.outpost.config.kubernetes_replicas, ).dec() def receive_json(self, content: Data, **kwargs): msg = from_dict(WebsocketMessage, content) - uid = msg.args.get("uuid", self.channel_name) - self.last_uid = uid - if not self.outpost: raise DenyConnection() - state = OutpostState.for_instance_uid(self.outpost, uid) + state = OutpostState.for_instance_uid(self.outpost, self.instance_uid) state.last_seen = datetime.now() state.hostname = msg.args.pop("hostname", "") if msg.instruction == WebsocketMessageInstruction.HELLO: state.version = msg.args.pop("version", None) state.build_hash = msg.args.pop("buildHash", "") - state.args = msg.args + state.args.update(msg.args) elif msg.instruction == WebsocketMessageInstruction.ACK: return GAUGE_OUTPOSTS_LAST_UPDATE.labels( tenant=connection.schema_name, outpost=self.outpost.name, - uid=self.last_uid or "", + uid=self.instance_uid or "", version=state.version or "", ).set_to_current_time() state.save(timeout=OUTPOST_HELLO_INTERVAL * 1.5) diff --git a/authentik/outposts/controllers/k8s/deployment.py b/authentik/outposts/controllers/k8s/deployment.py index 4aa10e7f7..e06d97139 100644 --- a/authentik/outposts/controllers/k8s/deployment.py +++ b/authentik/outposts/controllers/k8s/deployment.py @@ -43,6 +43,10 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]): self.api = AppsV1Api(controller.client) self.outpost = self.controller.outpost + @property + def noop(self) -> bool: + return self.is_embedded + @staticmethod def reconciler_name() -> str: return "deployment" diff --git a/authentik/outposts/controllers/k8s/secret.py b/authentik/outposts/controllers/k8s/secret.py index 8a2293404..ddc3643c6 100644 --- a/authentik/outposts/controllers/k8s/secret.py +++ b/authentik/outposts/controllers/k8s/secret.py @@ -24,6 +24,10 @@ class SecretReconciler(KubernetesObjectReconciler[V1Secret]): super().__init__(controller) self.api = CoreV1Api(controller.client) + @property + def noop(self) -> bool: + return self.is_embedded + @staticmethod def reconciler_name() -> str: return "secret" diff --git a/authentik/outposts/controllers/k8s/service_monitor.py b/authentik/outposts/controllers/k8s/service_monitor.py index 4e58c119a..8e00f9c50 100644 --- a/authentik/outposts/controllers/k8s/service_monitor.py +++ b/authentik/outposts/controllers/k8s/service_monitor.py @@ -77,7 +77,10 @@ class PrometheusServiceMonitorReconciler(KubernetesObjectReconciler[PrometheusSe @property def noop(self) -> bool: - return (not self._crd_exists()) or (self.is_embedded) + if not self._crd_exists(): + self.logger.debug("CRD doesn't exist") + return True + return self.is_embedded def _crd_exists(self) -> bool: """Check if the Prometheus ServiceMonitor exists""" diff --git a/authentik/outposts/controllers/k8s/utils.py b/authentik/outposts/controllers/k8s/utils.py index d1f01811f..e9c83f975 100644 --- a/authentik/outposts/controllers/k8s/utils.py +++ b/authentik/outposts/controllers/k8s/utils.py @@ -1,5 +1,6 @@ """k8s utils""" from pathlib import Path +from typing import Optional from kubernetes.client.models.v1_container_port import V1ContainerPort from kubernetes.client.models.v1_service_port import V1ServicePort @@ -37,9 +38,12 @@ def compare_port( def compare_ports( - current: list[V1ServicePort | V1ContainerPort], reference: list[V1ServicePort | V1ContainerPort] + current: Optional[list[V1ServicePort | V1ContainerPort]], + reference: Optional[list[V1ServicePort | V1ContainerPort]], ): """Compare ports of a list""" + if not current or not reference: + raise NeedsRecreate() if len(current) != len(reference): raise NeedsRecreate() for port in reference: diff --git a/authentik/outposts/controllers/kubernetes.py b/authentik/outposts/controllers/kubernetes.py index e3a943e2c..e3b358078 100644 --- a/authentik/outposts/controllers/kubernetes.py +++ b/authentik/outposts/controllers/kubernetes.py @@ -81,7 +81,10 @@ class KubernetesController(BaseController): def up(self): try: for reconcile_key in self.reconcile_order: - reconciler = self.reconcilers[reconcile_key](self) + reconciler_cls = self.reconcilers.get(reconcile_key) + if not reconciler_cls: + continue + reconciler = reconciler_cls(self) reconciler.up() except (OpenApiException, HTTPError, ServiceConnectionInvalid) as exc: @@ -95,7 +98,10 @@ class KubernetesController(BaseController): all_logs += [f"{reconcile_key.title()}: Disabled"] continue with capture_logs() as logs: - reconciler = self.reconcilers[reconcile_key](self) + reconciler_cls = self.reconcilers.get(reconcile_key) + if not reconciler_cls: + continue + reconciler = reconciler_cls(self) reconciler.up() all_logs += [f"{reconcile_key.title()}: {x['event']}" for x in logs] return all_logs @@ -105,7 +111,10 @@ class KubernetesController(BaseController): def down(self): try: for reconcile_key in self.reconcile_order: - reconciler = self.reconcilers[reconcile_key](self) + reconciler_cls = self.reconcilers.get(reconcile_key) + if not reconciler_cls: + continue + reconciler = reconciler_cls(self) self.logger.debug("Tearing down object", name=reconcile_key) reconciler.down() @@ -120,7 +129,10 @@ class KubernetesController(BaseController): all_logs += [f"{reconcile_key.title()}: Disabled"] continue with capture_logs() as logs: - reconciler = self.reconcilers[reconcile_key](self) + reconciler_cls = self.reconcilers.get(reconcile_key) + if not reconciler_cls: + continue + reconciler = reconciler_cls(self) reconciler.down() all_logs += [f"{reconcile_key.title()}: {x['event']}" for x in logs] return all_logs @@ -130,7 +142,10 @@ class KubernetesController(BaseController): def get_static_deployment(self) -> str: documents = [] for reconcile_key in self.reconcile_order: - reconciler = self.reconcilers[reconcile_key](self) + reconciler_cls = self.reconcilers.get(reconcile_key) + if not reconciler_cls: + continue + reconciler = reconciler_cls(self) if reconciler.noop: continue documents.append(reconciler.get_reference_object().to_dict()) diff --git a/authentik/outposts/migrations/0021_alter_outpost_type.py b/authentik/outposts/migrations/0021_alter_outpost_type.py new file mode 100644 index 000000000..52fcf1fd5 --- /dev/null +++ b/authentik/outposts/migrations/0021_alter_outpost_type.py @@ -0,0 +1,25 @@ +# Generated by Django 4.2.6 on 2023-10-14 19:23 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + dependencies = [ + ("authentik_outposts", "0020_alter_outpost_type"), + ] + + operations = [ + migrations.AlterField( + model_name="outpost", + name="type", + field=models.TextField( + choices=[ + ("proxy", "Proxy"), + ("ldap", "Ldap"), + ("radius", "Radius"), + ("rac", "Rac"), + ], + default="proxy", + ), + ), + ] diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py index d1cc0cb58..3460d4ada 100644 --- a/authentik/outposts/models.py +++ b/authentik/outposts/models.py @@ -90,11 +90,12 @@ class OutpostModel(Model): class OutpostType(models.TextChoices): - """Outpost types, currently only the reverse proxy is available""" + """Outpost types""" PROXY = "proxy" LDAP = "ldap" RADIUS = "radius" + RAC = "rac" def default_outpost_config(host: Optional[str] = None): @@ -459,7 +460,7 @@ class OutpostState: def for_instance_uid(outpost: Outpost, uid: str) -> "OutpostState": """Get state for a single instance""" key = f"{outpost.state_cache_prefix}/{uid}" - default_data = {"uid": uid, "channel_ids": []} + default_data = {"uid": uid} data = cache.get(key, default_data) if isinstance(data, str): cache.delete(key) diff --git a/authentik/outposts/tasks.py b/authentik/outposts/tasks.py index b6b3a9bab..0d4e54a3a 100644 --- a/authentik/outposts/tasks.py +++ b/authentik/outposts/tasks.py @@ -17,6 +17,8 @@ from kubernetes.config.kube_config import KUBE_CONFIG_DEFAULT_LOCATION from structlog.stdlib import get_logger from yaml import safe_load +from authentik.enterprise.providers.rac.controllers.docker import RACDockerController +from authentik.enterprise.providers.rac.controllers.kubernetes import RACKubernetesController from authentik.events.monitored_tasks import ( MonitoredTask, TaskResult, @@ -71,6 +73,11 @@ def controller_for_outpost(outpost: Outpost) -> Optional[type[BaseController]]: return RadiusDockerController if isinstance(service_connection, KubernetesServiceConnection): return RadiusKubernetesController + if outpost.type == OutpostType.RAC: + if isinstance(service_connection, DockerServiceConnection): + return RACDockerController + if isinstance(service_connection, KubernetesServiceConnection): + return RACKubernetesController return None diff --git a/authentik/outposts/tests/test_api.py b/authentik/outposts/tests/test_api.py index 5e6fb385e..3edaeb78e 100644 --- a/authentik/outposts/tests/test_api.py +++ b/authentik/outposts/tests/test_api.py @@ -2,11 +2,13 @@ from django.urls import reverse from rest_framework.test import APITestCase +from authentik.blueprints.tests import reconcile_app from authentik.core.models import PropertyMapping from authentik.core.tests.utils import create_test_admin_user, create_test_flow from authentik.lib.generators import generate_id from authentik.outposts.api.outposts import OutpostSerializer -from authentik.outposts.models import OutpostType, default_outpost_config +from authentik.outposts.apps import MANAGED_OUTPOST +from authentik.outposts.models import Outpost, OutpostType, default_outpost_config from authentik.providers.ldap.models import LDAPProvider from authentik.providers.proxy.models import ProxyProvider @@ -22,7 +24,36 @@ class TestOutpostServiceConnectionsAPI(APITestCase): self.user = create_test_admin_user() self.client.force_login(self.user) - def test_outpost_validaton(self): + @reconcile_app("authentik_outposts") + def test_managed_name_change(self): + """Test name change for embedded outpost""" + embedded_outpost = Outpost.objects.filter(managed=MANAGED_OUTPOST).first() + self.assertIsNotNone(embedded_outpost) + response = self.client.patch( + reverse("authentik_api:outpost-detail", kwargs={"pk": embedded_outpost.pk}), + {"name": "foo"}, + ) + self.assertEqual(response.status_code, 400) + self.assertJSONEqual( + response.content, {"name": ["Embedded outpost's name cannot be changed"]} + ) + + @reconcile_app("authentik_outposts") + def test_managed_without_managed(self): + """Test name change for embedded outpost""" + embedded_outpost = Outpost.objects.filter(managed=MANAGED_OUTPOST).first() + self.assertIsNotNone(embedded_outpost) + embedded_outpost.managed = "" + embedded_outpost.save() + response = self.client.patch( + reverse("authentik_api:outpost-detail", kwargs={"pk": embedded_outpost.pk}), + {"name": "foo"}, + ) + self.assertEqual(response.status_code, 200) + embedded_outpost.refresh_from_db() + self.assertEqual(embedded_outpost.managed, MANAGED_OUTPOST) + + def test_outpost_validation(self): """Test Outpost validation""" valid = OutpostSerializer( data={ diff --git a/authentik/outposts/tests/test_ws.py b/authentik/outposts/tests/test_ws.py index b8fcba925..ec3d543a3 100644 --- a/authentik/outposts/tests/test_ws.py +++ b/authentik/outposts/tests/test_ws.py @@ -1,6 +1,7 @@ """Websocket tests""" from dataclasses import asdict +from channels.exceptions import DenyConnection from channels.routing import URLRouter from channels.testing import WebsocketCommunicator from django.test import TransactionTestCase @@ -35,8 +36,9 @@ class TestOutpostWS(TransactionTestCase): communicator = WebsocketCommunicator( URLRouter(websocket.websocket_urlpatterns), f"/ws/outpost/{self.outpost.pk}/" ) - connected, _ = await communicator.connect() - self.assertFalse(connected) + with self.assertRaises(DenyConnection): + connected, _ = await communicator.connect() + self.assertFalse(connected) async def test_auth_valid(self): """Test auth with token""" diff --git a/authentik/outposts/urls.py b/authentik/outposts/urls.py index cd7ba3bf8..9d28a01eb 100644 --- a/authentik/outposts/urls.py +++ b/authentik/outposts/urls.py @@ -1,6 +1,7 @@ """Outpost Websocket URLS""" from django.urls import path +from authentik.core.channels import TokenOutpostMiddleware from authentik.outposts.api.outposts import OutpostViewSet from authentik.outposts.api.service_connections import ( DockerServiceConnectionViewSet, @@ -11,7 +12,10 @@ from authentik.outposts.consumer import OutpostConsumer from authentik.root.middleware import ChannelsLoggingMiddleware websocket_urlpatterns = [ - path("ws/outpost//", ChannelsLoggingMiddleware(OutpostConsumer.as_asgi())), + path( + "ws/outpost//", + ChannelsLoggingMiddleware(TokenOutpostMiddleware(OutpostConsumer.as_asgi())), + ), ] api_urlpatterns = [ diff --git a/authentik/root/test_runner.py b/authentik/root/test_runner.py index 4cef56bad..59956febb 100644 --- a/authentik/root/test_runner.py +++ b/authentik/root/test_runner.py @@ -38,13 +38,12 @@ class PytestTestRunner(DiscoverRunner): # pragma: no cover "outposts.container_image_base", f"ghcr.io/goauthentik/dev-%(type)s:{get_docker_tag()}", ) - CONFIG.set("error_reporting.sample_rate", 0) CONFIG.set("tenants.enabled", False) CONFIG.set("outposts.disable_embedded_outpost", False) - sentry_init( - environment="testing", - send_default_pii=True, - ) + CONFIG.set("error_reporting.sample_rate", 0) + CONFIG.set("error_reporting.environment", "testing") + CONFIG.set("error_reporting.send_pii", True) + sentry_init() @classmethod def add_arguments(cls, parser: ArgumentParser): diff --git a/authentik/sources/oauth/api/source.py b/authentik/sources/oauth/api/source.py index a17bc6b03..08b676de5 100644 --- a/authentik/sources/oauth/api/source.py +++ b/authentik/sources/oauth/api/source.py @@ -99,7 +99,9 @@ class OAuthSourceSerializer(SourceSerializer): ]: if getattr(provider_type, url, None) is None: if url not in attrs: - raise ValidationError(f"{url} is required for provider {provider_type.name}") + raise ValidationError( + f"{url} is required for provider {provider_type.verbose_name}" + ) return attrs class Meta: diff --git a/authentik/sources/oauth/types/apple.py b/authentik/sources/oauth/types/apple.py index 2e0cc8f85..5ead5bdbd 100644 --- a/authentik/sources/oauth/types/apple.py +++ b/authentik/sources/oauth/types/apple.py @@ -104,8 +104,8 @@ class AppleType(SourceType): callback_view = AppleOAuth2Callback redirect_view = AppleOAuthRedirect - name = "Apple" - slug = "apple" + verbose_name = "Apple" + name = "apple" authorization_url = "https://appleid.apple.com/auth/authorize" access_token_url = "https://appleid.apple.com/auth/token" # nosec diff --git a/authentik/sources/oauth/types/azure_ad.py b/authentik/sources/oauth/types/azure_ad.py index a247cea5d..ec57640d1 100644 --- a/authentik/sources/oauth/types/azure_ad.py +++ b/authentik/sources/oauth/types/azure_ad.py @@ -43,8 +43,8 @@ class AzureADType(SourceType): callback_view = AzureADOAuthCallback redirect_view = AzureADOAuthRedirect - name = "Azure AD" - slug = "azuread" + verbose_name = "Azure AD" + name = "azuread" urls_customizable = True diff --git a/authentik/sources/oauth/types/discord.py b/authentik/sources/oauth/types/discord.py index 10c461f5a..4fb34c672 100644 --- a/authentik/sources/oauth/types/discord.py +++ b/authentik/sources/oauth/types/discord.py @@ -36,8 +36,8 @@ class DiscordType(SourceType): callback_view = DiscordOAuth2Callback redirect_view = DiscordOAuthRedirect - name = "Discord" - slug = "discord" + verbose_name = "Discord" + name = "discord" authorization_url = "https://discord.com/api/oauth2/authorize" access_token_url = "https://discord.com/api/oauth2/token" # nosec diff --git a/authentik/sources/oauth/types/facebook.py b/authentik/sources/oauth/types/facebook.py index 9176afeb5..69893298b 100644 --- a/authentik/sources/oauth/types/facebook.py +++ b/authentik/sources/oauth/types/facebook.py @@ -48,8 +48,8 @@ class FacebookType(SourceType): callback_view = FacebookOAuth2Callback redirect_view = FacebookOAuthRedirect - name = "Facebook" - slug = "facebook" + verbose_name = "Facebook" + name = "facebook" authorization_url = "https://www.facebook.com/v7.0/dialog/oauth" access_token_url = "https://graph.facebook.com/v7.0/oauth/access_token" # nosec diff --git a/authentik/sources/oauth/types/github.py b/authentik/sources/oauth/types/github.py index 327a4ee81..b9e5ed17c 100644 --- a/authentik/sources/oauth/types/github.py +++ b/authentik/sources/oauth/types/github.py @@ -68,8 +68,8 @@ class GitHubType(SourceType): callback_view = GitHubOAuth2Callback redirect_view = GitHubOAuthRedirect - name = "GitHub" - slug = "github" + verbose_name = "GitHub" + name = "github" urls_customizable = True diff --git a/authentik/sources/oauth/types/google.py b/authentik/sources/oauth/types/google.py index 1956aadcd..94b6f7842 100644 --- a/authentik/sources/oauth/types/google.py +++ b/authentik/sources/oauth/types/google.py @@ -34,8 +34,8 @@ class GoogleType(SourceType): callback_view = GoogleOAuth2Callback redirect_view = GoogleOAuthRedirect - name = "Google" - slug = "google" + verbose_name = "Google" + name = "google" authorization_url = "https://accounts.google.com/o/oauth2/auth" access_token_url = "https://oauth2.googleapis.com/token" # nosec diff --git a/authentik/sources/oauth/types/mailcow.py b/authentik/sources/oauth/types/mailcow.py index 8be201105..8bff86af5 100644 --- a/authentik/sources/oauth/types/mailcow.py +++ b/authentik/sources/oauth/types/mailcow.py @@ -63,7 +63,7 @@ class MailcowType(SourceType): callback_view = MailcowOAuth2Callback redirect_view = MailcowOAuthRedirect - name = "Mailcow" - slug = "mailcow" + verbose_name = "Mailcow" + name = "mailcow" urls_customizable = True diff --git a/authentik/sources/oauth/types/oidc.py b/authentik/sources/oauth/types/oidc.py index bd6853117..4e32f3fee 100644 --- a/authentik/sources/oauth/types/oidc.py +++ b/authentik/sources/oauth/types/oidc.py @@ -42,7 +42,7 @@ class OpenIDConnectType(SourceType): callback_view = OpenIDConnectOAuth2Callback redirect_view = OpenIDConnectOAuthRedirect - name = "OpenID Connect" - slug = "openidconnect" + verbose_name = "OpenID Connect" + name = "openidconnect" urls_customizable = True diff --git a/authentik/sources/oauth/types/okta.py b/authentik/sources/oauth/types/okta.py index 2de02edde..1f1f07dc7 100644 --- a/authentik/sources/oauth/types/okta.py +++ b/authentik/sources/oauth/types/okta.py @@ -42,7 +42,7 @@ class OktaType(SourceType): callback_view = OktaOAuth2Callback redirect_view = OktaOAuthRedirect - name = "Okta" - slug = "okta" + verbose_name = "Okta" + name = "okta" urls_customizable = True diff --git a/authentik/sources/oauth/types/patreon.py b/authentik/sources/oauth/types/patreon.py index d02c3d33d..8d11bf27a 100644 --- a/authentik/sources/oauth/types/patreon.py +++ b/authentik/sources/oauth/types/patreon.py @@ -43,8 +43,8 @@ class PatreonType(SourceType): callback_view = PatreonOAuthCallback redirect_view = PatreonOAuthRedirect - name = "Patreon" - slug = "patreon" + verbose_name = "Patreon" + name = "patreon" authorization_url = "https://www.patreon.com/oauth2/authorize" access_token_url = "https://www.patreon.com/api/oauth2/token" # nosec diff --git a/authentik/sources/oauth/types/reddit.py b/authentik/sources/oauth/types/reddit.py index 1afd0ca06..7d558cbb3 100644 --- a/authentik/sources/oauth/types/reddit.py +++ b/authentik/sources/oauth/types/reddit.py @@ -51,8 +51,8 @@ class RedditType(SourceType): callback_view = RedditOAuth2Callback redirect_view = RedditOAuthRedirect - name = "Reddit" - slug = "reddit" + verbose_name = "Reddit" + name = "reddit" authorization_url = "https://www.reddit.com/api/v1/authorize" access_token_url = "https://www.reddit.com/api/v1/access_token" # nosec diff --git a/authentik/sources/oauth/types/registry.py b/authentik/sources/oauth/types/registry.py index ae8a5dd0b..99cb87dd5 100644 --- a/authentik/sources/oauth/types/registry.py +++ b/authentik/sources/oauth/types/registry.py @@ -28,7 +28,7 @@ class SourceType: callback_view = OAuthCallback redirect_view = OAuthRedirect name: str = "default" - slug: str = "default" + verbose_name: str = "Default source type" urls_customizable = False @@ -41,7 +41,7 @@ class SourceType: def icon_url(self) -> str: """Get Icon URL for login""" - return static(f"authentik/sources/{self.slug}.svg") + return static(f"authentik/sources/{self.name}.svg") def login_challenge(self, source: OAuthSource, request: HttpRequest) -> Challenge: """Allow types to return custom challenges""" @@ -77,20 +77,20 @@ class SourceTypeRegistry: def get_name_tuple(self): """Get list of tuples of all registered names""" - return [(x.slug, x.name) for x in self.__sources] + return [(x.name, x.verbose_name) for x in self.__sources] def find_type(self, type_name: str) -> Type[SourceType]: """Find type based on source""" found_type = None for src_type in self.__sources: - if src_type.slug == type_name: + if src_type.name == type_name: return src_type if not found_type: found_type = SourceType LOGGER.warning( "no matching type found, using default", wanted=type_name, - have=[x.slug for x in self.__sources], + have=[x.name for x in self.__sources], ) return found_type diff --git a/authentik/sources/oauth/types/twitch.py b/authentik/sources/oauth/types/twitch.py index 62e7b94d4..52b8bae0b 100644 --- a/authentik/sources/oauth/types/twitch.py +++ b/authentik/sources/oauth/types/twitch.py @@ -49,8 +49,8 @@ class TwitchType(SourceType): callback_view = TwitchOAuth2Callback redirect_view = TwitchOAuthRedirect - name = "Twitch" - slug = "twitch" + verbose_name = "Twitch" + name = "twitch" authorization_url = "https://id.twitch.tv/oauth2/authorize" access_token_url = "https://id.twitch.tv/oauth2/token" # nosec diff --git a/authentik/sources/oauth/types/twitter.py b/authentik/sources/oauth/types/twitter.py index dc9909adb..7b75f04ea 100644 --- a/authentik/sources/oauth/types/twitter.py +++ b/authentik/sources/oauth/types/twitter.py @@ -66,8 +66,8 @@ class TwitterType(SourceType): callback_view = TwitterOAuthCallback redirect_view = TwitterOAuthRedirect - name = "Twitter" - slug = "twitter" + verbose_name = "Twitter" + name = "twitter" authorization_url = "https://twitter.com/i/oauth2/authorize" access_token_url = "https://api.twitter.com/2/oauth2/token" # nosec diff --git a/blueprints/schema.json b/blueprints/schema.json index 2ab316f87..a0643ea06 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -2816,6 +2816,117 @@ } } }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_providers_rac.racprovider" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_rac.racprovider" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_rac.racprovider" + } + } + }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_providers_rac.endpoint" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_rac.endpoint" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_rac.endpoint" + } + } + }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_providers_rac.racpropertymapping" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_rac.racpropertymapping" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_rac.racpropertymapping" + } + } + }, { "type": "object", "required": [ @@ -3353,7 +3464,8 @@ "enum": [ "proxy", "ldap", - "radius" + "radius", + "rac" ], "title": "Type" }, @@ -3534,7 +3646,8 @@ "authentik.brands", "authentik.blueprints", "authentik.core", - "authentik.enterprise" + "authentik.enterprise", + "authentik.enterprise.providers.rac" ], "title": "App", "description": "Match events created by selected application. When left empty, all applications are matched." @@ -3620,7 +3733,10 @@ "authentik_core.user", "authentik_core.application", "authentik_core.token", - "authentik_enterprise.license" + "authentik_enterprise.license", + "authentik_providers_rac.racprovider", + "authentik_providers_rac.endpoint", + "authentik_providers_rac.racpropertymapping" ], "title": "Model", "description": "Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched." @@ -8811,6 +8927,123 @@ }, "required": [] }, + "model_authentik_providers_rac.racprovider": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "authentication_flow": { + "type": "integer", + "title": "Authentication flow", + "description": "Flow used for authentication when the associated application is accessed by an un-authenticated user." + }, + "authorization_flow": { + "type": "integer", + "title": "Authorization flow", + "description": "Flow used when authorizing this provider." + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "settings": { + "type": "object", + "additionalProperties": true, + "title": "Settings" + }, + "connection_expiry": { + "type": "string", + "minLength": 1, + "title": "Connection expiry", + "description": "Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" + } + }, + "required": [] + }, + "model_authentik_providers_rac.endpoint": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "provider": { + "type": "integer", + "title": "Provider" + }, + "protocol": { + "type": "string", + "enum": [ + "rdp", + "vnc", + "ssh" + ], + "title": "Protocol" + }, + "host": { + "type": "string", + "minLength": 1, + "title": "Host" + }, + "settings": { + "type": "object", + "additionalProperties": true, + "title": "Settings" + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + }, + "auth_mode": { + "type": "string", + "enum": [ + "static", + "prompt" + ], + "title": "Auth mode" + } + }, + "required": [] + }, + "model_authentik_providers_rac.racpropertymapping": { + "type": "object", + "properties": { + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + }, + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "expression": { + "type": "string", + "title": "Expression" + }, + "static_settings": { + "type": "object", + "additionalProperties": true, + "title": "Static settings" + } + }, + "required": [] + }, "model_authentik_blueprints.metaapplyblueprint": { "type": "object", "properties": { diff --git a/blueprints/system/providers-rac.yaml b/blueprints/system/providers-rac.yaml new file mode 100644 index 000000000..63a568673 --- /dev/null +++ b/blueprints/system/providers-rac.yaml @@ -0,0 +1,32 @@ +version: 1 +metadata: + labels: + blueprints.goauthentik.io/system: "true" + name: System - RAC Provider - Mappings +entries: + - identifiers: + managed: goauthentik.io/providers/rac/rdp-default + model: authentik_providers_rac.racpropertymapping + attrs: + name: "authentik default RAC Mapping: RDP Default settings" + static_settings: + resize-method: "display-update" + enable-wallpaper: "true" + enable-font-smoothing: "true" + - identifiers: + managed: goauthentik.io/providers/rac/rdp-high-fidelity + model: authentik_providers_rac.racpropertymapping + attrs: + name: "authentik default RAC Mapping: RDP High Fidelity" + static_settings: + enable-theming: "true" + enable-full-window-drag: "true" + enable-desktop-composition: "true" + enable-menu-animations: "true" + - identifiers: + managed: goauthentik.io/providers/rac/ssh-default + model: authentik_providers_rac.racpropertymapping + attrs: + name: "authentik default RAC Mapping: SSH Default settings" + static_settings: + terminal-type: "xterm-256color" diff --git a/cmd/rac/main.go b/cmd/rac/main.go new file mode 100644 index 000000000..947ad14dd --- /dev/null +++ b/cmd/rac/main.go @@ -0,0 +1,93 @@ +package main + +import ( + "fmt" + "net/url" + "os" + + log "github.com/sirupsen/logrus" + "github.com/spf13/cobra" + + "goauthentik.io/internal/common" + "goauthentik.io/internal/debug" + "goauthentik.io/internal/outpost/ak" + "goauthentik.io/internal/outpost/ak/healthcheck" + "goauthentik.io/internal/outpost/rac" +) + +const helpMessage = `authentik RAC + +Required environment variables: +- AUTHENTIK_HOST: URL to connect to (format "http://authentik.company") +- AUTHENTIK_TOKEN: Token to authenticate with +- AUTHENTIK_INSECURE: Skip SSL Certificate verification` + +var rootCmd = &cobra.Command{ + Long: helpMessage, + PersistentPreRun: func(cmd *cobra.Command, args []string) { + log.SetLevel(log.DebugLevel) + log.SetFormatter(&log.JSONFormatter{ + FieldMap: log.FieldMap{ + log.FieldKeyMsg: "event", + log.FieldKeyTime: "timestamp", + }, + DisableHTMLEscape: true, + }) + }, + Run: func(cmd *cobra.Command, args []string) { + debug.EnableDebugServer() + akURL, found := os.LookupEnv("AUTHENTIK_HOST") + if !found { + fmt.Println("env AUTHENTIK_HOST not set!") + fmt.Println(helpMessage) + os.Exit(1) + } + akToken, found := os.LookupEnv("AUTHENTIK_TOKEN") + if !found { + fmt.Println("env AUTHENTIK_TOKEN not set!") + fmt.Println(helpMessage) + os.Exit(1) + } + + akURLActual, err := url.Parse(akURL) + if err != nil { + fmt.Println(err) + fmt.Println(helpMessage) + os.Exit(1) + } + + ex := common.Init() + defer common.Defer() + go func() { + for { + <-ex + os.Exit(0) + } + }() + + ac := ak.NewAPIController(*akURLActual, akToken) + if ac == nil { + os.Exit(1) + } + defer ac.Shutdown() + + ac.Server = rac.NewServer(ac) + + err = ac.Start() + if err != nil { + log.WithError(err).Panic("Failed to run server") + } + + for { + <-ex + } + }, +} + +func main() { + rootCmd.AddCommand(healthcheck.Command) + err := rootCmd.Execute() + if err != nil { + os.Exit(1) + } +} diff --git a/go.mod b/go.mod index b3e4c8e8e..ed9759796 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/go-http-utils/etag v0.0.0-20161124023236-513ea8f21eb1 github.com/go-ldap/ldap/v3 v3.4.6 github.com/go-openapi/runtime v0.26.2 - github.com/go-openapi/strfmt v0.21.10 + github.com/go-openapi/strfmt v0.22.0 github.com/golang-jwt/jwt v3.2.2+incompatible github.com/google/uuid v1.5.0 github.com/gorilla/handlers v1.5.2 @@ -22,12 +22,13 @@ require ( github.com/mitchellh/mapstructure v1.5.0 github.com/nmcclain/asn1-ber v0.0.0-20170104154839-2661553a0484 github.com/pires/go-proxyproto v0.7.0 - github.com/prometheus/client_golang v1.17.0 + github.com/prometheus/client_golang v1.18.0 github.com/redis/go-redis/v9 v9.3.1 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.8.4 - goauthentik.io/api/v3 v3.2023105.2 + github.com/wwt/guac v1.3.2 + goauthentik.io/api/v3 v3.2023105.3 golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab golang.org/x/oauth2 v0.15.0 golang.org/x/sync v0.5.0 @@ -60,14 +61,14 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac // indirect - github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.11.1 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect github.com/spf13/pflag v1.0.5 // indirect go.mongodb.org/mongo-driver v1.13.1 // indirect go.opentelemetry.io/otel v1.17.0 // indirect diff --git a/go.sum b/go.sum index 34c933ba3..3000d744b 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6 github.com/go-openapi/spec v0.20.11 h1:J/TzFDLTt4Rcl/l1PmyErvkqlJDncGvPTMnCI39I4gY= github.com/go-openapi/spec v0.20.11/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= -github.com/go-openapi/strfmt v0.21.10 h1:JIsly3KXZB/Qf4UzvzJpg4OELH/0ASDQsyk//TTBDDk= -github.com/go-openapi/strfmt v0.21.10/go.mod h1:vNDMwbilnl7xKiO/Ve/8H8Bb2JIInBnH+lqiw6QWgis= +github.com/go-openapi/strfmt v0.22.0 h1:Ew9PnEYc246TwrEspvBdDHS4BVKXy/AOVsfqGDgAcaI= +github.com/go-openapi/strfmt v0.22.0/go.mod h1:HzJ9kokGIju3/K6ap8jL+OlGAbjpSv27135Yr9OivU4= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= @@ -195,6 +195,7 @@ github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kX github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo= github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY= github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ= +github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -210,6 +211,7 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= +github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -223,8 +225,8 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -247,21 +249,22 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac h1:jWKYCNlX4J5s8M0nHYkh7Y7c9gRVDEb3mq51j5J0F5M= github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac/go.mod h1:hoLfEwdY11HjRfKFH6KqnPsfxlo3BP6bJehpDv8t6sQ= -github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= -github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM= -github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= -github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= -github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= -github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/redis/go-redis/v9 v9.3.1 h1:KqdY8U+3X6z+iACvumCNxnoluToB+9Me+TvyFa21Mds= github.com/redis/go-redis/v9 v9.3.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= @@ -269,8 +272,10 @@ github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyh github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -281,6 +286,8 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= +github.com/wwt/guac v1.3.2 h1:sH6OFGa/1tBs7ieWBVlZe7t6F5JAOWBry/tqQL/Vup4= +github.com/wwt/guac v1.3.2/go.mod h1:eKm+NrnK7A88l4UBEcYNpZQGMpZRryYKoz4D/0/n1C0= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= @@ -309,8 +316,8 @@ go.opentelemetry.io/otel/trace v1.17.0 h1:/SWhSRHmDPOImIAetP1QAeMnZYiQXrTy4fMMYO go.opentelemetry.io/otel/trace v1.17.0/go.mod h1:I/4vKTgFclIsXRVucpH25X0mpFSczM7aHeaz0ZBLWjY= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= -goauthentik.io/api/v3 v3.2023105.2 h1:ZUblqN5LidnCSlEZ/L19h7OnwppnAA3m5AGC7wUN0Ew= -goauthentik.io/api/v3 v3.2023105.2/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw= +goauthentik.io/api/v3 v3.2023105.3 h1:x0pMJIKkbN198OOssqA94h8bO6ft9gwG8bpZqZL7WVg= +goauthentik.io/api/v3 v3.2023105.3/go.mod h1:zz+mEZg8rY/7eEjkMGWJ2DnGqk+zqxuybGCGrR2O4Kw= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -414,6 +421,7 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/internal/outpost/ak/api.go b/internal/outpost/ak/api.go index 34a30cbea..1f744010a 100644 --- a/internal/outpost/ak/api.go +++ b/internal/outpost/ak/api.go @@ -159,8 +159,8 @@ func (a *APIController) AddRefreshHandler(handler func()) { a.refreshHandlers = append(a.refreshHandlers, handler) } -func (a *APIController) AddWSHandler(handler WSHandler) { - a.wsHandlers = append(a.wsHandlers, handler) +func (a *APIController) Token() string { + return a.token } func (a *APIController) OnRefresh() error { @@ -182,7 +182,7 @@ func (a *APIController) OnRefresh() error { return err } -func (a *APIController) getWebsocketArgs() map[string]interface{} { +func (a *APIController) getWebsocketPingArgs() map[string]interface{} { args := map[string]interface{}{ "version": constants.VERSION, "buildHash": constants.BUILD("tagged"), diff --git a/internal/outpost/ak/api_ws.go b/internal/outpost/ak/api_ws.go index 24c5099f4..c48cebba3 100644 --- a/internal/outpost/ak/api_ws.go +++ b/internal/outpost/ak/api_ws.go @@ -18,6 +18,8 @@ import ( func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error { pathTemplate := "%s://%s/ws/outpost/%s/?%s" + query := akURL.Query() + query.Set("instance_uuid", ac.instanceUUID.String()) scheme := strings.ReplaceAll(akURL.Scheme, "http", "ws") authHeader := fmt.Sprintf("Bearer %s", ac.token) @@ -45,7 +47,7 @@ func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error { // Send hello message with our version msg := websocketMessage{ Instruction: WebsocketInstructionHello, - Args: ac.getWebsocketArgs(), + Args: ac.getWebsocketPingArgs(), } err = ws.WriteJSON(msg) if err != nil { @@ -53,7 +55,7 @@ func (ac *APIController) initWS(akURL url.URL, outpostUUID string) error { return err } ac.lastWsReconnect = time.Now() - ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID).Debug("Successfully connected websocket") + ac.logger.WithField("logger", "authentik.outpost.ak-ws").WithField("outpost", outpostUUID).Info("Successfully connected websocket") return nil } @@ -157,23 +159,19 @@ func (ac *APIController) startWSHandler() { func (ac *APIController) startWSHealth() { ticker := time.NewTicker(time.Second * 10) for ; true; <-ticker.C { - aliveMsg := websocketMessage{ - Instruction: WebsocketInstructionHello, - Args: ac.getWebsocketArgs(), - } if ac.wsConn == nil { go ac.reconnectWS() time.Sleep(time.Second * 5) continue } - err := ac.wsConn.WriteJSON(aliveMsg) - ac.logger.WithField("loop", "ws-health").Trace("hello'd") + err := ac.SendWSHello(map[string]interface{}{}) if err != nil { ac.logger.WithField("loop", "ws-health").WithError(err).Warning("ws write error") go ac.reconnectWS() time.Sleep(time.Second * 5) continue } else { + ac.logger.WithField("loop", "ws-health").Trace("hello'd") ConnectionStatus.With(prometheus.Labels{ "outpost_name": ac.Outpost.Name, "outpost_type": ac.Server.Type(), @@ -202,3 +200,20 @@ func (ac *APIController) startIntervalUpdater() { } } } + +func (a *APIController) AddWSHandler(handler WSHandler) { + a.wsHandlers = append(a.wsHandlers, handler) +} + +func (a *APIController) SendWSHello(args map[string]interface{}) error { + allArgs := a.getWebsocketPingArgs() + for key, value := range args { + allArgs[key] = value + } + aliveMsg := websocketMessage{ + Instruction: WebsocketInstructionHello, + Args: allArgs, + } + err := a.wsConn.WriteJSON(aliveMsg) + return err +} diff --git a/internal/outpost/ldap/entries.go b/internal/outpost/ldap/entries.go index 2236a9964..d0f4abcf6 100644 --- a/internal/outpost/ldap/entries.go +++ b/internal/outpost/ldap/entries.go @@ -6,6 +6,7 @@ import ( "strings" "beryju.io/ldap" + "goauthentik.io/api/v3" "goauthentik.io/internal/outpost/ldap/constants" "goauthentik.io/internal/outpost/ldap/utils" @@ -49,8 +50,8 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry { constants.OCPosixAccount, constants.OCAKUser, }, - "uidNumber": {pi.GetUidNumber(u)}, - "gidNumber": {pi.GetUidNumber(u)}, + "uidNumber": {pi.GetUserUidNumber(u)}, + "gidNumber": {pi.GetUserGidNumber(u)}, "homeDirectory": {fmt.Sprintf("/home/%s", u.Username)}, "sn": {u.Name}, }) diff --git a/internal/outpost/ldap/group/group.go b/internal/outpost/ldap/group/group.go index abfdf987f..21fd39b05 100644 --- a/internal/outpost/ldap/group/group.go +++ b/internal/outpost/ldap/group/group.go @@ -4,6 +4,7 @@ import ( "strconv" "beryju.io/ldap" + "goauthentik.io/api/v3" "goauthentik.io/internal/outpost/ldap/constants" "goauthentik.io/internal/outpost/ldap/server" @@ -50,7 +51,7 @@ func FromAPIGroup(g api.Group, si server.LDAPServerInstance) *LDAPGroup { DN: si.GetGroupDN(g.Name), CN: g.Name, Uid: string(g.Pk), - GidNumber: si.GetGidNumber(g), + GidNumber: si.GetGroupGidNumber(g), Member: si.UsersForGroup(g), IsVirtualGroup: false, IsSuperuser: *g.IsSuperuser, @@ -63,7 +64,7 @@ func FromAPIUser(u api.User, si server.LDAPServerInstance) *LDAPGroup { DN: si.GetVirtualGroupDN(u.Username), CN: u.Username, Uid: u.Uid, - GidNumber: si.GetUidNumber(u), + GidNumber: si.GetUserGidNumber(u), Member: []string{si.GetUserDN(u.Username)}, IsVirtualGroup: true, IsSuperuser: false, diff --git a/internal/outpost/ldap/server/base.go b/internal/outpost/ldap/server/base.go index ff6649a03..2983e3afc 100644 --- a/internal/outpost/ldap/server/base.go +++ b/internal/outpost/ldap/server/base.go @@ -3,6 +3,7 @@ package server import ( "beryju.io/ldap" "github.com/go-openapi/strfmt" + "goauthentik.io/api/v3" "goauthentik.io/internal/outpost/ldap/flags" ) @@ -28,8 +29,9 @@ type LDAPServerInstance interface { GetGroupDN(string) string GetVirtualGroupDN(string) string - GetUidNumber(api.User) string - GetGidNumber(api.Group) string + GetUserUidNumber(api.User) string + GetUserGidNumber(api.User) string + GetGroupGidNumber(api.Group) string UsersForGroup(api.Group) []string diff --git a/internal/outpost/ldap/utils.go b/internal/outpost/ldap/utils.go index 6dbf0723b..22c44fe90 100644 --- a/internal/outpost/ldap/utils.go +++ b/internal/outpost/ldap/utils.go @@ -35,7 +35,7 @@ func (pi *ProviderInstance) GetVirtualGroupDN(group string) string { return fmt.Sprintf("cn=%s,%s", group, pi.VirtualGroupDN) } -func (pi *ProviderInstance) GetUidNumber(user api.User) string { +func (pi *ProviderInstance) GetUserUidNumber(user api.User) string { uidNumber, ok := user.GetAttributes()["uidNumber"].(string) if ok { @@ -45,7 +45,17 @@ func (pi *ProviderInstance) GetUidNumber(user api.User) string { return strconv.FormatInt(int64(pi.uidStartNumber+user.Pk), 10) } -func (pi *ProviderInstance) GetGidNumber(group api.Group) string { +func (pi *ProviderInstance) GetUserGidNumber(user api.User) string { + gidNumber, ok := user.GetAttributes()["gidNumber"].(string) + + if ok { + return gidNumber + } + + return pi.GetUserUidNumber(user) +} + +func (pi *ProviderInstance) GetGroupGidNumber(group api.Group) string { gidNumber, ok := group.GetAttributes()["gidNumber"].(string) if ok { diff --git a/internal/outpost/proxyv2/application/oauth_callback.go b/internal/outpost/proxyv2/application/oauth_callback.go index eef418a84..13f28e67a 100644 --- a/internal/outpost/proxyv2/application/oauth_callback.go +++ b/internal/outpost/proxyv2/application/oauth_callback.go @@ -31,16 +31,11 @@ func (a *Application) redeemCallback(savedState string, u *url.URL, c context.Co return nil, err } - // Extract the ID Token from OAuth2 token. - rawIDToken, ok := oauth2Token.Extra("id_token").(string) - if !ok { - return nil, fmt.Errorf("missing id_token") - } - - a.log.WithField("id_token", rawIDToken).Trace("id_token") + jwt := oauth2Token.AccessToken + a.log.WithField("jwt", jwt).Trace("access_token") // Parse and verify ID Token payload. - idToken, err := a.tokenVerifier.Verify(ctx, rawIDToken) + idToken, err := a.tokenVerifier.Verify(ctx, jwt) if err != nil { return nil, err } @@ -53,6 +48,6 @@ func (a *Application) redeemCallback(savedState string, u *url.URL, c context.Co if claims.Proxy == nil { claims.Proxy = &ProxyClaims{} } - claims.RawToken = rawIDToken + claims.RawToken = jwt return claims, nil } diff --git a/internal/outpost/proxyv2/application/session.go b/internal/outpost/proxyv2/application/session.go index 5ffa77b04..b30934fb4 100644 --- a/internal/outpost/proxyv2/application/session.go +++ b/internal/outpost/proxyv2/application/session.go @@ -13,6 +13,7 @@ import ( "github.com/gorilla/securecookie" "github.com/gorilla/sessions" "github.com/redis/go-redis/v9" + "goauthentik.io/api/v3" "goauthentik.io/internal/config" "goauthentik.io/internal/outpost/proxyv2/codecs" @@ -40,7 +41,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL) // New default RedisStore rs, err := redisstore.NewRedisStore(context.Background(), client) if err != nil { - panic(err) + a.log.WithError(err).Panic("failed to connect to redis") } rs.KeyPrefix(RedisKeyPrefix) @@ -62,7 +63,7 @@ func (a *Application) getStore(p api.ProxyOutpostConfig, externalHost *url.URL) // https://github.com/markbates/goth/commit/7276be0fdf719ddff753f3574ef0f967e4a5a5f7 // set the maxLength of the cookies stored on the disk to a larger number to prevent issues with: // securecookie: the value is too long - // when using OpenID Connect , since this can contain a large amount of extra information in the id_token + // when using OpenID Connect, since this can contain a large amount of extra information in the id_token // Note, when using the FilesystemStore only the session.ID is written to a browser cookie, so this is explicit for the storage on disk cs.MaxLength(math.MaxInt) diff --git a/internal/outpost/rac/connection/connection.go b/internal/outpost/rac/connection/connection.go new file mode 100644 index 000000000..53ca9ecb0 --- /dev/null +++ b/internal/outpost/rac/connection/connection.go @@ -0,0 +1,124 @@ +package connection + +import ( + "context" + "crypto/tls" + "fmt" + "net" + "net/http" + "strings" + "time" + + "github.com/gorilla/websocket" + log "github.com/sirupsen/logrus" + "github.com/wwt/guac" + "goauthentik.io/internal/config" + "goauthentik.io/internal/constants" + "goauthentik.io/internal/outpost/ak" +) + +const guacAddr = "0.0.0.0:4822" + +type Connection struct { + log *log.Entry + st *guac.SimpleTunnel + ac *ak.APIController + ws *websocket.Conn + ctx context.Context + ctxCancel context.CancelFunc + OnError func(error) + closing bool +} + +func NewConnection(ac *ak.APIController, forChannel string, cfg *guac.Config) (*Connection, error) { + ctx, canc := context.WithCancel(context.Background()) + c := &Connection{ + ac: ac, + log: log.WithField("connection", forChannel), + ctx: ctx, + ctxCancel: canc, + OnError: func(err error) {}, + closing: false, + } + err := c.initGuac(cfg) + if err != nil { + return nil, err + } + err = c.initSocket(forChannel) + if err != nil { + _ = c.st.Close() + return nil, err + } + c.initMirror() + return c, nil +} + +func (c *Connection) initSocket(forChannel string) error { + pathTemplate := "%s://%s/ws/outpost_rac/%s/" + scheme := strings.ReplaceAll(c.ac.Client.GetConfig().Scheme, "http", "ws") + + authHeader := fmt.Sprintf("Bearer %s", c.ac.Token()) + + header := http.Header{ + "Authorization": []string{authHeader}, + "User-Agent": []string{constants.OutpostUserAgent()}, + } + + dialer := websocket.Dialer{ + Proxy: http.ProxyFromEnvironment, + HandshakeTimeout: 10 * time.Second, + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: config.Get().AuthentikInsecure, + }, + } + + url := fmt.Sprintf(pathTemplate, scheme, c.ac.Client.GetConfig().Host, forChannel) + ws, _, err := dialer.Dial(url, header) + if err != nil { + c.log.WithError(err).Warning("failed to connect websocket") + return err + } + c.ws = ws + return nil +} + +func (c *Connection) initGuac(cfg *guac.Config) error { + addr, err := net.ResolveTCPAddr("tcp", guacAddr) + if err != nil { + return err + } + + conn, err := net.DialTCP("tcp", nil, addr) + if err != nil { + return err + } + + stream := guac.NewStream(conn, guac.SocketTimeout) + + err = stream.Handshake(cfg) + if err != nil { + return err + } + st := guac.NewSimpleTunnel(stream) + c.st = st + return nil +} + +func (c *Connection) initMirror() { + go c.wsToGuacd() + go c.guacdToWs() +} + +func (c *Connection) onError(err error) { + if c.closing { + return + } + c.closing = true + e := c.st.Close() + if e != nil { + c.log.WithError(e).Warning("failed to close guacd connection") + } + c.log.WithError(err).Info("removing connection") + c.ctxCancel() + c.OnError(err) +} diff --git a/internal/outpost/rac/connection/mirror.go b/internal/outpost/rac/connection/mirror.go new file mode 100644 index 000000000..7475c6efc --- /dev/null +++ b/internal/outpost/rac/connection/mirror.go @@ -0,0 +1,103 @@ +package connection + +import ( + "bytes" + "fmt" + + "github.com/gorilla/websocket" + "github.com/wwt/guac" +) + +var ( + internalOpcodeIns = []byte(fmt.Sprint(len(guac.InternalDataOpcode), ".", guac.InternalDataOpcode)) + authentikOpcode = []byte("0.authentik.") +) + +// MessageReader wraps a websocket connection and only permits Reading +type MessageReader interface { + // ReadMessage should return a single complete message to send to guac + ReadMessage() (int, []byte, error) +} + +func (c *Connection) wsToGuacd() { + w := c.st.AcquireWriter() + for { + select { + default: + _, data, e := c.ws.ReadMessage() + if e != nil { + c.log.WithError(e).Trace("Error reading message from ws") + c.onError(e) + return + } + if bytes.HasPrefix(data, internalOpcodeIns) { + if bytes.HasPrefix(data, authentikOpcode) { + switch string(bytes.Replace(data, authentikOpcode, []byte{}, 1)) { + case "disconnect": + _, e := w.Write([]byte(guac.NewInstruction("disconnect").String())) + c.onError(e) + return + } + } + // messages starting with the InternalDataOpcode are never sent to guacd + continue + } + + if _, e = w.Write(data); e != nil { + c.log.WithError(e).Trace("Failed writing to guacd") + c.onError(e) + return + } + case <-c.ctx.Done(): + return + } + } +} + +// MessageWriter wraps a websocket connection and only permits Writing +type MessageWriter interface { + // WriteMessage writes one or more complete guac commands to the websocket + WriteMessage(int, []byte) error +} + +func (c *Connection) guacdToWs() { + r := c.st.AcquireReader() + buf := bytes.NewBuffer(make([]byte, 0, guac.MaxGuacMessage*2)) + for { + select { + default: + ins, e := r.ReadSome() + if e != nil { + c.log.WithError(e).Trace("Error reading from guacd") + c.onError(e) + return + } + + if bytes.HasPrefix(ins, internalOpcodeIns) { + // messages starting with the InternalDataOpcode are never sent to the websocket + continue + } + + if _, e = buf.Write(ins); e != nil { + c.log.WithError(e).Trace("Failed to buffer guacd to ws") + c.onError(e) + return + } + + // if the buffer has more data in it or we've reached the max buffer size, send the data and reset + if !r.Available() || buf.Len() >= guac.MaxGuacMessage { + if e = c.ws.WriteMessage(1, buf.Bytes()); e != nil { + if e == websocket.ErrCloseSent { + return + } + c.log.WithError(e).Trace("Failed sending message to ws") + c.onError(e) + return + } + buf.Reset() + } + case <-c.ctx.Done(): + return + } + } +} diff --git a/internal/outpost/rac/guacd.go b/internal/outpost/rac/guacd.go new file mode 100644 index 000000000..3ae0c4f3f --- /dev/null +++ b/internal/outpost/rac/guacd.go @@ -0,0 +1,26 @@ +package rac + +import ( + "os" + "os/exec" + "strings" + + log "github.com/sirupsen/logrus" + "goauthentik.io/internal/outpost/ak" +) + +const ( + guacdPath = "/opt/guacamole/sbin/guacd" + guacdDefaultArgs = " -b 0.0.0.0 -f" +) + +func (rs *RACServer) startGuac() error { + guacdArgs := strings.Split(guacdDefaultArgs, " ") + guacdArgs = append(guacdArgs, "-L", rs.ac.Outpost.Config[ak.ConfigLogLevel].(string)) + rs.guacd = exec.Command(guacdPath, guacdArgs...) + rs.guacd.Env = os.Environ() + rs.guacd.Stdout = rs.log.WithField("logger", "authentik.outpost.rac.guacd").WriterLevel(log.InfoLevel) + rs.guacd.Stderr = rs.log.WithField("logger", "authentik.outpost.rac.guacd").WriterLevel(log.InfoLevel) + rs.log.Info("starting guacd") + return rs.guacd.Start() +} diff --git a/internal/outpost/rac/metrics/metrics.go b/internal/outpost/rac/metrics/metrics.go new file mode 100644 index 000000000..0a3e6b45d --- /dev/null +++ b/internal/outpost/rac/metrics/metrics.go @@ -0,0 +1,28 @@ +package metrics + +import ( + "net/http" + + log "github.com/sirupsen/logrus" + "goauthentik.io/internal/config" + "goauthentik.io/internal/utils/sentry" + + "github.com/gorilla/mux" + "github.com/prometheus/client_golang/prometheus/promhttp" +) + +func RunServer() { + m := mux.NewRouter() + l := log.WithField("logger", "authentik.outpost.metrics") + m.Use(sentry.SentryNoSampleMiddleware) + m.HandleFunc("/outpost.goauthentik.io/ping", func(rw http.ResponseWriter, r *http.Request) { + rw.WriteHeader(204) + }) + m.Path("/metrics").Handler(promhttp.Handler()) + listen := config.Get().Listen.Metrics + l.WithField("listen", listen).Info("Starting Metrics server") + err := http.ListenAndServe(listen, m) + if err != nil { + l.WithError(err).Warning("Failed to start metrics listener") + } +} diff --git a/internal/outpost/rac/rac.go b/internal/outpost/rac/rac.go new file mode 100644 index 000000000..1e9920305 --- /dev/null +++ b/internal/outpost/rac/rac.go @@ -0,0 +1,126 @@ +package rac + +import ( + "context" + "os/exec" + "strconv" + "sync" + + "github.com/mitchellh/mapstructure" + log "github.com/sirupsen/logrus" + "github.com/wwt/guac" + + "goauthentik.io/internal/outpost/ak" + "goauthentik.io/internal/outpost/rac/connection" + "goauthentik.io/internal/outpost/rac/metrics" +) + +type RACServer struct { + log *log.Entry + ac *ak.APIController + guacd *exec.Cmd + connm sync.RWMutex + conns map[string]connection.Connection +} + +func NewServer(ac *ak.APIController) *RACServer { + rs := &RACServer{ + log: log.WithField("logger", "authentik.outpost.rac"), + ac: ac, + connm: sync.RWMutex{}, + conns: map[string]connection.Connection{}, + } + ac.AddWSHandler(rs.wsHandler) + return rs +} + +type WSMessage struct { + ConnID string `mapstructure:"conn_id"` + DestChannelID string `mapstructure:"dest_channel_id"` + Params map[string]string `mapstructure:"params"` + Protocol string `mapstructure:"protocol"` + OptimalScreenWidth string `mapstructure:"screen_width"` + OptimalScreenHeight string `mapstructure:"screen_height"` + OptimalScreenDPI string `mapstructure:"screen_dpi"` +} + +func parseIntOrZero(input string) int { + x, err := strconv.Atoi(input) + if err != nil { + return 0 + } + return x +} + +func (rs *RACServer) wsHandler(ctx context.Context, args map[string]interface{}) { + wsm := WSMessage{} + err := mapstructure.Decode(args, &wsm) + if err != nil { + rs.log.WithError(err).Warning("invalid ws message") + return + } + config := guac.NewGuacamoleConfiguration() + config.Protocol = wsm.Protocol + config.Parameters = wsm.Params + config.OptimalScreenWidth = parseIntOrZero(wsm.OptimalScreenWidth) + config.OptimalScreenHeight = parseIntOrZero(wsm.OptimalScreenHeight) + config.OptimalResolution = parseIntOrZero(wsm.OptimalScreenDPI) + config.AudioMimetypes = []string{ + "audio/L8", + "audio/L16", + } + cc, err := connection.NewConnection(rs.ac, wsm.DestChannelID, config) + if err != nil { + rs.log.WithError(err).Warning("failed to setup connection") + return + } + cc.OnError = func(err error) { + rs.connm.Lock() + delete(rs.conns, wsm.ConnID) + _ = rs.ac.SendWSHello(map[string]interface{}{ + "active_connections": len(rs.conns), + }) + rs.connm.Unlock() + } + rs.connm.Lock() + rs.conns[wsm.ConnID] = *cc + _ = rs.ac.SendWSHello(map[string]interface{}{ + "active_connections": len(rs.conns), + }) + rs.connm.Unlock() +} + +func (rs *RACServer) Start() error { + wg := sync.WaitGroup{} + wg.Add(2) + go func() { + defer wg.Done() + metrics.RunServer() + }() + go func() { + defer wg.Done() + err := rs.startGuac() + if err != nil { + panic(err) + } + }() + wg.Wait() + return nil +} + +func (rs *RACServer) Stop() error { + if rs.guacd != nil { + return rs.guacd.Process.Kill() + } + return nil +} + +func (rs *RACServer) TimerFlowCacheExpiry(context.Context) {} + +func (rs *RACServer) Type() string { + return "rac" +} + +func (rs *RACServer) Refresh() error { + return nil +} diff --git a/internal/web/static.go b/internal/web/static.go index c4c79efe0..1d6d1888e 100644 --- a/internal/web/static.go +++ b/internal/web/static.go @@ -33,6 +33,11 @@ func (ws *WebServer) configureStatic() { }) indexLessRouter.PathPrefix("/if/admin/assets").Handler(http.StripPrefix("/if/admin", distFs)) indexLessRouter.PathPrefix("/if/user/assets").Handler(http.StripPrefix("/if/user", distFs)) + indexLessRouter.PathPrefix("/if/rac/{app_slug}/assets").HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { + vars := mux.Vars(r) + + web.DisableIndex(http.StripPrefix(fmt.Sprintf("/if/rac/%s", vars["app_slug"]), distFs)).ServeHTTP(rw, r) + }) // Media files, if backend is file if config.Get().Storage.Media.Backend == "file" { diff --git a/locale/en/LC_MESSAGES/django.po b/locale/en/LC_MESSAGES/django.po index b4f8c3a56..9fb05420d 100644 --- a/locale/en/LC_MESSAGES/django.po +++ b/locale/en/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2023-12-27 10:56+0000\n" +"POT-Creation-Date: 2024-01-03 11:22+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -388,6 +388,45 @@ msgstr "" msgid "License Usage Records" msgstr "" +#: authentik/enterprise/policy.py:18 +msgid "Enterprise required to access this feature." +msgstr "" + +#: authentik/enterprise/policy.py:20 +msgid "Feature only accessible for internal users." +msgstr "" + +#: authentik/enterprise/providers/rac/models.py:48 +#: authentik/stages/user_login/models.py:39 +msgid "" +"Determines how long a session lasts. Default of 0 means that the sessions " +"lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" + +#: authentik/enterprise/providers/rac/models.py:71 +msgid "RAC Provider" +msgstr "" + +#: authentik/enterprise/providers/rac/models.py:72 +msgid "RAC Providers" +msgstr "" + +#: authentik/enterprise/providers/rac/models.py:99 +msgid "RAC Endpoint" +msgstr "" + +#: authentik/enterprise/providers/rac/models.py:100 +msgid "RAC Endpoints" +msgstr "" + +#: authentik/enterprise/providers/rac/models.py:121 +msgid "RAC Property Mapping" +msgstr "" + +#: authentik/enterprise/providers/rac/models.py:122 +msgid "RAC Property Mappings" +msgstr "" + #: authentik/events/models.py:289 msgid "Event" msgstr "" @@ -490,7 +529,7 @@ msgstr "" msgid "Webhook Mappings" msgstr "" -#: authentik/events/monitored_tasks.py:205 +#: authentik/events/monitored_tasks.py:207 msgid "Task has not been run yet." msgstr "" @@ -669,75 +708,75 @@ msgstr "" msgid "Invalid kubeconfig" msgstr "" -#: authentik/outposts/models.py:122 +#: authentik/outposts/models.py:123 msgid "" "If enabled, use the local connection. Required Docker socket/Kubernetes " "Integration" msgstr "" -#: authentik/outposts/models.py:152 +#: authentik/outposts/models.py:153 msgid "Outpost Service-Connection" msgstr "" -#: authentik/outposts/models.py:153 +#: authentik/outposts/models.py:154 msgid "Outpost Service-Connections" msgstr "" -#: authentik/outposts/models.py:161 +#: authentik/outposts/models.py:162 msgid "" "Can be in the format of 'unix://' when connecting to a local docker " "daemon, or 'https://:2376' when connecting to a remote system." msgstr "" -#: authentik/outposts/models.py:173 +#: authentik/outposts/models.py:174 msgid "" "CA which the endpoint's Certificate is verified against. Can be left empty " "for no validation." msgstr "" -#: authentik/outposts/models.py:185 +#: authentik/outposts/models.py:186 msgid "" "Certificate/Key used for authentication. Can be left empty for no " "authentication." msgstr "" -#: authentik/outposts/models.py:203 +#: authentik/outposts/models.py:204 msgid "Docker Service-Connection" msgstr "" -#: authentik/outposts/models.py:204 +#: authentik/outposts/models.py:205 msgid "Docker Service-Connections" msgstr "" -#: authentik/outposts/models.py:212 +#: authentik/outposts/models.py:213 msgid "" "Paste your kubeconfig here. authentik will automatically use the currently " "selected context." msgstr "" -#: authentik/outposts/models.py:218 +#: authentik/outposts/models.py:219 msgid "Verify SSL Certificates of the Kubernetes API endpoint" msgstr "" -#: authentik/outposts/models.py:235 +#: authentik/outposts/models.py:236 msgid "Kubernetes Service-Connection" msgstr "" -#: authentik/outposts/models.py:236 +#: authentik/outposts/models.py:237 msgid "Kubernetes Service-Connections" msgstr "" -#: authentik/outposts/models.py:252 +#: authentik/outposts/models.py:253 msgid "" "Select Service-Connection authentik should use to manage this outpost. Leave " "empty if authentik should not handle the deployment." msgstr "" -#: authentik/outposts/models.py:419 +#: authentik/outposts/models.py:420 msgid "Outpost" msgstr "" -#: authentik/outposts/models.py:420 +#: authentik/outposts/models.py:421 msgid "Outposts" msgstr "" @@ -1591,11 +1630,11 @@ msgstr "" msgid "Can edit system settings" msgstr "" -#: authentik/recovery/management/commands/create_admin_group.py:11 +#: authentik/recovery/management/commands/create_admin_group.py:12 msgid "Create admin group if the default group gets deleted." msgstr "" -#: authentik/recovery/management/commands/create_recovery_key.py:17 +#: authentik/recovery/management/commands/create_recovery_key.py:16 msgid "Create a Key which can be used to restore access to authentik." msgstr "" @@ -2618,12 +2657,6 @@ msgstr "" msgid "No Pending User." msgstr "" -#: authentik/stages/user_login/models.py:39 -msgid "" -"Determines how long a session lasts. Default of 0 means that the sessions " -"lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" -msgstr "" - #: authentik/stages/user_login/models.py:47 msgid "Bind sessions created by this stage to the configured network" msgstr "" diff --git a/locale/it/LC_MESSAGES/django.mo b/locale/it/LC_MESSAGES/django.mo new file mode 100644 index 000000000..10aefe661 Binary files /dev/null and b/locale/it/LC_MESSAGES/django.mo differ diff --git a/locale/it/LC_MESSAGES/django.po b/locale/it/LC_MESSAGES/django.po new file mode 100644 index 000000000..3f39ddb2e --- /dev/null +++ b/locale/it/LC_MESSAGES/django.po @@ -0,0 +1,2919 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR , YEAR. +# +# Translators: +# Dario Rigolin, 2022 +# aoor9, 2023 +# Marco Realacci, 2023 +# Matteo Piccina , 2023 +# Kowalski Dragon , 2023 +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2023-12-06 16:55+0000\n" +"PO-Revision-Date: 2022-09-26 16:47+0000\n" +"Last-Translator: Kowalski Dragon , 2023\n" +"Language-Team: Italian (https://app.transifex.com/authentik/teams/119923/it/)\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: it\n" +"Plural-Forms: nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;\n" + +#: authentik/admin/api/tasks.py:127 +#, python-format +msgid "Successfully re-scheduled Task %(name)s!" +msgstr "Operazione ri-pianificata con successo%(name)s!" + +#: authentik/api/schema.py:25 +msgid "Generic API Error" +msgstr "Errore API generico" + +#: authentik/api/schema.py:33 +msgid "Validation Error" +msgstr "Errore di validazione" + +#: authentik/blueprints/api.py:43 +msgid "Blueprint file does not exist" +msgstr "File del modello inesistente" + +#: authentik/blueprints/api.py:54 +#, python-format +msgid "Failed to validate blueprint: %(logs)s" +msgstr "Validazione del modello fallita: %(logs)s" + +#: authentik/blueprints/api.py:59 +msgid "Either path or content must be set." +msgstr "È necessario impostare il percorso o il contenuto." + +#: authentik/blueprints/models.py:30 +msgid "Managed by authentik" +msgstr "Gestito da authentik" + +#: authentik/blueprints/models.py:32 +msgid "" +"Objects that are managed by authentik. These objects are created and updated" +" automatically. This flag only indicates that an object can be overwritten " +"by migrations. You can still modify the objects via the API, but expect " +"changes to be overwritten in a later update." +msgstr "" +"Oggetti gestiti da authentik. Questi oggetti sono creati e aggiornati " +"automaticamente. Questo controllo indica solo che un oggetto può essere " +"sovrascritto dalle migrazioni. Puoi ancora modificare gli oggetti tramite " +"l'API, ma aspettati che le modifiche vengano sovrascritte in un " +"aggiornamento successivo." + +#: authentik/blueprints/models.py:112 +msgid "Blueprint Instance" +msgstr "Istanza del modello" + +#: authentik/blueprints/models.py:113 +msgid "Blueprint Instances" +msgstr "Istanze dei modelli" + +#: authentik/blueprints/v1/exporter.py:62 +#, python-format +msgid "authentik Export - %(date)s" +msgstr "Esportazione authentik - %(date)s" + +#: authentik/blueprints/v1/tasks.py:150 authentik/crypto/tasks.py:93 +#, python-format +msgid "Successfully imported %(count)d files." +msgstr "Importato con successo %(count)d file." + +#: authentik/core/api/providers.py:120 +msgid "SAML Provider from Metadata" +msgstr "Provider SAML dai Metadati" + +#: authentik/core/api/providers.py:121 +msgid "Create a SAML Provider by importing its Metadata." +msgstr "Crea un SAML Provider importando i sui Metadati." + +#: authentik/core/api/users.py:156 +msgid "No leading or trailing slashes allowed." +msgstr "Non sono consentite barre oblique iniziali o finali." + +#: authentik/core/api/users.py:159 +msgid "No empty segments in user path allowed." +msgstr "Non sono consentiti segmenti vuoti nel percorso utente." + +#: authentik/core/models.py:86 +msgid "name" +msgstr "nome" + +#: authentik/core/models.py:88 +msgid "Users added to this group will be superusers." +msgstr "Utenti aggiunti a questo gruppo saranno superutenti." + +#: authentik/core/models.py:162 +msgid "Group" +msgstr "Gruppo" + +#: authentik/core/models.py:163 +msgid "Groups" +msgstr "Gruppi" + +#: authentik/core/models.py:178 +msgid "User's display name." +msgstr "Nome visualizzato dell'utente." + +#: authentik/core/models.py:274 authentik/providers/oauth2/models.py:295 +msgid "User" +msgstr "Utente" + +#: authentik/core/models.py:275 +msgid "Users" +msgstr "Utenti" + +#: authentik/core/models.py:277 +#: authentik/stages/email/templates/email/password_reset.html:28 +msgid "Reset Password" +msgstr "Reimposta Password" + +#: authentik/core/models.py:278 +msgid "Can impersonate other users" +msgstr "Può impersonare altri utenti" + +#: authentik/core/models.py:279 authentik/rbac/models.py:54 +msgid "Can assign permissions to users" +msgstr "Può assegnare permessi a utenti" + +#: authentik/core/models.py:280 authentik/rbac/models.py:55 +msgid "Can unassign permissions from users" +msgstr "Può rimuovere permessi da utenti" + +#: authentik/core/models.py:294 +msgid "" +"Flow used for authentication when the associated application is accessed by " +"an un-authenticated user." +msgstr "" +"Flusso usato per l'autenticazione quando un utente non autenticato accede " +"all'applicazione associata." + +#: authentik/core/models.py:304 +msgid "Flow used when authorizing this provider." +msgstr "Flusso utilizzato durante l'autorizzazione di questo provider." + +#: authentik/core/models.py:316 +msgid "" +"Accessed from applications; optional backchannel providers for protocols " +"like LDAP and SCIM." +msgstr "" +"Accessibile dalle applicazioni; fornitori di backchannel opzionali per " +"protocolli come LDAP e SCIM." + +#: authentik/core/models.py:371 +msgid "Application's display Name." +msgstr "Nome visualizzato dell'applicazione." + +#: authentik/core/models.py:372 +msgid "Internal application name, used in URLs." +msgstr "Nome interno dell'applicazione, utilizzato negli URL." + +#: authentik/core/models.py:384 +msgid "Open launch URL in a new browser tab or window." +msgstr "Apri l'URL di avvio in una nuova scheda o finestra del browser." + +#: authentik/core/models.py:448 +msgid "Application" +msgstr "Applicazione" + +#: authentik/core/models.py:449 +msgid "Applications" +msgstr "Applicazioni" + +#: authentik/core/models.py:455 +msgid "Use the source-specific identifier" +msgstr "Utilizzare l'identificatore specifico della fonte" + +#: authentik/core/models.py:457 +msgid "" +"Link to a user with identical email address. Can have security implications " +"when a source doesn't validate email addresses." +msgstr "" +"Collegamento a un utente con indirizzo email identico. Può avere " +"implicazioni sulla sicurezza quando una fonte non convalida gli indirizzi " +"e-mail." + +#: authentik/core/models.py:461 +msgid "" +"Use the user's email address, but deny enrollment when the email address " +"already exists." +msgstr "" +"Usa l'indirizzo e-mail dell'utente, ma nega l'iscrizione quando l'indirizzo " +"e-mail esiste già." + +#: authentik/core/models.py:464 +msgid "" +"Link to a user with identical username. Can have security implications when " +"a username is used with another source." +msgstr "" +"Collegamento a un utente con nome utente identico. Può avere implicazioni " +"sulla sicurezza quando un nome utente viene utilizzato con un'altra fonte." + +#: authentik/core/models.py:468 +msgid "" +"Use the user's username, but deny enrollment when the username already " +"exists." +msgstr "" +"Utilizza il nome utente dell'utente, ma nega l'iscrizione quando il nome " +"utente esiste già." + +#: authentik/core/models.py:475 +msgid "Source's display Name." +msgstr "Nome visualizzato della sorgente." + +#: authentik/core/models.py:476 +msgid "Internal source name, used in URLs." +msgstr "Nome interno della sorgente, utilizzato negli URL." + +#: authentik/core/models.py:495 +msgid "Flow to use when authenticating existing users." +msgstr "Flusso da usare per autenticare utenti esistenti." + +#: authentik/core/models.py:504 +msgid "Flow to use when enrolling new users." +msgstr "Flusso da usare per iscrivere nuovi utenti." + +#: authentik/core/models.py:512 +msgid "" +"How the source determines if an existing user should be authenticated or a " +"new user enrolled." +msgstr "" +"Modalità in cui la fonte determina se un utente esistente deve essere " +"autenticato o un nuovo utente registrato." + +#: authentik/core/models.py:684 +msgid "Token" +msgstr "Token" + +#: authentik/core/models.py:685 +msgid "Tokens" +msgstr "Tokens" + +#: authentik/core/models.py:690 +msgid "View token's key" +msgstr "Visualizza la chiave token" + +#: authentik/core/models.py:726 +msgid "Property Mapping" +msgstr "Mappatura della proprietà" + +#: authentik/core/models.py:727 +msgid "Property Mappings" +msgstr "Mappatura delle proprietà" + +#: authentik/core/models.py:762 +msgid "Authenticated Session" +msgstr "Sessione Autenticata" + +#: authentik/core/models.py:763 +msgid "Authenticated Sessions" +msgstr "Sessioni Autenticate" + +#: authentik/core/sources/flow_manager.py:190 +#, python-format +msgid "" +"Request to authenticate with %(source)s has been denied. Please authenticate" +" with the source you've previously signed up with." +msgstr "" +"La richiesta di autenticazione con %(source)s è stata negata. Autenticati " +"con la fonte con cui ti sei registrato in precedenza." + +#: authentik/core/sources/flow_manager.py:242 +msgid "Configured flow does not exist." +msgstr "Flusso configurato inesistente." + +#: authentik/core/sources/flow_manager.py:272 +#: authentik/core/sources/flow_manager.py:324 +#, python-format +msgid "Successfully authenticated with %(source)s!" +msgstr "Autenticazione riuscita con %(source)s!" + +#: authentik/core/sources/flow_manager.py:296 +#, python-format +msgid "Successfully linked %(source)s!" +msgstr "%(source)s collegato con successo!" + +#: authentik/core/sources/flow_manager.py:315 +msgid "Source is not configured for enrollment." +msgstr "La sorgente non è configurata per la registrazione." + +#: authentik/core/templates/if/end_session.html:7 +msgid "End session" +msgstr "Fine sessione" + +#: authentik/core/templates/if/end_session.html:11 +#, python-format +msgid "" +"\n" +"You've logged out of %(application)s.\n" +msgstr "" +"\n" +"Sei disconnesso da %(application)s.\n" + +#: authentik/core/templates/if/end_session.html:19 +#, python-format +msgid "" +"\n" +" You've logged out of %(application)s. You can go back to the overview to launch another application, or log out of your %(branding_title)s account.\n" +" " +msgstr "" +"\n" +" Hai effettuato il logout da %(application)s. Puoi tornare alla panoramica per avviare un'altra applicazione o effettuare il logout dal tuo account %(branding_title)s." + +#: authentik/core/templates/if/end_session.html:25 +msgid "Go back to overview" +msgstr "Torna alla panoramica" + +#: authentik/core/templates/if/end_session.html:29 +#, python-format +msgid "" +"\n" +" Log out of %(branding_title)s\n" +" " +msgstr "" +"\n" +" Esci da %(branding_title)s\n" +" " + +#: authentik/core/templates/if/end_session.html:36 +#, python-format +msgid "" +"\n" +" Log back into %(application)s\n" +" " +msgstr "" +"\n" +" Accedi di nuovo a %(application)s\n" +" " + +#: authentik/core/templates/if/error.html:18 +msgid "Go home" +msgstr "Vai alla pagina iniziale" + +#: authentik/core/templates/login/base_full.html:89 +msgid "Powered by authentik" +msgstr "Gestito da authentik" + +#: authentik/core/views/apps.py:53 +#: authentik/providers/oauth2/views/authorize.py:393 +#: authentik/providers/oauth2/views/device_init.py:70 +#: authentik/providers/saml/views/sso.py:70 +#, python-format +msgid "You're about to sign into %(application)s." +msgstr "Stai per accedere a %(application)s" + +#: authentik/crypto/api.py:179 +msgid "Subject-alt name" +msgstr "Nome alternativo del soggetto" + +#: authentik/crypto/models.py:30 +msgid "PEM-encoded Certificate data" +msgstr "Dati del certificato in codifica PEM" + +#: authentik/crypto/models.py:33 +msgid "" +"Optional Private Key. If this is set, you can use this keypair for " +"encryption." +msgstr "" +"Chiave privata facoltativa. Se è impostato, puoi utilizzare questa coppia di" +" chiavi per la crittografia." + +#: authentik/crypto/models.py:101 +msgid "Certificate-Key Pair" +msgstr "Coppia certificato-chiave" + +#: authentik/crypto/models.py:102 +msgid "Certificate-Key Pairs" +msgstr "Coppie certificato-chiave" + +#: authentik/enterprise/models.py:183 +msgid "License" +msgstr "Licenza" + +#: authentik/enterprise/models.py:184 +msgid "Licenses" +msgstr "Licenze" + +#: authentik/enterprise/models.py:206 +msgid "License Usage" +msgstr "Utilizzo della licenza" + +#: authentik/enterprise/models.py:207 +msgid "License Usage Records" +msgstr "Registri sull'utilizzo della licenza" + +#: authentik/events/models.py:291 +msgid "Event" +msgstr "Evento" + +#: authentik/events/models.py:292 +msgid "Events" +msgstr "Eventi" + +#: authentik/events/models.py:298 +msgid "authentik inbuilt notifications" +msgstr "notifiche integrate authentik" + +#: authentik/events/models.py:299 +msgid "Generic Webhook" +msgstr "Webhook generico" + +#: authentik/events/models.py:300 +msgid "Slack Webhook (Slack/Discord)" +msgstr "Slack Webhook (Slack/Discord)" + +#: authentik/events/models.py:301 +msgid "Email" +msgstr "Email" + +#: authentik/events/models.py:319 +msgid "" +"Only send notification once, for example when sending a webhook into a chat " +"channel." +msgstr "" +"Invia una notifica solo una volta, ad esempio quando invii un webhook in un " +"canale di chat." + +#: authentik/events/models.py:384 +msgid "Severity" +msgstr "Gravità" + +#: authentik/events/models.py:389 +msgid "Dispatched for user" +msgstr "Inviato per l'utente" + +#: authentik/events/models.py:398 +msgid "Event user" +msgstr "Evento utente" + +#: authentik/events/models.py:492 +msgid "Notification Transport" +msgstr "Trasporto Notifica" + +#: authentik/events/models.py:493 +msgid "Notification Transports" +msgstr "Trasporti notifica" + +#: authentik/events/models.py:499 +msgid "Notice" +msgstr "Avviso" + +#: authentik/events/models.py:500 +msgid "Warning" +msgstr "Avvertimento" + +#: authentik/events/models.py:501 +msgid "Alert" +msgstr "Allarme" + +#: authentik/events/models.py:526 +msgid "Notification" +msgstr "Notifica" + +#: authentik/events/models.py:527 +msgid "Notifications" +msgstr "Notifiche" + +#: authentik/events/models.py:537 +msgid "" +"Select which transports should be used to notify the user. If none are " +"selected, the notification will only be shown in the authentik UI." +msgstr "" +"Selezionare quali trasporti devono essere utilizzati per notificare " +"l'utente. Se non ne viene selezionato nessuno, la notifica verrà mostrata " +"solo nell'interfaccia utente authentik." + +#: authentik/events/models.py:545 +msgid "Controls which severity level the created notifications will have." +msgstr "Controlla quale livello di gravità avranno le notifiche create." + +#: authentik/events/models.py:550 +msgid "" +"Define which group of users this notification should be sent and shown to. " +"If left empty, Notification won't ben sent." +msgstr "" +"Definisci a quale gruppo di utenti deve essere inviata e mostrata questa " +"notifica. Se lasciato vuoto, la notifica non verrà inviata." + +#: authentik/events/models.py:568 +msgid "Notification Rule" +msgstr "Regola di notifica" + +#: authentik/events/models.py:569 +msgid "Notification Rules" +msgstr "Regole di notifica" + +#: authentik/events/models.py:589 +msgid "Webhook Mapping" +msgstr "Mappatura Webhook" + +#: authentik/events/models.py:590 +msgid "Webhook Mappings" +msgstr "Mappature Webhook" + +#: authentik/events/monitored_tasks.py:205 +msgid "Task has not been run yet." +msgstr "L'attività non è stata ancora eseguita." + +#: authentik/flows/api/flows.py:295 +#, python-format +msgid "Flow not applicable to current user/request: %(messages)s" +msgstr "Flusso non applicabile all'utente/richiesta corrente: %(messages)s" + +#: authentik/flows/api/flows_diagram.py:68 +#: authentik/flows/api/flows_diagram.py:94 +#, python-format +msgid "Policy (%(type)s)" +msgstr "Criterio (%(type)s)" + +#: authentik/flows/api/flows_diagram.py:71 +#, python-format +msgid "Binding %(order)d" +msgstr "Associazione %(order)d" + +#: authentik/flows/api/flows_diagram.py:118 +msgid "Policy passed" +msgstr "Criterio approvato" + +#: authentik/flows/api/flows_diagram.py:122 +#, python-format +msgid "Stage (%(type)s)" +msgstr "Fase (%(type)s)" + +#: authentik/flows/api/flows_diagram.py:146 +#: authentik/flows/api/flows_diagram.py:206 +msgid "Policy denied" +msgstr "Criterio negato" + +#: authentik/flows/api/flows_diagram.py:156 +#: authentik/flows/api/flows_diagram.py:168 +#: authentik/flows/api/flows_diagram.py:205 +#: authentik/flows/api/flows_diagram.py:227 +msgid "End of the flow" +msgstr "Fine del flusso" + +#: authentik/flows/api/flows_diagram.py:169 +msgid "Requirement not fulfilled" +msgstr "Requisito non soddisfatto" + +#: authentik/flows/api/flows_diagram.py:177 +msgid "Flow authentication requirement" +msgstr "Requisito di autenticazione del flusso" + +#: authentik/flows/api/flows_diagram.py:183 +msgid "Requirement fulfilled" +msgstr "Requisito soddisfatto" + +#: authentik/flows/api/flows_diagram.py:196 +msgid "Pre-flow policies" +msgstr "Politiche pre-flusso" + +#: authentik/flows/api/flows_diagram.py:214 authentik/flows/models.py:193 +msgid "Flow" +msgstr "Flusso" + +#: authentik/flows/exceptions.py:19 +msgid "Flow does not apply to current user." +msgstr "Il flusso non si applica all'utente corrente." + +#: authentik/flows/models.py:114 +#, python-format +msgid "Dynamic In-memory stage: %(doc)s" +msgstr "Fase dinamica in memoria: %(doc)s" + +#: authentik/flows/models.py:129 +msgid "Visible in the URL." +msgstr "Visibile nell'URL." + +#: authentik/flows/models.py:131 +msgid "Shown as the Title in Flow pages." +msgstr "Mostrato come Titolo nelle pagine Flusso" + +#: authentik/flows/models.py:138 +msgid "" +"Decides what this Flow is used for. For example, the Authentication flow is " +"redirect to when an un-authenticated user visits authentik." +msgstr "" +"Decide cosa viene utilizzato questo Flusso. Ad esempio, il flusso di " +"autenticazione viene reindirizzato quando un utente non autenticato visita " +"authentik." + +#: authentik/flows/models.py:147 +msgid "Background shown during execution" +msgstr "Sfondo mostrato durante l'esecuzione" + +#: authentik/flows/models.py:154 +msgid "" +"Enable compatibility mode, increases compatibility with password managers on" +" mobile devices." +msgstr "" +"Abilita compatibilità, incrementa la compatibilità con i gestori password su" +" dispositivi mobile." + +#: authentik/flows/models.py:162 +msgid "Configure what should happen when a flow denies access to a user." +msgstr "" +"Configura cosa può accadere quando un flusso nega l'accesso ad un utente." + +#: authentik/flows/models.py:168 +msgid "Required level of authentication and authorization to access a flow." +msgstr "" +"Livello richiesto di autenticazione e autorizzazione per accedere a un " +"flusso." + +#: authentik/flows/models.py:194 +msgid "Flows" +msgstr "Flussi" + +#: authentik/flows/models.py:197 +msgid "Can export a Flow" +msgstr "Può esportare un flusso" + +#: authentik/flows/models.py:198 +msgid "Can inspect a Flow's execution" +msgstr "Può ispezionare l'esecuzione di un flusso" + +#: authentik/flows/models.py:199 +msgid "View Flow's cache metrics" +msgstr "Visualizza le metriche della cache del flusso" + +#: authentik/flows/models.py:200 +msgid "Clear Flow's cache metrics" +msgstr "Cancella le metriche della cache del flusso" + +#: authentik/flows/models.py:216 +msgid "Evaluate policies during the Flow planning process." +msgstr "" +"Valutare le politiche durante il processo di pianificazione del flusso." + +#: authentik/flows/models.py:220 +msgid "Evaluate policies when the Stage is present to the user." +msgstr "Valutare le policy quando lo stage è presente all'utente." + +#: authentik/flows/models.py:227 +msgid "" +"Configure how the flow executor should handle an invalid response to a " +"challenge. RETRY returns the error message and a similar challenge to the " +"executor. RESTART restarts the flow from the beginning, and " +"RESTART_WITH_CONTEXT restarts the flow while keeping the current context." +msgstr "" +"Specifica come l'esecutore del flow dovrebbe gestire un riscontro negativo " +"di una verifica. RETRY restituisce il messaggio di errore e una verifica " +"simile all'esecutore. RESTART riavvia il flusso da capo, e " +"RESTART_WITH_CONTEXT lo riavvia mantenendo lo stato attuale." + +#: authentik/flows/models.py:250 +msgid "Flow Stage Binding" +msgstr "Associazione della fase del flusso" + +#: authentik/flows/models.py:251 +msgid "Flow Stage Bindings" +msgstr "Associazioni della fase del flusso" + +#: authentik/flows/models.py:266 +msgid "" +"Flow used by an authenticated user to configure this Stage. If empty, user " +"will not be able to configure this stage." +msgstr "" +"Flusso utilizzato da un utente autenticato per configurare questa fase. Se " +"vuoto, l'utente non sarà in grado di configurare questa fase." + +#: authentik/flows/models.py:306 +msgid "Flow Token" +msgstr "Token del flusso" + +#: authentik/flows/models.py:307 +msgid "Flow Tokens" +msgstr "Tokens del flusso" + +#: authentik/lib/utils/time.py:27 +#, python-format +msgid "%(value)s is not in the correct format of 'hours=3;minutes=1'." +msgstr "%(value)s non è nel formato corretto di 'hours=3;minutes=1'." + +#: authentik/lib/validators.py:16 +#, python-brace-format +msgid "The fields {field_names} must be used together." +msgstr "I campi {field_names} devono essere utilizzati insieme." + +#: authentik/outposts/api/service_connections.py:127 +msgid "" +"You can only use an empty kubeconfig when connecting to a local cluster." +msgstr "" +"Puoi usare sono un kubeconfig vuoto durante la connessione ad un cluster " +"locale." + +#: authentik/outposts/api/service_connections.py:135 +msgid "Invalid kubeconfig" +msgstr "Kubeconfig invalida" + +#: authentik/outposts/models.py:122 +msgid "" +"If enabled, use the local connection. Required Docker socket/Kubernetes " +"Integration" +msgstr "" +"Se abilitato, utilizzare la connessione locale. Socket Docker/Integrazione " +"Kubernetes richiesto" + +#: authentik/outposts/models.py:152 +msgid "Outpost Service-Connection" +msgstr "Connessione al servizio Outpost" + +#: authentik/outposts/models.py:153 +msgid "Outpost Service-Connections" +msgstr "Connessioni al servizii Outpost" + +#: authentik/outposts/models.py:161 +msgid "" +"Can be in the format of 'unix://' when connecting to a local docker " +"daemon, or 'https://:2376' when connecting to a remote system." +msgstr "" +"Può essere nel formato 'unix://' quando si connette a un demone Docker" +" locale, o 'https://:2376' quando si connette a un sistema remoto." + +#: authentik/outposts/models.py:173 +msgid "" +"CA which the endpoint's Certificate is verified against. Can be left empty " +"for no validation." +msgstr "" +"CA contro cui viene verificato il certificato del punto finale. Può essere " +"lasciato vuoto per nessuna validazione." + +#: authentik/outposts/models.py:185 +msgid "" +"Certificate/Key used for authentication. Can be left empty for no " +"authentication." +msgstr "" +"Certificato/Chiave utilizzata per l'autenticazione. Può essere lasciato " +"vuoto per nessuna autenticazione." + +#: authentik/outposts/models.py:203 +msgid "Docker Service-Connection" +msgstr "Connessione al servizio Docker" + +#: authentik/outposts/models.py:204 +msgid "Docker Service-Connections" +msgstr "Connessioni al servizi Docker" + +#: authentik/outposts/models.py:212 +msgid "" +"Paste your kubeconfig here. authentik will automatically use the currently " +"selected context." +msgstr "" +"Incolla il tuo kubeconfig qui. authentik utilizzerà automaticamente il " +"contesto attualmente selezionato." + +#: authentik/outposts/models.py:218 +msgid "Verify SSL Certificates of the Kubernetes API endpoint" +msgstr "Verifica i certificati SSL del punto di accesso API di Kubernetes." + +#: authentik/outposts/models.py:235 +msgid "Kubernetes Service-Connection" +msgstr "Connessione al servizio Kubernetes" + +#: authentik/outposts/models.py:236 +msgid "Kubernetes Service-Connections" +msgstr "Connessione ai servizi Kubernetes" + +#: authentik/outposts/models.py:252 +msgid "" +"Select Service-Connection authentik should use to manage this outpost. Leave" +" empty if authentik should not handle the deployment." +msgstr "" +"Seleziona il servizio di connessione che authentik dovrebbe utilizzare per " +"gestire questo outpost. Lascia vuoto se authentik non deve gestire la " +"distribuzione." + +#: authentik/outposts/models.py:419 +msgid "Outpost" +msgstr "Outpost" + +#: authentik/outposts/models.py:420 +msgid "Outposts" +msgstr "Outposts" + +#: authentik/policies/denied.py:24 +msgid "Access denied" +msgstr "Accesso negato" + +#: authentik/policies/dummy/models.py:44 +msgid "Dummy Policy" +msgstr "Criterio fittizio" + +#: authentik/policies/dummy/models.py:45 +msgid "Dummy Policies" +msgstr "Politiche fittizie" + +#: authentik/policies/event_matcher/api.py:20 +#: authentik/policies/event_matcher/models.py:56 +msgid "" +"Match events created by selected application. When left empty, all " +"applications are matched." +msgstr "" +"Eventi di corrispondenza creati dall'applicazione selezionata. Quando " +"lasciato vuoto, tutte le applicazioni vengono corrisposte." + +#: authentik/policies/event_matcher/api.py:29 +#: authentik/policies/event_matcher/models.py:64 +msgid "" +"Match events created by selected model. When left empty, all models are " +"matched. When an app is selected, all the application's models are matched." +msgstr "" +"Eventi di corrispondenza creati dal modello selezionato. Quando lasciato " +"vuoto, tutti i modelli vengono abbinati. Quando viene selezionata un'app, " +"vengono abbinati tutti i modelli dell'applicazione." + +#: authentik/policies/event_matcher/api.py:42 +msgid "At least one criteria must be set." +msgstr "Deve essere impostato almeno un criterio." + +#: authentik/policies/event_matcher/models.py:48 +msgid "" +"Match created events with this action type. When left empty, all action " +"types will be matched." +msgstr "" +"Corrispondere gli eventi creati con questo tipo di azione. Quando lasciato " +"vuoto, tutti i tipi di azione saranno corrisposti." + +#: authentik/policies/event_matcher/models.py:73 +msgid "" +"Matches Event's Client IP (strict matching, for network matching use an " +"Expression Policy)" +msgstr "" +"Corrisponde all'IP del client dell'evento (corrispondenza rigorosa, per la " +"corrispondenza di rete utilizzare una criterio di espressione)" + +#: authentik/policies/event_matcher/models.py:143 +msgid "Event Matcher Policy" +msgstr "Criterio Corrispondenza Evento" + +#: authentik/policies/event_matcher/models.py:144 +msgid "Event Matcher Policies" +msgstr "Criteri Corrispondenza Evento" + +#: authentik/policies/expiry/models.py:45 +#, python-format +msgid "Password expired %(days)d days ago. Please update your password." +msgstr "" +"Password scaduta %(days)d giorni fa. Si prega di aggiornare la password." + +#: authentik/policies/expiry/models.py:49 +msgid "Password has expired." +msgstr "Password scaduta" + +#: authentik/policies/expiry/models.py:53 +msgid "Password Expiry Policy" +msgstr "Criterio di scadenza della password" + +#: authentik/policies/expiry/models.py:54 +msgid "Password Expiry Policies" +msgstr "Politiche di scadenza della password" + +#: authentik/policies/expression/models.py:40 +msgid "Expression Policy" +msgstr "Criterio di Espressione" + +#: authentik/policies/expression/models.py:41 +msgid "Expression Policies" +msgstr "Criteri di espressione" + +#: authentik/policies/models.py:22 +msgid "all, all policies must pass" +msgstr "tutte, tutti i criteri devono passare" + +#: authentik/policies/models.py:23 +msgid "any, any policy must pass" +msgstr "qualsiasi, qualsiasi criterio deve passare" + +#: authentik/policies/models.py:46 +msgid "Policy Binding Model" +msgstr "Modello Associazione Criterio" + +#: authentik/policies/models.py:47 +msgid "Policy Binding Models" +msgstr "Modelli Associazione Criterio" + +#: authentik/policies/models.py:86 +msgid "Negates the outcome of the policy. Messages are unaffected." +msgstr "Nega il risultato del criterio. I messaggi non sono influenzati." + +#: authentik/policies/models.py:89 +msgid "Timeout after which Policy execution is terminated." +msgstr "Timeout dopo il quale l'esecuzione del Criterio viene terminato." + +#: authentik/policies/models.py:92 +msgid "Result if the Policy execution fails." +msgstr "Risultato se l'esecuzione della Policy fallisce." + +#: authentik/policies/models.py:145 +msgid "Policy Binding" +msgstr "Associazione criterio" + +#: authentik/policies/models.py:146 +msgid "Policy Bindings" +msgstr "Associazioni criterio" + +#: authentik/policies/models.py:167 +msgid "" +"When this option is enabled, all executions of this policy will be logged. " +"By default, only execution errors are logged." +msgstr "" +"Quando questa opzione è abilitata, tutte le esecuzioni di questo criterio " +"verranno registrate. Per impostazione predefinita, vengono registrati solo " +"gli errori di esecuzione." + +#: authentik/policies/models.py:189 +msgid "Policy" +msgstr "Criterio" + +#: authentik/policies/models.py:190 +msgid "Policies" +msgstr "Politiche" + +#: authentik/policies/models.py:193 +msgid "View Policy's cache metrics" +msgstr "Visualizza le metriche della cache della Policy" + +#: authentik/policies/models.py:194 +msgid "Clear Policy's cache metrics" +msgstr "Cancellare le metriche della cache della Policy" + +#: authentik/policies/password/models.py:27 +msgid "Field key to check, field keys defined in Prompt stages are available." +msgstr "" +"Chiave di campo da verificare, sono disponibili le chiavi di campo definite " +"nelle fasi Richiesta." + +#: authentik/policies/password/models.py:44 +msgid "How many times the password hash is allowed to be on haveibeenpwned" +msgstr "" +"Quante volte l'hash della password è consentito essere su haveibeenpwned" + +#: authentik/policies/password/models.py:49 +msgid "" +"If the zxcvbn score is equal or less than this value, the policy will fail." +msgstr "" +"Se il punteggio zxcvbn è inferiore o uguale a questo valore, il criterio non" +" verrà soddisfatto." + +#: authentik/policies/password/models.py:72 +msgid "Password not set in context" +msgstr "Password non impostata nel contesto" + +#: authentik/policies/password/models.py:134 +#, python-format +msgid "Password exists on %(count)d online lists." +msgstr "Password esistente in %(count)d lite online." + +#: authentik/policies/password/models.py:154 +msgid "Password is too weak." +msgstr "Password troppo deblole" + +#: authentik/policies/password/models.py:162 +msgid "Password Policy" +msgstr "Criterio della password" + +#: authentik/policies/password/models.py:163 +msgid "Password Policies" +msgstr "Politiche delle password" + +#: authentik/policies/reputation/api.py:18 +msgid "Either IP or Username must be checked" +msgstr "È necessario controllare l'IP o il nome utente" + +#: authentik/policies/reputation/models.py:67 +msgid "Reputation Policy" +msgstr "Criterio Reputazione" + +#: authentik/policies/reputation/models.py:68 +msgid "Reputation Policies" +msgstr "Politiche della reputazione" + +#: authentik/policies/reputation/models.py:95 +msgid "Reputation Score" +msgstr "Punteggio di reputazione" + +#: authentik/policies/reputation/models.py:96 +msgid "Reputation Scores" +msgstr "Punteggi di reputazione" + +#: authentik/policies/templates/policies/denied.html:7 +#: authentik/policies/templates/policies/denied.html:11 +msgid "Permission denied" +msgstr "Permesso negato" + +#: authentik/policies/templates/policies/denied.html:21 +msgid "User's avatar" +msgstr "Avatar utente" + +#: authentik/policies/templates/policies/denied.html:25 +msgid "Not you?" +msgstr "Non sei tu?" + +#: authentik/policies/templates/policies/denied.html:33 +msgid "Request has been denied." +msgstr "La richiesta è stata negata." + +#: authentik/policies/templates/policies/denied.html:44 +msgid "Messages:" +msgstr "Messaggi:" + +#: authentik/policies/templates/policies/denied.html:54 +msgid "Explanation:" +msgstr "Spiegazione:" + +#: authentik/policies/templates/policies/denied.html:58 +#, python-format +msgid "" +"\n" +" Policy binding '%(name)s' returned result '%(result)s'\n" +" " +msgstr "" +"\n" +" L'associazione criterio '%(name)s' ha restituito '%(result)s'\n" +" " + +#: authentik/policies/views.py:68 +msgid "Failed to resolve application" +msgstr "Impossibile risolvere l'applicazione" + +#: authentik/providers/ldap/models.py:25 +msgid "DN under which objects are accessible." +msgstr "DN sotto il quale gli oggetti sono accessibili." + +#: authentik/providers/ldap/models.py:34 +msgid "" +"Users in this group can do search queries. If not set, every user can " +"execute search queries." +msgstr "" +"Gli utenti di questo gruppo possono scrivere query di ricerca. Se non " +"specificato, qualsiasi utente può eseguirle." + +#: authentik/providers/ldap/models.py:53 +msgid "" +"The start for uidNumbers, this number is added to the user.pk to make sure " +"that the numbers aren't too low for POSIX users. Default is 2000 to ensure " +"that we don't collide with local users uidNumber" +msgstr "" +"Il numero di partenza per uidNumbers, questo numero viene aggiunto a user.pk" +" per assicurarsi che i numeri non siano troppo bassi per gli utenti POSIX. " +"Il valore predefinito è 2000 per garantire che non ci siano collisioni con " +"gli uidNumber degli utenti locali." + +#: authentik/providers/ldap/models.py:62 +msgid "" +"The start for gidNumbers, this number is added to a number generated from " +"the group.pk to make sure that the numbers aren't too low for POSIX groups. " +"Default is 4000 to ensure that we don't collide with local groups or users " +"primary groups gidNumber" +msgstr "" +"Il punto di partenza per gidNumbers, questo numero viene aggiunto a un " +"numero generato dal group.pk per assicurarsi che i numeri non siano troppo " +"bassi per i gruppi POSIX. Il valore predefinito è 4000 per garantire che non" +" ci siano collisioni con gruppi locali o gruppi primari di utenti gidNumber." + +#: authentik/providers/ldap/models.py:76 +#: authentik/providers/radius/models.py:34 +msgid "" +"When enabled, code-based multi-factor authentication can be used by " +"appending a semicolon and the TOTP code to the password. This should only be" +" enabled if all users that will bind to this provider have a TOTP device " +"configured, as otherwise a password may incorrectly be rejected if it " +"contains a semicolon." +msgstr "" +"Quando abilitato, l'autenticazione a più fattori basata su codice può essere" +" utilizzata aggiungendo un punto e virgola e il codice TOTP alla password. " +"Ciò dovrebbe essere abilitato solo se tutti gli utenti che si assoceranno a " +"questo provider hanno un dispositivo TOTP configurato, poiché altrimenti una" +" password potrebbe essere erroneamente rifiutata se contiene un punto e " +"virgola." + +#: authentik/providers/ldap/models.py:108 +msgid "LDAP Provider" +msgstr "Provider LDAP" + +#: authentik/providers/ldap/models.py:109 +msgid "LDAP Providers" +msgstr "Providers LDAP" + +#: authentik/providers/oauth2/id_token.py:27 +msgid "Based on the Hashed User ID" +msgstr "Basato sull'ID utente hashato" + +#: authentik/providers/oauth2/id_token.py:28 +msgid "Based on user ID" +msgstr "Basato sull' ID utente" + +#: authentik/providers/oauth2/id_token.py:29 +msgid "Based on user UUID" +msgstr "Basato sull' UUID utente" + +#: authentik/providers/oauth2/id_token.py:30 +msgid "Based on the username" +msgstr "Basato sull'username" + +#: authentik/providers/oauth2/id_token.py:33 +msgid "Based on the User's Email. This is recommended over the UPN method." +msgstr "Basato sull'email dell'utente. Consigliato per il metodo UPN." + +#: authentik/providers/oauth2/id_token.py:38 +msgid "" +"Based on the User's UPN, only works if user has a 'upn' attribute set. Use " +"this method only if you have different UPN and Mail domains." +msgstr "" +"Basato sull'UPN dell'utente, funziona solo se l'utente ha un attributo 'upn'" +" impostato. Utilizza questo metodo solo se hai domini UPN e Mail diversi." + +#: authentik/providers/oauth2/models.py:43 +msgid "Confidential" +msgstr "Confidenziale" + +#: authentik/providers/oauth2/models.py:44 +msgid "Public" +msgstr "Pubblico" + +#: authentik/providers/oauth2/models.py:66 +msgid "Same identifier is used for all providers" +msgstr "Stesso identificatore usato su tutti i providers" + +#: authentik/providers/oauth2/models.py:68 +msgid "Each provider has a different issuer, based on the application slug." +msgstr "" +"Ogni provider ha un issuer differente, basato sullo slug dell'applicazione." + +#: authentik/providers/oauth2/models.py:75 +msgid "code (Authorization Code Flow)" +msgstr "code (Flusso di autorizzazione del codice)" + +#: authentik/providers/oauth2/models.py:76 +msgid "id_token (Implicit Flow)" +msgstr "id_token (Flusso Implicito)" + +#: authentik/providers/oauth2/models.py:77 +msgid "id_token token (Implicit Flow)" +msgstr "id_token token (Flusso Implicito)" + +#: authentik/providers/oauth2/models.py:78 +msgid "code token (Hybrid Flow)" +msgstr "code token (Flusso Ibrido)" + +#: authentik/providers/oauth2/models.py:79 +msgid "code id_token (Hybrid Flow)" +msgstr "code id_token (Flusso Ibrido)" + +#: authentik/providers/oauth2/models.py:80 +msgid "code id_token token (Hybrid Flow)" +msgstr "code id_token token (Flusso Ibrido)" + +#: authentik/providers/oauth2/models.py:86 +msgid "HS256 (Symmetric Encryption)" +msgstr "HS256 (Crittografia Simmetrica)" + +#: authentik/providers/oauth2/models.py:87 +msgid "RS256 (Asymmetric Encryption)" +msgstr "RS256 (Crittografia Asimmetrica)" + +#: authentik/providers/oauth2/models.py:88 +msgid "ES256 (Asymmetric Encryption)" +msgstr "ES256 (Crittografia Asimmetrica)" + +#: authentik/providers/oauth2/models.py:94 +msgid "Scope used by the client" +msgstr "Scope usato dall'utente" + +#: authentik/providers/oauth2/models.py:98 +msgid "" +"Description shown to the user when consenting. If left empty, the user won't" +" be informed." +msgstr "" +"Descrizione mostrata all'utente durante il consenso. Se lasciato vuoto, " +"l'utente non verrà informato." + +#: authentik/providers/oauth2/models.py:117 +msgid "Scope Mapping" +msgstr "Mappatura dell'ambito" + +#: authentik/providers/oauth2/models.py:118 +msgid "Scope Mappings" +msgstr "Mappature degli ambiti" + +#: authentik/providers/oauth2/models.py:128 +msgid "Client Type" +msgstr "Tipo Client" + +#: authentik/providers/oauth2/models.py:130 +msgid "" +"Confidential clients are capable of maintaining the confidentiality of their" +" credentials. Public clients are incapable" +msgstr "" +"I clienti confidenziali sono in grado di mantenere la riservatezza delle " +"loro credenziali. I clienti pubblici sono incapaci." + +#: authentik/providers/oauth2/models.py:137 +msgid "Client ID" +msgstr "Client ID" + +#: authentik/providers/oauth2/models.py:143 +msgid "Client Secret" +msgstr "Client Secret" + +#: authentik/providers/oauth2/models.py:149 +msgid "Redirect URIs" +msgstr "URL di reindirizzamento" + +#: authentik/providers/oauth2/models.py:150 +msgid "Enter each URI on a new line." +msgstr "Inserisci ogni URI su una nuova riga." + +#: authentik/providers/oauth2/models.py:155 +msgid "Include claims in id_token" +msgstr "Includere le richieste in id_token" + +#: authentik/providers/oauth2/models.py:157 +msgid "" +"Include User claims from scopes in the id_token, for applications that don't" +" access the userinfo endpoint." +msgstr "" +"Includere le richieste dell'utente dagli ambiti nell'id_token, per le " +"applicazioni che non accedono al punto di accesso userinfo." + +#: authentik/providers/oauth2/models.py:166 +msgid "" +"Access codes not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"Codici di accesso non validi a partire dall'ora corrente + questo valore " +"(Format: hours=1;minutes=2;seconds=3)." + +#: authentik/providers/oauth2/models.py:174 +#: authentik/providers/oauth2/models.py:182 +msgid "" +"Tokens not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"Tokens non validi a partire dall'ora corrente + questo valore (Format: " +"hours=1;minutes=2;seconds=3)." + +#: authentik/providers/oauth2/models.py:191 +msgid "" +"Configure what data should be used as unique User Identifier. For most " +"cases, the default should be fine." +msgstr "" +"Configurare quale dato dovrebbe essere utilizzato come identificatore " +"univoco dell'utente. Per la maggior parte dei casi, il valore predefinito " +"dovrebbe essere sufficiente." + +#: authentik/providers/oauth2/models.py:198 +msgid "Configure how the issuer field of the ID Token should be filled." +msgstr "" +"Configurare come il campo emittente dell'ID Token dovrebbe essere compilato." + +#: authentik/providers/oauth2/models.py:203 +msgid "Signing Key" +msgstr "Chiave di firma" + +#: authentik/providers/oauth2/models.py:207 +msgid "" +"Key used to sign the tokens. Only required when JWT Algorithm is set to " +"RS256." +msgstr "" +"Chiave utilizzata per firmare i token. Richiesta solo quando l'algoritmo JWT" +" è impostato su RS256." + +#: authentik/providers/oauth2/models.py:214 +msgid "" +"Any JWT signed by the JWK of the selected source can be used to " +"authenticate." +msgstr "" +"Ogni JWT firmata dal JWK della sorgente selezionata può essere utilizzata " +"per l'autenticazione." + +#: authentik/providers/oauth2/models.py:287 +msgid "OAuth2/OpenID Provider" +msgstr "Fornitore OAuth2/OpenID" + +#: authentik/providers/oauth2/models.py:288 +msgid "OAuth2/OpenID Providers" +msgstr "Fornitori OAuth2/OpenID" + +#: authentik/providers/oauth2/models.py:297 +#: authentik/providers/oauth2/models.py:429 +msgid "Scopes" +msgstr "Scopes" + +#: authentik/providers/oauth2/models.py:316 +msgid "Code" +msgstr "Codice" + +#: authentik/providers/oauth2/models.py:317 +msgid "Nonce" +msgstr "Nonce" + +#: authentik/providers/oauth2/models.py:318 +msgid "Code Challenge" +msgstr "Verifica del codice" + +#: authentik/providers/oauth2/models.py:320 +msgid "Code Challenge Method" +msgstr "Metodo di verifica del codice" + +#: authentik/providers/oauth2/models.py:340 +msgid "Authorization Code" +msgstr "Codice di autorizzazione" + +#: authentik/providers/oauth2/models.py:341 +msgid "Authorization Codes" +msgstr "Codici di autorizzazione" + +#: authentik/providers/oauth2/models.py:383 +msgid "OAuth2 Access Token" +msgstr "Token di accesso OAuth2" + +#: authentik/providers/oauth2/models.py:384 +msgid "OAuth2 Access Tokens" +msgstr "Tokens di accesso OAuth2" + +#: authentik/providers/oauth2/models.py:394 +msgid "ID Token" +msgstr "ID Token" + +#: authentik/providers/oauth2/models.py:413 +msgid "OAuth2 Refresh Token" +msgstr "Token di aggiornamento OAuth2" + +#: authentik/providers/oauth2/models.py:414 +msgid "OAuth2 Refresh Tokens" +msgstr "Tokens di aggiornamento OAuth2" + +#: authentik/providers/oauth2/models.py:441 +msgid "Device Token" +msgstr "Token Dispositivo" + +#: authentik/providers/oauth2/models.py:442 +msgid "Device Tokens" +msgstr "Token Dispositivi" + +#: authentik/providers/oauth2/views/authorize.py:448 +#: authentik/providers/saml/views/flows.py:87 +#, python-format +msgid "Redirecting to %(app)s..." +msgstr "Reindirizzamento a %(app)s..." + +#: authentik/providers/oauth2/views/device_init.py:151 +msgid "Invalid code" +msgstr "Codice non valido" + +#: authentik/providers/oauth2/views/userinfo.py:55 +#: authentik/providers/oauth2/views/userinfo.py:56 +msgid "GitHub Compatibility: Access your User Information" +msgstr "Compatibilità GitHub: Accesso alle tue informazioni utente" + +#: authentik/providers/oauth2/views/userinfo.py:57 +msgid "GitHub Compatibility: Access you Email addresses" +msgstr "Compatibilità GitHub: Accesso ai tuoi indirizzi email" + +#: authentik/providers/oauth2/views/userinfo.py:58 +msgid "GitHub Compatibility: Access your Groups" +msgstr "Compatibilità GitHub: Accesso ai tuoi gruppi" + +#: authentik/providers/oauth2/views/userinfo.py:59 +msgid "authentik API Access on behalf of your user" +msgstr "authentik Accesso API per conto del tuo utente" + +#: authentik/providers/proxy/api.py:52 +msgid "User and password attributes must be set when basic auth is enabled." +msgstr "" +"Gli attributi utente e password devono essere impostati quando " +"l'autenticazione di base è abilitata." + +#: authentik/providers/proxy/api.py:63 +msgid "Internal host cannot be empty when forward auth is disabled." +msgstr "" +"L'host interno non può essere vuoto quando l'autenticazione inoltrata è " +"disabilitata." + +#: authentik/providers/proxy/models.py:54 +msgid "Validate SSL Certificates of upstream servers" +msgstr "Convalida dei certificati SSL dei server upstream" + +#: authentik/providers/proxy/models.py:55 +msgid "Internal host SSL Validation" +msgstr "Validazione SSL dell'host interno" + +#: authentik/providers/proxy/models.py:61 +msgid "" +"Enable support for forwardAuth in traefik and nginx auth_request. Exclusive " +"with internal_host." +msgstr "" +"Abilita il supporto per forwardAuth in traefik e nginx auth_request. " +"Esclusivo con internal_host." + +#: authentik/providers/proxy/models.py:70 +msgid "" +"Regular expressions for which authentication is not required. Each new line " +"is interpreted as a new Regular Expression." +msgstr "" +"Espressioni regolari per le quali non è richiesta l'autenticazione. Ogni " +"nuova riga viene interpretata come una nuova espressione regolare." + +#: authentik/providers/proxy/models.py:78 +msgid "" +"When enabled, this provider will intercept the authorization header and " +"authenticate requests based on its value." +msgstr "" +"Quando abilitato, questo provider intercetterà l'intestazione di " +"autorizzazione e autenticherà le richieste in base al suo valore." + +#: authentik/providers/proxy/models.py:84 +msgid "Set HTTP-Basic Authentication" +msgstr "Imposta Autenticazione HTTP-Basic" + +#: authentik/providers/proxy/models.py:86 +msgid "" +"Set a custom HTTP-Basic Authentication header based on values from " +"authentik." +msgstr "" +"Imposta un header personalizzato HTTP-Basic Authentication basato su " +"parametri provenienti da authentik." + +#: authentik/providers/proxy/models.py:91 +msgid "HTTP-Basic Username Key" +msgstr "Chiave Username HTTP-Basic" + +#: authentik/providers/proxy/models.py:93 +msgid "" +"User/Group Attribute used for the user part of the HTTP-Basic Header. If not" +" set, the user's Email address is used." +msgstr "" +"User/Group Attributo utilizzato per la parte utente dell'intestazione HTTP-" +"Basic. Se non impostato, viene utilizzato l'indirizzo email dell'utente." + +#: authentik/providers/proxy/models.py:99 +msgid "HTTP-Basic Password Key" +msgstr "Chiave Password HTTP-Basic" + +#: authentik/providers/proxy/models.py:100 +msgid "" +"User/Group Attribute used for the password part of the HTTP-Basic Header." +msgstr "" +"Attributo utente/gruppo utilizzato per la parte relativa alla password " +"dell'intestazione HTTP-Basic." + +#: authentik/providers/proxy/models.py:154 +msgid "Proxy Provider" +msgstr "Provider Proxy" + +#: authentik/providers/proxy/models.py:155 +msgid "Proxy Providers" +msgstr "Providers Proxy" + +#: authentik/providers/radius/models.py:18 +msgid "Shared secret between clients and server to hash packets." +msgstr "Segreto condiviso tra client e server per hashare i pacchetti." + +#: authentik/providers/radius/models.py:24 +msgid "" +"List of CIDRs (comma-separated) that clients can connect from. A more " +"specific CIDR will match before a looser one. Clients connecting from a non-" +"specified CIDR will be dropped." +msgstr "" +"Elenco di CIDR (separati da virgola) da cui i client possono connettersi. Un" +" CIDR più specifico corrisponderà prima di uno più generico. I client che si" +" connettono da un CIDR non specificato verranno eliminati." + +#: authentik/providers/radius/models.py:60 +msgid "Radius Provider" +msgstr "Provider Radius" + +#: authentik/providers/radius/models.py:61 +msgid "Radius Providers" +msgstr "Providers Radius" + +#: authentik/providers/saml/api/providers.py:258 +msgid "Invalid XML Syntax" +msgstr "Sintassi XML non valida" + +#: authentik/providers/saml/api/providers.py:268 +#, python-format +msgid "Failed to import Metadata: %(message)s" +msgstr "Impossibile importare i metadati: %(message)s" + +#: authentik/providers/saml/models.py:38 +msgid "ACS URL" +msgstr "URL ACS" + +#: authentik/providers/saml/models.py:43 +msgid "" +"Value of the audience restriction field of the assertion. When left empty, " +"no audience restriction will be added." +msgstr "" +"Valore del campo di limitazione del pubblico dell'asserzione. Se lasciato " +"vuoto, non verrà aggiunta alcuna restrizione sul pubblico." + +#: authentik/providers/saml/models.py:47 +msgid "Also known as EntityID" +msgstr "Conosciuto anche come EntityID" + +#: authentik/providers/saml/models.py:51 +msgid "Service Provider Binding" +msgstr "Associazione fornitore di servizi" + +#: authentik/providers/saml/models.py:53 +msgid "" +"This determines how authentik sends the response back to the Service " +"Provider." +msgstr "" +"Ciò determina il modo in cui authentik invia la risposta al fornitore di " +"servizi." + +#: authentik/providers/saml/models.py:63 +msgid "NameID Property Mapping" +msgstr "Mappatura proprietà NameID" + +#: authentik/providers/saml/models.py:65 +msgid "" +"Configure how the NameID value will be created. When left empty, the " +"NameIDPolicy of the incoming request will be considered" +msgstr "" +"Configura il modo in cui verrà creato il valore NameID. Se lasciato vuoto, " +"verrà considerato il NameIDPolicy della richiesta in arrivo" + +#: authentik/providers/saml/models.py:74 +msgid "" +"Assertion valid not before current time + this value (Format: " +"hours=-1;minutes=-2;seconds=-3)." +msgstr "" +"L'asserzione non è valida prima dell'ora corrente + questo valore (Formato: " +"hours=-1;minutes=-2;seconds=-3)." + +#: authentik/providers/saml/models.py:82 +msgid "" +"Assertion not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"Asserzione non valida a partire dall'ora corrente + questo valore (Formato: " +"hours=1;minutes=2;seconds=3)." + +#: authentik/providers/saml/models.py:91 +msgid "" +"Session not valid on or after current time + this value (Format: " +"hours=1;minutes=2;seconds=3)." +msgstr "" +"Sessione non valida a partire dall'ora corrente + questo valore (Format: " +"hours=1;minutes=2;seconds=3)." + +#: authentik/providers/saml/models.py:99 authentik/sources/saml/models.py:150 +msgid "SHA1" +msgstr "SHA1" + +#: authentik/providers/saml/models.py:100 authentik/sources/saml/models.py:151 +msgid "SHA256" +msgstr "SHA256" + +#: authentik/providers/saml/models.py:101 authentik/sources/saml/models.py:152 +msgid "SHA384" +msgstr "SHA384" + +#: authentik/providers/saml/models.py:102 authentik/sources/saml/models.py:153 +msgid "SHA512" +msgstr "SHA512" + +#: authentik/providers/saml/models.py:109 authentik/sources/saml/models.py:160 +msgid "RSA-SHA1" +msgstr "RSA-SHA1" + +#: authentik/providers/saml/models.py:110 authentik/sources/saml/models.py:161 +msgid "RSA-SHA256" +msgstr "RSA-SHA256" + +#: authentik/providers/saml/models.py:111 authentik/sources/saml/models.py:162 +msgid "RSA-SHA384" +msgstr "RSA-SHA384" + +#: authentik/providers/saml/models.py:112 authentik/sources/saml/models.py:163 +msgid "RSA-SHA512" +msgstr "RSA-SHA512" + +#: authentik/providers/saml/models.py:113 authentik/sources/saml/models.py:164 +msgid "DSA-SHA1" +msgstr "DSA-SHA1" + +#: authentik/providers/saml/models.py:124 authentik/sources/saml/models.py:130 +msgid "" +"When selected, incoming assertion's Signatures will be validated against " +"this certificate. To allow unsigned Requests, leave on default." +msgstr "" +"Quando selezionato, le Firme delle asserzioni in arrivo verranno validate " +"con questo certificato. Per consentire Richieste non firmate, lasciare su " +"impostazione predefinita." + +#: authentik/providers/saml/models.py:128 authentik/sources/saml/models.py:134 +msgid "Verification Certificate" +msgstr "Certificato di Verifica" + +#: authentik/providers/saml/models.py:136 +msgid "Keypair used to sign outgoing Responses going to the Service Provider." +msgstr "" +"Coppia di chiavi utilizzato per firmare le Risposte in uscita inviate al " +"Service Provider." + +#: authentik/providers/saml/models.py:138 authentik/sources/saml/models.py:144 +msgid "Signing Keypair" +msgstr "Coppia di chiavi di firma" + +#: authentik/providers/saml/models.py:142 +msgid "Default relay_state value for IDP-initiated logins" +msgstr "Valore predefinito di relay_state per i login inizializzati da IDP" + +#: authentik/providers/saml/models.py:171 +msgid "SAML Provider" +msgstr "Provider SAML" + +#: authentik/providers/saml/models.py:172 +msgid "SAML Providers" +msgstr "Providers SAML" + +#: authentik/providers/saml/models.py:196 +msgid "SAML Property Mapping" +msgstr "Mappatura Proprietà SAML" + +#: authentik/providers/saml/models.py:197 +msgid "SAML Property Mappings" +msgstr "Mappature Proprietà SAML" + +#: authentik/providers/scim/models.py:20 +msgid "Base URL to SCIM requests, usually ends in /v2" +msgstr "URL di base per le richieste SCIM, di solito termina con /v2" + +#: authentik/providers/scim/models.py:21 +msgid "Authentication token" +msgstr "Token di autenticazione" + +#: authentik/providers/scim/models.py:27 authentik/sources/ldap/models.py:98 +msgid "Property mappings used for group creation/updating." +msgstr "" +"Mapping delle proprietà utilizzate per la creazione/aggiornamento dei " +"gruppi." + +#: authentik/providers/scim/models.py:60 +msgid "SCIM Provider" +msgstr "Privider SCIM" + +#: authentik/providers/scim/models.py:61 +msgid "SCIM Providers" +msgstr "Providers SCIM" + +#: authentik/providers/scim/models.py:81 +msgid "SCIM Mapping" +msgstr "Mappatura SCIM" + +#: authentik/providers/scim/models.py:82 +msgid "SCIM Mappings" +msgstr "Mappature SCIM" + +#: authentik/providers/scim/tasks.py:52 +msgid "Starting full SCIM sync" +msgstr "Iniziando la sincronizzazione completa SCIM" + +#: authentik/providers/scim/tasks.py:59 +#, python-format +msgid "Syncing page %(page)d of users" +msgstr "Sincronizzando pagina %(page)d degli utenti" + +#: authentik/providers/scim/tasks.py:63 +#, python-format +msgid "Syncing page %(page)d of groups" +msgstr "Sincronizzando pagina %(page)d dei gruppi" + +#: authentik/providers/scim/tasks.py:92 +#, python-format +msgid "Failed to sync user %(user_name)s due to remote error: %(error)s" +msgstr "" +"Impossibile sincronizzare l'utente %(user_name)s a causa di un errore " +"remoto: %(error)s" + +#: authentik/providers/scim/tasks.py:103 authentik/providers/scim/tasks.py:144 +#, python-format +msgid "Stopping sync due to error: %(error)s" +msgstr "Arresto della sincronizzazione a causa di un errore: %(error)s" + +#: authentik/providers/scim/tasks.py:133 +#, python-format +msgid "Failed to sync group %(group_name)s due to remote error: %(error)s" +msgstr "" +"Impossibile sincronizzare il gruppo %(group_name)s a causa di un errore " +"remoto: %(error)s" + +#: authentik/rbac/models.py:51 +msgid "Role" +msgstr "Ruolo" + +#: authentik/rbac/models.py:52 +msgid "Roles" +msgstr "Ruoli" + +#: authentik/rbac/models.py:66 +msgid "System permission" +msgstr "Autorizzazione di sistema" + +#: authentik/rbac/models.py:67 +msgid "System permissions" +msgstr "Autorizzazioni di sistema" + +#: authentik/rbac/models.py:69 +msgid "Can view system info" +msgstr "Può visualizzare le informazioni di sistema" + +#: authentik/rbac/models.py:70 +msgid "Can view system tasks" +msgstr "Possono visualizzare le attività di sistema" + +#: authentik/rbac/models.py:71 +msgid "Can run system tasks" +msgstr "Può eseguire attività di sistema" + +#: authentik/rbac/models.py:72 +msgid "Can access admin interface" +msgstr "Può accedere all'interfaccia di amministrazione" + +#: authentik/recovery/management/commands/create_admin_group.py:11 +msgid "Create admin group if the default group gets deleted." +msgstr "" +"Crea un gruppo di amministratori se il gruppo predefinito viene eliminato." + +#: authentik/recovery/management/commands/create_recovery_key.py:17 +msgid "Create a Key which can be used to restore access to authentik." +msgstr "" +"Crea una chiave che può essere utilizzata per ripristinare l'accesso ad " +"authentik." + +#: authentik/recovery/views.py:24 +msgid "Used recovery-link to authenticate." +msgstr "Utilizzato il link di recupero per autenticarsi." + +#: authentik/sources/ldap/models.py:41 +msgid "Server URI" +msgstr "URI Server" + +#: authentik/sources/ldap/models.py:50 +msgid "" +"Optionally verify the LDAP Server's Certificate against the CA Chain in this" +" keypair." +msgstr "" +"Opzionalmente verificare il Certificato del Server LDAP rispetto alla Catena" +" CA in questa coppia di chiavi." + +#: authentik/sources/ldap/models.py:59 +msgid "" +"Client certificate to authenticate against the LDAP Server's Certificate." +msgstr "" +"Certificato del client per autenticarsi con il certificato del server LDAP." + +#: authentik/sources/ldap/models.py:62 +msgid "Bind CN" +msgstr "Associa CN" + +#: authentik/sources/ldap/models.py:64 +msgid "Enable Start TLS" +msgstr "Abilita Start TLS" + +#: authentik/sources/ldap/models.py:65 +msgid "Use Server URI for SNI verification" +msgstr "Usa l'URI del server per la verifica SNI" + +#: authentik/sources/ldap/models.py:67 +msgid "Base DN" +msgstr "Base DN" + +#: authentik/sources/ldap/models.py:69 +msgid "Prepended to Base DN for User-queries." +msgstr "Anteposto al DN di base per le query dell'utente." + +#: authentik/sources/ldap/models.py:70 +msgid "Addition User DN" +msgstr "Aggiunta User DN" + +#: authentik/sources/ldap/models.py:74 +msgid "Prepended to Base DN for Group-queries." +msgstr "Anteposto al DN di base per le query di gruppo." + +#: authentik/sources/ldap/models.py:75 +msgid "Addition Group DN" +msgstr "Gruppo di aggiunta DN" + +#: authentik/sources/ldap/models.py:81 +msgid "Consider Objects matching this filter to be Users." +msgstr "Considerare gli oggetti corrispondenti a questo filtro come Utenti." + +#: authentik/sources/ldap/models.py:84 +msgid "Field which contains members of a group." +msgstr "Campo che contiene i membri di un gruppo." + +#: authentik/sources/ldap/models.py:88 +msgid "Consider Objects matching this filter to be Groups." +msgstr "Considera gli oggetti corrispondenti a questo filtro come Gruppi." + +#: authentik/sources/ldap/models.py:91 +msgid "Field which contains a unique Identifier." +msgstr "Campo che contiene un identificatore unico." + +#: authentik/sources/ldap/models.py:105 +msgid "" +"When a user changes their password, sync it back to LDAP. This can only be " +"enabled on a single LDAP source." +msgstr "" +"Quando un utente cambia la propria password, sincronizzala con LDAP. Questo " +"può essere abilitato solo su una singola origine LDAP." + +#: authentik/sources/ldap/models.py:248 +msgid "LDAP Source" +msgstr "Sorgente LDAP" + +#: authentik/sources/ldap/models.py:249 +msgid "LDAP Sources" +msgstr "Sorgenti LDAP" + +#: authentik/sources/ldap/models.py:271 +msgid "LDAP Property Mapping" +msgstr "Mappatura proprietà LDAP" + +#: authentik/sources/ldap/models.py:272 +msgid "LDAP Property Mappings" +msgstr "Mappatura proprietà LDAP" + +#: authentik/sources/ldap/signals.py:52 +msgid "Password does not match Active Directory Complexity." +msgstr "La password non soddisfa la complessità Active Directory." + +#: authentik/sources/oauth/clients/oauth2.py:68 +msgid "No token received." +msgstr "Nessun token ricevuto." + +#: authentik/sources/oauth/models.py:24 +msgid "Request Token URL" +msgstr "URL di Richiesta Token" + +#: authentik/sources/oauth/models.py:26 +msgid "" +"URL used to request the initial token. This URL is only required for OAuth " +"1." +msgstr "" +"URL utilizzato per richiedere il token iniziale. Questo URL è richiesto solo" +" per OAuth 1." + +#: authentik/sources/oauth/models.py:32 +msgid "Authorization URL" +msgstr "Authorization URL" + +#: authentik/sources/oauth/models.py:33 +msgid "URL the user is redirect to to conest the flow." +msgstr "URL a cui l'utente viene reindirizzato per concludere il flusso." + +#: authentik/sources/oauth/models.py:38 +msgid "Access Token URL" +msgstr "URL del token di accesso" + +#: authentik/sources/oauth/models.py:39 +msgid "URL used by authentik to retrieve tokens." +msgstr "URL utilizzato da authentik per recuperare i token." + +#: authentik/sources/oauth/models.py:44 +msgid "Profile URL" +msgstr "URL Profilo" + +#: authentik/sources/oauth/models.py:45 +msgid "URL used by authentik to get user information." +msgstr "URL utilizzato da authentik per ottenere le informazioni dell'utente." + +#: authentik/sources/oauth/models.py:48 +msgid "Additional Scopes" +msgstr "Ambiti aggiuntivi" + +#: authentik/sources/oauth/models.py:107 +msgid "OAuth Source" +msgstr "Sorgente OAuth" + +#: authentik/sources/oauth/models.py:108 +msgid "OAuth Sources" +msgstr "Sorgenti OAuth" + +#: authentik/sources/oauth/models.py:116 +msgid "GitHub OAuth Source" +msgstr "Sorgente OAuth di GitHub" + +#: authentik/sources/oauth/models.py:117 +msgid "GitHub OAuth Sources" +msgstr "Sorgenti OAuth di GitHub" + +#: authentik/sources/oauth/models.py:125 +msgid "Twitch OAuth Source" +msgstr "Sorgente OAuth di Twitch" + +#: authentik/sources/oauth/models.py:126 +msgid "Twitch OAuth Sources" +msgstr "Sorgenti OAuth di Twitch" + +#: authentik/sources/oauth/models.py:134 +msgid "Mailcow OAuth Source" +msgstr "Sorgente OAuth di Mailcow" + +#: authentik/sources/oauth/models.py:135 +msgid "Mailcow OAuth Sources" +msgstr "Sorgenti OAuth di Mailcow" + +#: authentik/sources/oauth/models.py:143 +msgid "Twitter OAuth Source" +msgstr "Sorgente OAuth di Twitter" + +#: authentik/sources/oauth/models.py:144 +msgid "Twitter OAuth Sources" +msgstr "Sorgenti OAuth di Twitter" + +#: authentik/sources/oauth/models.py:152 +msgid "Facebook OAuth Source" +msgstr "Sorgente OAuth di Facebook" + +#: authentik/sources/oauth/models.py:153 +msgid "Facebook OAuth Sources" +msgstr "Sorgenti OAuth di Facebook" + +#: authentik/sources/oauth/models.py:161 +msgid "Discord OAuth Source" +msgstr "Sorgente OAuth di Discord" + +#: authentik/sources/oauth/models.py:162 +msgid "Discord OAuth Sources" +msgstr "Sorgenti OAuth di Discord" + +#: authentik/sources/oauth/models.py:170 +msgid "Patreon OAuth Source" +msgstr "Sorgente OAuth di Patreon" + +#: authentik/sources/oauth/models.py:171 +msgid "Patreon OAuth Sources" +msgstr "Sorgenti OAuth di Patreon" + +#: authentik/sources/oauth/models.py:179 +msgid "Google OAuth Source" +msgstr "Sorgente OAuth di Google" + +#: authentik/sources/oauth/models.py:180 +msgid "Google OAuth Sources" +msgstr "Sorgenti OAuth di Google" + +#: authentik/sources/oauth/models.py:188 +msgid "Azure AD OAuth Source" +msgstr "Sorgente OAuth di Azure AD" + +#: authentik/sources/oauth/models.py:189 +msgid "Azure AD OAuth Sources" +msgstr "Sorgenti OAuth di Azure AD" + +#: authentik/sources/oauth/models.py:197 +msgid "OpenID OAuth Source" +msgstr "Sorgente OAuth di OpenID" + +#: authentik/sources/oauth/models.py:198 +msgid "OpenID OAuth Sources" +msgstr "Sorgenti OAuth di OpenID" + +#: authentik/sources/oauth/models.py:206 +msgid "Apple OAuth Source" +msgstr "Sorgente OAuth di Apple" + +#: authentik/sources/oauth/models.py:207 +msgid "Apple OAuth Sources" +msgstr "Sorgenti OAuth di Apple" + +#: authentik/sources/oauth/models.py:215 +msgid "Okta OAuth Source" +msgstr "Sorgente OAuth di Okta" + +#: authentik/sources/oauth/models.py:216 +msgid "Okta OAuth Sources" +msgstr "Sorgenti OAuth di Okta" + +#: authentik/sources/oauth/models.py:224 +msgid "Reddit OAuth Source" +msgstr "Sorgente OAuth di Reddit" + +#: authentik/sources/oauth/models.py:225 +msgid "Reddit OAuth Sources" +msgstr "Sorgenti OAuth di Reddit" + +#: authentik/sources/oauth/models.py:247 +msgid "User OAuth Source Connection" +msgstr "Connessione origine OAuth utente" + +#: authentik/sources/oauth/models.py:248 +msgid "User OAuth Source Connections" +msgstr "Connessioni origine OAuth utente" + +#: authentik/sources/oauth/views/callback.py:100 +#, python-format +msgid "Authentication failed: %(reason)s" +msgstr "Autenticazione fallita: %(reason)s" + +#: authentik/sources/plex/models.py:37 +msgid "Client identifier used to talk to Plex." +msgstr "Identificatore client utilizzato per comunicare con Plex." + +#: authentik/sources/plex/models.py:44 +msgid "" +"Which servers a user has to be a member of to be granted access. Empty list " +"allows every server." +msgstr "" +"Quali server un utente deve essere membro per ottenere l'accesso. Una lista " +"vuota consente ogni server." + +#: authentik/sources/plex/models.py:50 +msgid "Allow friends to authenticate, even if you don't share a server." +msgstr "" +"Consenti agli amici di autenticarsi, anche se non condividi un server." + +#: authentik/sources/plex/models.py:52 +msgid "Plex token used to check friends" +msgstr "Plex token utilizzato per controllare gli amici" + +#: authentik/sources/plex/models.py:95 +msgid "Plex Source" +msgstr "Sorgente Plex" + +#: authentik/sources/plex/models.py:96 +msgid "Plex Sources" +msgstr "Sorgenti Plex" + +#: authentik/sources/plex/models.py:112 +msgid "User Plex Source Connection" +msgstr "Connessione sorgente Plex utente" + +#: authentik/sources/plex/models.py:113 +msgid "User Plex Source Connections" +msgstr "Connessioni sorgente Plex utente" + +#: authentik/sources/saml/models.py:40 +msgid "Redirect Binding" +msgstr "Associazione reindirizzamento" + +#: authentik/sources/saml/models.py:41 +msgid "POST Binding" +msgstr "Associazione POST" + +#: authentik/sources/saml/models.py:42 +msgid "POST Binding with auto-confirmation" +msgstr "Associazione POST con auto-conferma" + +#: authentik/sources/saml/models.py:70 +msgid "Flow used before authentication." +msgstr "Flusso da usare prima dell'autenticazione." + +#: authentik/sources/saml/models.py:77 +msgid "Issuer" +msgstr "Emittente" + +#: authentik/sources/saml/models.py:78 +msgid "Also known as Entity ID. Defaults the Metadata URL." +msgstr "Anche conosciuto come ID entità. Predefinisce l'URL dei metadati." + +#: authentik/sources/saml/models.py:82 +msgid "SSO URL" +msgstr "URL SSO" + +#: authentik/sources/saml/models.py:83 +msgid "URL that the initial Login request is sent to." +msgstr "URL a cui viene inviata la richiesta di accesso iniziale." + +#: authentik/sources/saml/models.py:89 +msgid "SLO URL" +msgstr "URL SLO" + +#: authentik/sources/saml/models.py:90 +msgid "Optional URL if your IDP supports Single-Logout." +msgstr "URL opzionale se il tuo IDP supporta il Single-Logout." + +#: authentik/sources/saml/models.py:96 +msgid "" +"Allows authentication flows initiated by the IdP. This can be a security " +"risk, as no validation of the request ID is done." +msgstr "" +"Consente i flussi di autenticazione avviati dall'IdP. Questo può " +"rappresentare un rischio per la sicurezza, poiché non viene eseguita alcuna " +"convalida dell'ID richiesta." + +#: authentik/sources/saml/models.py:104 +msgid "" +"NameID Policy sent to the IdP. Can be unset, in which case no Policy is " +"sent." +msgstr "" +"Criterio NameID inviata all'IdP. Può essere disattivato, nel qual caso non " +"verrà inviata alcun criterio." + +#: authentik/sources/saml/models.py:115 +msgid "Delete temporary users after" +msgstr "Elimina gli utenti temporanei dopo" + +#: authentik/sources/saml/models.py:118 +msgid "" +"Time offset when temporary users should be deleted. This only applies if " +"your IDP uses the NameID Format 'transient', and the user doesn't log out " +"manually. (Format: hours=1;minutes=2;seconds=3)." +msgstr "" +"Offset di tempo quando gli utenti temporanei dovrebbero essere eliminati. " +"Questo si applica solo se il tuo IDP utilizza il formato NameID 'transient' " +"e l'utente non effettua il logout manualmente. (Formato: " +"hours=1;minutes=2;seconds=3)." + +#: authentik/sources/saml/models.py:142 +msgid "" +"Keypair used to sign outgoing Responses going to the Identity Provider." +msgstr "" +"Coppia di chiavi utilizzata per firmare le Risposte in uscita inviate " +"all'Identity Provider." + +#: authentik/sources/saml/models.py:226 +msgid "SAML Source" +msgstr "Sorgente SAML" + +#: authentik/sources/saml/models.py:227 +msgid "SAML Sources" +msgstr "Sorgenti SAML" + +#: authentik/sources/saml/models.py:242 +msgid "User SAML Source Connection" +msgstr "User SAML Source Connection" + +#: authentik/sources/saml/models.py:243 +msgid "User SAML Source Connections" +msgstr "User SAML Source Connections" + +#: authentik/stages/authenticator_duo/models.py:79 +msgid "Duo Authenticator Setup Stage" +msgstr "Fase di configurazione dell'autenticatore Duo" + +#: authentik/stages/authenticator_duo/models.py:80 +msgid "Duo Authenticator Setup Stages" +msgstr "Fasi di configurazione dell'autenticatore Duo" + +#: authentik/stages/authenticator_duo/models.py:103 +msgid "Duo Device" +msgstr "Dispositivo Duo" + +#: authentik/stages/authenticator_duo/models.py:104 +msgid "Duo Devices" +msgstr "Dispositivi Duo" + +#: authentik/stages/authenticator_sms/models.py:57 +msgid "" +"When enabled, the Phone number is only used during enrollment to verify the " +"users authenticity. Only a hash of the phone number is saved to ensure it is" +" not reused in the future." +msgstr "" +"Quando abilitato, il numero di telefono viene utilizzato solo durante " +"l'iscrizione per verificare l'autenticità degli utenti. Viene salvato solo " +"un hash del numero di telefono per garantire che non venga riutilizzato in " +"futuro." + +#: authentik/stages/authenticator_sms/models.py:68 +msgid "Optionally modify the payload being sent to custom providers." +msgstr "" +"Opzionalmente modifica il payload che viene inviato ai fornitori " +"personalizzati." + +#: authentik/stages/authenticator_sms/models.py:81 +#, python-format +msgid "Use this code to authenticate in authentik: %(token)s" +msgstr "Usa questo codice per accedere in authentik: %(token)s" + +#: authentik/stages/authenticator_sms/models.py:180 +msgid "SMS Authenticator Setup Stage" +msgstr "Fase di configurazione dell'autenticatore SMS" + +#: authentik/stages/authenticator_sms/models.py:181 +msgid "SMS Authenticator Setup Stages" +msgstr "Fasi di configurazione dell'autenticatore SMS" + +#: authentik/stages/authenticator_sms/models.py:226 +msgid "SMS Device" +msgstr "Dispositivo SMS" + +#: authentik/stages/authenticator_sms/models.py:227 +msgid "SMS Devices" +msgstr "Dispositivi SMS" + +#: authentik/stages/authenticator_sms/stage.py:57 +#: authentik/stages/authenticator_totp/stage.py:41 +#: authentik/stages/authenticator_totp/stage.py:44 +msgid "Code does not match" +msgstr "Il codice non corrisponde" + +#: authentik/stages/authenticator_sms/stage.py:73 +msgid "Invalid phone number" +msgstr "Numero di telefono non valido" + +#: authentik/stages/authenticator_static/models.py:52 +msgid "Static Authenticator Stage" +msgstr "Fase di configurazione dell'autenticatore statico" + +#: authentik/stages/authenticator_static/models.py:53 +msgid "Static Authenticator Stages" +msgstr "Fasi di configurazione dell'autenticatore statico" + +#: authentik/stages/authenticator_static/models.py:98 +msgid "Static Device" +msgstr "Dispositivo statico" + +#: authentik/stages/authenticator_static/models.py:99 +msgid "Static Devices" +msgstr "Dispositivi statici" + +#: authentik/stages/authenticator_static/models.py:129 +msgid "Static Token" +msgstr "Token statico" + +#: authentik/stages/authenticator_static/models.py:130 +msgid "Static Tokens" +msgstr "Token statici" + +#: authentik/stages/authenticator_totp/models.py:25 +msgid "6 digits, widely compatible" +msgstr "6 cifre, molto compatibile" + +#: authentik/stages/authenticator_totp/models.py:26 +msgid "8 digits, not compatible with apps like Google Authenticator" +msgstr "8 cifre, non compatibile con app quali Google Authenticator" + +#: authentik/stages/authenticator_totp/models.py:62 +msgid "TOTP Authenticator Setup Stage" +msgstr "Fase di configurazione dell'autenticatore TOTP" + +#: authentik/stages/authenticator_totp/models.py:63 +msgid "TOTP Authenticator Setup Stages" +msgstr "Fasi di configurazione dell'autenticatore TOTP" + +#: authentik/stages/authenticator_totp/models.py:244 +msgid "TOTP Device" +msgstr "Dispositivo TOTP" + +#: authentik/stages/authenticator_totp/models.py:245 +msgid "TOTP Devices" +msgstr "Dispositivi TOTP" + +#: authentik/stages/authenticator_validate/challenge.py:131 +msgid "Invalid Token" +msgstr "Token invalido" + +#: authentik/stages/authenticator_validate/models.py:18 +msgid "Static" +msgstr "Statico" + +#: authentik/stages/authenticator_validate/models.py:19 +msgid "TOTP" +msgstr "TOTP" + +#: authentik/stages/authenticator_validate/models.py:20 +msgid "WebAuthn" +msgstr "WebAuthn" + +#: authentik/stages/authenticator_validate/models.py:21 +msgid "Duo" +msgstr "Duo" + +#: authentik/stages/authenticator_validate/models.py:22 +msgid "SMS" +msgstr "SMS" + +#: authentik/stages/authenticator_validate/models.py:49 +msgid "" +"Stages used to configure Authenticator when user doesn't have any compatible" +" devices. After this configuration Stage passes, the user is not prompted " +"again." +msgstr "" +"Fasi utilizzate per configurare l'Autenticatore quando l'utente non dispone " +"di dispositivi compatibili. Dopo il superamento di questa configurazione, " +"all'utente non verrà più richiesto." + +#: authentik/stages/authenticator_validate/models.py:56 +msgid "Device classes which can be used to authenticate" +msgstr "" +"Classi di dispositivi che possono essere utilizzate per l'autenticazione" + +#: authentik/stages/authenticator_validate/models.py:64 +msgid "" +"If any of the user's device has been used within this threshold, this stage " +"will be skipped" +msgstr "" +"Se uno qualsiasi dei dispositivi dell'utente è stato utilizzato entro questa" +" soglia, questa fase verrà saltata." + +#: authentik/stages/authenticator_validate/models.py:70 +msgid "Enforce user verification for WebAuthn devices." +msgstr "Rafforza la verifica utente per dispositivi WebAuthn." + +#: authentik/stages/authenticator_validate/models.py:92 +msgid "Authenticator Validation Stage" +msgstr "Fase di convalida dell'autenticatore" + +#: authentik/stages/authenticator_validate/models.py:93 +msgid "Authenticator Validation Stages" +msgstr "Fasi di convalida dell'autenticatore" + +#: authentik/stages/authenticator_webauthn/models.py:112 +msgid "WebAuthn Authenticator Setup Stage" +msgstr "Fase di configurazione dell'autenticatore WebAuthn" + +#: authentik/stages/authenticator_webauthn/models.py:113 +msgid "WebAuthn Authenticator Setup Stages" +msgstr "Fasi di configurazione dell'autenticatore WebAuthn" + +#: authentik/stages/authenticator_webauthn/models.py:151 +msgid "WebAuthn Device" +msgstr "Dispositivo WebAuthn" + +#: authentik/stages/authenticator_webauthn/models.py:152 +msgid "WebAuthn Devices" +msgstr "Dispositivi WebAuthn" + +#: authentik/stages/captcha/models.py:14 +msgid "Public key, acquired your captcha Provider." +msgstr "Chiave pubblica, acquisito il tuo provider di captcha." + +#: authentik/stages/captcha/models.py:15 +msgid "Private key, acquired your captcha Provider." +msgstr "Chiave privata, acquisito il tuo fornitore di captcha." + +#: authentik/stages/captcha/models.py:37 +msgid "Captcha Stage" +msgstr "Fase Captcha" + +#: authentik/stages/captcha/models.py:38 +msgid "Captcha Stages" +msgstr "Fasi Captcha" + +#: authentik/stages/consent/models.py:30 +msgid "" +"Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)." +msgstr "" +"Compensazione dopo la quale il consenso scade. (Formato: " +"ore=1;minuti=2;secondi=3)." + +#: authentik/stages/consent/models.py:50 +msgid "Consent Stage" +msgstr "Fase consenso" + +#: authentik/stages/consent/models.py:51 +msgid "Consent Stages" +msgstr "Fasi consenso" + +#: authentik/stages/consent/models.py:72 +msgid "User Consent" +msgstr "Consenso utente" + +#: authentik/stages/consent/models.py:73 +msgid "User Consents" +msgstr "Consensi utente" + +#: authentik/stages/deny/models.py:32 +msgid "Deny Stage" +msgstr "Fase di negazione" + +#: authentik/stages/deny/models.py:33 +msgid "Deny Stages" +msgstr "Fasi di negazione" + +#: authentik/stages/dummy/models.py:34 +msgid "Dummy Stage" +msgstr "Fase fittizia" + +#: authentik/stages/dummy/models.py:35 +msgid "Dummy Stages" +msgstr "Fasi fittizie" + +#: authentik/stages/email/models.py:26 +msgid "Password Reset" +msgstr "Ripristino password" + +#: authentik/stages/email/models.py:30 +msgid "Account Confirmation" +msgstr "Conferma dell'account" + +#: authentik/stages/email/models.py:59 +msgid "" +"When enabled, global Email connection settings will be used and connection " +"settings below will be ignored." +msgstr "" +"Se abilitato, verranno utilizzate le impostazioni di connessione e-mail " +"globali e le impostazioni di connessione riportate di seguito verranno " +"ignorate." + +#: authentik/stages/email/models.py:74 +msgid "Activate users upon completion of stage." +msgstr "Attiva gli utenti al completamento della fase." + +#: authentik/stages/email/models.py:78 +msgid "Time in minutes the token sent is valid." +msgstr "Tempo in minuti in cui il token inviato è valido." + +#: authentik/stages/email/models.py:132 +msgid "Email Stage" +msgstr "Fase email" + +#: authentik/stages/email/models.py:133 +msgid "Email Stages" +msgstr "Fasi Email" + +#: authentik/stages/email/stage.py:126 +msgid "Exception occurred while rendering E-mail template" +msgstr "" +"Eccezione verificatasi durante la visualizzazione del modello di posta " +"elettronica" + +#: authentik/stages/email/stage.py:140 +msgid "Successfully verified Email." +msgstr "Email verificato con successo." + +#: authentik/stages/email/stage.py:147 authentik/stages/email/stage.py:173 +msgid "No pending user." +msgstr "Nessun utente in attesa." + +#: authentik/stages/email/stage.py:163 +msgid "Email sent." +msgstr "Email inviata." + +#: authentik/stages/email/stage.py:176 +msgid "Email Successfully sent." +msgstr "Email inviata con successo." + +#: authentik/stages/email/templates/email/account_confirmation.html:10 +msgid "Welcome!" +msgstr "Benvenuto!" + +#: authentik/stages/email/templates/email/account_confirmation.html:19 +msgid "" +"We're excited to have you get started. First, you need to confirm your " +"account. Just press the button below." +msgstr "" +"Siamo entusiasti che tu inizi. Per prima cosa devi confermare il tuo " +"account. Basta premere il pulsante qui sotto." + +#: authentik/stages/email/templates/email/account_confirmation.html:24 +msgid "Confirm Account" +msgstr "Conferma Account" + +#: authentik/stages/email/templates/email/account_confirmation.html:36 +#, python-format +msgid "" +"\n" +" If that doesn't work, copy and paste the following link in your browser: %(url)s\n" +" " +msgstr "" +"\n" +" Se questo non funziona, copia ed incolla il seguente link nel tuo browser: %(url)s\n" +" " + +#: authentik/stages/email/templates/email/event_notification.html:46 +#, python-format +msgid "" +"\n" +" This email was sent from the notification transport %(name)s.\n" +" " +msgstr "" +"\n" +" Questa email è stata inviata dal trasporto di notifica %(name)s." + +#: authentik/stages/email/templates/email/password_reset.html:10 +#, python-format +msgid "" +"\n" +" Hi %(username)s,\n" +" " +msgstr "" +"\n" +" Ciao %(username)s,\n" +" " + +#: authentik/stages/email/templates/email/password_reset.html:21 +msgid "" +"\n" +" You recently requested to change your password for your authentik account. Use the button below to set a new password.\n" +" " +msgstr "" +"\n" +" Hai recentemente richiesto di cambiare la tua password per il tuo account authentik. Utilizza il pulsante qui sotto per impostare una nuova password." + +#: authentik/stages/email/templates/email/password_reset.html:39 +#, python-format +msgid "" +"\n" +" If you did not request a password change, please ignore this Email. The link above is valid for %(expires)s.\n" +" " +msgstr "" +"\n" +" Se non hai richiesto una modifica della password, ignora questa email. Il link sopra è valido \n" +"per %(expires)s." + +#: authentik/stages/email/templates/email/setup.html:9 +msgid "authentik Test-Email" +msgstr "e-mail di prova di authentik" + +#: authentik/stages/email/templates/email/setup.html:17 +msgid "" +"\n" +" This is a test email to inform you, that you've successfully configured authentik emails.\n" +" " +msgstr "" +"\n" +" Questa è un'e-mail di prova per informarti che hai configurato correttamente le e-mail di authentik.\n" +" " + +#: authentik/stages/identification/api.py:20 +msgid "When no user fields are selected, at least one source must be selected" +msgstr "" +"Quando non viene selezionato alcun campo utente, è necessario selezionare " +"almeno una sorgente" + +#: authentik/stages/identification/models.py:29 +msgid "" +"Fields of the user object to match against. (Hold shift to select multiple " +"options)" +msgstr "" +"Campi dell'oggetto utente da confrontare. (Mantieni premuto il tasto Maiusc " +"per selezionare più opzioni)" + +#: authentik/stages/identification/models.py:47 +msgid "When enabled, user fields are matched regardless of their casing." +msgstr "" +"Quando abilitato, i campi utente vengono abbinati indipendentemente dalla " +"loro capitalizzazione." + +#: authentik/stages/identification/models.py:52 +msgid "" +"When a valid username/email has been entered, and this option is enabled, " +"the user's username and avatar will be shown. Otherwise, the text that the " +"user entered will be shown" +msgstr "" +"Quando viene inserito un nome utente/email valido e questa opzione è " +"abilitata, verranno mostrati il nome utente e l'avatar dell'utente. " +"Altrimenti, verrà mostrato il testo inserito dall'utente." + +#: authentik/stages/identification/models.py:60 +msgid "" +"When enabled, the stage will succeed and continue even when incorrect user " +"info is entered." +msgstr "" +"Quando abilitato, la fase avrà successo e continuerà anche quando vengono " +"inserite informazioni utente errate." + +#: authentik/stages/identification/models.py:72 +msgid "Optional enrollment flow, which is linked at the bottom of the page." +msgstr "Flusso di iscrizione opzionale, che è collegato in fondo alla pagina." + +#: authentik/stages/identification/models.py:81 +msgid "Optional recovery flow, which is linked at the bottom of the page." +msgstr "" +"Flusso di recupero opzionale, mostrato nella parte sottostante della pagina." + +#: authentik/stages/identification/models.py:90 +msgid "Optional passwordless flow, which is linked at the bottom of the page." +msgstr "" +"Flusso passwordless opzionale, mostrato nella parte sottostante della " +"pagina." + +#: authentik/stages/identification/models.py:94 +msgid "Specify which sources should be shown." +msgstr "Specifica quali sorgenti devono essere mostrati." + +#: authentik/stages/identification/models.py:115 +msgid "Identification Stage" +msgstr "Fase di identificazione" + +#: authentik/stages/identification/models.py:116 +msgid "Identification Stages" +msgstr "Fasi di identificazione" + +#: authentik/stages/identification/stage.py:188 +msgid "Log in" +msgstr "Accedi" + +#: authentik/stages/identification/stage.py:189 +msgid "Continue" +msgstr "Continua" + +#: authentik/stages/invitation/models.py:21 +msgid "" +"If this flag is set, this Stage will jump to the next Stage when no " +"Invitation is given. By default this Stage will cancel the Flow when no " +"invitation is given." +msgstr "" +"Se questo flag è impostato, questa fase passerà alla fase successiva quando " +"non viene dato alcun invito. Per impostazione predefinita, questa fase " +"annullerà il flusso quando non viene fornito alcun invito." + +#: authentik/stages/invitation/models.py:44 +msgid "Invitation Stage" +msgstr "Fase di invito" + +#: authentik/stages/invitation/models.py:45 +msgid "Invitation Stages" +msgstr "Fasi di invito" + +#: authentik/stages/invitation/models.py:60 +msgid "When set, only the configured flow can use this invitation." +msgstr "Quando impostato, solo il flusso configurato può usare questo invito." + +#: authentik/stages/invitation/models.py:64 +msgid "When enabled, the invitation will be deleted after usage." +msgstr "Se abilitato, l'invito verrà eliminato dopo l'utilizzo." + +#: authentik/stages/invitation/models.py:71 +msgid "Optional fixed data to enforce on user enrollment." +msgstr "Dati fissi facoltativi da applicare alla registrazione dell'utente." + +#: authentik/stages/invitation/models.py:84 +msgid "Invitation" +msgstr "Invito" + +#: authentik/stages/invitation/models.py:85 +msgid "Invitations" +msgstr "Inviti" + +#: authentik/stages/invitation/stage.py:62 +msgid "Invalid invite/invite not found" +msgstr "Invito non disponibile" + +#: authentik/stages/password/models.py:20 +msgid "User database + standard password" +msgstr "Database utente + password standard" + +#: authentik/stages/password/models.py:24 +msgid "User database + app passwords" +msgstr "Database utente + password app" + +#: authentik/stages/password/models.py:28 +msgid "User database + LDAP password" +msgstr "Database utenti + password LDAP" + +#: authentik/stages/password/models.py:38 +msgid "Selection of backends to test the password against." +msgstr "Selezione di backend su cui testare la password." + +#: authentik/stages/password/models.py:43 +msgid "" +"How many attempts a user has before the flow is canceled. To lock the user " +"out, use a reputation policy and a user_write stage." +msgstr "" +"Quanti tentativi ha un utente prima che il flusso venga annullato. Per " +"escludere l'utente, utilizzare un criterio di reputazione e una fase " +"user_write." + +#: authentik/stages/password/models.py:75 +msgid "Password Stage" +msgstr "Fase della password" + +#: authentik/stages/password/models.py:76 +msgid "Password Stages" +msgstr "Fasi della password" + +#: authentik/stages/password/stage.py:124 +msgid "Invalid password" +msgstr "Password invalida" + +#: authentik/stages/prompt/models.py:43 +msgid "Text: Simple Text input" +msgstr "Testo: Input di testo semplice" + +#: authentik/stages/prompt/models.py:45 +msgid "Text area: Multiline Text Input." +msgstr "Area di testo: Input di testo multilinea." + +#: authentik/stages/prompt/models.py:48 +msgid "Text (read-only): Simple Text input, but cannot be edited." +msgstr "Testo (sola lettura): Input di testo semplice, ma non modificabile." + +#: authentik/stages/prompt/models.py:52 +msgid "Text area (read-only): Multiline Text input, but cannot be edited." +msgstr "" +"Area di testo (sola lettura): Input di testo su più righe, ma non può essere" +" modificato." + +#: authentik/stages/prompt/models.py:58 +msgid "" +"Username: Same as Text input, but checks for and prevents duplicate " +"usernames." +msgstr "" +"Nome utente: Uguale all'input di testo, ma controlla e impedisce i nomi " +"utente duplicati." + +#: authentik/stages/prompt/models.py:60 +msgid "Email: Text field with Email type." +msgstr "E-mail: Campo di testo con il tipo di e-mail." + +#: authentik/stages/prompt/models.py:64 +msgid "" +"Password: Masked input, multiple inputs of this type on the same prompt need" +" to be identical." +msgstr "" +"Password: Input mascherato, più input di questo tipo sullo stesso prompt " +"devono essere identici." + +#: authentik/stages/prompt/models.py:71 +msgid "Fixed choice field rendered as a group of radio buttons." +msgstr "Campo a scelta fissa mostrato come gruppo di pulsanti radio." + +#: authentik/stages/prompt/models.py:73 +msgid "Fixed choice field rendered as a dropdown." +msgstr "Campo a scelta fissa mostrato come menu a discesa." + +#: authentik/stages/prompt/models.py:80 +msgid "" +"File: File upload for arbitrary files. File content will be available in " +"flow context as data-URI" +msgstr "" +"File: Caricamento di file per file arbitrari. Il contenuto del file sarà " +"disponibile nel contesto del flusso come dati-URI" + +#: authentik/stages/prompt/models.py:85 +msgid "Separator: Static Separator Line" +msgstr "Separatore: Linea di separazione statica" + +#: authentik/stages/prompt/models.py:86 +msgid "Hidden: Hidden field, can be used to insert data into form." +msgstr "" +"Nascosto: Campo nascosto, può essere utilizzato per inserire dati nel " +"modulo." + +#: authentik/stages/prompt/models.py:87 +msgid "Static: Static value, displayed as-is." +msgstr "Statico: Valore statico, visualizzato così com'è." + +#: authentik/stages/prompt/models.py:89 +msgid "authentik: Selection of locales authentik supports" +msgstr "" +"authentik: Selezione delle impostazioni locali supportate da authentik" + +#: authentik/stages/prompt/models.py:116 +msgid "Name of the form field, also used to store the value" +msgstr "Nome del campo del modulo, utilizzato anche per memorizzare il valore" + +#: authentik/stages/prompt/models.py:124 +msgid "" +"Optionally provide a short hint that describes the expected input value. " +"When creating a fixed choice field, enable interpreting as expression and " +"return a list to return multiple choices." +msgstr "" +"Opzionalmente fornire un breve suggerimento che descrive il valore di input " +"previsto. Quando si crea un campo di scelta fissa, abilitare " +"l'interpretazione come espressione e restituire una lista per restituire " +"scelte multiple." + +#: authentik/stages/prompt/models.py:132 +msgid "" +"Optionally pre-fill the input with an initial value. When creating a fixed " +"choice field, enable interpreting as expression and return a list to return " +"multiple default choices." +msgstr "" +"Opzionalmente precompila l'input con un valore iniziale. Quando si crea un " +"campo di scelta fissa, abilita l'interpretazione come espressione e " +"restituisci una lista per restituire più scelte predefinite." + +#: authentik/stages/prompt/models.py:321 +msgid "Prompt" +msgstr "Richiesta" + +#: authentik/stages/prompt/models.py:322 +msgid "Prompts" +msgstr "Richieste" + +#: authentik/stages/prompt/models.py:349 +msgid "Prompt Stage" +msgstr "Fase Richiesta" + +#: authentik/stages/prompt/models.py:350 +msgid "Prompt Stages" +msgstr "Fasi Richiesta" + +#: authentik/stages/prompt/stage.py:108 +msgid "Passwords don't match." +msgstr "Le password non corrispondono." + +#: authentik/stages/user_delete/models.py:31 +msgid "User Delete Stage" +msgstr "Fase di cancellazione dell'utente" + +#: authentik/stages/user_delete/models.py:32 +msgid "User Delete Stages" +msgstr "Fasi di cancellazione dell'utente" + +#: authentik/stages/user_delete/stage.py:18 +msgid "No Pending User." +msgstr "Nessun utente in attesa." + +#: authentik/stages/user_login/models.py:19 +msgid "" +"Determines how long a session lasts. Default of 0 means that the sessions " +"lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" +"Determina quanto può durare una sessione. Se impostato a 0, la sessione " +"durerà fino alla chiusura del browser. (Formato: " +"hours=-1;minutes=-2;seconds=-3)" + +#: authentik/stages/user_login/models.py:25 +msgid "Terminate all other sessions of the user logging in." +msgstr "Termina tutte le altre sessioni dell'utente che accede." + +#: authentik/stages/user_login/models.py:31 +msgid "" +"Offset the session will be extended by when the user picks the remember me " +"option. Default of 0 means that the remember me option will not be shown. " +"(Format: hours=-1;minutes=-2;seconds=-3)" +msgstr "" +"Offset la sessione verrà estesa quando l'utente seleziona l'opzione " +"ricordami. Il valore predefinito di 0 significa che l'opzione ricordami non " +"verrà mostrata. (Formato: hours=-1;minutes=-2;seconds=-3)" + +#: authentik/stages/user_login/models.py:54 +msgid "User Login Stage" +msgstr "Fase di accesso utente" + +#: authentik/stages/user_login/models.py:55 +msgid "User Login Stages" +msgstr "Fasi di accesso utente" + +#: authentik/stages/user_login/stage.py:57 +msgid "No Pending user to login." +msgstr "Nessun utente in attesa di accesso." + +#: authentik/stages/user_login/stage.py:90 +msgid "Successfully logged in!" +msgstr "Accesso effettuato!" + +#: authentik/stages/user_logout/models.py:30 +msgid "User Logout Stage" +msgstr "Fase di disconnessione dell'utente" + +#: authentik/stages/user_logout/models.py:31 +msgid "User Logout Stages" +msgstr "Fasi di disconnessione dell'utente" + +#: authentik/stages/user_write/models.py:31 +msgid "When set, newly created users are inactive and cannot login." +msgstr "Se specificato, i nuovi utenti sono inattivi e non possono accedere." + +#: authentik/stages/user_write/models.py:39 +msgid "Optionally add newly created users to this group." +msgstr "Opzionalmente, aggiungi gli utenti appena creati a questo gruppo." + +#: authentik/stages/user_write/models.py:68 +msgid "User Write Stage" +msgstr "Fase di scrittura dell'utente" + +#: authentik/stages/user_write/models.py:69 +msgid "User Write Stages" +msgstr "Fasi di scrittura dell'utente" + +#: authentik/stages/user_write/stage.py:141 +msgid "No Pending data." +msgstr "Nessun dato in attesa." + +#: authentik/stages/user_write/stage.py:147 +msgid "No user found and can't create new user." +msgstr "Nessun utente trovato e impossibile creare un nuovo utente." + +#: authentik/stages/user_write/stage.py:164 +#: authentik/stages/user_write/stage.py:178 +msgid "Failed to update user. Please try again later." +msgstr "Impossibile aggiornare l'utente. Per favore riprova più tardi." + +#: authentik/tenants/models.py:23 +msgid "" +"Domain that activates this tenant. Can be a superset, i.e. `a.b` for `aa.b` " +"and `ba.b`" +msgstr "" +"Dominio che attiva questo tenant. Può essere un superset, ad esempio `a.b` " +"per `aa.b` e `ba.b`" + +#: authentik/tenants/models.py:58 +msgid "" +"Events will be deleted after this duration.(Format: " +"weeks=3;days=2;hours=3,seconds=2)." +msgstr "" +"Gli eventi saranno cancellati dopo questa durata. (Formato: " +"weeks=3;days=2;hours=3,seconds=2)." + +#: authentik/tenants/models.py:67 +msgid "Web Certificate used by the authentik Core webserver." +msgstr "Certificato Web utilizzato dal server Web authentik Core." + +#: authentik/tenants/models.py:93 +msgid "Tenant" +msgstr "Tenant" + +#: authentik/tenants/models.py:94 +msgid "Tenants" +msgstr "Tenants" diff --git a/locale/zh_CN/LC_MESSAGES/django.mo b/locale/zh_CN/LC_MESSAGES/django.mo index 221747fab..2d4f24324 100644 Binary files a/locale/zh_CN/LC_MESSAGES/django.mo and b/locale/zh_CN/LC_MESSAGES/django.mo differ diff --git a/poetry.lock b/poetry.lock index eca348731..faeb961ef 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,10 +1,9 @@ -# This file is automatically @generated by Poetry and should not be changed by hand. +# This file is automatically @generated by Poetry 1.7.0 and should not be changed by hand. [[package]] name = "aiohttp" version = "3.9.1" description = "Async http client/server framework (asyncio)" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -100,7 +99,6 @@ speedups = ["Brotli", "aiodns", "brotlicffi"] name = "aiohttp-retry" version = "2.8.3" description = "Simple retry client for aiohttp" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -115,7 +113,6 @@ aiohttp = "*" name = "aiosignal" version = "1.3.1" description = "aiosignal: a list of registered asynchronous callbacks" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -130,7 +127,6 @@ frozenlist = ">=1.1.0" name = "amqp" version = "5.2.0" description = "Low-level AMQP client for Python (fork of amqplib)." -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -145,7 +141,6 @@ vine = ">=5.0.0,<6.0.0" name = "annotated-types" version = "0.6.0" description = "Reusable constraint types to use with typing.Annotated" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -157,7 +152,6 @@ files = [ name = "anyio" version = "4.2.0" description = "High level compatibility layer for multiple asynchronous event loop implementations" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -178,7 +172,6 @@ trio = ["trio (>=0.23)"] name = "argon2-cffi" version = "23.1.0" description = "Argon2 for Python" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -199,7 +192,6 @@ typing = ["mypy"] name = "argon2-cffi-bindings" version = "21.2.0" description = "Low-level CFFI bindings for Argon2" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -237,7 +229,6 @@ tests = ["pytest"] name = "asgiref" version = "3.7.2" description = "ASGI specs, helper code, and adapters" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -252,7 +243,6 @@ tests = ["mypy (>=0.800)", "pytest", "pytest-asyncio"] name = "asn1crypto" version = "1.5.1" description = "Fast ASN.1 parser and serializer with definitions for private keys, public keys, certificates, CRL, OCSP, CMS, PKCS#3, PKCS#7, PKCS#8, PKCS#12, PKCS#5, X.509 and TSP" -category = "main" optional = false python-versions = "*" files = [ @@ -264,7 +254,6 @@ files = [ name = "astroid" version = "3.0.2" description = "An abstract syntax tree for Python with inference support." -category = "dev" optional = false python-versions = ">=3.8.0" files = [ @@ -274,28 +263,27 @@ files = [ [[package]] name = "attrs" -version = "23.1.0" +version = "23.2.0" description = "Classes Without Boilerplate" -category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "attrs-23.1.0-py3-none-any.whl", hash = "sha256:1f28b4522cdc2fb4256ac1a020c78acf9cba2c6b461ccd2c126f3aa8e8335d04"}, - {file = "attrs-23.1.0.tar.gz", hash = "sha256:6279836d581513a26f1bf235f9acd333bc9115683f14f7e8fae46c98fc50e015"}, + {file = "attrs-23.2.0-py3-none-any.whl", hash = "sha256:99b87a485a5820b23b879f04c2305b44b951b502fd64be915879d77a7e8fc6f1"}, + {file = "attrs-23.2.0.tar.gz", hash = "sha256:935dc3b529c262f6cf76e50877d35a4bd3c1de194fd41f47a2b7ae8f19971f30"}, ] [package.extras] cov = ["attrs[tests]", "coverage[toml] (>=5.3)"] -dev = ["attrs[docs,tests]", "pre-commit"] +dev = ["attrs[tests]", "pre-commit"] docs = ["furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-towncrier", "towncrier", "zope-interface"] tests = ["attrs[tests-no-zope]", "zope-interface"] -tests-no-zope = ["cloudpickle", "hypothesis", "mypy (>=1.1.1)", "pympler", "pytest (>=4.3.0)", "pytest-mypy-plugins", "pytest-xdist[psutil]"] +tests-mypy = ["mypy (>=1.6)", "pytest-mypy-plugins"] +tests-no-zope = ["attrs[tests-mypy]", "cloudpickle", "hypothesis", "pympler", "pytest (>=4.3.0)", "pytest-xdist[psutil]"] [[package]] name = "autobahn" version = "23.6.2" description = "WebSocket client & server library, WAMP real-time framework" -category = "main" optional = false python-versions = ">=3.9" files = [ @@ -324,7 +312,6 @@ xbr = ["base58 (>=2.1.0)", "bitarray (>=2.7.5)", "cbor2 (>=5.2.0)", "click (>=8. name = "automat" version = "22.10.0" description = "Self-service finite-state machines for the programmer on the go." -category = "main" optional = false python-versions = "*" files = [ @@ -343,7 +330,6 @@ visualize = ["Twisted (>=16.1.1)", "graphviz (>0.5.1)"] name = "autopep8" version = "2.0.4" description = "A tool that automatically formats Python code to conform to the PEP 8 style guide" -category = "dev" optional = false python-versions = ">=3.6" files = [ @@ -358,7 +344,6 @@ pycodestyle = ">=2.10.0" name = "bandit" version = "1.7.6" description = "Security oriented static analyser for python code." -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -382,7 +367,6 @@ yaml = ["PyYAML"] name = "bcrypt" version = "4.1.2" description = "Modern password hashing for your software and your servers" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -423,7 +407,6 @@ typecheck = ["mypy"] name = "billiard" version = "4.2.0" description = "Python multiprocessing fork with improvements and bugfixes" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -433,34 +416,33 @@ files = [ [[package]] name = "black" -version = "23.12.0" +version = "23.12.1" description = "The uncompromising code formatter." -category = "dev" optional = false python-versions = ">=3.8" files = [ - {file = "black-23.12.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:67f19562d367468ab59bd6c36a72b2c84bc2f16b59788690e02bbcb140a77175"}, - {file = "black-23.12.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:bbd75d9f28a7283b7426160ca21c5bd640ca7cd8ef6630b4754b6df9e2da8462"}, - {file = "black-23.12.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:593596f699ca2dcbbbdfa59fcda7d8ad6604370c10228223cd6cf6ce1ce7ed7e"}, - {file = "black-23.12.0-cp310-cp310-win_amd64.whl", hash = "sha256:12d5f10cce8dc27202e9a252acd1c9a426c83f95496c959406c96b785a92bb7d"}, - {file = "black-23.12.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:e73c5e3d37e5a3513d16b33305713237a234396ae56769b839d7c40759b8a41c"}, - {file = "black-23.12.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ba09cae1657c4f8a8c9ff6cfd4a6baaf915bb4ef7d03acffe6a2f6585fa1bd01"}, - {file = "black-23.12.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ace64c1a349c162d6da3cef91e3b0e78c4fc596ffde9413efa0525456148873d"}, - {file = "black-23.12.0-cp311-cp311-win_amd64.whl", hash = "sha256:72db37a2266b16d256b3ea88b9affcdd5c41a74db551ec3dd4609a59c17d25bf"}, - {file = "black-23.12.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:fdf6f23c83078a6c8da2442f4d4eeb19c28ac2a6416da7671b72f0295c4a697b"}, - {file = "black-23.12.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:39dda060b9b395a6b7bf9c5db28ac87b3c3f48d4fdff470fa8a94ab8271da47e"}, - {file = "black-23.12.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7231670266ca5191a76cb838185d9be59cfa4f5dd401b7c1c70b993c58f6b1b5"}, - {file = "black-23.12.0-cp312-cp312-win_amd64.whl", hash = "sha256:193946e634e80bfb3aec41830f5d7431f8dd5b20d11d89be14b84a97c6b8bc75"}, - {file = "black-23.12.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:bcf91b01ddd91a2fed9a8006d7baa94ccefe7e518556470cf40213bd3d44bbbc"}, - {file = "black-23.12.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:996650a89fe5892714ea4ea87bc45e41a59a1e01675c42c433a35b490e5aa3f0"}, - {file = "black-23.12.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bdbff34c487239a63d86db0c9385b27cdd68b1bfa4e706aa74bb94a435403672"}, - {file = "black-23.12.0-cp38-cp38-win_amd64.whl", hash = "sha256:97af22278043a6a1272daca10a6f4d36c04dfa77e61cbaaf4482e08f3640e9f0"}, - {file = "black-23.12.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:ead25c273adfad1095a8ad32afdb8304933efba56e3c1d31b0fee4143a1e424a"}, - {file = "black-23.12.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:c71048345bdbced456cddf1622832276d98a710196b842407840ae8055ade6ee"}, - {file = "black-23.12.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:81a832b6e00eef2c13b3239d514ea3b7d5cc3eaa03d0474eedcbbda59441ba5d"}, - {file = "black-23.12.0-cp39-cp39-win_amd64.whl", hash = "sha256:6a82a711d13e61840fb11a6dfecc7287f2424f1ca34765e70c909a35ffa7fb95"}, - {file = "black-23.12.0-py3-none-any.whl", hash = "sha256:a7c07db8200b5315dc07e331dda4d889a56f6bf4db6a9c2a526fa3166a81614f"}, - {file = "black-23.12.0.tar.gz", hash = "sha256:330a327b422aca0634ecd115985c1c7fd7bdb5b5a2ef8aa9888a82e2ebe9437a"}, + {file = "black-23.12.1-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:e0aaf6041986767a5e0ce663c7a2f0e9eaf21e6ff87a5f95cbf3675bfd4c41d2"}, + {file = "black-23.12.1-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:c88b3711d12905b74206227109272673edce0cb29f27e1385f33b0163c414bba"}, + {file = "black-23.12.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a920b569dc6b3472513ba6ddea21f440d4b4c699494d2e972a1753cdc25df7b0"}, + {file = "black-23.12.1-cp310-cp310-win_amd64.whl", hash = "sha256:3fa4be75ef2a6b96ea8d92b1587dd8cb3a35c7e3d51f0738ced0781c3aa3a5a3"}, + {file = "black-23.12.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:8d4df77958a622f9b5a4c96edb4b8c0034f8434032ab11077ec6c56ae9f384ba"}, + {file = "black-23.12.1-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:602cfb1196dc692424c70b6507593a2b29aac0547c1be9a1d1365f0d964c353b"}, + {file = "black-23.12.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9c4352800f14be5b4864016882cdba10755bd50805c95f728011bcb47a4afd59"}, + {file = "black-23.12.1-cp311-cp311-win_amd64.whl", hash = "sha256:0808494f2b2df923ffc5723ed3c7b096bd76341f6213989759287611e9837d50"}, + {file = "black-23.12.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:25e57fd232a6d6ff3f4478a6fd0580838e47c93c83eaf1ccc92d4faf27112c4e"}, + {file = "black-23.12.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2d9e13db441c509a3763a7a3d9a49ccc1b4e974a47be4e08ade2a228876500ec"}, + {file = "black-23.12.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6d1bd9c210f8b109b1762ec9fd36592fdd528485aadb3f5849b2740ef17e674e"}, + {file = "black-23.12.1-cp312-cp312-win_amd64.whl", hash = "sha256:ae76c22bde5cbb6bfd211ec343ded2163bba7883c7bc77f6b756a1049436fbb9"}, + {file = "black-23.12.1-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:1fa88a0f74e50e4487477bc0bb900c6781dbddfdfa32691e780bf854c3b4a47f"}, + {file = "black-23.12.1-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:a4d6a9668e45ad99d2f8ec70d5c8c04ef4f32f648ef39048d010b0689832ec6d"}, + {file = "black-23.12.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b18fb2ae6c4bb63eebe5be6bd869ba2f14fd0259bda7d18a46b764d8fb86298a"}, + {file = "black-23.12.1-cp38-cp38-win_amd64.whl", hash = "sha256:c04b6d9d20e9c13f43eee8ea87d44156b8505ca8a3c878773f68b4e4812a421e"}, + {file = "black-23.12.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3e1b38b3135fd4c025c28c55ddfc236b05af657828a8a6abe5deec419a0b7055"}, + {file = "black-23.12.1-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:4f0031eaa7b921db76decd73636ef3a12c942ed367d8c3841a0739412b260a54"}, + {file = "black-23.12.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:97e56155c6b737854e60a9ab1c598ff2533d57e7506d97af5481141671abf3ea"}, + {file = "black-23.12.1-cp39-cp39-win_amd64.whl", hash = "sha256:dd15245c8b68fe2b6bd0f32c1556509d11bb33aec9b5d0866dd8e2ed3dba09c2"}, + {file = "black-23.12.1-py3-none-any.whl", hash = "sha256:78baad24af0f033958cad29731e27363183e140962595def56423e626f4bee3e"}, + {file = "black-23.12.1.tar.gz", hash = "sha256:4ce3ef14ebe8d9509188014d96af1c456a910d5b5cbf434a09fef7e024b3d0d5"}, ] [package.dependencies] @@ -480,7 +462,6 @@ uvloop = ["uvloop (>=0.15.2)"] name = "boto3" version = "1.33.12" description = "The AWS SDK for Python" -category = "main" optional = false python-versions = ">= 3.7" files = [ @@ -500,7 +481,6 @@ crt = ["botocore[crt] (>=1.21.0,<2.0a0)"] name = "botocore" version = "1.33.12" description = "Low-level, data-driven core of boto 3." -category = "main" optional = false python-versions = ">= 3.7" files = [ @@ -520,7 +500,6 @@ crt = ["awscrt (==0.19.17)"] name = "bump2version" version = "1.0.1" description = "Version-bump your software with a single command!" -category = "dev" optional = false python-versions = ">=3.5" files = [ @@ -532,7 +511,6 @@ files = [ name = "cachetools" version = "5.3.2" description = "Extensible memoizing collections and decorators" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -544,7 +522,6 @@ files = [ name = "cbor2" version = "5.5.1" description = "CBOR (de)serializer with extensive tag support" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -596,7 +573,6 @@ test = ["coverage (>=7)", "hypothesis", "pytest"] name = "celery" version = "5.3.6" description = "Distributed Task Queue." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -652,7 +628,6 @@ zstd = ["zstandard (==0.22.0)"] name = "certifi" version = "2023.11.17" description = "Python package for providing Mozilla's CA Bundle." -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -664,7 +639,6 @@ files = [ name = "cffi" version = "1.16.0" description = "Foreign Function Interface for Python calling C code." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -729,7 +703,6 @@ pycparser = "*" name = "channels" version = "4.0.0" description = "Brings async, event-driven capabilities to Django 3.2 and up." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -750,7 +723,6 @@ tests = ["async-timeout", "coverage (>=4.5,<5.0)", "pytest", "pytest-asyncio", " name = "channels-redis" version = "4.1.0" description = "Redis-backed ASGI channel layer implementation" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -772,7 +744,6 @@ tests = ["async-timeout", "cryptography (>=1.3.0)", "pytest", "pytest-asyncio", name = "charset-normalizer" version = "3.3.2" description = "The Real First Universal Charset Detector. Open, modern and actively maintained alternative to Chardet." -category = "main" optional = false python-versions = ">=3.7.0" files = [ @@ -872,7 +843,6 @@ files = [ name = "click" version = "8.1.7" description = "Composable command line interface toolkit" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -887,7 +857,6 @@ colorama = {version = "*", markers = "platform_system == \"Windows\""} name = "click-didyoumean" version = "0.3.0" description = "Enables git-like *did-you-mean* feature in click" -category = "main" optional = false python-versions = ">=3.6.2,<4.0.0" files = [ @@ -902,7 +871,6 @@ click = ">=7" name = "click-plugins" version = "1.1.1" description = "An extension module for click to enable registering CLI commands via setuptools entry-points." -category = "main" optional = false python-versions = "*" files = [ @@ -920,7 +888,6 @@ dev = ["coveralls", "pytest (>=3.6)", "pytest-cov", "wheel"] name = "click-repl" version = "0.3.0" description = "REPL plugin for Click" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -939,7 +906,6 @@ testing = ["pytest (>=7.2.1)", "pytest-cov (>=4.0.0)", "tox (>=4.4.3)"] name = "codespell" version = "2.2.6" description = "Codespell" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -957,7 +923,6 @@ types = ["chardet (>=5.1.0)", "mypy", "pytest", "pytest-cov", "pytest-dependency name = "colorama" version = "0.4.6" description = "Cross-platform colored terminal text." -category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7" files = [ @@ -969,7 +934,6 @@ files = [ name = "constantly" version = "23.10.4" description = "Symbolic constants in Python" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -979,64 +943,63 @@ files = [ [[package]] name = "coverage" -version = "7.3.3" +version = "7.4.0" description = "Code coverage measurement for Python" -category = "dev" optional = false python-versions = ">=3.8" files = [ - {file = "coverage-7.3.3-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:d874434e0cb7b90f7af2b6e3309b0733cde8ec1476eb47db148ed7deeb2a9494"}, - {file = "coverage-7.3.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:ee6621dccce8af666b8c4651f9f43467bfbf409607c604b840b78f4ff3619aeb"}, - {file = "coverage-7.3.3-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1367aa411afb4431ab58fd7ee102adb2665894d047c490649e86219327183134"}, - {file = "coverage-7.3.3-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1f0f8f0c497eb9c9f18f21de0750c8d8b4b9c7000b43996a094290b59d0e7523"}, - {file = "coverage-7.3.3-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:db0338c4b0951d93d547e0ff8d8ea340fecf5885f5b00b23be5aa99549e14cfd"}, - {file = "coverage-7.3.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:d31650d313bd90d027f4be7663dfa2241079edd780b56ac416b56eebe0a21aab"}, - {file = "coverage-7.3.3-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:9437a4074b43c177c92c96d051957592afd85ba00d3e92002c8ef45ee75df438"}, - {file = "coverage-7.3.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:9e17d9cb06c13b4f2ef570355fa45797d10f19ca71395910b249e3f77942a837"}, - {file = "coverage-7.3.3-cp310-cp310-win32.whl", hash = "sha256:eee5e741b43ea1b49d98ab6e40f7e299e97715af2488d1c77a90de4a663a86e2"}, - {file = "coverage-7.3.3-cp310-cp310-win_amd64.whl", hash = "sha256:593efa42160c15c59ee9b66c5f27a453ed3968718e6e58431cdfb2d50d5ad284"}, - {file = "coverage-7.3.3-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:8c944cf1775235c0857829c275c777a2c3e33032e544bcef614036f337ac37bb"}, - {file = "coverage-7.3.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:eda7f6e92358ac9e1717ce1f0377ed2b9320cea070906ece4e5c11d172a45a39"}, - {file = "coverage-7.3.3-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3c854c1d2c7d3e47f7120b560d1a30c1ca221e207439608d27bc4d08fd4aeae8"}, - {file = "coverage-7.3.3-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:222b038f08a7ebed1e4e78ccf3c09a1ca4ac3da16de983e66520973443b546bc"}, - {file = "coverage-7.3.3-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ff4800783d85bff132f2cc7d007426ec698cdce08c3062c8d501ad3f4ea3d16c"}, - {file = "coverage-7.3.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:fc200cec654311ca2c3f5ab3ce2220521b3d4732f68e1b1e79bef8fcfc1f2b97"}, - {file = "coverage-7.3.3-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:307aecb65bb77cbfebf2eb6e12009e9034d050c6c69d8a5f3f737b329f4f15fb"}, - {file = "coverage-7.3.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:ffb0eacbadb705c0a6969b0adf468f126b064f3362411df95f6d4f31c40d31c1"}, - {file = "coverage-7.3.3-cp311-cp311-win32.whl", hash = "sha256:79c32f875fd7c0ed8d642b221cf81feba98183d2ff14d1f37a1bbce6b0347d9f"}, - {file = "coverage-7.3.3-cp311-cp311-win_amd64.whl", hash = "sha256:243576944f7c1a1205e5cd658533a50eba662c74f9be4c050d51c69bd4532936"}, - {file = "coverage-7.3.3-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:a2ac4245f18057dfec3b0074c4eb366953bca6787f1ec397c004c78176a23d56"}, - {file = "coverage-7.3.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:f9191be7af41f0b54324ded600e8ddbcabea23e1e8ba419d9a53b241dece821d"}, - {file = "coverage-7.3.3-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:31c0b1b8b5a4aebf8fcd227237fc4263aa7fa0ddcd4d288d42f50eff18b0bac4"}, - {file = "coverage-7.3.3-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:ee453085279df1bac0996bc97004771a4a052b1f1e23f6101213e3796ff3cb85"}, - {file = "coverage-7.3.3-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1191270b06ecd68b1d00897b2daddb98e1719f63750969614ceb3438228c088e"}, - {file = "coverage-7.3.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:007a7e49831cfe387473e92e9ff07377f6121120669ddc39674e7244350a6a29"}, - {file = "coverage-7.3.3-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:af75cf83c2d57717a8493ed2246d34b1f3398cb8a92b10fd7a1858cad8e78f59"}, - {file = "coverage-7.3.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:811ca7373da32f1ccee2927dc27dc523462fd30674a80102f86c6753d6681bc6"}, - {file = "coverage-7.3.3-cp312-cp312-win32.whl", hash = "sha256:733537a182b5d62184f2a72796eb6901299898231a8e4f84c858c68684b25a70"}, - {file = "coverage-7.3.3-cp312-cp312-win_amd64.whl", hash = "sha256:e995efb191f04b01ced307dbd7407ebf6e6dc209b528d75583277b10fd1800ee"}, - {file = "coverage-7.3.3-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:fbd8a5fe6c893de21a3c6835071ec116d79334fbdf641743332e442a3466f7ea"}, - {file = "coverage-7.3.3-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:50c472c1916540f8b2deef10cdc736cd2b3d1464d3945e4da0333862270dcb15"}, - {file = "coverage-7.3.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2e9223a18f51d00d3ce239c39fc41410489ec7a248a84fab443fbb39c943616c"}, - {file = "coverage-7.3.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f501e36ac428c1b334c41e196ff6bd550c0353c7314716e80055b1f0a32ba394"}, - {file = "coverage-7.3.3-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:475de8213ed95a6b6283056d180b2442eee38d5948d735cd3d3b52b86dd65b92"}, - {file = "coverage-7.3.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:afdcc10c01d0db217fc0a64f58c7edd635b8f27787fea0a3054b856a6dff8717"}, - {file = "coverage-7.3.3-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:fff0b2f249ac642fd735f009b8363c2b46cf406d3caec00e4deeb79b5ff39b40"}, - {file = "coverage-7.3.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:a1f76cfc122c9e0f62dbe0460ec9cc7696fc9a0293931a33b8870f78cf83a327"}, - {file = "coverage-7.3.3-cp38-cp38-win32.whl", hash = "sha256:757453848c18d7ab5d5b5f1827293d580f156f1c2c8cef45bfc21f37d8681069"}, - {file = "coverage-7.3.3-cp38-cp38-win_amd64.whl", hash = "sha256:ad2453b852a1316c8a103c9c970db8fbc262f4f6b930aa6c606df9b2766eee06"}, - {file = "coverage-7.3.3-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:3b15e03b8ee6a908db48eccf4e4e42397f146ab1e91c6324da44197a45cb9132"}, - {file = "coverage-7.3.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:89400aa1752e09f666cc48708eaa171eef0ebe3d5f74044b614729231763ae69"}, - {file = "coverage-7.3.3-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c59a3e59fb95e6d72e71dc915e6d7fa568863fad0a80b33bc7b82d6e9f844973"}, - {file = "coverage-7.3.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9ede881c7618f9cf93e2df0421ee127afdfd267d1b5d0c59bcea771cf160ea4a"}, - {file = "coverage-7.3.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f3bfd2c2f0e5384276e12b14882bf2c7621f97c35320c3e7132c156ce18436a1"}, - {file = "coverage-7.3.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:7f3bad1a9313401ff2964e411ab7d57fb700a2d5478b727e13f156c8f89774a0"}, - {file = "coverage-7.3.3-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:65d716b736f16e250435473c5ca01285d73c29f20097decdbb12571d5dfb2c94"}, - {file = "coverage-7.3.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:a702e66483b1fe602717020a0e90506e759c84a71dbc1616dd55d29d86a9b91f"}, - {file = "coverage-7.3.3-cp39-cp39-win32.whl", hash = "sha256:7fbf3f5756e7955174a31fb579307d69ffca91ad163467ed123858ce0f3fd4aa"}, - {file = "coverage-7.3.3-cp39-cp39-win_amd64.whl", hash = "sha256:cad9afc1644b979211989ec3ff7d82110b2ed52995c2f7263e7841c846a75348"}, - {file = "coverage-7.3.3-pp38.pp39.pp310-none-any.whl", hash = "sha256:d299d379b676812e142fb57662a8d0d810b859421412b4d7af996154c00c31bb"}, - {file = "coverage-7.3.3.tar.gz", hash = "sha256:df04c64e58df96b4427db8d0559e95e2df3138c9916c96f9f6a4dd220db2fdb7"}, + {file = "coverage-7.4.0-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:36b0ea8ab20d6a7564e89cb6135920bc9188fb5f1f7152e94e8300b7b189441a"}, + {file = "coverage-7.4.0-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:0676cd0ba581e514b7f726495ea75aba3eb20899d824636c6f59b0ed2f88c471"}, + {file = "coverage-7.4.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d0ca5c71a5a1765a0f8f88022c52b6b8be740e512980362f7fdbb03725a0d6b9"}, + {file = "coverage-7.4.0-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a7c97726520f784239f6c62506bc70e48d01ae71e9da128259d61ca5e9788516"}, + {file = "coverage-7.4.0-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:815ac2d0f3398a14286dc2cea223a6f338109f9ecf39a71160cd1628786bc6f5"}, + {file = "coverage-7.4.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:80b5ee39b7f0131ebec7968baa9b2309eddb35b8403d1869e08f024efd883566"}, + {file = "coverage-7.4.0-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:5b2ccb7548a0b65974860a78c9ffe1173cfb5877460e5a229238d985565574ae"}, + {file = "coverage-7.4.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:995ea5c48c4ebfd898eacb098164b3cc826ba273b3049e4a889658548e321b43"}, + {file = "coverage-7.4.0-cp310-cp310-win32.whl", hash = "sha256:79287fd95585ed36e83182794a57a46aeae0b64ca53929d1176db56aacc83451"}, + {file = "coverage-7.4.0-cp310-cp310-win_amd64.whl", hash = "sha256:5b14b4f8760006bfdb6e08667af7bc2d8d9bfdb648351915315ea17645347137"}, + {file = "coverage-7.4.0-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:04387a4a6ecb330c1878907ce0dc04078ea72a869263e53c72a1ba5bbdf380ca"}, + {file = "coverage-7.4.0-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ea81d8f9691bb53f4fb4db603203029643caffc82bf998ab5b59ca05560f4c06"}, + {file = "coverage-7.4.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:74775198b702868ec2d058cb92720a3c5a9177296f75bd97317c787daf711505"}, + {file = "coverage-7.4.0-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:76f03940f9973bfaee8cfba70ac991825611b9aac047e5c80d499a44079ec0bc"}, + {file = "coverage-7.4.0-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:485e9f897cf4856a65a57c7f6ea3dc0d4e6c076c87311d4bc003f82cfe199d25"}, + {file = "coverage-7.4.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:6ae8c9d301207e6856865867d762a4b6fd379c714fcc0607a84b92ee63feff70"}, + {file = "coverage-7.4.0-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:bf477c355274a72435ceb140dc42de0dc1e1e0bf6e97195be30487d8eaaf1a09"}, + {file = "coverage-7.4.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:83c2dda2666fe32332f8e87481eed056c8b4d163fe18ecc690b02802d36a4d26"}, + {file = "coverage-7.4.0-cp311-cp311-win32.whl", hash = "sha256:697d1317e5290a313ef0d369650cfee1a114abb6021fa239ca12b4849ebbd614"}, + {file = "coverage-7.4.0-cp311-cp311-win_amd64.whl", hash = "sha256:26776ff6c711d9d835557ee453082025d871e30b3fd6c27fcef14733f67f0590"}, + {file = "coverage-7.4.0-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:13eaf476ec3e883fe3e5fe3707caeb88268a06284484a3daf8250259ef1ba143"}, + {file = "coverage-7.4.0-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:846f52f46e212affb5bcf131c952fb4075b55aae6b61adc9856222df89cbe3e2"}, + {file = "coverage-7.4.0-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:26f66da8695719ccf90e794ed567a1549bb2644a706b41e9f6eae6816b398c4a"}, + {file = "coverage-7.4.0-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:164fdcc3246c69a6526a59b744b62e303039a81e42cfbbdc171c91a8cc2f9446"}, + {file = "coverage-7.4.0-cp312-cp312-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:316543f71025a6565677d84bc4df2114e9b6a615aa39fb165d697dba06a54af9"}, + {file = "coverage-7.4.0-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:bb1de682da0b824411e00a0d4da5a784ec6496b6850fdf8c865c1d68c0e318dd"}, + {file = "coverage-7.4.0-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:0e8d06778e8fbffccfe96331a3946237f87b1e1d359d7fbe8b06b96c95a5407a"}, + {file = "coverage-7.4.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:a56de34db7b7ff77056a37aedded01b2b98b508227d2d0979d373a9b5d353daa"}, + {file = "coverage-7.4.0-cp312-cp312-win32.whl", hash = "sha256:51456e6fa099a8d9d91497202d9563a320513fcf59f33991b0661a4a6f2ad450"}, + {file = "coverage-7.4.0-cp312-cp312-win_amd64.whl", hash = "sha256:cd3c1e4cb2ff0083758f09be0f77402e1bdf704adb7f89108007300a6da587d0"}, + {file = "coverage-7.4.0-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:e9d1bf53c4c8de58d22e0e956a79a5b37f754ed1ffdbf1a260d9dcfa2d8a325e"}, + {file = "coverage-7.4.0-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:109f5985182b6b81fe33323ab4707011875198c41964f014579cf82cebf2bb85"}, + {file = "coverage-7.4.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3cc9d4bc55de8003663ec94c2f215d12d42ceea128da8f0f4036235a119c88ac"}, + {file = "coverage-7.4.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:cc6d65b21c219ec2072c1293c505cf36e4e913a3f936d80028993dd73c7906b1"}, + {file = "coverage-7.4.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5a10a4920def78bbfff4eff8a05c51be03e42f1c3735be42d851f199144897ba"}, + {file = "coverage-7.4.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:b8e99f06160602bc64da35158bb76c73522a4010f0649be44a4e167ff8555952"}, + {file = "coverage-7.4.0-cp38-cp38-musllinux_1_1_i686.whl", hash = "sha256:7d360587e64d006402b7116623cebf9d48893329ef035278969fa3bbf75b697e"}, + {file = "coverage-7.4.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:29f3abe810930311c0b5d1a7140f6395369c3db1be68345638c33eec07535105"}, + {file = "coverage-7.4.0-cp38-cp38-win32.whl", hash = "sha256:5040148f4ec43644702e7b16ca864c5314ccb8ee0751ef617d49aa0e2d6bf4f2"}, + {file = "coverage-7.4.0-cp38-cp38-win_amd64.whl", hash = "sha256:9864463c1c2f9cb3b5db2cf1ff475eed2f0b4285c2aaf4d357b69959941aa555"}, + {file = "coverage-7.4.0-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:936d38794044b26c99d3dd004d8af0035ac535b92090f7f2bb5aa9c8e2f5cd42"}, + {file = "coverage-7.4.0-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:799c8f873794a08cdf216aa5d0531c6a3747793b70c53f70e98259720a6fe2d7"}, + {file = "coverage-7.4.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e7defbb9737274023e2d7af02cac77043c86ce88a907c58f42b580a97d5bcca9"}, + {file = "coverage-7.4.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a1526d265743fb49363974b7aa8d5899ff64ee07df47dd8d3e37dcc0818f09ed"}, + {file = "coverage-7.4.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bf635a52fc1ea401baf88843ae8708591aa4adff875e5c23220de43b1ccf575c"}, + {file = "coverage-7.4.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:756ded44f47f330666843b5781be126ab57bb57c22adbb07d83f6b519783b870"}, + {file = "coverage-7.4.0-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:0eb3c2f32dabe3a4aaf6441dde94f35687224dfd7eb2a7f47f3fd9428e421058"}, + {file = "coverage-7.4.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:bfd5db349d15c08311702611f3dccbef4b4e2ec148fcc636cf8739519b4a5c0f"}, + {file = "coverage-7.4.0-cp39-cp39-win32.whl", hash = "sha256:53d7d9158ee03956e0eadac38dfa1ec8068431ef8058fe6447043db1fb40d932"}, + {file = "coverage-7.4.0-cp39-cp39-win_amd64.whl", hash = "sha256:cfd2a8b6b0d8e66e944d47cdec2f47c48fef2ba2f2dff5a9a75757f64172857e"}, + {file = "coverage-7.4.0-pp38.pp39.pp310-none-any.whl", hash = "sha256:c530833afc4707fe48524a44844493f36d8727f04dcce91fb978c414a8556cc6"}, + {file = "coverage-7.4.0.tar.gz", hash = "sha256:707c0f58cb1712b8809ece32b68996ee1e609f71bd14615bd8f87a1293cb610e"}, ] [package.extras] @@ -1046,7 +1009,6 @@ toml = ["tomli"] name = "cryptography" version = "41.0.7" description = "cryptography is a package which provides cryptographic recipes and primitives to Python developers." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1092,7 +1054,6 @@ test-randomorder = ["pytest-randomly"] name = "dacite" version = "1.8.1" description = "Simple creation of data classes from dictionaries." -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -1106,7 +1067,6 @@ dev = ["black", "coveralls", "mypy", "pre-commit", "pylint", "pytest (>=5)", "py name = "daphne" version = "4.0.0" description = "Django ASGI (HTTP/WebSocket) server" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1126,7 +1086,6 @@ tests = ["django", "hypothesis", "pytest", "pytest-asyncio"] name = "debugpy" version = "1.8.0" description = "An implementation of the Debug Adapter Protocol for Python" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -1152,21 +1111,19 @@ files = [ [[package]] name = "deepmerge" -version = "1.1.0" +version = "1.1.1" description = "a toolset to deeply merge python dictionaries." -category = "main" optional = false python-versions = "*" files = [ - {file = "deepmerge-1.1.0-py3-none-any.whl", hash = "sha256:59e6ef80b77dc52af3882a1ea78da22bcfc91ae9cdabc0c80729049fe295ff8b"}, - {file = "deepmerge-1.1.0.tar.gz", hash = "sha256:4c27a0db5de285e1a7ceac7dbc1531deaa556b627dea4900c8244581ecdfea2d"}, + {file = "deepmerge-1.1.1-py3-none-any.whl", hash = "sha256:7219dad9763f15be9dcd4bcb53e00f48e4eed6f5ed8f15824223eb934bb35977"}, + {file = "deepmerge-1.1.1.tar.gz", hash = "sha256:53a489dc9449636e480a784359ae2aab3191748c920649551c8e378622f0eca4"}, ] [[package]] name = "defusedxml" version = "0.7.1" description = "XML bomb protection for Python stdlib modules" -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" files = [ @@ -1178,7 +1135,6 @@ files = [ name = "dill" version = "0.3.7" description = "serialize all of Python" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1193,7 +1149,6 @@ graph = ["objgraph (>=1.7.2)"] name = "django" version = "4.2.8" description = "A high-level Python web framework that encourages rapid development and clean, pragmatic design." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -1214,7 +1169,6 @@ bcrypt = ["bcrypt"] name = "django-filter" version = "23.5" description = "Django-filter is a reusable Django application for allowing users to filter querysets dynamically." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1229,7 +1183,6 @@ Django = ">=3.2" name = "django-guardian" version = "2.4.0" description = "Implementation of per object permissions for Django." -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -1244,7 +1197,6 @@ Django = ">=2.2" name = "django-model-utils" version = "4.3.1" description = "Django model mixins and utilities" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1259,7 +1211,6 @@ Django = ">=3.2" name = "django-prometheus" version = "2.3.1" description = "Django middlewares to monitor your application with Prometheus.io." -category = "main" optional = false python-versions = "*" files = [ @@ -1274,7 +1225,6 @@ prometheus-client = ">=0.7" name = "django-redis" version = "5.4.0" description = "Full featured redis cache backend for Django." -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -1293,7 +1243,6 @@ hiredis = ["redis[hiredis] (>=3,!=4.0.0,!=4.0.1)"] name = "django-silk" version = "5.0.4" description = "Silky smooth profiling for the Django Framework" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -1311,7 +1260,6 @@ sqlparse = "*" name = "django-storages" version = "1.14.2" description = "Support for many storage backends in Django" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1336,7 +1284,6 @@ sftp = ["paramiko (>=1.15)"] name = "django-tenants" version = "3.5.0" description = "Tenant support for Django using PostgreSQL schemas." -category = "main" optional = false python-versions = "*" files = [] @@ -1355,7 +1302,6 @@ resolved_reference = "52cf8f61bae62f6e89309ccc86193c82ab075def" name = "djangorestframework" version = "3.14.0" description = "Web APIs for Django, made easy." -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -1371,7 +1317,6 @@ pytz = "*" name = "djangorestframework-guardian" version = "0.3.0" description = "django-guardian support for Django REST Framework" -category = "main" optional = false python-versions = "*" files = [ @@ -1388,7 +1333,6 @@ djangorestframework = "*" name = "dnspython" version = "2.4.2" description = "DNS toolkit" -category = "main" optional = false python-versions = ">=3.8,<4.0" files = [ @@ -1408,7 +1352,6 @@ wmi = ["wmi (>=1.5.1,<2.0.0)"] name = "docker" version = "7.0.0" description = "A Python library for the Docker Engine API." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -1430,7 +1373,6 @@ websockets = ["websocket-client (>=1.3.0)"] name = "drf-jsonschema-serializer" version = "2.0.0" description = "JSON Schema support for Django REST Framework" -category = "dev" optional = false python-versions = "*" files = [ @@ -1454,7 +1396,6 @@ tests = ["black", "django-stubs[compatible-mypy]", "djangorestframework-stubs[co name = "drf-spectacular" version = "0.27.0" description = "Sane and flexible OpenAPI 3 schema generation for Django REST framework" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -1478,7 +1419,6 @@ sidecar = ["drf-spectacular-sidecar"] name = "dumb-init" version = "1.2.5.post1" description = "Simple wrapper script which proxies signals to a child" -category = "main" optional = false python-versions = "*" files = [ @@ -1493,7 +1433,6 @@ files = [ name = "duo-client" version = "5.2.0" description = "Reference client for Duo Security APIs" -category = "main" optional = false python-versions = "*" files = [ @@ -1509,7 +1448,6 @@ six = "*" name = "email-validator" version = "2.1.0.post1" description = "A robust email address syntax and deliverability validation library." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -1525,7 +1463,6 @@ idna = ">=2.0.0" name = "facebook-sdk" version = "3.1.0" description = "This client library is designed to support the Facebook Graph API and the official Facebook JavaScript SDK, which is the canonical way to implement Facebook authentication." -category = "main" optional = false python-versions = "*" files = [ @@ -1540,7 +1477,6 @@ requests = "*" name = "flower" version = "2.0.1" description = "Celery Flower" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1557,14 +1493,13 @@ tornado = ">=5.0.0,<7.0.0" [[package]] name = "freezegun" -version = "1.3.1" +version = "1.4.0" description = "Let your Python tests travel through time" -category = "dev" optional = false python-versions = ">=3.7" files = [ - {file = "freezegun-1.3.1-py3-none-any.whl", hash = "sha256:065e77a12624d05531afa87ade12a0b9bdb53495c4573893252a055b545ce3ea"}, - {file = "freezegun-1.3.1.tar.gz", hash = "sha256:48984397b3b58ef5dfc645d6a304b0060f612bcecfdaaf45ce8aff0077a6cb6a"}, + {file = "freezegun-1.4.0-py3-none-any.whl", hash = "sha256:55e0fc3c84ebf0a96a5aa23ff8b53d70246479e9a68863f1fcac5a3e52f19dd6"}, + {file = "freezegun-1.4.0.tar.gz", hash = "sha256:10939b0ba0ff5adaecf3b06a5c2f73071d9678e507c5eaedb23c761d56ac774b"}, ] [package.dependencies] @@ -1574,7 +1509,6 @@ python-dateutil = ">=2.7" name = "frozenlist" version = "1.4.1" description = "A list-like structure which implements collections.abc.MutableSequence" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -1661,7 +1595,6 @@ files = [ name = "geoip2" version = "4.8.0" description = "MaxMind GeoIP2 API" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -1682,7 +1615,6 @@ test = ["mocket (>=3.11.1)"] name = "gitdb" version = "4.0.11" description = "Git Object Database" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1697,7 +1629,6 @@ smmap = ">=3.0.1,<6" name = "gitpython" version = "3.1.40" description = "GitPython is a Python library used to interact with Git repositories" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1715,7 +1646,6 @@ test = ["black", "coverage[toml]", "ddt (>=1.1.1,!=1.4.3)", "mock", "mypy", "pre name = "google-auth" version = "2.25.2" description = "Google Authentication Library" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1739,7 +1669,6 @@ requests = ["requests (>=2.20.0,<3.0.0.dev0)"] name = "gprof2dot" version = "2022.7.29" description = "Generate a dot graph from the output of several profilers." -category = "dev" optional = false python-versions = ">=2.7" files = [ @@ -1751,7 +1680,6 @@ files = [ name = "gunicorn" version = "21.2.0" description = "WSGI HTTP Server for UNIX" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -1772,7 +1700,6 @@ tornado = ["tornado (>=0.2)"] name = "h11" version = "0.14.0" description = "A pure-Python, bring-your-own-I/O implementation of HTTP/1.1" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1784,7 +1711,6 @@ files = [ name = "httptools" version = "0.6.1" description = "A collection of framework independent HTTP protocol utils." -category = "main" optional = false python-versions = ">=3.8.0" files = [ @@ -1833,7 +1759,6 @@ test = ["Cython (>=0.29.24,<0.30.0)"] name = "humanize" version = "4.9.0" description = "Python humanize utilities" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -1848,7 +1773,6 @@ tests = ["freezegun", "pytest", "pytest-cov"] name = "hyperlink" version = "21.0.0" description = "A featureful, immutable, and correct URL for Python." -category = "main" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" files = [ @@ -1863,7 +1787,6 @@ idna = ">=2.5" name = "idna" version = "3.6" description = "Internationalized Domain Names in Applications (IDNA)" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -1873,14 +1796,13 @@ files = [ [[package]] name = "importlib-metadata" -version = "7.0.0" +version = "7.0.1" description = "Read metadata from Python packages" -category = "dev" optional = false python-versions = ">=3.8" files = [ - {file = "importlib_metadata-7.0.0-py3-none-any.whl", hash = "sha256:d97503976bb81f40a193d41ee6570868479c69d5068651eb039c40d850c59d67"}, - {file = "importlib_metadata-7.0.0.tar.gz", hash = "sha256:7fc841f8b8332803464e5dc1c63a2e59121f46ca186c0e2e182e80bf8c1319f7"}, + {file = "importlib_metadata-7.0.1-py3-none-any.whl", hash = "sha256:4805911c3a4ec7c3966410053e9ec6a1fecd629117df5adee56dfc9432a1081e"}, + {file = "importlib_metadata-7.0.1.tar.gz", hash = "sha256:f238736bb06590ae52ac1fab06a3a9ef1d8dce2b7a35b5ab329371d6c8f5d2cc"}, ] [package.dependencies] @@ -1895,7 +1817,6 @@ testing = ["flufl.flake8", "importlib-resources (>=1.3)", "packaging", "pyfakefs name = "incremental" version = "22.10.0" description = "\"A small library that versions your Python projects.\"" -category = "main" optional = false python-versions = "*" files = [ @@ -1911,7 +1832,6 @@ scripts = ["click (>=6.0)", "twisted (>=16.4.0)"] name = "inflection" version = "0.5.1" description = "A port of Ruby on Rails inflector to Python" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -1923,7 +1843,6 @@ files = [ name = "iniconfig" version = "2.0.0" description = "brain-dead simple config-ini parsing" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1935,7 +1854,6 @@ files = [ name = "isort" version = "5.13.2" description = "A Python utility / library to sort Python imports." -category = "dev" optional = false python-versions = ">=3.8.0" files = [ @@ -1950,7 +1868,6 @@ colors = ["colorama (>=0.4.6)"] name = "jinja2" version = "3.1.2" description = "A very fast and expressive template engine." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -1968,7 +1885,6 @@ i18n = ["Babel (>=2.7)"] name = "jmespath" version = "1.0.1" description = "JSON Matching Expressions" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -1980,7 +1896,6 @@ files = [ name = "jsonpatch" version = "1.33" description = "Apply JSON-Patches (RFC 6902)" -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*" files = [ @@ -1995,7 +1910,6 @@ jsonpointer = ">=1.9" name = "jsonpointer" version = "2.4" description = "Identify specific nodes in a JSON document (RFC 6901)" -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*, !=3.6.*" files = [ @@ -2007,7 +1921,6 @@ files = [ name = "jsonschema" version = "4.20.0" description = "An implementation of JSON Schema validation for Python" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -2027,14 +1940,13 @@ format-nongpl = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339- [[package]] name = "jsonschema-specifications" -version = "2023.11.2" +version = "2023.12.1" description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry" -category = "main" optional = false python-versions = ">=3.8" files = [ - {file = "jsonschema_specifications-2023.11.2-py3-none-any.whl", hash = "sha256:e74ba7c0a65e8cb49dc26837d6cfe576557084a8b423ed16a420984228104f93"}, - {file = "jsonschema_specifications-2023.11.2.tar.gz", hash = "sha256:9472fc4fea474cd74bea4a2b190daeccb5a9e4db2ea80efcf7a1b582fc9a81b8"}, + {file = "jsonschema_specifications-2023.12.1-py3-none-any.whl", hash = "sha256:87e4fdf3a94858b8a2ba2778d9ba57d8a9cafca7c7489c46ba0d30a8bc6a9c3c"}, + {file = "jsonschema_specifications-2023.12.1.tar.gz", hash = "sha256:48a76787b3e70f5ed53f1160d2b81f586e4ca6d1548c5de7085d1682674764cc"}, ] [package.dependencies] @@ -2044,7 +1956,6 @@ referencing = ">=0.31.0" name = "kombu" version = "5.3.4" description = "Messaging library for Python." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -2077,7 +1988,6 @@ zookeeper = ["kazoo (>=2.8.0)"] name = "kubernetes" version = "27.2.0" description = "Kubernetes python client" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -2095,7 +2005,7 @@ requests = "*" requests-oauthlib = "*" six = ">=1.9.0" urllib3 = ">=1.24.2" -websocket-client = ">=0.32.0,<0.40.0 || >0.40.0,<0.41.0 || >=0.43.0" +websocket-client = ">=0.32.0,<0.40.0 || >0.40.0,<0.41.dev0 || >=0.43.dev0" [package.extras] adal = ["adal (>=1.0.2)"] @@ -2104,7 +2014,6 @@ adal = ["adal (>=1.0.2)"] name = "ldap3" version = "2.9.1" description = "A strictly RFC 4510 conforming LDAP V3 pure Python client library" -category = "main" optional = false python-versions = "*" files = [ @@ -2117,117 +2026,219 @@ pyasn1 = ">=0.4.6" [[package]] name = "lxml" -version = "4.9.3" +version = "4.9.4" description = "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API." -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, != 3.4.*" files = [ - {file = "lxml-4.9.3-cp27-cp27m-macosx_11_0_x86_64.whl", hash = "sha256:b0a545b46b526d418eb91754565ba5b63b1c0b12f9bd2f808c852d9b4b2f9b5c"}, - {file = "lxml-4.9.3-cp27-cp27m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:075b731ddd9e7f68ad24c635374211376aa05a281673ede86cbe1d1b3455279d"}, - {file = "lxml-4.9.3-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:1e224d5755dba2f4a9498e150c43792392ac9b5380aa1b845f98a1618c94eeef"}, - {file = "lxml-4.9.3-cp27-cp27m-win32.whl", hash = "sha256:2c74524e179f2ad6d2a4f7caf70e2d96639c0954c943ad601a9e146c76408ed7"}, - {file = "lxml-4.9.3-cp27-cp27m-win_amd64.whl", hash = "sha256:4f1026bc732b6a7f96369f7bfe1a4f2290fb34dce00d8644bc3036fb351a4ca1"}, - {file = "lxml-4.9.3-cp27-cp27mu-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c0781a98ff5e6586926293e59480b64ddd46282953203c76ae15dbbbf302e8bb"}, - {file = "lxml-4.9.3-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:cef2502e7e8a96fe5ad686d60b49e1ab03e438bd9123987994528febd569868e"}, - {file = "lxml-4.9.3-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:b86164d2cff4d3aaa1f04a14685cbc072efd0b4f99ca5708b2ad1b9b5988a991"}, - {file = "lxml-4.9.3-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:42871176e7896d5d45138f6d28751053c711ed4d48d8e30b498da155af39aebd"}, - {file = "lxml-4.9.3-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:ae8b9c6deb1e634ba4f1930eb67ef6e6bf6a44b6eb5ad605642b2d6d5ed9ce3c"}, - {file = "lxml-4.9.3-cp310-cp310-manylinux_2_28_aarch64.whl", hash = "sha256:411007c0d88188d9f621b11d252cce90c4a2d1a49db6c068e3c16422f306eab8"}, - {file = "lxml-4.9.3-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:cd47b4a0d41d2afa3e58e5bf1f62069255aa2fd6ff5ee41604418ca925911d76"}, - {file = "lxml-4.9.3-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:0e2cb47860da1f7e9a5256254b74ae331687b9672dfa780eed355c4c9c3dbd23"}, - {file = "lxml-4.9.3-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:1247694b26342a7bf47c02e513d32225ededd18045264d40758abeb3c838a51f"}, - {file = "lxml-4.9.3-cp310-cp310-win32.whl", hash = "sha256:cdb650fc86227eba20de1a29d4b2c1bfe139dc75a0669270033cb2ea3d391b85"}, - {file = "lxml-4.9.3-cp310-cp310-win_amd64.whl", hash = "sha256:97047f0d25cd4bcae81f9ec9dc290ca3e15927c192df17331b53bebe0e3ff96d"}, - {file = "lxml-4.9.3-cp311-cp311-macosx_11_0_universal2.whl", hash = "sha256:1f447ea5429b54f9582d4b955f5f1985f278ce5cf169f72eea8afd9502973dd5"}, - {file = "lxml-4.9.3-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:57d6ba0ca2b0c462f339640d22882acc711de224d769edf29962b09f77129cbf"}, - {file = "lxml-4.9.3-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:9767e79108424fb6c3edf8f81e6730666a50feb01a328f4a016464a5893f835a"}, - {file = "lxml-4.9.3-cp311-cp311-manylinux_2_28_aarch64.whl", hash = "sha256:71c52db65e4b56b8ddc5bb89fb2e66c558ed9d1a74a45ceb7dcb20c191c3df2f"}, - {file = "lxml-4.9.3-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:d73d8ecf8ecf10a3bd007f2192725a34bd62898e8da27eb9d32a58084f93962b"}, - {file = "lxml-4.9.3-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:0a3d3487f07c1d7f150894c238299934a2a074ef590b583103a45002035be120"}, - {file = "lxml-4.9.3-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:9e28c51fa0ce5674be9f560c6761c1b441631901993f76700b1b30ca6c8378d6"}, - {file = "lxml-4.9.3-cp311-cp311-win32.whl", hash = "sha256:0bfd0767c5c1de2551a120673b72e5d4b628737cb05414f03c3277bf9bed3305"}, - {file = "lxml-4.9.3-cp311-cp311-win_amd64.whl", hash = "sha256:25f32acefac14ef7bd53e4218fe93b804ef6f6b92ffdb4322bb6d49d94cad2bc"}, - {file = "lxml-4.9.3-cp312-cp312-macosx_11_0_universal2.whl", hash = "sha256:d3ff32724f98fbbbfa9f49d82852b159e9784d6094983d9a8b7f2ddaebb063d4"}, - {file = "lxml-4.9.3-cp312-cp312-manylinux_2_28_aarch64.whl", hash = "sha256:48d6ed886b343d11493129e019da91d4039826794a3e3027321c56d9e71505be"}, - {file = "lxml-4.9.3-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:9a92d3faef50658dd2c5470af249985782bf754c4e18e15afb67d3ab06233f13"}, - {file = "lxml-4.9.3-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:b4e4bc18382088514ebde9328da057775055940a1f2e18f6ad2d78aa0f3ec5b9"}, - {file = "lxml-4.9.3-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:fc9b106a1bf918db68619fdcd6d5ad4f972fdd19c01d19bdb6bf63f3589a9ec5"}, - {file = "lxml-4.9.3-cp312-cp312-win_amd64.whl", hash = "sha256:d37017287a7adb6ab77e1c5bee9bcf9660f90ff445042b790402a654d2ad81d8"}, - {file = "lxml-4.9.3-cp35-cp35m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:56dc1f1ebccc656d1b3ed288f11e27172a01503fc016bcabdcbc0978b19352b7"}, - {file = "lxml-4.9.3-cp35-cp35m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:578695735c5a3f51569810dfebd05dd6f888147a34f0f98d4bb27e92b76e05c2"}, - {file = "lxml-4.9.3-cp35-cp35m-win32.whl", hash = "sha256:704f61ba8c1283c71b16135caf697557f5ecf3e74d9e453233e4771d68a1f42d"}, - {file = "lxml-4.9.3-cp35-cp35m-win_amd64.whl", hash = "sha256:c41bfca0bd3532d53d16fd34d20806d5c2b1ace22a2f2e4c0008570bf2c58833"}, - {file = "lxml-4.9.3-cp36-cp36m-macosx_11_0_x86_64.whl", hash = "sha256:64f479d719dc9f4c813ad9bb6b28f8390360660b73b2e4beb4cb0ae7104f1c12"}, - {file = "lxml-4.9.3-cp36-cp36m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:dd708cf4ee4408cf46a48b108fb9427bfa00b9b85812a9262b5c668af2533ea5"}, - {file = "lxml-4.9.3-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5c31c7462abdf8f2ac0577d9f05279727e698f97ecbb02f17939ea99ae8daa98"}, - {file = "lxml-4.9.3-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:e3cd95e10c2610c360154afdc2f1480aea394f4a4f1ea0a5eacce49640c9b190"}, - {file = "lxml-4.9.3-cp36-cp36m-manylinux_2_28_x86_64.whl", hash = "sha256:4930be26af26ac545c3dffb662521d4e6268352866956672231887d18f0eaab2"}, - {file = "lxml-4.9.3-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:4aec80cde9197340bc353d2768e2a75f5f60bacda2bab72ab1dc499589b3878c"}, - {file = "lxml-4.9.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:14e019fd83b831b2e61baed40cab76222139926b1fb5ed0e79225bc0cae14584"}, - {file = "lxml-4.9.3-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:0c0850c8b02c298d3c7006b23e98249515ac57430e16a166873fc47a5d549287"}, - {file = "lxml-4.9.3-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:aca086dc5f9ef98c512bac8efea4483eb84abbf926eaeedf7b91479feb092458"}, - {file = "lxml-4.9.3-cp36-cp36m-win32.whl", hash = "sha256:50baa9c1c47efcaef189f31e3d00d697c6d4afda5c3cde0302d063492ff9b477"}, - {file = "lxml-4.9.3-cp36-cp36m-win_amd64.whl", hash = "sha256:bef4e656f7d98aaa3486d2627e7d2df1157d7e88e7efd43a65aa5dd4714916cf"}, - {file = "lxml-4.9.3-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:46f409a2d60f634fe550f7133ed30ad5321ae2e6630f13657fb9479506b00601"}, - {file = "lxml-4.9.3-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:4c28a9144688aef80d6ea666c809b4b0e50010a2aca784c97f5e6bf143d9f129"}, - {file = "lxml-4.9.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:141f1d1a9b663c679dc524af3ea1773e618907e96075262726c7612c02b149a4"}, - {file = "lxml-4.9.3-cp37-cp37m-manylinux_2_28_x86_64.whl", hash = "sha256:53ace1c1fd5a74ef662f844a0413446c0629d151055340e9893da958a374f70d"}, - {file = "lxml-4.9.3-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:17a753023436a18e27dd7769e798ce302963c236bc4114ceee5b25c18c52c693"}, - {file = "lxml-4.9.3-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:7d298a1bd60c067ea75d9f684f5f3992c9d6766fadbc0bcedd39750bf344c2f4"}, - {file = "lxml-4.9.3-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:081d32421db5df44c41b7f08a334a090a545c54ba977e47fd7cc2deece78809a"}, - {file = "lxml-4.9.3-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:23eed6d7b1a3336ad92d8e39d4bfe09073c31bfe502f20ca5116b2a334f8ec02"}, - {file = "lxml-4.9.3-cp37-cp37m-win32.whl", hash = "sha256:1509dd12b773c02acd154582088820893109f6ca27ef7291b003d0e81666109f"}, - {file = "lxml-4.9.3-cp37-cp37m-win_amd64.whl", hash = "sha256:120fa9349a24c7043854c53cae8cec227e1f79195a7493e09e0c12e29f918e52"}, - {file = "lxml-4.9.3-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:4d2d1edbca80b510443f51afd8496be95529db04a509bc8faee49c7b0fb6d2cc"}, - {file = "lxml-4.9.3-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:8d7e43bd40f65f7d97ad8ef5c9b1778943d02f04febef12def25f7583d19baac"}, - {file = "lxml-4.9.3-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:71d66ee82e7417828af6ecd7db817913cb0cf9d4e61aa0ac1fde0583d84358db"}, - {file = "lxml-4.9.3-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:6fc3c450eaa0b56f815c7b62f2b7fba7266c4779adcf1cece9e6deb1de7305ce"}, - {file = "lxml-4.9.3-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:65299ea57d82fb91c7f019300d24050c4ddeb7c5a190e076b5f48a2b43d19c42"}, - {file = "lxml-4.9.3-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:eadfbbbfb41b44034a4c757fd5d70baccd43296fb894dba0295606a7cf3124aa"}, - {file = "lxml-4.9.3-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:3e9bdd30efde2b9ccfa9cb5768ba04fe71b018a25ea093379c857c9dad262c40"}, - {file = "lxml-4.9.3-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:fcdd00edfd0a3001e0181eab3e63bd5c74ad3e67152c84f93f13769a40e073a7"}, - {file = "lxml-4.9.3-cp38-cp38-win32.whl", hash = "sha256:57aba1bbdf450b726d58b2aea5fe47c7875f5afb2c4a23784ed78f19a0462574"}, - {file = "lxml-4.9.3-cp38-cp38-win_amd64.whl", hash = "sha256:92af161ecbdb2883c4593d5ed4815ea71b31fafd7fd05789b23100d081ecac96"}, - {file = "lxml-4.9.3-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:9bb6ad405121241e99a86efff22d3ef469024ce22875a7ae045896ad23ba2340"}, - {file = "lxml-4.9.3-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:8ed74706b26ad100433da4b9d807eae371efaa266ffc3e9191ea436087a9d6a7"}, - {file = "lxml-4.9.3-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:fbf521479bcac1e25a663df882c46a641a9bff6b56dc8b0fafaebd2f66fb231b"}, - {file = "lxml-4.9.3-cp39-cp39-manylinux_2_28_aarch64.whl", hash = "sha256:303bf1edce6ced16bf67a18a1cf8339d0db79577eec5d9a6d4a80f0fb10aa2da"}, - {file = "lxml-4.9.3-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:5515edd2a6d1a5a70bfcdee23b42ec33425e405c5b351478ab7dc9347228f96e"}, - {file = "lxml-4.9.3-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:690dafd0b187ed38583a648076865d8c229661ed20e48f2335d68e2cf7dc829d"}, - {file = "lxml-4.9.3-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:b6420a005548ad52154c8ceab4a1290ff78d757f9e5cbc68f8c77089acd3c432"}, - {file = "lxml-4.9.3-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:bb3bb49c7a6ad9d981d734ef7c7193bc349ac338776a0360cc671eaee89bcf69"}, - {file = "lxml-4.9.3-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:d27be7405547d1f958b60837dc4c1007da90b8b23f54ba1f8b728c78fdb19d50"}, - {file = "lxml-4.9.3-cp39-cp39-win32.whl", hash = "sha256:8df133a2ea5e74eef5e8fc6f19b9e085f758768a16e9877a60aec455ed2609b2"}, - {file = "lxml-4.9.3-cp39-cp39-win_amd64.whl", hash = "sha256:4dd9a263e845a72eacb60d12401e37c616438ea2e5442885f65082c276dfb2b2"}, - {file = "lxml-4.9.3-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:6689a3d7fd13dc687e9102a27e98ef33730ac4fe37795d5036d18b4d527abd35"}, - {file = "lxml-4.9.3-pp37-pypy37_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:f6bdac493b949141b733c5345b6ba8f87a226029cbabc7e9e121a413e49441e0"}, - {file = "lxml-4.9.3-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:05186a0f1346ae12553d66df1cfce6f251589fea3ad3da4f3ef4e34b2d58c6a3"}, - {file = "lxml-4.9.3-pp37-pypy37_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:c2006f5c8d28dee289f7020f721354362fa304acbaaf9745751ac4006650254b"}, - {file = "lxml-4.9.3-pp38-pypy38_pp73-macosx_11_0_x86_64.whl", hash = "sha256:5c245b783db29c4e4fbbbfc9c5a78be496c9fea25517f90606aa1f6b2b3d5f7b"}, - {file = "lxml-4.9.3-pp38-pypy38_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:4fb960a632a49f2f089d522f70496640fdf1218f1243889da3822e0a9f5f3ba7"}, - {file = "lxml-4.9.3-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:50670615eaf97227d5dc60de2dc99fb134a7130d310d783314e7724bf163f75d"}, - {file = "lxml-4.9.3-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:9719fe17307a9e814580af1f5c6e05ca593b12fb7e44fe62450a5384dbf61b4b"}, - {file = "lxml-4.9.3-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:3331bece23c9ee066e0fb3f96c61322b9e0f54d775fccefff4c38ca488de283a"}, - {file = "lxml-4.9.3-pp39-pypy39_pp73-macosx_11_0_x86_64.whl", hash = "sha256:ed667f49b11360951e201453fc3967344d0d0263aa415e1619e85ae7fd17b4e0"}, - {file = "lxml-4.9.3-pp39-pypy39_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:8b77946fd508cbf0fccd8e400a7f71d4ac0e1595812e66025bac475a8e811694"}, - {file = "lxml-4.9.3-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:e4da8ca0c0c0aea88fd46be8e44bd49716772358d648cce45fe387f7b92374a7"}, - {file = "lxml-4.9.3-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:fe4bda6bd4340caa6e5cf95e73f8fea5c4bfc55763dd42f1b50a94c1b4a2fbd4"}, - {file = "lxml-4.9.3-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:f3df3db1d336b9356dd3112eae5f5c2b8b377f3bc826848567f10bfddfee77e9"}, - {file = "lxml-4.9.3.tar.gz", hash = "sha256:48628bd53a426c9eb9bc066a923acaa0878d1e86129fd5359aee99285f4eed9c"}, + {file = "lxml-4.9.4-cp27-cp27m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:e214025e23db238805a600f1f37bf9f9a15413c7bf5f9d6ae194f84980c78722"}, + {file = "lxml-4.9.4-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:ec53a09aee61d45e7dbe7e91252ff0491b6b5fee3d85b2d45b173d8ab453efc1"}, + {file = "lxml-4.9.4-cp27-cp27m-win32.whl", hash = "sha256:7d1d6c9e74c70ddf524e3c09d9dc0522aba9370708c2cb58680ea40174800013"}, + {file = "lxml-4.9.4-cp27-cp27m-win_amd64.whl", hash = "sha256:cb53669442895763e61df5c995f0e8361b61662f26c1b04ee82899c2789c8f69"}, + {file = "lxml-4.9.4-cp27-cp27mu-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:647bfe88b1997d7ae8d45dabc7c868d8cb0c8412a6e730a7651050b8c7289cf2"}, + {file = "lxml-4.9.4-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:4d973729ce04784906a19108054e1fd476bc85279a403ea1a72fdb051c76fa48"}, + {file = "lxml-4.9.4-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:056a17eaaf3da87a05523472ae84246f87ac2f29a53306466c22e60282e54ff8"}, + {file = "lxml-4.9.4-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:aaa5c173a26960fe67daa69aa93d6d6a1cd714a6eb13802d4e4bd1d24a530644"}, + {file = "lxml-4.9.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:647459b23594f370c1c01768edaa0ba0959afc39caeeb793b43158bb9bb6a663"}, + {file = "lxml-4.9.4-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:bdd9abccd0927673cffe601d2c6cdad1c9321bf3437a2f507d6b037ef91ea307"}, + {file = "lxml-4.9.4-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:00e91573183ad273e242db5585b52670eddf92bacad095ce25c1e682da14ed91"}, + {file = "lxml-4.9.4-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:a602ed9bd2c7d85bd58592c28e101bd9ff9c718fbde06545a70945ffd5d11868"}, + {file = "lxml-4.9.4-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:de362ac8bc962408ad8fae28f3967ce1a262b5d63ab8cefb42662566737f1dc7"}, + {file = "lxml-4.9.4-cp310-cp310-win32.whl", hash = "sha256:33714fcf5af4ff7e70a49731a7cc8fd9ce910b9ac194f66eaa18c3cc0a4c02be"}, + {file = "lxml-4.9.4-cp310-cp310-win_amd64.whl", hash = "sha256:d3caa09e613ece43ac292fbed513a4bce170681a447d25ffcbc1b647d45a39c5"}, + {file = "lxml-4.9.4-cp311-cp311-macosx_11_0_universal2.whl", hash = "sha256:359a8b09d712df27849e0bcb62c6a3404e780b274b0b7e4c39a88826d1926c28"}, + {file = "lxml-4.9.4-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:43498ea734ccdfb92e1886dfedaebeb81178a241d39a79d5351ba2b671bff2b2"}, + {file = "lxml-4.9.4-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:4855161013dfb2b762e02b3f4d4a21cc7c6aec13c69e3bffbf5022b3e708dd97"}, + {file = "lxml-4.9.4-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:c71b5b860c5215fdbaa56f715bc218e45a98477f816b46cfde4a84d25b13274e"}, + {file = "lxml-4.9.4-cp311-cp311-manylinux_2_28_aarch64.whl", hash = "sha256:9a2b5915c333e4364367140443b59f09feae42184459b913f0f41b9fed55794a"}, + {file = "lxml-4.9.4-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:d82411dbf4d3127b6cde7da0f9373e37ad3a43e89ef374965465928f01c2b979"}, + {file = "lxml-4.9.4-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:273473d34462ae6e97c0f4e517bd1bf9588aa67a1d47d93f760a1282640e24ac"}, + {file = "lxml-4.9.4-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:389d2b2e543b27962990ab529ac6720c3dded588cc6d0f6557eec153305a3622"}, + {file = "lxml-4.9.4-cp311-cp311-win32.whl", hash = "sha256:8aecb5a7f6f7f8fe9cac0bcadd39efaca8bbf8d1bf242e9f175cbe4c925116c3"}, + {file = "lxml-4.9.4-cp311-cp311-win_amd64.whl", hash = "sha256:c7721a3ef41591341388bb2265395ce522aba52f969d33dacd822da8f018aff8"}, + {file = "lxml-4.9.4-cp312-cp312-macosx_11_0_universal2.whl", hash = "sha256:dbcb2dc07308453db428a95a4d03259bd8caea97d7f0776842299f2d00c72fc8"}, + {file = "lxml-4.9.4-cp312-cp312-manylinux_2_28_aarch64.whl", hash = "sha256:01bf1df1db327e748dcb152d17389cf6d0a8c5d533ef9bab781e9d5037619229"}, + {file = "lxml-4.9.4-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:e8f9f93a23634cfafbad6e46ad7d09e0f4a25a2400e4a64b1b7b7c0fbaa06d9d"}, + {file = "lxml-4.9.4-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:3f3f00a9061605725df1816f5713d10cd94636347ed651abdbc75828df302b20"}, + {file = "lxml-4.9.4-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:953dd5481bd6252bd480d6ec431f61d7d87fdcbbb71b0d2bdcfc6ae00bb6fb10"}, + {file = "lxml-4.9.4-cp312-cp312-win32.whl", hash = "sha256:266f655d1baff9c47b52f529b5f6bec33f66042f65f7c56adde3fcf2ed62ae8b"}, + {file = "lxml-4.9.4-cp312-cp312-win_amd64.whl", hash = "sha256:f1faee2a831fe249e1bae9cbc68d3cd8a30f7e37851deee4d7962b17c410dd56"}, + {file = "lxml-4.9.4-cp35-cp35m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:23d891e5bdc12e2e506e7d225d6aa929e0a0368c9916c1fddefab88166e98b20"}, + {file = "lxml-4.9.4-cp35-cp35m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:e96a1788f24d03e8d61679f9881a883ecdf9c445a38f9ae3f3f193ab6c591c66"}, + {file = "lxml-4.9.4-cp36-cp36m-macosx_11_0_x86_64.whl", hash = "sha256:5557461f83bb7cc718bc9ee1f7156d50e31747e5b38d79cf40f79ab1447afd2d"}, + {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:fdb325b7fba1e2c40b9b1db407f85642e32404131c08480dd652110fc908561b"}, + {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:3d74d4a3c4b8f7a1f676cedf8e84bcc57705a6d7925e6daef7a1e54ae543a197"}, + {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:ac7674d1638df129d9cb4503d20ffc3922bd463c865ef3cb412f2c926108e9a4"}, + {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_28_x86_64.whl", hash = "sha256:ddd92e18b783aeb86ad2132d84a4b795fc5ec612e3545c1b687e7747e66e2b53"}, + {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2bd9ac6e44f2db368ef8986f3989a4cad3de4cd55dbdda536e253000c801bcc7"}, + {file = "lxml-4.9.4-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:bc354b1393dce46026ab13075f77b30e40b61b1a53e852e99d3cc5dd1af4bc85"}, + {file = "lxml-4.9.4-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:f836f39678cb47c9541f04d8ed4545719dc31ad850bf1832d6b4171e30d65d23"}, + {file = "lxml-4.9.4-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:9c131447768ed7bc05a02553d939e7f0e807e533441901dd504e217b76307745"}, + {file = "lxml-4.9.4-cp36-cp36m-win32.whl", hash = "sha256:bafa65e3acae612a7799ada439bd202403414ebe23f52e5b17f6ffc2eb98c2be"}, + {file = "lxml-4.9.4-cp36-cp36m-win_amd64.whl", hash = "sha256:6197c3f3c0b960ad033b9b7d611db11285bb461fc6b802c1dd50d04ad715c225"}, + {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:7b378847a09d6bd46047f5f3599cdc64fcb4cc5a5a2dd0a2af610361fbe77b16"}, + {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:1343df4e2e6e51182aad12162b23b0a4b3fd77f17527a78c53f0f23573663545"}, + {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:6dbdacf5752fbd78ccdb434698230c4f0f95df7dd956d5f205b5ed6911a1367c"}, + {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_28_x86_64.whl", hash = "sha256:506becdf2ecaebaf7f7995f776394fcc8bd8a78022772de66677c84fb02dd33d"}, + {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ca8e44b5ba3edb682ea4e6185b49661fc22b230cf811b9c13963c9f982d1d964"}, + {file = "lxml-4.9.4-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:9d9d5726474cbbef279fd709008f91a49c4f758bec9c062dfbba88eab00e3ff9"}, + {file = "lxml-4.9.4-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:bbdd69e20fe2943b51e2841fc1e6a3c1de460d630f65bde12452d8c97209464d"}, + {file = "lxml-4.9.4-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:8671622256a0859f5089cbe0ce4693c2af407bc053dcc99aadff7f5310b4aa02"}, + {file = "lxml-4.9.4-cp37-cp37m-win32.whl", hash = "sha256:dd4fda67f5faaef4f9ee5383435048ee3e11ad996901225ad7615bc92245bc8e"}, + {file = "lxml-4.9.4-cp37-cp37m-win_amd64.whl", hash = "sha256:6bee9c2e501d835f91460b2c904bc359f8433e96799f5c2ff20feebd9bb1e590"}, + {file = "lxml-4.9.4-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:1f10f250430a4caf84115b1e0f23f3615566ca2369d1962f82bef40dd99cd81a"}, + {file = "lxml-4.9.4-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:3b505f2bbff50d261176e67be24e8909e54b5d9d08b12d4946344066d66b3e43"}, + {file = "lxml-4.9.4-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:1449f9451cd53e0fd0a7ec2ff5ede4686add13ac7a7bfa6988ff6d75cff3ebe2"}, + {file = "lxml-4.9.4-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:4ece9cca4cd1c8ba889bfa67eae7f21d0d1a2e715b4d5045395113361e8c533d"}, + {file = "lxml-4.9.4-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:59bb5979f9941c61e907ee571732219fa4774d5a18f3fa5ff2df963f5dfaa6bc"}, + {file = "lxml-4.9.4-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:b1980dbcaad634fe78e710c8587383e6e3f61dbe146bcbfd13a9c8ab2d7b1192"}, + {file = "lxml-4.9.4-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:9ae6c3363261021144121427b1552b29e7b59de9d6a75bf51e03bc072efb3c37"}, + {file = "lxml-4.9.4-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:bcee502c649fa6351b44bb014b98c09cb00982a475a1912a9881ca28ab4f9cd9"}, + {file = "lxml-4.9.4-cp38-cp38-win32.whl", hash = "sha256:a8edae5253efa75c2fc79a90068fe540b197d1c7ab5803b800fccfe240eed33c"}, + {file = "lxml-4.9.4-cp38-cp38-win_amd64.whl", hash = "sha256:701847a7aaefef121c5c0d855b2affa5f9bd45196ef00266724a80e439220e46"}, + {file = "lxml-4.9.4-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:f610d980e3fccf4394ab3806de6065682982f3d27c12d4ce3ee46a8183d64a6a"}, + {file = "lxml-4.9.4-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:aa9b5abd07f71b081a33115d9758ef6077924082055005808f68feccb27616bd"}, + {file = "lxml-4.9.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:365005e8b0718ea6d64b374423e870648ab47c3a905356ab6e5a5ff03962b9a9"}, + {file = "lxml-4.9.4-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:16b9ec51cc2feab009e800f2c6327338d6ee4e752c76e95a35c4465e80390ccd"}, + {file = "lxml-4.9.4-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:a905affe76f1802edcac554e3ccf68188bea16546071d7583fb1b693f9cf756b"}, + {file = "lxml-4.9.4-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:fd814847901df6e8de13ce69b84c31fc9b3fb591224d6762d0b256d510cbf382"}, + {file = "lxml-4.9.4-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:91bbf398ac8bb7d65a5a52127407c05f75a18d7015a270fdd94bbcb04e65d573"}, + {file = "lxml-4.9.4-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:f99768232f036b4776ce419d3244a04fe83784bce871b16d2c2e984c7fcea847"}, + {file = "lxml-4.9.4-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:bb5bd6212eb0edfd1e8f254585290ea1dadc3687dd8fd5e2fd9a87c31915cdab"}, + {file = "lxml-4.9.4-cp39-cp39-win32.whl", hash = "sha256:88f7c383071981c74ec1998ba9b437659e4fd02a3c4a4d3efc16774eb108d0ec"}, + {file = "lxml-4.9.4-cp39-cp39-win_amd64.whl", hash = "sha256:936e8880cc00f839aa4173f94466a8406a96ddce814651075f95837316369899"}, + {file = "lxml-4.9.4-pp310-pypy310_pp73-macosx_11_0_x86_64.whl", hash = "sha256:f6c35b2f87c004270fa2e703b872fcc984d714d430b305145c39d53074e1ffe0"}, + {file = "lxml-4.9.4-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:606d445feeb0856c2b424405236a01c71af7c97e5fe42fbc778634faef2b47e4"}, + {file = "lxml-4.9.4-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:a1bdcbebd4e13446a14de4dd1825f1e778e099f17f79718b4aeaf2403624b0f7"}, + {file = "lxml-4.9.4-pp37-pypy37_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:0a08c89b23117049ba171bf51d2f9c5f3abf507d65d016d6e0fa2f37e18c0fc5"}, + {file = "lxml-4.9.4-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:232fd30903d3123be4c435fb5159938c6225ee8607b635a4d3fca847003134ba"}, + {file = "lxml-4.9.4-pp37-pypy37_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:231142459d32779b209aa4b4d460b175cadd604fed856f25c1571a9d78114771"}, + {file = "lxml-4.9.4-pp38-pypy38_pp73-macosx_11_0_x86_64.whl", hash = "sha256:520486f27f1d4ce9654154b4494cf9307b495527f3a2908ad4cb48e4f7ed7ef7"}, + {file = "lxml-4.9.4-pp38-pypy38_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:562778586949be7e0d7435fcb24aca4810913771f845d99145a6cee64d5b67ca"}, + {file = "lxml-4.9.4-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:a9e7c6d89c77bb2770c9491d988f26a4b161d05c8ca58f63fb1f1b6b9a74be45"}, + {file = "lxml-4.9.4-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:786d6b57026e7e04d184313c1359ac3d68002c33e4b1042ca58c362f1d09ff58"}, + {file = "lxml-4.9.4-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:95ae6c5a196e2f239150aa4a479967351df7f44800c93e5a975ec726fef005e2"}, + {file = "lxml-4.9.4-pp39-pypy39_pp73-macosx_11_0_x86_64.whl", hash = "sha256:9b556596c49fa1232b0fff4b0e69b9d4083a502e60e404b44341e2f8fb7187f5"}, + {file = "lxml-4.9.4-pp39-pypy39_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:cc02c06e9e320869d7d1bd323df6dd4281e78ac2e7f8526835d3d48c69060683"}, + {file = "lxml-4.9.4-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:857d6565f9aa3464764c2cb6a2e3c2e75e1970e877c188f4aeae45954a314e0c"}, + {file = "lxml-4.9.4-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:c42ae7e010d7d6bc51875d768110c10e8a59494855c3d4c348b068f5fb81fdcd"}, + {file = "lxml-4.9.4-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:f10250bb190fb0742e3e1958dd5c100524c2cc5096c67c8da51233f7448dc137"}, + {file = "lxml-4.9.4.tar.gz", hash = "sha256:b1541e50b78e15fa06a2670157a1962ef06591d4c998b998047fff5e3236880e"}, ] [package.extras] cssselect = ["cssselect (>=0.7)"] html5 = ["html5lib"] htmlsoup = ["BeautifulSoup4"] -source = ["Cython (>=0.29.35)"] +source = ["Cython (==0.29.37)"] + +[[package]] +name = "lxml" +version = "5.0.0" +description = "Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API." +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, != 3.4.*" +files = [ + {file = "lxml-5.0.0-cp27-cp27m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:73bfab795d354aaf2f4eb7a5b0db513031734fd371047342d5803834ce19ec18"}, + {file = "lxml-5.0.0-cp27-cp27m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:cb564bbe55ff0897d9cf1225041a44576d7ae87f06fd60163544c91de2623d3f"}, + {file = "lxml-5.0.0-cp27-cp27mu-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6a5501438dd521bb7e0dde5008c40c7bfcfaafaf86eccb3f9bd27509abb793da"}, + {file = "lxml-5.0.0-cp27-cp27mu-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:7ba26a7dc929a1b3487d51bbcb0099afed2fc06e891b82845c8f37a2d7d7fbbd"}, + {file = "lxml-5.0.0-cp310-cp310-macosx_11_0_x86_64.whl", hash = "sha256:9b59c429e1a2246da86ae237ffc3565efcdc71c281cd38ca8b44d5fb6a3b993a"}, + {file = "lxml-5.0.0-cp310-cp310-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:3ffa066db40b0347e48334bd4465de768e295a3525b9a59831228b5f4f93162d"}, + {file = "lxml-5.0.0-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:8ce8b468ab50f9e944719d1134709ec11fe0d2840891a6cae369e22141b1094c"}, + {file = "lxml-5.0.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:583c0e15ae06adc81035346ae2abb2e748f0b5197e7740d8af31222db41bbf7b"}, + {file = "lxml-5.0.0-cp310-cp310-manylinux_2_28_x86_64.whl", hash = "sha256:904d36165848b59c4e04ae5b969072e602bd987485076fca8ec42c6cd7a7aedc"}, + {file = "lxml-5.0.0-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:ac21aace6712472e77ea9dfc38329f53830c4259ece54c786107105ebb069053"}, + {file = "lxml-5.0.0-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:f92d73faa0b1a76d1932429d684b7ce95829e93c3eef3715ec9b98ab192c9d31"}, + {file = "lxml-5.0.0-cp310-cp310-win32.whl", hash = "sha256:03290e2f714f2e7431c8430c08b48167f657da7bc689c6248e828ff3c66d5b1b"}, + {file = "lxml-5.0.0-cp310-cp310-win_amd64.whl", hash = "sha256:3e6cbb68bf70081f036bfc018649cf4b46c4e7eaf7860a277cae92dee2a57f69"}, + {file = "lxml-5.0.0-cp311-cp311-macosx_11_0_universal2.whl", hash = "sha256:5382612ba2424cea5d2c89e2c29077023d8de88f8d60d5ceff5f76334516df9e"}, + {file = "lxml-5.0.0-cp311-cp311-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:07a900735bad9af7be3085480bf384f68ed5580ba465b39a098e6a882c060d6b"}, + {file = "lxml-5.0.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:980ba47c8db4b9d870014c7040edb230825b79017a6a27aa54cdb6fcc02d8cc0"}, + {file = "lxml-5.0.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:6507c58431dbd95b50654b3313c5ad54f90e54e5f2cdacf733de61eae478eec5"}, + {file = "lxml-5.0.0-cp311-cp311-manylinux_2_28_aarch64.whl", hash = "sha256:4a45a278518e4308865c1e9dbb2c42ce84fb154efb03adeb16fdae3c1687c7c9"}, + {file = "lxml-5.0.0-cp311-cp311-manylinux_2_28_x86_64.whl", hash = "sha256:59cea9ba1c675fbd6867ca1078fc717a113e7f5b7644943b74137b7cc55abebf"}, + {file = "lxml-5.0.0-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:dd39ef87fd1f7bb5c4aa53454936e6135cbfe03fe3744e8218be193f9e4fef16"}, + {file = "lxml-5.0.0-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e6bb39d91bf932e7520cb5718ae3c2f498052aca53294d5d59fdd9068fe1a7f2"}, + {file = "lxml-5.0.0-cp311-cp311-win32.whl", hash = "sha256:21af2c3862db6f4f486cddf73ec1157b40d5828876c47cd880edcbad8240ea1b"}, + {file = "lxml-5.0.0-cp311-cp311-win_amd64.whl", hash = "sha256:c1249aa4eaced30b59ecf8b8cae0b1ccede04583c74ca7d10b6f8bbead908b2c"}, + {file = "lxml-5.0.0-cp312-cp312-macosx_11_0_universal2.whl", hash = "sha256:f30e697b6215e759d0824768b2c5b0618d2dc19abe6c67eeed2b0460f52470d1"}, + {file = "lxml-5.0.0-cp312-cp312-manylinux_2_28_aarch64.whl", hash = "sha256:d1bb64646480c36a4aa1b6a44a5b6e33d0fcbeab9f53f1b39072cd3bb2c6243a"}, + {file = "lxml-5.0.0-cp312-cp312-manylinux_2_28_x86_64.whl", hash = "sha256:4e69c36c8618707a90ed3fb6f48a6cc9254ffcdbf7b259e439a5ae5fbf9c5206"}, + {file = "lxml-5.0.0-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:9ca498f8554a09fbc3a2f8fc4b23261e07bc27bef99b3df98e2570688033f6fc"}, + {file = "lxml-5.0.0-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:0326e9b8176ea77269fb39e7af4010906e73e9496a9f8eaf06d253b1b1231ceb"}, + {file = "lxml-5.0.0-cp312-cp312-win32.whl", hash = "sha256:5fb988e15378d6e905ca8f60813950a0c56da9469d0e8e5d8fe785b282684ec5"}, + {file = "lxml-5.0.0-cp312-cp312-win_amd64.whl", hash = "sha256:bb58e8f4b2cfe012cd312239b8d5139995fe8f5945c7c26d5fbbbb1ddb9acd47"}, + {file = "lxml-5.0.0-cp35-cp35m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:81509dffd8aba3bdb43e90cbd218c9c068a1f4047d97bc9546b3ac9e3a4ae81d"}, + {file = "lxml-5.0.0-cp35-cp35m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:e675a4b95208e74c34ac0751cc4bab9170e7728b61601fb0f4746892c2bb7e0b"}, + {file = "lxml-5.0.0-cp36-cp36m-macosx_11_0_x86_64.whl", hash = "sha256:405e3760f83a8ba3bdb6e622ec79595cdc20db916ce37377bbcb95b5711fa4ca"}, + {file = "lxml-5.0.0-cp36-cp36m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:f15844a1b93dcaa09c2b22e22a73384f3ae4502347c3881cfdd674e14ac04e21"}, + {file = "lxml-5.0.0-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:88f559f8beb6b90e41a7faae4aca4c8173a4819874a9bf8e74c8d7c1d51f3162"}, + {file = "lxml-5.0.0-cp36-cp36m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:e8c63f5c7d87e7044880b01851ac4e863c3349e6f6b6ab456fe218d9346e816d"}, + {file = "lxml-5.0.0-cp36-cp36m-manylinux_2_28_x86_64.whl", hash = "sha256:0d277d4717756fe8816f0beeff229cb72f9dd02a43b70e1d3f07c8efadfb9fe1"}, + {file = "lxml-5.0.0-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c8954da15403db1acfc0544b3c3f963a6ef4e428283ab6555e3e298bbbff1cf6"}, + {file = "lxml-5.0.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:aebd8fd378e074b22e79cad329dcccd243c40ff1cafaa512d19276c5bb9554e1"}, + {file = "lxml-5.0.0-cp36-cp36m-musllinux_1_1_aarch64.whl", hash = "sha256:b6d4e148edee59c2ad38af15810dbcb8b5d7b13e5de3509d8cf3edfe74c0adca"}, + {file = "lxml-5.0.0-cp36-cp36m-musllinux_1_1_x86_64.whl", hash = "sha256:70ab4e02f7aa5fb4131c8b222a111ce7676f3767e36084fba3a4e7338dc82dcd"}, + {file = "lxml-5.0.0-cp36-cp36m-win32.whl", hash = "sha256:de1a8b54170024cf1c0c2718c82412bca42cd82e390556e3d8031af9541b416f"}, + {file = "lxml-5.0.0-cp36-cp36m-win_amd64.whl", hash = "sha256:5b39f63edbe7e018c2ac1cf0259ee0dd2355274e8a3003d404699b040782e55e"}, + {file = "lxml-5.0.0-cp37-cp37m-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:77b73952534967a4497d9e4f26fbeebfba19950cbc66b7cc3a706214429d8106"}, + {file = "lxml-5.0.0-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:8cc0a951e5616ac626f7036309c41fb9774adcd4aa7db0886463da1ce5b65edb"}, + {file = "lxml-5.0.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:4b9d5b01900a760eb3acf6cef50aead4ef2fa79e7ddb927084244e41dfe37b65"}, + {file = "lxml-5.0.0-cp37-cp37m-manylinux_2_28_x86_64.whl", hash = "sha256:173bcead3af5d87c7bca9a030675073ddaad8e0a9f0b04be07cd9390453e7226"}, + {file = "lxml-5.0.0-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:44fa9afd632210f1eeda51cf284ed8dbab0c7ec8b008dd39ba02818e0e114e69"}, + {file = "lxml-5.0.0-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:fef10f27d6318d2d7c88680e113511ddecf09ee4f9559b3623b73ee89fa8f6cc"}, + {file = "lxml-5.0.0-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:3663542aee845129a981889c19b366beab0b1dadcf5ca164696aabfe1aa51667"}, + {file = "lxml-5.0.0-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:7188495c1bf71bfda87d78ed50601e72d252119ce11710d6e71ff36e35fea5a0"}, + {file = "lxml-5.0.0-cp37-cp37m-win32.whl", hash = "sha256:6a2de85deabf939b0af89e2e1ea46bfb1239545e2da6f8ac96522755a388025f"}, + {file = "lxml-5.0.0-cp37-cp37m-win_amd64.whl", hash = "sha256:ea56825c1e23c9c8ea385a191dac75f9160477057285b88c88736d9305e6118f"}, + {file = "lxml-5.0.0-cp38-cp38-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:3f908afd0477cace17f941d1b9cfa10b769fe1464770abe4cfb3d9f35378d0f8"}, + {file = "lxml-5.0.0-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:52a9ab31853d3808e7cf0183b3a5f7e8ffd622ea4aee1deb5252dbeaefd5b40d"}, + {file = "lxml-5.0.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:c7fe19abb3d3c55a9e65d289b12ad73b3a31a3f0bda3c539a890329ae9973bd6"}, + {file = "lxml-5.0.0-cp38-cp38-manylinux_2_28_x86_64.whl", hash = "sha256:1ef0793e1e2dd221fce7c142177008725680f7b9e4a184ab108d90d5d3ab69b7"}, + {file = "lxml-5.0.0-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:581a78f299a9f5448b2c3aea904bfcd17c59bf83016d221d7f93f83633bb2ab2"}, + {file = "lxml-5.0.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:affdd833f82334fdb10fc9a1c7b35cdb5a86d0b672b4e14dd542e1fe7bcea894"}, + {file = "lxml-5.0.0-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:6bba06d8982be0f0f6432d289a8d104417a0ab9ed04114446c4ceb6d4a40c65d"}, + {file = "lxml-5.0.0-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:80209b31dd3908bc5b014f540fd192c97ea52ab179713a730456c5baf7ce80c1"}, + {file = "lxml-5.0.0-cp38-cp38-win32.whl", hash = "sha256:dac2733fe4e159b0aae0439db6813b7b1d23ff96d0b34c0107b87faf79208c4e"}, + {file = "lxml-5.0.0-cp38-cp38-win_amd64.whl", hash = "sha256:ee60f33456ff34b2dd1d048a740a2572798356208e4c494301c931de3a0ab3a2"}, + {file = "lxml-5.0.0-cp39-cp39-macosx_11_0_x86_64.whl", hash = "sha256:5eff173f0ff408bfa578cbdafd35a7e0ca94d1a9ffe09a8a48e0572d0904d486"}, + {file = "lxml-5.0.0-cp39-cp39-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:78d6d8e5b54ed89dc0f0901eaaa579c384ad8d59fa43cc7fb06e9bb89115f8f4"}, + {file = "lxml-5.0.0-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.manylinux_2_24_aarch64.whl", hash = "sha256:71a7cee869578bc17b18050532bb2f0bc682a7b97dda77041741a1bd2febe6c7"}, + {file = "lxml-5.0.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:7df433d08d4587dc3932f7fcfc3194519a6824824104854e76441fd3bc000d29"}, + {file = "lxml-5.0.0-cp39-cp39-manylinux_2_28_x86_64.whl", hash = "sha256:793be9b4945c2dfd69828fb5948d7d9569b78e0599e4a2e88d92affeb0ff3aa3"}, + {file = "lxml-5.0.0-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:c7cfb6af73602c8d288581df8a225989d7e9d5aab0a174be0e19fcfa800b6797"}, + {file = "lxml-5.0.0-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.whl", hash = "sha256:bfdc4668ac56687a89ca3eca44231144a2e9d02ba3b877558db74ba20e2bd9fa"}, + {file = "lxml-5.0.0-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:2992591e2294bb07faf7f5f6d5cb60710c046404f4bfce09fb488b85d2a8f58f"}, + {file = "lxml-5.0.0-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:4786b0af7511ea614fd86407a52a7bc161aa5772d311d97df2591ed2351de768"}, + {file = "lxml-5.0.0-cp39-cp39-win32.whl", hash = "sha256:016de3b29a262655fc3d2075dc1b2611f84f4c3d97a71d579c883d45e201eee4"}, + {file = "lxml-5.0.0-cp39-cp39-win_amd64.whl", hash = "sha256:52c0acc2f29b0a204efc11a5ed911a74f50a25eb7d7d5069c2b1fd3b3346ce11"}, + {file = "lxml-5.0.0-pp310-pypy310_pp73-macosx_11_0_x86_64.whl", hash = "sha256:96095bfc0c02072fc89afa67626013a253596ea5118b8a7f4daaae049dafa096"}, + {file = "lxml-5.0.0-pp310-pypy310_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:992029258ed719f130d5a9c443d142c32843046f1263f2c492862b2a853be570"}, + {file = "lxml-5.0.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:db40e85cffd22f7d65dcce30e85af565a66401a6ed22fc0c56ed342cfa4ffc43"}, + {file = "lxml-5.0.0-pp38-pypy38_pp73-macosx_11_0_x86_64.whl", hash = "sha256:cfa8a4cdc3765574b7fd0c7cfa5fbd1e2108014c9dfd299c679e5152bea9a55e"}, + {file = "lxml-5.0.0-pp38-pypy38_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:049fef98d02513c34f5babd07569fc1cf1ed14c0f2fbff18fe72597f977ef3c2"}, + {file = "lxml-5.0.0-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:a85136d0ee18a41c91cc3e2844c683be0e72e6dda4cb58da9e15fcaef3726af7"}, + {file = "lxml-5.0.0-pp38-pypy38_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:766868f729f3ab84125350f1a0ea2594d8b1628a608a574542a5aff7355b9941"}, + {file = "lxml-5.0.0-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:99cad5c912f359e59e921689c04e54662cdd80835d80eeaa931e22612f515df7"}, + {file = "lxml-5.0.0-pp39-pypy39_pp73-macosx_11_0_x86_64.whl", hash = "sha256:c90c593aa8dd57d5dab0ef6d7d64af894008971d98e6a41b320fdd75258fbc6e"}, + {file = "lxml-5.0.0-pp39-pypy39_pp73-manylinux_2_12_i686.manylinux2010_i686.manylinux_2_24_i686.whl", hash = "sha256:8134d5441d1ed6a682e3de3d7a98717a328dce619ee9c4c8b3b91f0cb0eb3e28"}, + {file = "lxml-5.0.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.manylinux_2_24_x86_64.whl", hash = "sha256:f298ac9149037d6a3d5c74991bded39ac46292520b9c7c182cb102486cc87677"}, + {file = "lxml-5.0.0-pp39-pypy39_pp73-manylinux_2_28_x86_64.whl", hash = "sha256:894c5f71186b410679aaab5774543fcb9cbabe8893f0b31d11cf28a0740e80be"}, + {file = "lxml-5.0.0-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:9cd3d6c2c67d4fdcd795e4945e2ba5434909c96640b4cc09453bd0dc7e8e1bac"}, + {file = "lxml-5.0.0.zip", hash = "sha256:2219cbf790e701acf9a21a31ead75f983e73daf0eceb9da6990212e4d20ebefe"}, +] + +[package.extras] +cssselect = ["cssselect (>=0.7)"] +html5 = ["html5lib"] +htmlsoup = ["BeautifulSoup4"] +source = ["Cython (>=3.0.7)"] [[package]] name = "markdown-it-py" version = "3.0.0" description = "Python port of markdown-it. Markdown parsing, done right!" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -2252,7 +2263,6 @@ testing = ["coverage", "pytest", "pytest-cov", "pytest-regressions"] name = "markupsafe" version = "2.1.3" description = "Safely add untrusted strings to HTML/XML markup." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -2322,7 +2332,6 @@ files = [ name = "maxminddb" version = "2.5.1" description = "Reader for the MaxMind DB format" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -2383,7 +2392,6 @@ setuptools = ">=68.2.2" name = "mccabe" version = "0.7.0" description = "McCabe checker, plugin for flake8" -category = "dev" optional = false python-versions = ">=3.6" files = [ @@ -2395,7 +2403,6 @@ files = [ name = "mdurl" version = "0.1.2" description = "Markdown URL utilities" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -2407,7 +2414,6 @@ files = [ name = "msgpack" version = "1.0.7" description = "MessagePack serializer" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -2473,7 +2479,6 @@ files = [ name = "multidict" version = "6.0.4" description = "multidict implementation" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -2557,7 +2562,6 @@ files = [ name = "mypy-extensions" version = "1.0.0" description = "Type system extensions for programs checked with the mypy type checker." -category = "dev" optional = false python-versions = ">=3.5" files = [ @@ -2567,21 +2571,19 @@ files = [ [[package]] name = "netaddr" -version = "0.9.0" +version = "0.10.0" description = "A network address manipulation library for Python" -category = "dev" optional = false python-versions = "*" files = [ - {file = "netaddr-0.9.0-py3-none-any.whl", hash = "sha256:5148b1055679d2a1ec070c521b7db82137887fabd6d7e37f5199b44f775c3bb1"}, - {file = "netaddr-0.9.0.tar.gz", hash = "sha256:7b46fa9b1a2d71fd5de9e4a3784ef339700a53a08c8040f08baf5f1194da0128"}, + {file = "netaddr-0.10.0-py2.py3-none-any.whl", hash = "sha256:8752f96c8fc24162edbf5b73d3e464b5d88e62869917582daa37b2695b65afb4"}, + {file = "netaddr-0.10.0.tar.gz", hash = "sha256:4c30c54adf4ea4318b3c055ea3d8c7f6554a50aa2cd8aea4605a23caa0b0229e"}, ] [[package]] name = "oauthlib" version = "3.2.2" description = "A generic, spec-compliant, thorough implementation of the OAuth request-signing logic" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -2598,7 +2600,6 @@ signedtoken = ["cryptography (>=3.0.0)", "pyjwt (>=2.0.0,<3)"] name = "opencontainers" version = "0.0.14" description = "Python module for oci specifications" -category = "main" optional = false python-versions = "*" files = [ @@ -2609,7 +2610,6 @@ files = [ name = "outcome" version = "1.3.0.post0" description = "Capture the outcome of Python function calls." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -2624,7 +2624,6 @@ attrs = ">=19.2.0" name = "packaging" version = "23.2" description = "Core utilities for Python packages" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -2636,7 +2635,6 @@ files = [ name = "paramiko" version = "3.4.0" description = "SSH2 protocol library" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -2658,7 +2656,6 @@ invoke = ["invoke (>=2.0)"] name = "pathspec" version = "0.12.1" description = "Utility library for gitignore style pattern matching of file paths." -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -2670,7 +2667,6 @@ files = [ name = "pbr" version = "6.0.0" description = "Python Build Reasonableness" -category = "dev" optional = false python-versions = ">=2.6" files = [ @@ -2680,14 +2676,13 @@ files = [ [[package]] name = "pdoc" -version = "14.2.0" +version = "14.3.0" description = "API Documentation for Python Projects" -category = "dev" optional = false python-versions = ">=3.8" files = [ - {file = "pdoc-14.2.0-py3-none-any.whl", hash = "sha256:c9c0aa79090dcdcdb0a6c7e367cb0e241e891a836348ef741a8847397dcf98cc"}, - {file = "pdoc-14.2.0.tar.gz", hash = "sha256:a6fac864b2690391e89cb16b280603646eddaa5a2a3057c2973261b9a398416e"}, + {file = "pdoc-14.3.0-py3-none-any.whl", hash = "sha256:9a8f9a48bda5a99c249367c2b99779dbdd9f4a56f905068c9c2d6868dbae6882"}, + {file = "pdoc-14.3.0.tar.gz", hash = "sha256:40bf8f092fcd91560d5e6cebb7c21b65df699f90a468c8ea316235c3368d5449"}, ] [package.dependencies] @@ -2702,7 +2697,6 @@ dev = ["hypothesis", "mypy", "pdoc-pyo3-sample-library (==1.0.11)", "pygments (> name = "platformdirs" version = "4.1.0" description = "A small Python package for determining appropriate platform-specific dirs, e.g. a \"user data dir\"." -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -2718,7 +2712,6 @@ test = ["appdirs (==1.4.4)", "covdefaults (>=2.3)", "pytest (>=7.4)", "pytest-co name = "pluggy" version = "1.3.0" description = "plugin and hook calling mechanisms for python" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -2734,7 +2727,6 @@ testing = ["pytest", "pytest-benchmark"] name = "prometheus-client" version = "0.19.0" description = "Python client for the Prometheus monitoring system." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -2749,7 +2741,6 @@ twisted = ["twisted"] name = "prompt-toolkit" version = "3.0.43" description = "Library for building powerful interactive command lines in Python" -category = "main" optional = false python-versions = ">=3.7.0" files = [ @@ -2762,45 +2753,42 @@ wcwidth = "*" [[package]] name = "psycopg" -version = "3.1.15" +version = "3.1.16" description = "PostgreSQL database adapter for Python" -category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "psycopg-3.1.15-py3-none-any.whl", hash = "sha256:a6c03e508be0e42facb1e8581156fdc2904322fe8077ba4f298f5f0a947cb8e0"}, - {file = "psycopg-3.1.15.tar.gz", hash = "sha256:1b8e3e8d1612ea289a2684a5bf0c1f9a209549b222b6958377ce970a6e10b80c"}, + {file = "psycopg-3.1.16-py3-none-any.whl", hash = "sha256:0bfe9741f4fb1c8115cadd8fe832fa91ac277e81e0652ff7fa1400f0ef0f59ba"}, + {file = "psycopg-3.1.16.tar.gz", hash = "sha256:a34d922fd7df3134595e71c3428ba6f1bd5f4968db74857fe95de12db2d6b763"}, ] [package.dependencies] -psycopg-c = {version = "3.1.15", optional = true, markers = "implementation_name != \"pypy\" and extra == \"c\""} +psycopg-c = {version = "3.1.16", optional = true, markers = "implementation_name != \"pypy\" and extra == \"c\""} typing-extensions = ">=4.1" tzdata = {version = "*", markers = "sys_platform == \"win32\""} [package.extras] -binary = ["psycopg-binary (==3.1.15)"] -c = ["psycopg-c (==3.1.15)"] -dev = ["black (>=23.1.0)", "dnspython (>=2.1)", "flake8 (>=4.0)", "mypy (>=1.4.1)", "types-setuptools (>=57.4)", "wheel (>=0.37)"] +binary = ["psycopg-binary (==3.1.16)"] +c = ["psycopg-c (==3.1.16)"] +dev = ["black (>=23.1.0)", "codespell (>=2.2)", "dnspython (>=2.1)", "flake8 (>=4.0)", "mypy (>=1.4.1)", "types-setuptools (>=57.4)", "wheel (>=0.37)"] docs = ["Sphinx (>=5.0)", "furo (==2022.6.21)", "sphinx-autobuild (>=2021.3.14)", "sphinx-autodoc-typehints (>=1.12)"] pool = ["psycopg-pool"] test = ["anyio (>=3.6.2,<4.0)", "mypy (>=1.4.1)", "pproxy (>=2.7)", "pytest (>=6.2.5)", "pytest-cov (>=3.0)", "pytest-randomly (>=3.5)"] [[package]] name = "psycopg-c" -version = "3.1.15" +version = "3.1.16" description = "PostgreSQL database adapter for Python -- C optimisation distribution" -category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "psycopg-c-3.1.15.tar.gz", hash = "sha256:7f1513e8fb494f54be83ec02b4f1c91c729b72510c192434c563c1d95bdc74b7"}, + {file = "psycopg-c-3.1.16.tar.gz", hash = "sha256:24f9805e0c20742c72c7be1412e3a600de0980104ff1a264a49333996e6adba3"}, ] [[package]] name = "pyasn1" version = "0.5.1" description = "Pure-Python implementation of ASN.1 types and DER/BER/CER codecs (X.208)" -category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" files = [ @@ -2812,7 +2800,6 @@ files = [ name = "pyasn1-modules" version = "0.3.0" description = "A collection of ASN.1-based protocols modules" -category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,>=2.7" files = [ @@ -2827,7 +2814,6 @@ pyasn1 = ">=0.4.6,<0.6.0" name = "pycodestyle" version = "2.11.1" description = "Python style guide checker" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -2839,7 +2825,6 @@ files = [ name = "pycparser" version = "2.21" description = "C parser in Python" -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" files = [ @@ -2849,62 +2834,60 @@ files = [ [[package]] name = "pycryptodome" -version = "3.19.0" +version = "3.19.1" description = "Cryptographic library for Python" -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" files = [ - {file = "pycryptodome-3.19.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:3006c44c4946583b6de24fe0632091c2653d6256b99a02a3db71ca06472ea1e4"}, - {file = "pycryptodome-3.19.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:7c760c8a0479a4042111a8dd2f067d3ae4573da286c53f13cf6f5c53a5c1f631"}, - {file = "pycryptodome-3.19.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:08ce3558af5106c632baf6d331d261f02367a6bc3733086ae43c0f988fe042db"}, - {file = "pycryptodome-3.19.0-cp27-cp27m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:45430dfaf1f421cf462c0dd824984378bef32b22669f2635cb809357dbaab405"}, - {file = "pycryptodome-3.19.0-cp27-cp27m-musllinux_1_1_aarch64.whl", hash = "sha256:a9bcd5f3794879e91970f2bbd7d899780541d3ff439d8f2112441769c9f2ccea"}, - {file = "pycryptodome-3.19.0-cp27-cp27m-win32.whl", hash = "sha256:190c53f51e988dceb60472baddce3f289fa52b0ec38fbe5fd20dd1d0f795c551"}, - {file = "pycryptodome-3.19.0-cp27-cp27m-win_amd64.whl", hash = "sha256:22e0ae7c3a7f87dcdcf302db06ab76f20e83f09a6993c160b248d58274473bfa"}, - {file = "pycryptodome-3.19.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:7822f36d683f9ad7bc2145b2c2045014afdbbd1d9922a6d4ce1cbd6add79a01e"}, - {file = "pycryptodome-3.19.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:05e33267394aad6db6595c0ce9d427fe21552f5425e116a925455e099fdf759a"}, - {file = "pycryptodome-3.19.0-cp27-cp27mu-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:829b813b8ee00d9c8aba417621b94bc0b5efd18c928923802ad5ba4cf1ec709c"}, - {file = "pycryptodome-3.19.0-cp27-cp27mu-musllinux_1_1_aarch64.whl", hash = "sha256:fc7a79590e2b5d08530175823a242de6790abc73638cc6dc9d2684e7be2f5e49"}, - {file = "pycryptodome-3.19.0-cp35-abi3-macosx_10_9_universal2.whl", hash = "sha256:542f99d5026ac5f0ef391ba0602f3d11beef8e65aae135fa5b762f5ebd9d3bfb"}, - {file = "pycryptodome-3.19.0-cp35-abi3-macosx_10_9_x86_64.whl", hash = "sha256:61bb3ccbf4bf32ad9af32da8badc24e888ae5231c617947e0f5401077f8b091f"}, - {file = "pycryptodome-3.19.0-cp35-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d49a6c715d8cceffedabb6adb7e0cbf41ae1a2ff4adaeec9432074a80627dea1"}, - {file = "pycryptodome-3.19.0-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e249a784cc98a29c77cea9df54284a44b40cafbfae57636dd2f8775b48af2434"}, - {file = "pycryptodome-3.19.0-cp35-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d033947e7fd3e2ba9a031cb2d267251620964705a013c5a461fa5233cc025270"}, - {file = "pycryptodome-3.19.0-cp35-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:84c3e4fffad0c4988aef0d5591be3cad4e10aa7db264c65fadbc633318d20bde"}, - {file = "pycryptodome-3.19.0-cp35-abi3-musllinux_1_1_i686.whl", hash = "sha256:139ae2c6161b9dd5d829c9645d781509a810ef50ea8b657e2257c25ca20efe33"}, - {file = "pycryptodome-3.19.0-cp35-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:5b1986c761258a5b4332a7f94a83f631c1ffca8747d75ab8395bf2e1b93283d9"}, - {file = "pycryptodome-3.19.0-cp35-abi3-win32.whl", hash = "sha256:536f676963662603f1f2e6ab01080c54d8cd20f34ec333dcb195306fa7826997"}, - {file = "pycryptodome-3.19.0-cp35-abi3-win_amd64.whl", hash = "sha256:04dd31d3b33a6b22ac4d432b3274588917dcf850cc0c51c84eca1d8ed6933810"}, - {file = "pycryptodome-3.19.0-pp27-pypy_73-manylinux2010_x86_64.whl", hash = "sha256:8999316e57abcbd8085c91bc0ef75292c8618f41ca6d2b6132250a863a77d1e7"}, - {file = "pycryptodome-3.19.0-pp27-pypy_73-win32.whl", hash = "sha256:a0ab84755f4539db086db9ba9e9f3868d2e3610a3948cbd2a55e332ad83b01b0"}, - {file = "pycryptodome-3.19.0-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:0101f647d11a1aae5a8ce4f5fad6644ae1b22bb65d05accc7d322943c69a74a6"}, - {file = "pycryptodome-3.19.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8c1601e04d32087591d78e0b81e1e520e57a92796089864b20e5f18c9564b3fa"}, - {file = "pycryptodome-3.19.0-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:506c686a1eee6c00df70010be3b8e9e78f406af4f21b23162bbb6e9bdf5427bc"}, - {file = "pycryptodome-3.19.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:7919ccd096584b911f2a303c593280869ce1af9bf5d36214511f5e5a1bed8c34"}, - {file = "pycryptodome-3.19.0-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:560591c0777f74a5da86718f70dfc8d781734cf559773b64072bbdda44b3fc3e"}, - {file = "pycryptodome-3.19.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c1cc2f2ae451a676def1a73c1ae9120cd31af25db3f381893d45f75e77be2400"}, - {file = "pycryptodome-3.19.0-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:17940dcf274fcae4a54ec6117a9ecfe52907ed5e2e438fe712fe7ca502672ed5"}, - {file = "pycryptodome-3.19.0-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:d04f5f623a280fbd0ab1c1d8ecbd753193ab7154f09b6161b0f857a1a676c15f"}, - {file = "pycryptodome-3.19.0.tar.gz", hash = "sha256:bc35d463222cdb4dbebd35e0784155c81e161b9284e567e7e933d722e533331e"}, + {file = "pycryptodome-3.19.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:694020d2ff985cd714381b9da949a21028c24b86f562526186f6af7c7547e986"}, + {file = "pycryptodome-3.19.1-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:4464b0e8fd5508bff9baf18e6fd4c6548b1ac2ce9862d6965ff6a84ec9cb302a"}, + {file = "pycryptodome-3.19.1-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:420972f9c62978e852c74055d81c354079ce3c3a2213a92c9d7e37bbc63a26e2"}, + {file = "pycryptodome-3.19.1-cp27-cp27m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c1bc0c49d986a1491d66d2a56570f12e960b12508b7e71f2423f532e28857f36"}, + {file = "pycryptodome-3.19.1-cp27-cp27m-musllinux_1_1_aarch64.whl", hash = "sha256:e038ab77fec0956d7aa989a3c647652937fc142ef41c9382c2ebd13c127d5b4a"}, + {file = "pycryptodome-3.19.1-cp27-cp27m-win32.whl", hash = "sha256:a991f8ffe8dfe708f86690948ae46442eebdd0fff07dc1b605987939a34ec979"}, + {file = "pycryptodome-3.19.1-cp27-cp27m-win_amd64.whl", hash = "sha256:2c16426ef49d9cba018be2340ea986837e1dfa25c2ea181787971654dd49aadd"}, + {file = "pycryptodome-3.19.1-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:6d0d2b97758ebf2f36c39060520447c26455acb3bcff309c28b1c816173a6ff5"}, + {file = "pycryptodome-3.19.1-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:b8b80ff92049fd042177282917d994d344365ab7e8ec2bc03e853d93d2401786"}, + {file = "pycryptodome-3.19.1-cp27-cp27mu-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:cd4e7e8bf0fc1ada854688b9b309ee607e2aa85a8b44180f91021a4dd330a928"}, + {file = "pycryptodome-3.19.1-cp27-cp27mu-musllinux_1_1_aarch64.whl", hash = "sha256:8cf5d3d6cf921fa81acd1f632f6cedcc03f5f68fc50c364cd39490ba01d17c49"}, + {file = "pycryptodome-3.19.1-cp35-abi3-macosx_10_9_universal2.whl", hash = "sha256:67939a3adbe637281c611596e44500ff309d547e932c449337649921b17b6297"}, + {file = "pycryptodome-3.19.1-cp35-abi3-macosx_10_9_x86_64.whl", hash = "sha256:11ddf6c9b52116b62223b6a9f4741bc4f62bb265392a4463282f7f34bb287180"}, + {file = "pycryptodome-3.19.1-cp35-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e3e6f89480616781d2a7f981472d0cdb09b9da9e8196f43c1234eff45c915766"}, + {file = "pycryptodome-3.19.1-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:27e1efcb68993b7ce5d1d047a46a601d41281bba9f1971e6be4aa27c69ab8065"}, + {file = "pycryptodome-3.19.1-cp35-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:1c6273ca5a03b672e504995529b8bae56da0ebb691d8ef141c4aa68f60765700"}, + {file = "pycryptodome-3.19.1-cp35-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:b0bfe61506795877ff974f994397f0c862d037f6f1c0bfc3572195fc00833b96"}, + {file = "pycryptodome-3.19.1-cp35-abi3-musllinux_1_1_i686.whl", hash = "sha256:f34976c5c8eb79e14c7d970fb097482835be8d410a4220f86260695ede4c3e17"}, + {file = "pycryptodome-3.19.1-cp35-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:7c9e222d0976f68d0cf6409cfea896676ddc1d98485d601e9508f90f60e2b0a2"}, + {file = "pycryptodome-3.19.1-cp35-abi3-win32.whl", hash = "sha256:4805e053571140cb37cf153b5c72cd324bb1e3e837cbe590a19f69b6cf85fd03"}, + {file = "pycryptodome-3.19.1-cp35-abi3-win_amd64.whl", hash = "sha256:a470237ee71a1efd63f9becebc0ad84b88ec28e6784a2047684b693f458f41b7"}, + {file = "pycryptodome-3.19.1-pp27-pypy_73-manylinux2010_x86_64.whl", hash = "sha256:ed932eb6c2b1c4391e166e1a562c9d2f020bfff44a0e1b108f67af38b390ea89"}, + {file = "pycryptodome-3.19.1-pp27-pypy_73-win32.whl", hash = "sha256:81e9d23c0316fc1b45d984a44881b220062336bbdc340aa9218e8d0656587934"}, + {file = "pycryptodome-3.19.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:37e531bf896b70fe302f003d3be5a0a8697737a8d177967da7e23eff60d6483c"}, + {file = "pycryptodome-3.19.1-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cd4e95b0eb4b28251c825fe7aa941fe077f993e5ca9b855665935b86fbb1cc08"}, + {file = "pycryptodome-3.19.1-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c22c80246c3c880c6950d2a8addf156cee74ec0dc5757d01e8e7067a3c7da015"}, + {file = "pycryptodome-3.19.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:e70f5c839c7798743a948efa2a65d1fe96bb397fe6d7f2bde93d869fe4f0ad69"}, + {file = "pycryptodome-3.19.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:6c3df3613592ea6afaec900fd7189d23c8c28b75b550254f4bd33fe94acb84b9"}, + {file = "pycryptodome-3.19.1-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:08b445799d571041765e7d5c9ca09c5d3866c2f22eeb0dd4394a4169285184f4"}, + {file = "pycryptodome-3.19.1-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:954d156cd50130afd53f8d77f830fe6d5801bd23e97a69d358fed068f433fbfe"}, + {file = "pycryptodome-3.19.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:b7efd46b0b4ac869046e814d83244aeab14ef787f4850644119b1c8b0ec2d637"}, + {file = "pycryptodome-3.19.1.tar.gz", hash = "sha256:8ae0dd1bcfada451c35f9e29a3e5db385caabc190f98e4a80ad02a61098fb776"}, ] [[package]] name = "pydantic" -version = "2.5.2" +version = "2.5.3" description = "Data validation using Python type hints" -category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "pydantic-2.5.2-py3-none-any.whl", hash = "sha256:80c50fb8e3dcecfddae1adbcc00ec5822918490c99ab31f6cf6140ca1c1429f0"}, - {file = "pydantic-2.5.2.tar.gz", hash = "sha256:ff177ba64c6faf73d7afa2e8cad38fd456c0dbe01c9954e71038001cd15a6edd"}, + {file = "pydantic-2.5.3-py3-none-any.whl", hash = "sha256:d0caf5954bee831b6bfe7e338c32b9e30c85dfe080c843680783ac2b631673b4"}, + {file = "pydantic-2.5.3.tar.gz", hash = "sha256:b3ef57c62535b0941697cce638c08900d87fcb67e29cfa99e8a68f747f393f7a"}, ] [package.dependencies] annotated-types = ">=0.4.0" email-validator = {version = ">=2.0.0", optional = true, markers = "extra == \"email\""} -pydantic-core = "2.14.5" +pydantic-core = "2.14.6" typing-extensions = ">=4.6.1" [package.extras] @@ -2912,117 +2895,116 @@ email = ["email-validator (>=2.0.0)"] [[package]] name = "pydantic-core" -version = "2.14.5" +version = "2.14.6" description = "" -category = "main" optional = false python-versions = ">=3.7" files = [ - {file = "pydantic_core-2.14.5-cp310-cp310-macosx_10_7_x86_64.whl", hash = "sha256:7e88f5696153dc516ba6e79f82cc4747e87027205f0e02390c21f7cb3bd8abfd"}, - {file = "pydantic_core-2.14.5-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:4641e8ad4efb697f38a9b64ca0523b557c7931c5f84e0fd377a9a3b05121f0de"}, - {file = "pydantic_core-2.14.5-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:774de879d212db5ce02dfbf5b0da9a0ea386aeba12b0b95674a4ce0593df3d07"}, - {file = "pydantic_core-2.14.5-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:ebb4e035e28f49b6f1a7032920bb9a0c064aedbbabe52c543343d39341a5b2a3"}, - {file = "pydantic_core-2.14.5-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b53e9ad053cd064f7e473a5f29b37fc4cc9dc6d35f341e6afc0155ea257fc911"}, - {file = "pydantic_core-2.14.5-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8aa1768c151cf562a9992462239dfc356b3d1037cc5a3ac829bb7f3bda7cc1f9"}, - {file = "pydantic_core-2.14.5-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eac5c82fc632c599f4639a5886f96867ffced74458c7db61bc9a66ccb8ee3113"}, - {file = "pydantic_core-2.14.5-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d2ae91f50ccc5810b2f1b6b858257c9ad2e08da70bf890dee02de1775a387c66"}, - {file = "pydantic_core-2.14.5-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:6b9ff467ffbab9110e80e8c8de3bcfce8e8b0fd5661ac44a09ae5901668ba997"}, - {file = "pydantic_core-2.14.5-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:61ea96a78378e3bd5a0be99b0e5ed00057b71f66115f5404d0dae4819f495093"}, - {file = "pydantic_core-2.14.5-cp310-none-win32.whl", hash = "sha256:bb4c2eda937a5e74c38a41b33d8c77220380a388d689bcdb9b187cf6224c9720"}, - {file = "pydantic_core-2.14.5-cp310-none-win_amd64.whl", hash = "sha256:b7851992faf25eac90bfcb7bfd19e1f5ffa00afd57daec8a0042e63c74a4551b"}, - {file = "pydantic_core-2.14.5-cp311-cp311-macosx_10_7_x86_64.whl", hash = "sha256:4e40f2bd0d57dac3feb3a3aed50f17d83436c9e6b09b16af271b6230a2915459"}, - {file = "pydantic_core-2.14.5-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ab1cdb0f14dc161ebc268c09db04d2c9e6f70027f3b42446fa11c153521c0e88"}, - {file = "pydantic_core-2.14.5-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:aae7ea3a1c5bb40c93cad361b3e869b180ac174656120c42b9fadebf685d121b"}, - {file = "pydantic_core-2.14.5-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:60b7607753ba62cf0739177913b858140f11b8af72f22860c28eabb2f0a61937"}, - {file = "pydantic_core-2.14.5-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2248485b0322c75aee7565d95ad0e16f1c67403a470d02f94da7344184be770f"}, - {file = "pydantic_core-2.14.5-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:823fcc638f67035137a5cd3f1584a4542d35a951c3cc68c6ead1df7dac825c26"}, - {file = "pydantic_core-2.14.5-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:96581cfefa9123accc465a5fd0cc833ac4d75d55cc30b633b402e00e7ced00a6"}, - {file = "pydantic_core-2.14.5-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a33324437018bf6ba1bb0f921788788641439e0ed654b233285b9c69704c27b4"}, - {file = "pydantic_core-2.14.5-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:9bd18fee0923ca10f9a3ff67d4851c9d3e22b7bc63d1eddc12f439f436f2aada"}, - {file = "pydantic_core-2.14.5-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:853a2295c00f1d4429db4c0fb9475958543ee80cfd310814b5c0ef502de24dda"}, - {file = "pydantic_core-2.14.5-cp311-none-win32.whl", hash = "sha256:cb774298da62aea5c80a89bd58c40205ab4c2abf4834453b5de207d59d2e1651"}, - {file = "pydantic_core-2.14.5-cp311-none-win_amd64.whl", hash = "sha256:e87fc540c6cac7f29ede02e0f989d4233f88ad439c5cdee56f693cc9c1c78077"}, - {file = "pydantic_core-2.14.5-cp311-none-win_arm64.whl", hash = "sha256:57d52fa717ff445cb0a5ab5237db502e6be50809b43a596fb569630c665abddf"}, - {file = "pydantic_core-2.14.5-cp312-cp312-macosx_10_7_x86_64.whl", hash = "sha256:e60f112ac88db9261ad3a52032ea46388378034f3279c643499edb982536a093"}, - {file = "pydantic_core-2.14.5-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:6e227c40c02fd873c2a73a98c1280c10315cbebe26734c196ef4514776120aeb"}, - {file = "pydantic_core-2.14.5-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f0cbc7fff06a90bbd875cc201f94ef0ee3929dfbd5c55a06674b60857b8b85ed"}, - {file = "pydantic_core-2.14.5-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:103ef8d5b58596a731b690112819501ba1db7a36f4ee99f7892c40da02c3e189"}, - {file = "pydantic_core-2.14.5-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:c949f04ecad823f81b1ba94e7d189d9dfb81edbb94ed3f8acfce41e682e48cef"}, - {file = "pydantic_core-2.14.5-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:c1452a1acdf914d194159439eb21e56b89aa903f2e1c65c60b9d874f9b950e5d"}, - {file = "pydantic_core-2.14.5-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cb4679d4c2b089e5ef89756bc73e1926745e995d76e11925e3e96a76d5fa51fc"}, - {file = "pydantic_core-2.14.5-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:cf9d3fe53b1ee360e2421be95e62ca9b3296bf3f2fb2d3b83ca49ad3f925835e"}, - {file = "pydantic_core-2.14.5-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:70f4b4851dbb500129681d04cc955be2a90b2248d69273a787dda120d5cf1f69"}, - {file = "pydantic_core-2.14.5-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:59986de5710ad9613ff61dd9b02bdd2f615f1a7052304b79cc8fa2eb4e336d2d"}, - {file = "pydantic_core-2.14.5-cp312-none-win32.whl", hash = "sha256:699156034181e2ce106c89ddb4b6504c30db8caa86e0c30de47b3e0654543260"}, - {file = "pydantic_core-2.14.5-cp312-none-win_amd64.whl", hash = "sha256:5baab5455c7a538ac7e8bf1feec4278a66436197592a9bed538160a2e7d11e36"}, - {file = "pydantic_core-2.14.5-cp312-none-win_arm64.whl", hash = "sha256:e47e9a08bcc04d20975b6434cc50bf82665fbc751bcce739d04a3120428f3e27"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-macosx_10_7_x86_64.whl", hash = "sha256:af36f36538418f3806048f3b242a1777e2540ff9efaa667c27da63d2749dbce0"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-macosx_11_0_arm64.whl", hash = "sha256:45e95333b8418ded64745f14574aa9bfc212cb4fbeed7a687b0c6e53b5e188cd"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4e47a76848f92529879ecfc417ff88a2806438f57be4a6a8bf2961e8f9ca9ec7"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d81e6987b27bc7d101c8597e1cd2bcaa2fee5e8e0f356735c7ed34368c471550"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:34708cc82c330e303f4ce87758828ef6e457681b58ce0e921b6e97937dd1e2a3"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:652c1988019752138b974c28f43751528116bcceadad85f33a258869e641d753"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6e4d090e73e0725b2904fdbdd8d73b8802ddd691ef9254577b708d413bf3006e"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:5c7d5b5005f177764e96bd584d7bf28d6e26e96f2a541fdddb934c486e36fd59"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:a71891847f0a73b1b9eb86d089baee301477abef45f7eaf303495cd1473613e4"}, - {file = "pydantic_core-2.14.5-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:a717aef6971208f0851a2420b075338e33083111d92041157bbe0e2713b37325"}, - {file = "pydantic_core-2.14.5-cp37-none-win32.whl", hash = "sha256:de790a3b5aa2124b8b78ae5faa033937a72da8efe74b9231698b5a1dd9be3405"}, - {file = "pydantic_core-2.14.5-cp37-none-win_amd64.whl", hash = "sha256:6c327e9cd849b564b234da821236e6bcbe4f359a42ee05050dc79d8ed2a91588"}, - {file = "pydantic_core-2.14.5-cp38-cp38-macosx_10_7_x86_64.whl", hash = "sha256:ef98ca7d5995a82f43ec0ab39c4caf6a9b994cb0b53648ff61716370eadc43cf"}, - {file = "pydantic_core-2.14.5-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:c6eae413494a1c3f89055da7a5515f32e05ebc1a234c27674a6956755fb2236f"}, - {file = "pydantic_core-2.14.5-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:dcf4e6d85614f7a4956c2de5a56531f44efb973d2fe4a444d7251df5d5c4dcfd"}, - {file = "pydantic_core-2.14.5-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:6637560562134b0e17de333d18e69e312e0458ee4455bdad12c37100b7cad706"}, - {file = "pydantic_core-2.14.5-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:77fa384d8e118b3077cccfcaf91bf83c31fe4dc850b5e6ee3dc14dc3d61bdba1"}, - {file = "pydantic_core-2.14.5-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:16e29bad40bcf97aac682a58861249ca9dcc57c3f6be22f506501833ddb8939c"}, - {file = "pydantic_core-2.14.5-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:531f4b4252fac6ca476fbe0e6f60f16f5b65d3e6b583bc4d87645e4e5ddde331"}, - {file = "pydantic_core-2.14.5-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:074f3d86f081ce61414d2dc44901f4f83617329c6f3ab49d2bc6c96948b2c26b"}, - {file = "pydantic_core-2.14.5-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:c2adbe22ab4babbca99c75c5d07aaf74f43c3195384ec07ccbd2f9e3bddaecec"}, - {file = "pydantic_core-2.14.5-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:0f6116a558fd06d1b7c2902d1c4cf64a5bd49d67c3540e61eccca93f41418124"}, - {file = "pydantic_core-2.14.5-cp38-none-win32.whl", hash = "sha256:fe0a5a1025eb797752136ac8b4fa21aa891e3d74fd340f864ff982d649691867"}, - {file = "pydantic_core-2.14.5-cp38-none-win_amd64.whl", hash = "sha256:079206491c435b60778cf2b0ee5fd645e61ffd6e70c47806c9ed51fc75af078d"}, - {file = "pydantic_core-2.14.5-cp39-cp39-macosx_10_7_x86_64.whl", hash = "sha256:a6a16f4a527aae4f49c875da3cdc9508ac7eef26e7977952608610104244e1b7"}, - {file = "pydantic_core-2.14.5-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:abf058be9517dc877227ec3223f0300034bd0e9f53aebd63cf4456c8cb1e0863"}, - {file = "pydantic_core-2.14.5-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:49b08aae5013640a3bfa25a8eebbd95638ec3f4b2eaf6ed82cf0c7047133f03b"}, - {file = "pydantic_core-2.14.5-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:c2d97e906b4ff36eb464d52a3bc7d720bd6261f64bc4bcdbcd2c557c02081ed2"}, - {file = "pydantic_core-2.14.5-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3128e0bbc8c091ec4375a1828d6118bc20404883169ac95ffa8d983b293611e6"}, - {file = "pydantic_core-2.14.5-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:88e74ab0cdd84ad0614e2750f903bb0d610cc8af2cc17f72c28163acfcf372a4"}, - {file = "pydantic_core-2.14.5-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c339dabd8ee15f8259ee0f202679b6324926e5bc9e9a40bf981ce77c038553db"}, - {file = "pydantic_core-2.14.5-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:3387277f1bf659caf1724e1afe8ee7dbc9952a82d90f858ebb931880216ea955"}, - {file = "pydantic_core-2.14.5-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:ba6b6b3846cfc10fdb4c971980a954e49d447cd215ed5a77ec8190bc93dd7bc5"}, - {file = "pydantic_core-2.14.5-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:ca61d858e4107ce5e1330a74724fe757fc7135190eb5ce5c9d0191729f033209"}, - {file = "pydantic_core-2.14.5-cp39-none-win32.whl", hash = "sha256:ec1e72d6412f7126eb7b2e3bfca42b15e6e389e1bc88ea0069d0cc1742f477c6"}, - {file = "pydantic_core-2.14.5-cp39-none-win_amd64.whl", hash = "sha256:c0b97ec434041827935044bbbe52b03d6018c2897349670ff8fe11ed24d1d4ab"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-macosx_10_7_x86_64.whl", hash = "sha256:79e0a2cdbdc7af3f4aee3210b1172ab53d7ddb6a2d8c24119b5706e622b346d0"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:678265f7b14e138d9a541ddabbe033012a2953315739f8cfa6d754cc8063e8ca"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:95b15e855ae44f0c6341ceb74df61b606e11f1087e87dcb7482377374aac6abe"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:09b0e985fbaf13e6b06a56d21694d12ebca6ce5414b9211edf6f17738d82b0f8"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:3ad873900297bb36e4b6b3f7029d88ff9829ecdc15d5cf20161775ce12306f8a"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:2d0ae0d8670164e10accbeb31d5ad45adb71292032d0fdb9079912907f0085f4"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:d37f8ec982ead9ba0a22a996129594938138a1503237b87318392a48882d50b7"}, - {file = "pydantic_core-2.14.5-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:35613015f0ba7e14c29ac6c2483a657ec740e5ac5758d993fdd5870b07a61d8b"}, - {file = "pydantic_core-2.14.5-pp37-pypy37_pp73-macosx_10_7_x86_64.whl", hash = "sha256:ab4ea451082e684198636565224bbb179575efc1658c48281b2c866bfd4ddf04"}, - {file = "pydantic_core-2.14.5-pp37-pypy37_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:4ce601907e99ea5b4adb807ded3570ea62186b17f88e271569144e8cca4409c7"}, - {file = "pydantic_core-2.14.5-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fb2ed8b3fe4bf4506d6dab3b93b83bbc22237e230cba03866d561c3577517d18"}, - {file = "pydantic_core-2.14.5-pp37-pypy37_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:70f947628e074bb2526ba1b151cee10e4c3b9670af4dbb4d73bc8a89445916b5"}, - {file = "pydantic_core-2.14.5-pp37-pypy37_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:4bc536201426451f06f044dfbf341c09f540b4ebdb9fd8d2c6164d733de5e634"}, - {file = "pydantic_core-2.14.5-pp37-pypy37_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:f4791cf0f8c3104ac668797d8c514afb3431bc3305f5638add0ba1a5a37e0d88"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-macosx_10_7_x86_64.whl", hash = "sha256:038c9f763e650712b899f983076ce783175397c848da04985658e7628cbe873b"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-macosx_11_0_arm64.whl", hash = "sha256:27548e16c79702f1e03f5628589c6057c9ae17c95b4c449de3c66b589ead0520"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c97bee68898f3f4344eb02fec316db93d9700fb1e6a5b760ffa20d71d9a46ce3"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b9b759b77f5337b4ea024f03abc6464c9f35d9718de01cfe6bae9f2e139c397e"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:439c9afe34638ace43a49bf72d201e0ffc1a800295bed8420c2a9ca8d5e3dbb3"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:ba39688799094c75ea8a16a6b544eb57b5b0f3328697084f3f2790892510d144"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:ccd4d5702bb90b84df13bd491be8d900b92016c5a455b7e14630ad7449eb03f8"}, - {file = "pydantic_core-2.14.5-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:81982d78a45d1e5396819bbb4ece1fadfe5f079335dd28c4ab3427cd95389944"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-macosx_10_7_x86_64.whl", hash = "sha256:7f8210297b04e53bc3da35db08b7302a6a1f4889c79173af69b72ec9754796b8"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:8c8a8812fe6f43a3a5b054af6ac2d7b8605c7bcab2804a8a7d68b53f3cd86e00"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:206ed23aecd67c71daf5c02c3cd19c0501b01ef3cbf7782db9e4e051426b3d0d"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c2027d05c8aebe61d898d4cffd774840a9cb82ed356ba47a90d99ad768f39789"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:40180930807ce806aa71eda5a5a5447abb6b6a3c0b4b3b1b1962651906484d68"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:615a0a4bff11c45eb3c1996ceed5bdaa2f7b432425253a7c2eed33bb86d80abc"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:f5e412d717366e0677ef767eac93566582518fe8be923361a5c204c1a62eaafe"}, - {file = "pydantic_core-2.14.5-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:513b07e99c0a267b1d954243845d8a833758a6726a3b5d8948306e3fe14675e3"}, - {file = "pydantic_core-2.14.5.tar.gz", hash = "sha256:6d30226dfc816dd0fdf120cae611dd2215117e4f9b124af8c60ab9093b6e8e71"}, + {file = "pydantic_core-2.14.6-cp310-cp310-macosx_10_7_x86_64.whl", hash = "sha256:72f9a942d739f09cd42fffe5dc759928217649f070056f03c70df14f5770acf9"}, + {file = "pydantic_core-2.14.6-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:6a31d98c0d69776c2576dda4b77b8e0c69ad08e8b539c25c7d0ca0dc19a50d6c"}, + {file = "pydantic_core-2.14.6-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5aa90562bc079c6c290f0512b21768967f9968e4cfea84ea4ff5af5d917016e4"}, + {file = "pydantic_core-2.14.6-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:370ffecb5316ed23b667d99ce4debe53ea664b99cc37bfa2af47bc769056d534"}, + {file = "pydantic_core-2.14.6-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f85f3843bdb1fe80e8c206fe6eed7a1caeae897e496542cee499c374a85c6e08"}, + {file = "pydantic_core-2.14.6-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9862bf828112e19685b76ca499b379338fd4c5c269d897e218b2ae8fcb80139d"}, + {file = "pydantic_core-2.14.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:036137b5ad0cb0004c75b579445a1efccd072387a36c7f217bb8efd1afbe5245"}, + {file = "pydantic_core-2.14.6-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:92879bce89f91f4b2416eba4429c7b5ca22c45ef4a499c39f0c5c69257522c7c"}, + {file = "pydantic_core-2.14.6-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:0c08de15d50fa190d577e8591f0329a643eeaed696d7771760295998aca6bc66"}, + {file = "pydantic_core-2.14.6-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:36099c69f6b14fc2c49d7996cbf4f87ec4f0e66d1c74aa05228583225a07b590"}, + {file = "pydantic_core-2.14.6-cp310-none-win32.whl", hash = "sha256:7be719e4d2ae6c314f72844ba9d69e38dff342bc360379f7c8537c48e23034b7"}, + {file = "pydantic_core-2.14.6-cp310-none-win_amd64.whl", hash = "sha256:36fa402dcdc8ea7f1b0ddcf0df4254cc6b2e08f8cd80e7010d4c4ae6e86b2a87"}, + {file = "pydantic_core-2.14.6-cp311-cp311-macosx_10_7_x86_64.whl", hash = "sha256:dea7fcd62915fb150cdc373212141a30037e11b761fbced340e9db3379b892d4"}, + {file = "pydantic_core-2.14.6-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ffff855100bc066ff2cd3aa4a60bc9534661816b110f0243e59503ec2df38421"}, + {file = "pydantic_core-2.14.6-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1b027c86c66b8627eb90e57aee1f526df77dc6d8b354ec498be9a757d513b92b"}, + {file = "pydantic_core-2.14.6-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:00b1087dabcee0b0ffd104f9f53d7d3eaddfaa314cdd6726143af6bc713aa27e"}, + {file = "pydantic_core-2.14.6-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:75ec284328b60a4e91010c1acade0c30584f28a1f345bc8f72fe8b9e46ec6a96"}, + {file = "pydantic_core-2.14.6-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7e1f4744eea1501404b20b0ac059ff7e3f96a97d3e3f48ce27a139e053bb370b"}, + {file = "pydantic_core-2.14.6-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b2602177668f89b38b9f84b7b3435d0a72511ddef45dc14446811759b82235a1"}, + {file = "pydantic_core-2.14.6-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:6c8edaea3089bf908dd27da8f5d9e395c5b4dc092dbcce9b65e7156099b4b937"}, + {file = "pydantic_core-2.14.6-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:478e9e7b360dfec451daafe286998d4a1eeaecf6d69c427b834ae771cad4b622"}, + {file = "pydantic_core-2.14.6-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:b6ca36c12a5120bad343eef193cc0122928c5c7466121da7c20f41160ba00ba2"}, + {file = "pydantic_core-2.14.6-cp311-none-win32.whl", hash = "sha256:2b8719037e570639e6b665a4050add43134d80b687288ba3ade18b22bbb29dd2"}, + {file = "pydantic_core-2.14.6-cp311-none-win_amd64.whl", hash = "sha256:78ee52ecc088c61cce32b2d30a826f929e1708f7b9247dc3b921aec367dc1b23"}, + {file = "pydantic_core-2.14.6-cp311-none-win_arm64.whl", hash = "sha256:a19b794f8fe6569472ff77602437ec4430f9b2b9ec7a1105cfd2232f9ba355e6"}, + {file = "pydantic_core-2.14.6-cp312-cp312-macosx_10_7_x86_64.whl", hash = "sha256:667aa2eac9cd0700af1ddb38b7b1ef246d8cf94c85637cbb03d7757ca4c3fdec"}, + {file = "pydantic_core-2.14.6-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:cdee837710ef6b56ebd20245b83799fce40b265b3b406e51e8ccc5b85b9099b7"}, + {file = "pydantic_core-2.14.6-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2c5bcf3414367e29f83fd66f7de64509a8fd2368b1edf4351e862910727d3e51"}, + {file = "pydantic_core-2.14.6-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:26a92ae76f75d1915806b77cf459811e772d8f71fd1e4339c99750f0e7f6324f"}, + {file = "pydantic_core-2.14.6-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a983cca5ed1dd9a35e9e42ebf9f278d344603bfcb174ff99a5815f953925140a"}, + {file = "pydantic_core-2.14.6-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cb92f9061657287eded380d7dc455bbf115430b3aa4741bdc662d02977e7d0af"}, + {file = "pydantic_core-2.14.6-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:e4ace1e220b078c8e48e82c081e35002038657e4b37d403ce940fa679e57113b"}, + {file = "pydantic_core-2.14.6-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ef633add81832f4b56d3b4c9408b43d530dfca29e68fb1b797dcb861a2c734cd"}, + {file = "pydantic_core-2.14.6-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:7e90d6cc4aad2cc1f5e16ed56e46cebf4877c62403a311af20459c15da76fd91"}, + {file = "pydantic_core-2.14.6-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:e8a5ac97ea521d7bde7621d86c30e86b798cdecd985723c4ed737a2aa9e77d0c"}, + {file = "pydantic_core-2.14.6-cp312-none-win32.whl", hash = "sha256:f27207e8ca3e5e021e2402ba942e5b4c629718e665c81b8b306f3c8b1ddbb786"}, + {file = "pydantic_core-2.14.6-cp312-none-win_amd64.whl", hash = "sha256:b3e5fe4538001bb82e2295b8d2a39356a84694c97cb73a566dc36328b9f83b40"}, + {file = "pydantic_core-2.14.6-cp312-none-win_arm64.whl", hash = "sha256:64634ccf9d671c6be242a664a33c4acf12882670b09b3f163cd00a24cffbd74e"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-macosx_10_7_x86_64.whl", hash = "sha256:24368e31be2c88bd69340fbfe741b405302993242ccb476c5c3ff48aeee1afe0"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-macosx_11_0_arm64.whl", hash = "sha256:e33b0834f1cf779aa839975f9d8755a7c2420510c0fa1e9fa0497de77cd35d2c"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6af4b3f52cc65f8a0bc8b1cd9676f8c21ef3e9132f21fed250f6958bd7223bed"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d15687d7d7f40333bd8266f3814c591c2e2cd263fa2116e314f60d82086e353a"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:095b707bb287bfd534044166ab767bec70a9bba3175dcdc3371782175c14e43c"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:94fc0e6621e07d1e91c44e016cc0b189b48db053061cc22d6298a611de8071bb"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1ce830e480f6774608dedfd4a90c42aac4a7af0a711f1b52f807130c2e434c06"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a306cdd2ad3a7d795d8e617a58c3a2ed0f76c8496fb7621b6cd514eb1532cae8"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-musllinux_1_1_aarch64.whl", hash = "sha256:2f5fa187bde8524b1e37ba894db13aadd64faa884657473b03a019f625cee9a8"}, + {file = "pydantic_core-2.14.6-cp37-cp37m-musllinux_1_1_x86_64.whl", hash = "sha256:438027a975cc213a47c5d70672e0d29776082155cfae540c4e225716586be75e"}, + {file = "pydantic_core-2.14.6-cp37-none-win32.whl", hash = "sha256:f96ae96a060a8072ceff4cfde89d261837b4294a4f28b84a28765470d502ccc6"}, + {file = "pydantic_core-2.14.6-cp37-none-win_amd64.whl", hash = "sha256:e646c0e282e960345314f42f2cea5e0b5f56938c093541ea6dbf11aec2862391"}, + {file = "pydantic_core-2.14.6-cp38-cp38-macosx_10_7_x86_64.whl", hash = "sha256:db453f2da3f59a348f514cfbfeb042393b68720787bbef2b4c6068ea362c8149"}, + {file = "pydantic_core-2.14.6-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:3860c62057acd95cc84044e758e47b18dcd8871a328ebc8ccdefd18b0d26a21b"}, + {file = "pydantic_core-2.14.6-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:36026d8f99c58d7044413e1b819a67ca0e0b8ebe0f25e775e6c3d1fabb3c38fb"}, + {file = "pydantic_core-2.14.6-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:8ed1af8692bd8d2a29d702f1a2e6065416d76897d726e45a1775b1444f5928a7"}, + {file = "pydantic_core-2.14.6-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:314ccc4264ce7d854941231cf71b592e30d8d368a71e50197c905874feacc8a8"}, + {file = "pydantic_core-2.14.6-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:982487f8931067a32e72d40ab6b47b1628a9c5d344be7f1a4e668fb462d2da42"}, + {file = "pydantic_core-2.14.6-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2dbe357bc4ddda078f79d2a36fc1dd0494a7f2fad83a0a684465b6f24b46fe80"}, + {file = "pydantic_core-2.14.6-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:2f6ffc6701a0eb28648c845f4945a194dc7ab3c651f535b81793251e1185ac3d"}, + {file = "pydantic_core-2.14.6-cp38-cp38-musllinux_1_1_aarch64.whl", hash = "sha256:7f5025db12fc6de7bc1104d826d5aee1d172f9ba6ca936bf6474c2148ac336c1"}, + {file = "pydantic_core-2.14.6-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:dab03ed811ed1c71d700ed08bde8431cf429bbe59e423394f0f4055f1ca0ea60"}, + {file = "pydantic_core-2.14.6-cp38-none-win32.whl", hash = "sha256:dfcbebdb3c4b6f739a91769aea5ed615023f3c88cb70df812849aef634c25fbe"}, + {file = "pydantic_core-2.14.6-cp38-none-win_amd64.whl", hash = "sha256:99b14dbea2fdb563d8b5a57c9badfcd72083f6006caf8e126b491519c7d64ca8"}, + {file = "pydantic_core-2.14.6-cp39-cp39-macosx_10_7_x86_64.whl", hash = "sha256:4ce8299b481bcb68e5c82002b96e411796b844d72b3e92a3fbedfe8e19813eab"}, + {file = "pydantic_core-2.14.6-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:b9a9d92f10772d2a181b5ca339dee066ab7d1c9a34ae2421b2a52556e719756f"}, + {file = "pydantic_core-2.14.6-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:fd9e98b408384989ea4ab60206b8e100d8687da18b5c813c11e92fd8212a98e0"}, + {file = "pydantic_core-2.14.6-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:4f86f1f318e56f5cbb282fe61eb84767aee743ebe32c7c0834690ebea50c0a6b"}, + {file = "pydantic_core-2.14.6-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:86ce5fcfc3accf3a07a729779d0b86c5d0309a4764c897d86c11089be61da160"}, + {file = "pydantic_core-2.14.6-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3dcf1978be02153c6a31692d4fbcc2a3f1db9da36039ead23173bc256ee3b91b"}, + {file = "pydantic_core-2.14.6-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:eedf97be7bc3dbc8addcef4142f4b4164066df0c6f36397ae4aaed3eb187d8ab"}, + {file = "pydantic_core-2.14.6-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d5f916acf8afbcab6bacbb376ba7dc61f845367901ecd5e328fc4d4aef2fcab0"}, + {file = "pydantic_core-2.14.6-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:8a14c192c1d724c3acbfb3f10a958c55a2638391319ce8078cb36c02283959b9"}, + {file = "pydantic_core-2.14.6-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:0348b1dc6b76041516e8a854ff95b21c55f5a411c3297d2ca52f5528e49d8411"}, + {file = "pydantic_core-2.14.6-cp39-none-win32.whl", hash = "sha256:de2a0645a923ba57c5527497daf8ec5df69c6eadf869e9cd46e86349146e5975"}, + {file = "pydantic_core-2.14.6-cp39-none-win_amd64.whl", hash = "sha256:aca48506a9c20f68ee61c87f2008f81f8ee99f8d7f0104bff3c47e2d148f89d9"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-macosx_10_7_x86_64.whl", hash = "sha256:d5c28525c19f5bb1e09511669bb57353d22b94cf8b65f3a8d141c389a55dec95"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:78d0768ee59baa3de0f4adac9e3748b4b1fffc52143caebddfd5ea2961595277"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8b93785eadaef932e4fe9c6e12ba67beb1b3f1e5495631419c784ab87e975670"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a874f21f87c485310944b2b2734cd6d318765bcbb7515eead33af9641816506e"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:b89f4477d915ea43b4ceea6756f63f0288941b6443a2b28c69004fe07fde0d0d"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:172de779e2a153d36ee690dbc49c6db568d7b33b18dc56b69a7514aecbcf380d"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:dfcebb950aa7e667ec226a442722134539e77c575f6cfaa423f24371bb8d2e94"}, + {file = "pydantic_core-2.14.6-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:55a23dcd98c858c0db44fc5c04fc7ed81c4b4d33c653a7c45ddaebf6563a2f66"}, + {file = "pydantic_core-2.14.6-pp37-pypy37_pp73-macosx_10_7_x86_64.whl", hash = "sha256:4241204e4b36ab5ae466ecec5c4c16527a054c69f99bba20f6f75232a6a534e2"}, + {file = "pydantic_core-2.14.6-pp37-pypy37_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e574de99d735b3fc8364cba9912c2bec2da78775eba95cbb225ef7dda6acea24"}, + {file = "pydantic_core-2.14.6-pp37-pypy37_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:1302a54f87b5cd8528e4d6d1bf2133b6aa7c6122ff8e9dc5220fbc1e07bffebd"}, + {file = "pydantic_core-2.14.6-pp37-pypy37_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f8e81e4b55930e5ffab4a68db1af431629cf2e4066dbdbfef65348b8ab804ea8"}, + {file = "pydantic_core-2.14.6-pp37-pypy37_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:c99462ffc538717b3e60151dfaf91125f637e801f5ab008f81c402f1dff0cd0f"}, + {file = "pydantic_core-2.14.6-pp37-pypy37_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:e4cf2d5829f6963a5483ec01578ee76d329eb5caf330ecd05b3edd697e7d768a"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-macosx_10_7_x86_64.whl", hash = "sha256:cf10b7d58ae4a1f07fccbf4a0a956d705356fea05fb4c70608bb6fa81d103cda"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-macosx_11_0_arm64.whl", hash = "sha256:399ac0891c284fa8eb998bcfa323f2234858f5d2efca3950ae58c8f88830f145"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9c6a5c79b28003543db3ba67d1df336f253a87d3112dac3a51b94f7d48e4c0e1"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:599c87d79cab2a6a2a9df4aefe0455e61e7d2aeede2f8577c1b7c0aec643ee8e"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:43e166ad47ba900f2542a80d83f9fc65fe99eb63ceec4debec160ae729824052"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:3a0b5db001b98e1c649dd55afa928e75aa4087e587b9524a4992316fa23c9fba"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:747265448cb57a9f37572a488a57d873fd96bf51e5bb7edb52cfb37124516da4"}, + {file = "pydantic_core-2.14.6-pp38-pypy38_pp73-win_amd64.whl", hash = "sha256:7ebe3416785f65c28f4f9441e916bfc8a54179c8dea73c23023f7086fa601c5d"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-macosx_10_7_x86_64.whl", hash = "sha256:86c963186ca5e50d5c8287b1d1c9d3f8f024cbe343d048c5bd282aec2d8641f2"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:e0641b506486f0b4cd1500a2a65740243e8670a2549bb02bc4556a83af84ae03"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:71d72ca5eaaa8d38c8df16b7deb1a2da4f650c41b58bb142f3fb75d5ad4a611f"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:27e524624eace5c59af499cd97dc18bb201dc6a7a2da24bfc66ef151c69a5f2a"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a3dde6cac75e0b0902778978d3b1646ca9f438654395a362cb21d9ad34b24acf"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-musllinux_1_1_aarch64.whl", hash = "sha256:00646784f6cd993b1e1c0e7b0fdcbccc375d539db95555477771c27555e3c556"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-musllinux_1_1_x86_64.whl", hash = "sha256:23598acb8ccaa3d1d875ef3b35cb6376535095e9405d91a3d57a8c7db5d29341"}, + {file = "pydantic_core-2.14.6-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:7f41533d7e3cf9520065f610b41ac1c76bc2161415955fbcead4981b22c7611e"}, + {file = "pydantic_core-2.14.6.tar.gz", hash = "sha256:1fd0c1d395372843fba13a51c28e3bb9d59bd7aebfeb17358ffaaa1e4dbbe948"}, ] [package.dependencies] @@ -3032,7 +3014,6 @@ typing-extensions = ">=4.6.0,<4.7.0 || >4.7.0" name = "pydantic-scim" version = "0.0.8" description = "Pydantic types for SCIM" -category = "main" optional = false python-versions = ">=3.8.0" files = [ @@ -3050,7 +3031,6 @@ pydantic = [ name = "pygments" version = "2.17.2" description = "Pygments is a syntax highlighting package written in Python." -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -3066,7 +3046,6 @@ windows-terminal = ["colorama (>=0.4.6)"] name = "pyjwt" version = "2.8.0" description = "JSON Web Token implementation in Python" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -3084,7 +3063,6 @@ tests = ["coverage[toml] (==5.0.4)", "pytest (>=6.0.0,<7.0.0)"] name = "pylint" version = "3.0.3" description = "python code static checker" -category = "dev" optional = false python-versions = ">=3.8.0" files = [ @@ -3095,10 +3073,7 @@ files = [ [package.dependencies] astroid = ">=3.0.1,<=3.1.0-dev0" colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""} -dill = [ - {version = ">=0.3.6", markers = "python_version >= \"3.11\""}, - {version = ">=0.3.7", markers = "python_version >= \"3.12\""}, -] +dill = {version = ">=0.3.7", markers = "python_version >= \"3.12\""} isort = ">=4.2.5,<5.13.0 || >5.13.0,<6" mccabe = ">=0.6,<0.8" platformdirs = ">=2.2.0" @@ -3112,7 +3087,6 @@ testutils = ["gitpython (>3)"] name = "pylint-django" version = "2.5.5" description = "A Pylint plugin to help Pylint understand the Django web framework" -category = "dev" optional = false python-versions = ">=3.7,<4.0" files = [ @@ -3131,7 +3105,6 @@ with-django = ["Django (>=2.2)"] name = "pylint-plugin-utils" version = "0.8.2" description = "Utilities and helpers for writing Pylint plugins" -category = "dev" optional = false python-versions = ">=3.7,<4.0" files = [ @@ -3146,7 +3119,6 @@ pylint = ">=1.7" name = "pynacl" version = "1.5.0" description = "Python binding to the Networking and Cryptography (NaCl) library" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -3173,7 +3145,6 @@ tests = ["hypothesis (>=3.27.0)", "pytest (>=3.2.1,!=3.3.0)"] name = "pyopenssl" version = "23.3.0" description = "Python wrapper module around the OpenSSL library" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -3192,7 +3163,6 @@ test = ["flaky", "pretend", "pytest (>=3.0.1)"] name = "pyrad" version = "2.4" description = "RADIUS tools" -category = "dev" optional = false python-versions = "*" files = [ @@ -3208,7 +3178,6 @@ six = "*" name = "pysocks" version = "1.7.1" description = "A Python SOCKS client module. See https://github.com/Anorov/PySocks for more information." -category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" files = [ @@ -3219,14 +3188,13 @@ files = [ [[package]] name = "pytest" -version = "7.4.3" +version = "7.4.4" description = "pytest: simple powerful testing with Python" -category = "dev" optional = false python-versions = ">=3.7" files = [ - {file = "pytest-7.4.3-py3-none-any.whl", hash = "sha256:0d009c083ea859a71b76adf7c1d502e4bc170b80a8ef002da5806527b9591fac"}, - {file = "pytest-7.4.3.tar.gz", hash = "sha256:d989d136982de4e3b29dabcc838ad581c64e8ed52c11fbe86ddebd9da0818cd5"}, + {file = "pytest-7.4.4-py3-none-any.whl", hash = "sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8"}, + {file = "pytest-7.4.4.tar.gz", hash = "sha256:2cf0005922c6ace4a3e2ec8b4080eb0d9753fdc93107415332f50ce9e7994280"}, ] [package.dependencies] @@ -3242,7 +3210,6 @@ testing = ["argcomplete", "attrs (>=19.2.0)", "hypothesis (>=3.56)", "mock", "no name = "pytest-django" version = "4.7.0" description = "A Django plugin for pytest." -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -3261,7 +3228,6 @@ testing = ["Django", "django-configurations (>=2.0)"] name = "pytest-github-actions-annotate-failures" version = "0.2.0" description = "pytest plugin to annotate failed tests with a workflow command for GitHub Actions" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -3276,7 +3242,6 @@ pytest = ">=4.0.0" name = "pytest-randomly" version = "3.15.0" description = "Pytest plugin to randomly order tests and control random.seed." -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -3291,7 +3256,6 @@ pytest = "*" name = "pytest-timeout" version = "2.2.0" description = "pytest plugin to abort hanging tests" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -3306,7 +3270,6 @@ pytest = ">=5.0.0" name = "python-dateutil" version = "2.8.2" description = "Extensions to the standard Python datetime module" -category = "main" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,>=2.7" files = [ @@ -3321,7 +3284,6 @@ six = ">=1.5" name = "python-dotenv" version = "1.0.0" description = "Read key-value pairs from a .env file and set them as environment variables" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -3336,7 +3298,6 @@ cli = ["click (>=5.0)"] name = "pytz" version = "2023.3.post1" description = "World timezone definitions, modern and historical" -category = "main" optional = false python-versions = "*" files = [ @@ -3348,7 +3309,6 @@ files = [ name = "pywin32" version = "306" description = "Python for Window Extensions" -category = "main" optional = false python-versions = "*" files = [ @@ -3372,7 +3332,6 @@ files = [ name = "pyyaml" version = "6.0.1" description = "YAML parser and emitter for Python" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -3432,7 +3391,6 @@ files = [ name = "redis" version = "5.0.1" description = "Python client for Redis database and key-value store" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -3448,7 +3406,6 @@ ocsp = ["cryptography (>=36.0.1)", "pyopenssl (==20.0.1)", "requests (>=2.26.0)" name = "referencing" version = "0.32.0" description = "JSON Referencing + Python" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -3464,7 +3421,6 @@ rpds-py = ">=0.7.0" name = "requests" version = "2.31.0" description = "Python HTTP for Humans." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -3486,7 +3442,6 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] name = "requests-mock" version = "1.11.0" description = "Mock out responses from the requests package" -category = "dev" optional = false python-versions = "*" files = [ @@ -3506,7 +3461,6 @@ test = ["fixtures", "mock", "purl", "pytest", "requests-futures", "sphinx", "tes name = "requests-oauthlib" version = "1.3.1" description = "OAuthlib authentication support for Requests." -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" files = [ @@ -3525,7 +3479,6 @@ rsa = ["oauthlib[signedtoken] (>=3.0.0)"] name = "rich" version = "13.7.0" description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" -category = "dev" optional = false python-versions = ">=3.7.0" files = [ @@ -3542,118 +3495,116 @@ jupyter = ["ipywidgets (>=7.5.1,<9)"] [[package]] name = "rpds-py" -version = "0.15.2" +version = "0.16.2" description = "Python bindings to Rust's persistent data structures (rpds)" -category = "main" optional = false python-versions = ">=3.8" files = [ - {file = "rpds_py-0.15.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:337a8653fb11d2fbe7157c961cc78cb3c161d98cf44410ace9a3dc2db4fad882"}, - {file = "rpds_py-0.15.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:813a65f95bfcb7c8f2a70dd6add9b51e9accc3bdb3e03d0ff7a9e6a2d3e174bf"}, - {file = "rpds_py-0.15.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:082e0e55d73690ffb4da4352d1b5bbe1b5c6034eb9dc8c91aa2a3ee15f70d3e2"}, - {file = "rpds_py-0.15.2-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5595c80dd03d7e6c6afb73f3594bf3379a7d79fa57164b591d012d4b71d6ac4c"}, - {file = "rpds_py-0.15.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:fb10bb720348fe1647a94eb605accb9ef6a9b1875d8845f9e763d9d71a706387"}, - {file = "rpds_py-0.15.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:53304cc14b1d94487d70086e1cb0cb4c29ec6da994d58ae84a4d7e78c6a6d04d"}, - {file = "rpds_py-0.15.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d64a657de7aae8db2da60dc0c9e4638a0c3893b4d60101fd564a3362b2bfeb34"}, - {file = "rpds_py-0.15.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ee40206d1d6e95eaa2b7b919195e3689a5cf6ded730632de7f187f35a1b6052c"}, - {file = "rpds_py-0.15.2-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:1607cda6129f815493a3c184492acb5ae4aa6ed61d3a1b3663aa9824ed26f7ac"}, - {file = "rpds_py-0.15.2-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:f3e6e2e502c4043c52a99316d89dc49f416acda5b0c6886e0dd8ea7bb35859e8"}, - {file = "rpds_py-0.15.2-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:044f6f46d62444800402851afa3c3ae50141f12013060c1a3a0677e013310d6d"}, - {file = "rpds_py-0.15.2-cp310-none-win32.whl", hash = "sha256:c827a931c6b57f50f1bb5de400dcfb00bad8117e3753e80b96adb72d9d811514"}, - {file = "rpds_py-0.15.2-cp310-none-win_amd64.whl", hash = "sha256:3bbc89ce2a219662ea142f0abcf8d43f04a41d5b1880be17a794c39f0d609cb0"}, - {file = "rpds_py-0.15.2-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:1fd0f0b1ccd7d537b858a56355a250108df692102e08aa2036e1a094fd78b2dc"}, - {file = "rpds_py-0.15.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:b414ef79f1f06fb90b5165db8aef77512c1a5e3ed1b4807da8476b7e2c853283"}, - {file = "rpds_py-0.15.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c31272c674f725dfe0f343d73b0abe8c878c646967ec1c6106122faae1efc15b"}, - {file = "rpds_py-0.15.2-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a6945c2d61c42bb7e818677f43638675b8c1c43e858b67a96df3eb2426a86c9d"}, - {file = "rpds_py-0.15.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:02744236ac1895d7be837878e707a5c35fb8edc5137602f253b63623d7ad5c8c"}, - {file = "rpds_py-0.15.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2181e86d4e1cdf49a7320cb72a36c45efcb7670d0a88f09fd2d3a7967c0540fd"}, - {file = "rpds_py-0.15.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6a8ff8e809da81363bffca2b965cb6e4bf6056b495fc3f078467d1f8266fe27f"}, - {file = "rpds_py-0.15.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:97532802f14d383f37d603a56e226909f825a83ff298dc1b6697de00d2243999"}, - {file = "rpds_py-0.15.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:13716e53627ad97babf72ac9e01cf9a7d4af2f75dd5ed7b323a7a9520e948282"}, - {file = "rpds_py-0.15.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:2f1f295a5c28cfa74a7d48c95acc1c8a7acd49d7d9072040d4b694fe11cd7166"}, - {file = "rpds_py-0.15.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:8ec464f20fe803ae00419bd1610934e3bda963aeba1e6181dfc9033dc7e8940c"}, - {file = "rpds_py-0.15.2-cp311-none-win32.whl", hash = "sha256:b61d5096e75fd71018b25da50b82dd70ec39b5e15bb2134daf7eb7bbbc103644"}, - {file = "rpds_py-0.15.2-cp311-none-win_amd64.whl", hash = "sha256:9d41ebb471a6f064c0d1c873c4f7dded733d16ca5db7d551fb04ff3805d87802"}, - {file = "rpds_py-0.15.2-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:13ff62d3561a23c17341b4afc78e8fcfd799ab67c0b1ca32091d71383a98ba4b"}, - {file = "rpds_py-0.15.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:b70b45a40ad0798b69748b34d508259ef2bdc84fb2aad4048bc7c9cafb68ddb3"}, - {file = "rpds_py-0.15.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:b4ecbba7efd82bd2a4bb88aab7f984eb5470991c1347bdd1f35fb34ea28dba6e"}, - {file = "rpds_py-0.15.2-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:9d38494a8d21c246c535b41ecdb2d562c4b933cf3d68de03e8bc43a0d41be652"}, - {file = "rpds_py-0.15.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:13152dfe7d7c27c40df8b99ac6aab12b978b546716e99f67e8a67a1d441acbc3"}, - {file = "rpds_py-0.15.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:164fcee32f15d04d61568c9cb0d919e37ff3195919cd604039ff3053ada0461b"}, - {file = "rpds_py-0.15.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6a5122b17a4faf5d7a6d91fa67b479736c0cacc7afe791ddebb7163a8550b799"}, - {file = "rpds_py-0.15.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:46b4f3d47d1033db569173be62365fbf7808c2bd3fb742314d251f130d90d44c"}, - {file = "rpds_py-0.15.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:c61e42b4ceb9759727045765e87d51c1bb9f89987aca1fcc8a040232138cad1c"}, - {file = "rpds_py-0.15.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:d2aa3ca9552f83b0b4fa6ca8c6ce08da6580f37e3e0ab7afac73a1cfdc230c0e"}, - {file = "rpds_py-0.15.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:ec19e823b4ccd87bd69e990879acbce9e961fc7aebe150156b8f4418d4b27b7f"}, - {file = "rpds_py-0.15.2-cp312-none-win32.whl", hash = "sha256:afeabb382c1256a7477b739820bce7fe782bb807d82927102cee73e79b41b38b"}, - {file = "rpds_py-0.15.2-cp312-none-win_amd64.whl", hash = "sha256:422b0901878a31ef167435c5ad46560362891816a76cc0d150683f3868a6f0d1"}, - {file = "rpds_py-0.15.2-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:baf744e5f9d5ee6531deea443be78b36ed1cd36c65a0b95ea4e8d69fa0102268"}, - {file = "rpds_py-0.15.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:7e072f5da38d6428ba1fc1115d3cc0dae895df671cb04c70c019985e8c7606be"}, - {file = "rpds_py-0.15.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:f138f550b83554f5b344d6be35d3ed59348510edc3cb96f75309db6e9bfe8210"}, - {file = "rpds_py-0.15.2-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:b2a4cd924d0e2f4b1a68034abe4cadc73d69ad5f4cf02db6481c0d4d749f548f"}, - {file = "rpds_py-0.15.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:5eb05b654a41e0f81ab27a7c3e88b6590425eb3e934e1d533ecec5dc88a6ffff"}, - {file = "rpds_py-0.15.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:2ee066a64f0d2ba45391cac15b3a70dcb549e968a117bd0500634754cfe0e5fc"}, - {file = "rpds_py-0.15.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c51a899792ee2c696072791e56b2020caff58b275abecbc9ae0cb71af0645c95"}, - {file = "rpds_py-0.15.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:ac2ac84a4950d627d84b61f082eba61314373cfab4b3c264b62efab02ababe83"}, - {file = "rpds_py-0.15.2-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:62b292fff4739c6be89e6a0240c02bda5a9066a339d90ab191cf66e9fdbdc193"}, - {file = "rpds_py-0.15.2-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:98ee201a52a7f65608e5494518932e1473fd43535f12cade0a1b4ab32737fe28"}, - {file = "rpds_py-0.15.2-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:3d40fb3ca22e3d40f494d577441b263026a3bd8c97ae6ce89b2d3c4b39ac9581"}, - {file = "rpds_py-0.15.2-cp38-none-win32.whl", hash = "sha256:30479a9f1fce47df56b07460b520f49fa2115ec2926d3b1303c85c81f8401ed1"}, - {file = "rpds_py-0.15.2-cp38-none-win_amd64.whl", hash = "sha256:2df3d07a16a3bef0917b28cd564778fbb31f3ffa5b5e33584470e2d1b0f248f0"}, - {file = "rpds_py-0.15.2-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:56b51ba29a18e5f5810224bcf00747ad931c0716e3c09a76b4a1edd3d4aba71f"}, - {file = "rpds_py-0.15.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:3c11bc5814554b018f6c5d6ae0969e43766f81e995000b53a5d8c8057055e886"}, - {file = "rpds_py-0.15.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2faa97212b0dc465afeedf49045cdd077f97be1188285e646a9f689cb5dfff9e"}, - {file = "rpds_py-0.15.2-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:86c01299942b0f4b5b5f28c8701689181ad2eab852e65417172dbdd6c5b3ccc8"}, - {file = "rpds_py-0.15.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:dd7d3608589072f63078b4063a6c536af832e76b0b3885f1bfe9e892abe6c207"}, - {file = "rpds_py-0.15.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:938518a11780b39998179d07f31a4a468888123f9b00463842cd40f98191f4d3"}, - {file = "rpds_py-0.15.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2dccc623725d0b298f557d869a68496a2fd2a9e9c41107f234fa5f7a37d278ac"}, - {file = "rpds_py-0.15.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:d46ee458452727a147d7897bb33886981ae1235775e05decae5d5d07f537695a"}, - {file = "rpds_py-0.15.2-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:d9d7ebcd11ea76ba0feaae98485cd8e31467c3d7985210fab46983278214736b"}, - {file = "rpds_py-0.15.2-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:8a5f574b92b3ee7d254e56d56e37ec0e1416acb1ae357c4956d76a1788dc58fb"}, - {file = "rpds_py-0.15.2-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:3db0c998c92b909d7c90b66c965590d4f3cd86157176a6cf14aa1f867b77b889"}, - {file = "rpds_py-0.15.2-cp39-none-win32.whl", hash = "sha256:bbc7421cbd28b4316d1d017db338039a7943f945c6f2bb15e1439b14b5682d28"}, - {file = "rpds_py-0.15.2-cp39-none-win_amd64.whl", hash = "sha256:1c24e30d720c0009b6fb2e1905b025da56103c70a8b31b99138e4ed1c2a6c5b0"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:1e6fcd0a0f62f2997107f758bb372397b8d5fd5f39cc6dcb86f7cb98a2172d6c"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:d800a8e2ac62db1b9ea5d6d1724f1a93c53907ca061de4d05ed94e8dfa79050c"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:9e09d017e3f4d9bd7d17a30d3f59e4d6d9ba2d2ced280eec2425e84112cf623f"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:b88c3ab98556bc351b36d6208a6089de8c8db14a7f6e1f57f82a334bd2c18f0b"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:8f333bfe782a2d05a67cfaa0cc9cd68b36b39ee6acfe099f980541ed973a7093"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b629db53fe17e6ce478a969d30bd1d0e8b53238c46e3a9c9db39e8b65a9ef973"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:485fbdd23becb822804ed05622907ee5c8e8a5f43f6f43894a45f463b2217045"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:893e38d0f4319dfa70c0f36381a37cc418985c87b11d9784365b1fff4fa6973b"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:8ffdeb7dbd0160d4e391e1f857477e4762d00aa2199c294eb95dfb9451aa1d9f"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-musllinux_1_2_i686.whl", hash = "sha256:fc33267d58dfbb2361baed52668c5d8c15d24bc0372cecbb79fed77339b55e0d"}, - {file = "rpds_py-0.15.2-pp310-pypy310_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:2e7e5633577b3bd56bf3af2ef6ae3778bbafb83743989d57f0e7edbf6c0980e4"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-macosx_10_12_x86_64.whl", hash = "sha256:8b9650f92251fdef843e74fc252cdfd6e3c700157ad686eeb0c6d7fdb2d11652"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-macosx_11_0_arm64.whl", hash = "sha256:07a2e1d78d382f7181789713cdf0c16edbad4fe14fe1d115526cb6f0eef0daa3"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:03f9c5875515820633bd7709a25c3e60c1ea9ad1c5d4030ce8a8c203309c36fd"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:580182fa5b269c2981e9ce9764367cb4edc81982ce289208d4607c203f44ffde"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:aa1e626c524d2c7972c0f3a8a575d654a3a9c008370dc2a97e46abd0eaa749b9"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ae9d83a81b09ce3a817e2cbb23aabc07f86a3abc664c613cd283ce7a03541e95"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9235be95662559141934fced8197de6fee8c58870f36756b0584424b6d708393"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:a72e00826a2b032dda3eb25aa3e3579c6d6773d22d8446089a57a123481cc46c"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:ab095edf1d840a6a6a4307e1a5b907a299a94e7b90e75436ee770b8c35d22a25"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-musllinux_1_2_i686.whl", hash = "sha256:3b79c63d29101cbaa53a517683557bb550462394fb91044cc5998dd2acff7340"}, - {file = "rpds_py-0.15.2-pp38-pypy38_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:911e600e798374c0d86235e7ef19109cf865d1336942d398ff313375a25a93ba"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:3cd61e759c4075510052d1eca5cddbd297fe1164efec14ef1fce3f09b974dfe4"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:9d2ae79f31da5143e020a8d4fc74e1f0cbcb8011bdf97453c140aa616db51406"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5e99d6510c8557510c220b865d966b105464740dcbebf9b79ecd4fbab30a13d9"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:6c43e1b89099279cc03eb1c725c5de12af6edcd2f78e2f8a022569efa639ada3"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ac7187bee72384b9cfedf09a29a3b2b6e8815cc64c095cdc8b5e6aec81e9fd5f"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3423007fc0661827e06f8a185a3792c73dda41f30f3421562f210cf0c9e49569"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2974e6dff38afafd5ccf8f41cb8fc94600b3f4fd9b0a98f6ece6e2219e3158d5"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:93c18a1696a8e0388ed84b024fe1a188a26ba999b61d1d9a371318cb89885a8c"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:c7cd0841a586b7105513a7c8c3d5c276f3adc762a072d81ef7fae80632afad1e"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-musllinux_1_2_i686.whl", hash = "sha256:709dc11af2f74ba89c68b1592368c6edcbccdb0a06ba77eb28c8fe08bb6997da"}, - {file = "rpds_py-0.15.2-pp39-pypy39_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:fc066395e6332da1e7525d605b4c96055669f8336600bef8ac569d5226a7c76f"}, - {file = "rpds_py-0.15.2.tar.gz", hash = "sha256:373b76eeb79e8c14f6d82cb1d4d5293f9e4059baec6c1b16dca7ad13b6131b39"}, + {file = "rpds_py-0.16.2-cp310-cp310-macosx_10_12_x86_64.whl", hash = "sha256:509b617ac787cd1149600e731db9274ebbef094503ca25158e6f23edaba1ca8f"}, + {file = "rpds_py-0.16.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:413b9c17388bbd0d87a329d8e30c1a4c6e44e2bb25457f43725a8e6fe4161e9e"}, + {file = "rpds_py-0.16.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:2946b120718eba9af2b4dd103affc1164a87b9e9ebff8c3e4c05d7b7a7e274e2"}, + {file = "rpds_py-0.16.2-cp310-cp310-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:35ae5ece284cf36464eb160880018cf6088a9ac5ddc72292a6092b6ef3f4da53"}, + {file = "rpds_py-0.16.2-cp310-cp310-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3dc6a7620ba7639a3db6213da61312cb4aa9ac0ca6e00dc1cbbdc21c2aa6eb57"}, + {file = "rpds_py-0.16.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:8cb6fe8ecdfffa0e711a75c931fb39f4ba382b4b3ccedeca43f18693864fe850"}, + {file = "rpds_py-0.16.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6dace7b26a13353e24613417ce2239491b40a6ad44e5776a18eaff7733488b44"}, + {file = "rpds_py-0.16.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:1bdbc5fcb04a7309074de6b67fa9bc4b418ab3fc435fec1f2779a0eced688d04"}, + {file = "rpds_py-0.16.2-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:f42e25c016927e2a6b1ce748112c3ab134261fc2ddc867e92d02006103e1b1b7"}, + {file = "rpds_py-0.16.2-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:eab36eae3f3e8e24b05748ec9acc66286662f5d25c52ad70cadab544e034536b"}, + {file = "rpds_py-0.16.2-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:0474df4ade9a3b4af96c3d36eb81856cb9462e4c6657d4caecfd840d2a13f3c9"}, + {file = "rpds_py-0.16.2-cp310-none-win32.whl", hash = "sha256:84c5a4d1f9dd7e2d2c44097fb09fffe728629bad31eb56caf97719e55575aa82"}, + {file = "rpds_py-0.16.2-cp310-none-win_amd64.whl", hash = "sha256:2bd82db36cd70b3628c0c57d81d2438e8dd4b7b32a6a9f25f24ab0e657cb6c4e"}, + {file = "rpds_py-0.16.2-cp311-cp311-macosx_10_12_x86_64.whl", hash = "sha256:adc0c3d6fc6ae35fee3e4917628983f6ce630d513cbaad575b4517d47e81b4bb"}, + {file = "rpds_py-0.16.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:ec23fcad480e77ede06cf4127a25fc440f7489922e17fc058f426b5256ee0edb"}, + {file = "rpds_py-0.16.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:07aab64e2808c3ebac2a44f67e9dc0543812b715126dfd6fe4264df527556cb6"}, + {file = "rpds_py-0.16.2-cp311-cp311-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a4ebb8b20bd09c5ce7884c8f0388801100f5e75e7f733b1b6613c713371feefc"}, + {file = "rpds_py-0.16.2-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a3d7e2ea25d3517c6d7e5a1cc3702cffa6bd18d9ef8d08d9af6717fc1c700eed"}, + {file = "rpds_py-0.16.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f28ac0e8e7242d140f99402a903a2c596ab71550272ae9247ad78f9a932b5698"}, + {file = "rpds_py-0.16.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:19f00f57fdd38db4bb5ad09f9ead1b535332dbf624200e9029a45f1f35527ebb"}, + {file = "rpds_py-0.16.2-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:3da5a4c56953bdbf6d04447c3410309616c54433146ccdb4a277b9cb499bc10e"}, + {file = "rpds_py-0.16.2-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:ec2e1cf025b2c0f48ec17ff3e642661da7ee332d326f2e6619366ce8e221f018"}, + {file = "rpds_py-0.16.2-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:e0441fb4fdd39a230477b2ca9be90868af64425bfe7b122b57e61e45737a653b"}, + {file = "rpds_py-0.16.2-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:9f0350ef2fba5f34eb0c9000ea328e51b9572b403d2f7f3b19f24085f6f598e8"}, + {file = "rpds_py-0.16.2-cp311-none-win32.whl", hash = "sha256:5a80e2f83391ad0808b4646732af2a7b67550b98f0cae056cb3b40622a83dbb3"}, + {file = "rpds_py-0.16.2-cp311-none-win_amd64.whl", hash = "sha256:e04e56b4ca7a770593633556e8e9e46579d66ec2ada846b401252a2bdcf70a6d"}, + {file = "rpds_py-0.16.2-cp312-cp312-macosx_10_12_x86_64.whl", hash = "sha256:5e6caa3809e50690bd92fa490f5c38caa86082c8c3315aa438bce43786d5e90d"}, + {file = "rpds_py-0.16.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:2e53b9b25cac9065328901713a7e9e3b12e4f57ef4280b370fbbf6fef2052eef"}, + {file = "rpds_py-0.16.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:af27423662f32d7501a00c5e7342f7dbd1e4a718aea7a239781357d15d437133"}, + {file = "rpds_py-0.16.2-cp312-cp312-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:43d4dd5fb16eb3825742bad8339d454054261ab59fed2fbac84e1d84d5aae7ba"}, + {file = "rpds_py-0.16.2-cp312-cp312-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:e061de3b745fe611e23cd7318aec2c8b0e4153939c25c9202a5811ca911fd733"}, + {file = "rpds_py-0.16.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:3b811d182ad17ea294f2ec63c0621e7be92a1141e1012383461872cead87468f"}, + {file = "rpds_py-0.16.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5552f328eaef1a75ff129d4d0c437bf44e43f9436d3996e8eab623ea0f5fcf73"}, + {file = "rpds_py-0.16.2-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:dcbe1f8dd179e4d69b70b1f1d9bb6fd1e7e1bdc9c9aad345cdeb332e29d40748"}, + {file = "rpds_py-0.16.2-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8aad80645a011abae487d356e0ceb359f4938dfb6f7bcc410027ed7ae4f7bb8b"}, + {file = "rpds_py-0.16.2-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:b6f5549d6ed1da9bfe3631ca9483ae906f21410be2445b73443fa9f017601c6f"}, + {file = "rpds_py-0.16.2-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:d452817e0d9c749c431a1121d56a777bd7099b720b3d1c820f1725cb40928f58"}, + {file = "rpds_py-0.16.2-cp312-none-win32.whl", hash = "sha256:888a97002e986eca10d8546e3c8b97da1d47ad8b69726dcfeb3e56348ebb28a3"}, + {file = "rpds_py-0.16.2-cp312-none-win_amd64.whl", hash = "sha256:d8dda2a806dfa4a9b795950c4f5cc56d6d6159f7d68080aedaff3bdc9b5032f5"}, + {file = "rpds_py-0.16.2-cp38-cp38-macosx_10_12_x86_64.whl", hash = "sha256:071980663c273bf3d388fe5c794c547e6f35ba3335477072c713a3176bf14a60"}, + {file = "rpds_py-0.16.2-cp38-cp38-macosx_11_0_arm64.whl", hash = "sha256:726ac36e8a3bb8daef2fd482534cabc5e17334052447008405daca7ca04a3108"}, + {file = "rpds_py-0.16.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:e9e557db6a177470316c82f023e5d571811c9a4422b5ea084c85da9aa3c035fc"}, + {file = "rpds_py-0.16.2-cp38-cp38-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:90123853fc8b1747f80b0d354be3d122b4365a93e50fc3aacc9fb4c2488845d6"}, + {file = "rpds_py-0.16.2-cp38-cp38-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a61f659665a39a4d17d699ab3593d7116d66e1e2e3f03ef3fb8f484e91908808"}, + {file = "rpds_py-0.16.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:cc97f0640e91d7776530f06e6836c546c1c752a52de158720c4224c9e8053cad"}, + {file = "rpds_py-0.16.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:44a54e99a2b9693a37ebf245937fd6e9228b4cbd64b9cc961e1f3391ec6c7391"}, + {file = "rpds_py-0.16.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:bd4b677d929cf1f6bac07ad76e0f2d5de367e6373351c01a9c0a39f6b21b4a8b"}, + {file = "rpds_py-0.16.2-cp38-cp38-musllinux_1_2_aarch64.whl", hash = "sha256:5ef00873303d678aaf8b0627e111fd434925ca01c657dbb2641410f1cdaef261"}, + {file = "rpds_py-0.16.2-cp38-cp38-musllinux_1_2_i686.whl", hash = "sha256:349cb40897fd529ca15317c22c0eab67f5ac5178b5bd2c6adc86172045210acc"}, + {file = "rpds_py-0.16.2-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:2ddef620e70eaffebed5932ce754d539c0930f676aae6212f8e16cd9743dd365"}, + {file = "rpds_py-0.16.2-cp38-none-win32.whl", hash = "sha256:882ce6e25e585949c3d9f9abd29202367175e0aab3aba0c58c9abbb37d4982ff"}, + {file = "rpds_py-0.16.2-cp38-none-win_amd64.whl", hash = "sha256:f4bd4578e44f26997e9e56c96dedc5f1af43cc9d16c4daa29c771a00b2a26851"}, + {file = "rpds_py-0.16.2-cp39-cp39-macosx_10_12_x86_64.whl", hash = "sha256:69ac7ea9897ec201ce68b48582f3eb34a3f9924488a5432a93f177bf76a82a7e"}, + {file = "rpds_py-0.16.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:a9880b4656efe36ccad41edc66789e191e5ee19a1ea8811e0aed6f69851a82f4"}, + {file = "rpds_py-0.16.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ee94cb58c0ba2c62ee108c2b7c9131b2c66a29e82746e8fa3aa1a1effbd3dcf1"}, + {file = "rpds_py-0.16.2-cp39-cp39-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:24f7a2eb3866a9e91f4599851e0c8d39878a470044875c49bd528d2b9b88361c"}, + {file = "rpds_py-0.16.2-cp39-cp39-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ca57468da2d9a660bcf8961637c85f2fbb2aa64d9bc3f9484e30c3f9f67b1dd7"}, + {file = "rpds_py-0.16.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:ccd4e400309e1f34a5095bf9249d371f0fd60f8a3a5c4a791cad7b99ce1fd38d"}, + {file = "rpds_py-0.16.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:80443fe2f7b3ea3934c5d75fb0e04a5dbb4a8e943e5ff2de0dec059202b70a8b"}, + {file = "rpds_py-0.16.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:4d6a9f052e72d493efd92a77f861e45bab2f6be63e37fa8ecf0c6fd1a58fedb0"}, + {file = "rpds_py-0.16.2-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:35953f4f2b3216421af86fd236b7c0c65935936a94ea83ddbd4904ba60757773"}, + {file = "rpds_py-0.16.2-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:981d135c7cdaf6cd8eadae1c950de43b976de8f09d8e800feed307140d3d6d00"}, + {file = "rpds_py-0.16.2-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:d0dd7ed2f16df2e129496e7fbe59a34bc2d7fc8db443a606644d069eb69cbd45"}, + {file = "rpds_py-0.16.2-cp39-none-win32.whl", hash = "sha256:703d95c75a72e902544fda08e965885525e297578317989fd15a6ce58414b41d"}, + {file = "rpds_py-0.16.2-cp39-none-win_amd64.whl", hash = "sha256:e93ec1b300acf89730cf27975ef574396bc04edecc358e9bd116fb387a123239"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-macosx_10_12_x86_64.whl", hash = "sha256:44627b6ca7308680a70766454db5249105fa6344853af6762eaad4158a2feebe"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-macosx_11_0_arm64.whl", hash = "sha256:3f91df8e6dbb7360e176d1affd5fb0246d2b88d16aa5ebc7db94fd66b68b61da"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6d904c5693e08bad240f16d79305edba78276be87061c872a4a15e2c301fa2c0"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:290a81cfbe4673285cdf140ec5cd1658ffbf63ab359f2b352ebe172e7cfa5bf0"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b634c5ec0103c5cbebc24ebac4872b045cccb9456fc59efdcf6fe39775365bd2"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a297a4d08cc67c7466c873c78039d87840fb50d05473db0ec1b7b03d179bf322"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b2e75e17bd0bb66ee34a707da677e47c14ee51ccef78ed6a263a4cc965a072a1"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:f1b9d9260e06ea017feb7172976ab261e011c1dc2f8883c7c274f6b2aabfe01a"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:162d7cd9cd311c1b0ff1c55a024b8f38bd8aad1876b648821da08adc40e95734"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-musllinux_1_2_i686.whl", hash = "sha256:9b32f742ce5b57201305f19c2ef7a184b52f6f9ba6871cc042c2a61f0d6b49b8"}, + {file = "rpds_py-0.16.2-pp310-pypy310_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:ac08472f41ea77cd6a5dae36ae7d4ed3951d6602833af87532b556c1b4601d63"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-macosx_10_12_x86_64.whl", hash = "sha256:495a14b72bbe217f2695dcd9b5ab14d4f8066a00f5d209ed94f0aca307f85f6e"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-macosx_11_0_arm64.whl", hash = "sha256:8d6b6937ae9eac6d6c0ca3c42774d89fa311f55adff3970fb364b34abde6ed3d"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6a61226465bda9283686db8f17d02569a98e4b13c637be5a26d44aa1f1e361c2"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:5cf6af100ffb5c195beec11ffaa8cf8523057f123afa2944e6571d54da84cdc9"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:6df15846ee3fb2e6397fe25d7ca6624af9f89587f3f259d177b556fed6bebe2c"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:1be2f033df1b8be8c3167ba3c29d5dca425592ee31e35eac52050623afba5772"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:96f957d6ab25a78b9e7fc9749d754b98eac825a112b4e666525ce89afcbd9ed5"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:088396c7c70e59872f67462fcac3ecbded5233385797021976a09ebd55961dfe"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:4c46ad6356e1561f2a54f08367d1d2e70a0a1bb2db2282d2c1972c1d38eafc3b"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-musllinux_1_2_i686.whl", hash = "sha256:47713dc4fce213f5c74ca8a1f6a59b622fc1b90868deb8e8e4d993e421b4b39d"}, + {file = "rpds_py-0.16.2-pp38-pypy38_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:f811771019f063bbd0aa7bb72c8a934bc13ebacb4672d712fc1639cfd314cccc"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-macosx_10_12_x86_64.whl", hash = "sha256:f19afcfc0dd0dca35694df441e9b0f95bc231b512f51bded3c3d8ca32153ec19"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-macosx_11_0_arm64.whl", hash = "sha256:a4b682c5775d6a3d21e314c10124599976809455ee67020e8e72df1769b87bc3"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:c647ca87fc0ebe808a41de912e9a1bfef9acb85257e5d63691364ac16b81c1f0"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:302bd4983bbd47063e452c38be66153760112f6d3635c7eeefc094299fa400a9"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:bf721ede3eb7b829e4a9b8142bd55db0bdc82902720548a703f7e601ee13bdc3"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:358dafc89ce3894c7f486c615ba914609f38277ef67f566abc4c854d23b997fa"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:cad0f59ee3dc35526039f4bc23642d52d5f6616b5f687d846bfc6d0d6d486db0"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.whl", hash = "sha256:cffa76b385dfe1e38527662a302b19ffb0e7f5cf7dd5e89186d2c94a22dd9d0c"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-musllinux_1_2_aarch64.whl", hash = "sha256:83640a5d7cd3bff694747d50436b8b541b5b9b9782b0c8c1688931d6ee1a1f2d"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-musllinux_1_2_i686.whl", hash = "sha256:ed99b4f7179d2111702020fd7d156e88acd533f5a7d3971353e568b6051d5c97"}, + {file = "rpds_py-0.16.2-pp39-pypy39_pp73-musllinux_1_2_x86_64.whl", hash = "sha256:4022b9dc620e14f30201a8a73898a873c8e910cb642bcd2f3411123bc527f6ac"}, + {file = "rpds_py-0.16.2.tar.gz", hash = "sha256:781ef8bfc091b19960fc0142a23aedadafa826bc32b433fdfe6fd7f964d7ef44"}, ] [[package]] name = "rsa" version = "4.9" description = "Pure-Python RSA implementation" -category = "main" optional = false python-versions = ">=3.6,<4" files = [ @@ -3666,36 +3617,34 @@ pyasn1 = ">=0.1.3" [[package]] name = "ruff" -version = "0.1.8" +version = "0.1.9" description = "An extremely fast Python linter and code formatter, written in Rust." -category = "dev" optional = false python-versions = ">=3.7" files = [ - {file = "ruff-0.1.8-py3-none-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl", hash = "sha256:7de792582f6e490ae6aef36a58d85df9f7a0cfd1b0d4fe6b4fb51803a3ac96fa"}, - {file = "ruff-0.1.8-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:c8e3255afd186c142eef4ec400d7826134f028a85da2146102a1172ecc7c3696"}, - {file = "ruff-0.1.8-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:ff78a7583020da124dd0deb835ece1d87bb91762d40c514ee9b67a087940528b"}, - {file = "ruff-0.1.8-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:bd8ee69b02e7bdefe1e5da2d5b6eaaddcf4f90859f00281b2333c0e3a0cc9cd6"}, - {file = "ruff-0.1.8-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:a05b0ddd7ea25495e4115a43125e8a7ebed0aa043c3d432de7e7d6e8e8cd6448"}, - {file = "ruff-0.1.8-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:e6f08ca730f4dc1b76b473bdf30b1b37d42da379202a059eae54ec7fc1fbcfed"}, - {file = "ruff-0.1.8-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:f35960b02df6b827c1b903091bb14f4b003f6cf102705efc4ce78132a0aa5af3"}, - {file = "ruff-0.1.8-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7d076717c67b34c162da7c1a5bda16ffc205e0e0072c03745275e7eab888719f"}, - {file = "ruff-0.1.8-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:b6a21ab023124eafb7cef6d038f835cb1155cd5ea798edd8d9eb2f8b84be07d9"}, - {file = "ruff-0.1.8-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:ce697c463458555027dfb194cb96d26608abab920fa85213deb5edf26e026664"}, - {file = "ruff-0.1.8-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:db6cedd9ffed55548ab313ad718bc34582d394e27a7875b4b952c2d29c001b26"}, - {file = "ruff-0.1.8-py3-none-musllinux_1_2_i686.whl", hash = "sha256:05ffe9dbd278965271252704eddb97b4384bf58b971054d517decfbf8c523f05"}, - {file = "ruff-0.1.8-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:5daaeaf00ae3c1efec9742ff294b06c3a2a9db8d3db51ee4851c12ad385cda30"}, - {file = "ruff-0.1.8-py3-none-win32.whl", hash = "sha256:e49fbdfe257fa41e5c9e13c79b9e79a23a79bd0e40b9314bc53840f520c2c0b3"}, - {file = "ruff-0.1.8-py3-none-win_amd64.whl", hash = "sha256:f41f692f1691ad87f51708b823af4bb2c5c87c9248ddd3191c8f088e66ce590a"}, - {file = "ruff-0.1.8-py3-none-win_arm64.whl", hash = "sha256:aa8ee4f8440023b0a6c3707f76cadce8657553655dcbb5fc9b2f9bb9bee389f6"}, - {file = "ruff-0.1.8.tar.gz", hash = "sha256:f7ee467677467526cfe135eab86a40a0e8db43117936ac4f9b469ce9cdb3fb62"}, + {file = "ruff-0.1.9-py3-none-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl", hash = "sha256:e6a212f436122ac73df851f0cf006e0c6612fe6f9c864ed17ebefce0eff6a5fd"}, + {file = "ruff-0.1.9-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:28d920e319783d5303333630dae46ecc80b7ba294aeffedf946a02ac0b7cc3db"}, + {file = "ruff-0.1.9-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:104aa9b5e12cb755d9dce698ab1b97726b83012487af415a4512fedd38b1459e"}, + {file = "ruff-0.1.9-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:1e63bf5a4a91971082a4768a0aba9383c12392d0d6f1e2be2248c1f9054a20da"}, + {file = "ruff-0.1.9-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:4d0738917c203246f3e275b37006faa3aa96c828b284ebfe3e99a8cb413c8c4b"}, + {file = "ruff-0.1.9-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:69dac82d63a50df2ab0906d97a01549f814b16bc806deeac4f064ff95c47ddf5"}, + {file = "ruff-0.1.9-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:2aec598fb65084e41a9c5d4b95726173768a62055aafb07b4eff976bac72a592"}, + {file = "ruff-0.1.9-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:744dfe4b35470fa3820d5fe45758aace6269c578f7ddc43d447868cfe5078bcb"}, + {file = "ruff-0.1.9-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:479ca4250cab30f9218b2e563adc362bd6ae6343df7c7b5a7865300a5156d5a6"}, + {file = "ruff-0.1.9-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:aa8344310f1ae79af9ccd6e4b32749e93cddc078f9b5ccd0e45bd76a6d2e8bb6"}, + {file = "ruff-0.1.9-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:837c739729394df98f342319f5136f33c65286b28b6b70a87c28f59354ec939b"}, + {file = "ruff-0.1.9-py3-none-musllinux_1_2_i686.whl", hash = "sha256:e6837202c2859b9f22e43cb01992373c2dbfeae5c0c91ad691a4a2e725392464"}, + {file = "ruff-0.1.9-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:331aae2cd4a0554667ac683243b151c74bd60e78fb08c3c2a4ac05ee1e606a39"}, + {file = "ruff-0.1.9-py3-none-win32.whl", hash = "sha256:8151425a60878e66f23ad47da39265fc2fad42aed06fb0a01130e967a7a064f4"}, + {file = "ruff-0.1.9-py3-none-win_amd64.whl", hash = "sha256:c497d769164df522fdaf54c6eba93f397342fe4ca2123a2e014a5b8fc7df81c7"}, + {file = "ruff-0.1.9-py3-none-win_arm64.whl", hash = "sha256:0e17f53bcbb4fff8292dfd84cf72d767b5e146f009cccd40c2fad27641f8a7a9"}, + {file = "ruff-0.1.9.tar.gz", hash = "sha256:b041dee2734719ddbb4518f762c982f2e912e7f28b8ee4fe1dee0b15d1b6e800"}, ] [[package]] name = "s3transfer" version = "0.8.2" description = "An Amazon S3 Transfer Manager" -category = "main" optional = false python-versions = ">= 3.7" files = [ @@ -3713,7 +3662,6 @@ crt = ["botocore[crt] (>=1.33.2,<2.0a.0)"] name = "selenium" version = "4.16.0" description = "" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -3731,7 +3679,6 @@ urllib3 = {version = ">=1.26,<3", extras = ["socks"]} name = "sentry-sdk" version = "1.39.1" description = "Python client for Sentry (https://sentry.io)" -category = "main" optional = false python-versions = "*" files = [ @@ -3777,7 +3724,6 @@ tornado = ["tornado (>=5)"] name = "service-identity" version = "23.1.0" description = "Service identity verification for pyOpenSSL & cryptography." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -3800,14 +3746,13 @@ tests = ["coverage[toml] (>=5.0.2)", "pytest"] [[package]] name = "setuptools" -version = "69.0.2" +version = "69.0.3" description = "Easily download, build, install, upgrade, and uninstall Python packages" -category = "main" optional = false python-versions = ">=3.8" files = [ - {file = "setuptools-69.0.2-py3-none-any.whl", hash = "sha256:1e8fdff6797d3865f37397be788a4e3cba233608e9b509382a2777d25ebde7f2"}, - {file = "setuptools-69.0.2.tar.gz", hash = "sha256:735896e78a4742605974de002ac60562d286fa8051a7e2299445e8e8fbb01aa6"}, + {file = "setuptools-69.0.3-py3-none-any.whl", hash = "sha256:385eb4edd9c9d5c17540511303e39a147ce2fc04bc55289c322b9e5904fe2c05"}, + {file = "setuptools-69.0.3.tar.gz", hash = "sha256:be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78"}, ] [package.extras] @@ -3819,7 +3764,6 @@ testing-integration = ["build[virtualenv] (>=1.0.3)", "filelock (>=3.4.0)", "jar name = "six" version = "1.16.0" description = "Python 2 and 3 compatibility utilities" -category = "main" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" files = [ @@ -3831,7 +3775,6 @@ files = [ name = "smmap" version = "5.0.1" description = "A pure Python implementation of a sliding window memory map manager" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -3843,7 +3786,6 @@ files = [ name = "sniffio" version = "1.3.0" description = "Sniff out which async library your code is running under" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -3855,7 +3797,6 @@ files = [ name = "sortedcontainers" version = "2.4.0" description = "Sorted Containers -- Sorted List, Sorted Dict, Sorted Set" -category = "dev" optional = false python-versions = "*" files = [ @@ -3867,7 +3808,6 @@ files = [ name = "sqlparse" version = "0.4.4" description = "A non-validating SQL parser." -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -3884,7 +3824,6 @@ test = ["pytest", "pytest-cov"] name = "stevedore" version = "5.1.0" description = "Manage dynamic plugins for Python applications" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -3897,19 +3836,18 @@ pbr = ">=2.0.0,<2.1.0 || >2.1.0" [[package]] name = "structlog" -version = "23.2.0" +version = "23.3.0" description = "Structured Logging for Python" -category = "main" optional = false python-versions = ">=3.8" files = [ - {file = "structlog-23.2.0-py3-none-any.whl", hash = "sha256:16a167e87b9fa7fae9a972d5d12805ef90e04857a93eba479d4be3801a6a1482"}, - {file = "structlog-23.2.0.tar.gz", hash = "sha256:334666b94707f89dbc4c81a22a8ccd34449f0201d5b1ee097a030b577fa8c858"}, + {file = "structlog-23.3.0-py3-none-any.whl", hash = "sha256:d6922a88ceabef5b13b9eda9c4043624924f60edbb00397f4d193bd754cde60a"}, + {file = "structlog-23.3.0.tar.gz", hash = "sha256:24b42b914ac6bc4a4e6f716e82ac70d7fb1e8c3b1035a765591953bfc37101a5"}, ] [package.extras] dev = ["structlog[tests,typing]"] -docs = ["furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-mermaid", "twisted"] +docs = ["furo", "myst-parser", "sphinx", "sphinx-notfound-page", "sphinxcontrib-mermaid", "sphinxext-opengraph", "twisted"] tests = ["freezegun (>=0.2.8)", "pretend", "pytest (>=6.0)", "pytest-asyncio (>=0.17)", "simplejson"] typing = ["mypy (>=1.4)", "rich", "twisted"] @@ -3917,7 +3855,6 @@ typing = ["mypy (>=1.4)", "rich", "twisted"] name = "swagger-spec-validator" version = "3.0.3" description = "Validation of Swagger specifications" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -3934,7 +3871,6 @@ typing-extensions = "*" name = "tenant-schemas-celery" version = "2.2.0" description = "Celery integration for django-tenant-schemas and django-tenants" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -3948,7 +3884,6 @@ celery = "*" name = "tomlkit" version = "0.12.3" description = "Style preserving TOML library" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -3960,7 +3895,6 @@ files = [ name = "tornado" version = "6.4" description = "Tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed." -category = "main" optional = false python-versions = ">= 3.8" files = [ @@ -3981,7 +3915,6 @@ files = [ name = "trio" version = "0.23.2" description = "A friendly Python library for async concurrency and I/O" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -4001,7 +3934,6 @@ sortedcontainers = "*" name = "trio-websocket" version = "0.11.1" description = "WebSocket library for Trio" -category = "dev" optional = false python-versions = ">=3.7" files = [ @@ -4017,7 +3949,6 @@ wsproto = ">=0.14" name = "twilio" version = "8.11.0" description = "Twilio API client and TwiML generator" -category = "main" optional = false python-versions = ">=3.7.0" files = [ @@ -4035,7 +3966,6 @@ requests = ">=2.0.0" name = "twisted" version = "23.10.0" description = "An asynchronous networking framework written in Python" -category = "main" optional = false python-versions = ">=3.8.0" files = [ @@ -4075,7 +4005,6 @@ windows-platform = ["pywin32 (!=226)", "pywin32 (!=226)", "twisted[all-non-platf name = "twisted-iocpsupport" version = "1.0.4" description = "An extension for use in the twisted I/O Completion Ports reactor." -category = "main" optional = false python-versions = "*" files = [ @@ -4104,7 +4033,6 @@ files = [ name = "txaio" version = "23.1.1" description = "Compatibility API between asyncio/Twisted/Trollius" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -4121,7 +4049,6 @@ twisted = ["twisted (>=20.3.0)", "zope.interface (>=5.2.0)"] name = "typing-extensions" version = "4.9.0" description = "Backported and Experimental Type Hints for Python 3.8+" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -4131,21 +4058,19 @@ files = [ [[package]] name = "tzdata" -version = "2023.3" +version = "2023.4" description = "Provider of IANA time zone data" -category = "main" optional = false python-versions = ">=2" files = [ - {file = "tzdata-2023.3-py2.py3-none-any.whl", hash = "sha256:7e65763eef3120314099b6939b5546db7adce1e7d6f2e179e3df563c70511eda"}, - {file = "tzdata-2023.3.tar.gz", hash = "sha256:11ef1e08e54acb0d4f95bdb1be05da659673de4acbd21bf9c69e94cc5e907a3a"}, + {file = "tzdata-2023.4-py2.py3-none-any.whl", hash = "sha256:aa3ace4329eeacda5b7beb7ea08ece826c28d761cda36e747cfbf97996d39bf3"}, + {file = "tzdata-2023.4.tar.gz", hash = "sha256:dd54c94f294765522c77399649b4fefd95522479a664a0cec87f41bebc6148c9"}, ] [[package]] name = "ua-parser" version = "0.18.0" description = "Python port of Browserscope's user agent parser" -category = "main" optional = false python-versions = "*" files = [ @@ -4157,7 +4082,6 @@ files = [ name = "uritemplate" version = "4.1.1" description = "Implementation of RFC 6570 URI Templates" -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -4169,7 +4093,6 @@ files = [ name = "urllib3" version = "2.0.7" description = "HTTP library with thread-safe connection pooling, file post, and more." -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -4195,7 +4118,6 @@ zstd = ["zstandard (>=0.18.0)"] name = "urllib3-secure-extra" version = "0.1.0" description = "Marker library to detect whether urllib3 was installed with the deprecated [secure] extra" -category = "main" optional = false python-versions = "*" files = [ @@ -4205,14 +4127,13 @@ files = [ [[package]] name = "uvicorn" -version = "0.24.0.post1" +version = "0.25.0" description = "The lightning-fast ASGI server." -category = "main" optional = false python-versions = ">=3.8" files = [ - {file = "uvicorn-0.24.0.post1-py3-none-any.whl", hash = "sha256:7c84fea70c619d4a710153482c0d230929af7bcf76c7bfa6de151f0a3a80121e"}, - {file = "uvicorn-0.24.0.post1.tar.gz", hash = "sha256:09c8e5a79dc466bdf28dead50093957db184de356fcdc48697bad3bde4c2588e"}, + {file = "uvicorn-0.25.0-py3-none-any.whl", hash = "sha256:ce107f5d9bd02b4636001a77a4e74aab5e1e2b146868ebbad565237145af444c"}, + {file = "uvicorn-0.25.0.tar.gz", hash = "sha256:6dddbad1d7ee0f5140aba5ec138ddc9612c5109399903828b4874c9937f009c2"}, ] [package.dependencies] @@ -4222,7 +4143,7 @@ h11 = ">=0.8" httptools = {version = ">=0.5.0", optional = true, markers = "extra == \"standard\""} python-dotenv = {version = ">=0.13", optional = true, markers = "extra == \"standard\""} pyyaml = {version = ">=5.1", optional = true, markers = "extra == \"standard\""} -uvloop = {version = ">=0.14.0,<0.15.0 || >0.15.0,<0.15.1 || >0.15.1", optional = true, markers = "sys_platform != \"win32\" and sys_platform != \"cygwin\" and platform_python_implementation != \"PyPy\" and extra == \"standard\""} +uvloop = {version = ">=0.14.0,<0.15.0 || >0.15.0,<0.15.1 || >0.15.1", optional = true, markers = "(sys_platform != \"win32\" and sys_platform != \"cygwin\") and platform_python_implementation != \"PyPy\" and extra == \"standard\""} watchfiles = {version = ">=0.13", optional = true, markers = "extra == \"standard\""} websockets = {version = ">=10.4", optional = true, markers = "extra == \"standard\""} @@ -4233,7 +4154,6 @@ standard = ["colorama (>=0.4)", "httptools (>=0.5.0)", "python-dotenv (>=0.13)", name = "uvloop" version = "0.19.0" description = "Fast implementation of asyncio event loop on top of libuv" -category = "main" optional = false python-versions = ">=3.8.0" files = [ @@ -4278,7 +4198,6 @@ test = ["Cython (>=0.29.36,<0.30.0)", "aiohttp (==3.9.0b0)", "aiohttp (>=3.8.1)" name = "vine" version = "5.1.0" description = "Python promises." -category = "main" optional = false python-versions = ">=3.6" files = [ @@ -4290,7 +4209,6 @@ files = [ name = "watchdog" version = "3.0.0" description = "Filesystem events monitoring" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -4330,7 +4248,6 @@ watchmedo = ["PyYAML (>=3.10)"] name = "watchfiles" version = "0.21.0" description = "Simple, modern and high performance file watching and code reload in python." -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -4418,7 +4335,6 @@ anyio = ">=3.0.0" name = "wcwidth" version = "0.2.12" description = "Measures the displayed width of unicode strings in a terminal" -category = "main" optional = false python-versions = "*" files = [ @@ -4430,7 +4346,6 @@ files = [ name = "webauthn" version = "1.11.1" description = "Pythonic WebAuthn" -category = "main" optional = false python-versions = "*" files = [ @@ -4449,7 +4364,6 @@ pyOpenSSL = ">=23.2.0" name = "websocket-client" version = "1.7.0" description = "WebSocket client for Python with low level API options" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -4466,7 +4380,6 @@ test = ["websockets"] name = "websockets" version = "12.0" description = "An implementation of the WebSocket Protocol (RFC 6455 & 7692)" -category = "main" optional = false python-versions = ">=3.8" files = [ @@ -4548,7 +4461,6 @@ files = [ name = "wsproto" version = "1.2.0" description = "WebSockets state-machine based protocol implementation" -category = "main" optional = false python-versions = ">=3.7.0" files = [ @@ -4563,7 +4475,6 @@ h11 = ">=0.9.0,<1" name = "xmlsec" version = "1.3.13" description = "Python bindings for the XML Security Library" -category = "main" optional = false python-versions = ">=3.5" files = [ @@ -4589,7 +4500,6 @@ lxml = ">=3.8" name = "yarl" version = "1.9.4" description = "Yet another URL library" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -4693,7 +4603,6 @@ multidict = ">=4.0" name = "zipp" version = "3.17.0" description = "Backport of pathlib-compatible object wrapper for zip files" -category = "dev" optional = false python-versions = ">=3.8" files = [ @@ -4709,7 +4618,6 @@ testing = ["big-O", "jaraco.functools", "jaraco.itertools", "more-itertools", "p name = "zope-interface" version = "6.1" description = "Interfaces for Python" -category = "main" optional = false python-versions = ">=3.7" files = [ @@ -4763,7 +4671,6 @@ testing = ["coverage (>=5.0.3)", "zope.event", "zope.testing"] name = "zxcvbn" version = "4.4.28" description = "" -category = "main" optional = false python-versions = "*" files = [ @@ -4773,4 +4680,4 @@ files = [ [metadata] lock-version = "2.0" python-versions = "~3.12" -content-hash = "a8334ecd25bd160da48ace07f04282cbe08180843ed97e314947c7746976123b" +content-hash = "3c2c6f7c1420b57bfee6fc17463f8caf5457e744aac11ba92350f5d065cca7af" diff --git a/pyproject.toml b/pyproject.toml index 8f120dec3..df0e66736 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -149,7 +149,12 @@ geoip2 = "*" gunicorn = "*" kubernetes = "*" ldap3 = "*" -lxml = "*" +lxml = [ + # 5.0.0 works with libxml2 2.11.x, which is standard on brew + { version = "5.0.0", platform = "darwin" }, + # 4.9.x works with previous libxml2 versions, which is what we get on linux + { version = "4.9.4", platform = "linux" }, +] opencontainers = { extras = ["reggie"], version = "*" } packaging = "*" paramiko = "*" diff --git a/rac.Dockerfile b/rac.Dockerfile new file mode 100644 index 000000000..ba69bd367 --- /dev/null +++ b/rac.Dockerfile @@ -0,0 +1,38 @@ +# syntax=docker/dockerfile:1 + +# Stage 1: Build +FROM docker.io/golang:1.21.5-bookworm AS builder + +WORKDIR /go/src/goauthentik.io + +RUN --mount=type=bind,target=/go/src/goauthentik.io/go.mod,src=./go.mod \ + --mount=type=bind,target=/go/src/goauthentik.io/go.sum,src=./go.sum \ + --mount=type=bind,target=/go/src/goauthentik.io/gen-go-api,src=./gen-go-api \ + --mount=type=cache,target=/go/pkg/mod \ + go mod download + +ENV CGO_ENABLED=0 +COPY . . +RUN --mount=type=cache,sharing=locked,target=/go/pkg/mod \ + --mount=type=cache,id=go-build-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/root/.cache/go-build \ + go build -o /go/rac ./cmd/rac + +# Stage 2: Run +FROM ghcr.io/beryju/guacd:1.5.3 + +ARG GIT_BUILD_HASH +ENV GIT_BUILD_HASH=$GIT_BUILD_HASH + +LABEL org.opencontainers.image.url https://goauthentik.io +LABEL org.opencontainers.image.description goauthentik.io RAC outpost, see https://goauthentik.io for more info. +LABEL org.opencontainers.image.source https://github.com/goauthentik/authentik +LABEL org.opencontainers.image.version ${VERSION} +LABEL org.opencontainers.image.revision ${GIT_BUILD_HASH} + +COPY --from=builder /go/rac / + +HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "/rac", "healthcheck" ] + +USER 1000 + +ENTRYPOINT ["/rac"] diff --git a/schema.yml b/schema.yml index e309976d0..5d03ab5d9 100644 --- a/schema.yml +++ b/schema.yml @@ -14038,6 +14038,279 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /propertymappings/rac/: + get: + operationId: propertymappings_rac_list + description: RACPropertyMapping Viewset + parameters: + - in: query + name: managed + schema: + type: string + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedRACPropertyMappingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: propertymappings_rac_create + description: RACPropertyMapping Viewset + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/rac/{pm_uuid}/: + get: + operationId: propertymappings_rac_retrieve + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: propertymappings_rac_update + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: propertymappings_rac_partial_update + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedRACPropertyMappingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: propertymappings_rac_destroy + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/rac/{pm_uuid}/used_by/: + get: + operationId: propertymappings_rac_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /propertymappings/saml/: get: operationId: propertymappings_saml_list @@ -16145,6 +16418,274 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /providers/rac/: + get: + operationId: providers_rac_list + description: RACProvider Viewset + parameters: + - in: query + name: application__isnull + schema: + type: boolean + - in: query + name: name__iexact + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedRACProviderList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: providers_rac_create + description: RACProvider Viewset + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RACProviderRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/RACProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/rac/{id}/: + get: + operationId: providers_rac_retrieve + description: RACProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this RAC Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: providers_rac_update + description: RACProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this RAC Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RACProviderRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: providers_rac_partial_update + description: RACProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this RAC Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedRACProviderRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: providers_rac_destroy + description: RACProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this RAC Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/rac/{id}/used_by/: + get: + operationId: providers_rac_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this RAC Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /providers/radius/: get: operationId: providers_radius_list @@ -17216,6 +17757,277 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /rac/endpoints/: + get: + operationId: rac_endpoints_list + description: List accessible endpoints + parameters: + - in: query + name: name + schema: + type: string + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - in: query + name: provider + schema: + type: integer + - in: query + name: search + schema: + type: string + - in: query + name: superuser_full_list + schema: + type: boolean + tags: + - rac + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedEndpointList' + description: '' + '400': + description: Bad request + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: rac_endpoints_create + description: Endpoint Viewset + tags: + - rac + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EndpointRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Endpoint' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /rac/endpoints/{pbm_uuid}/: + get: + operationId: rac_endpoints_retrieve + description: Endpoint Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. + required: true + tags: + - rac + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Endpoint' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: rac_endpoints_update + description: Endpoint Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. + required: true + tags: + - rac + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EndpointRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Endpoint' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: rac_endpoints_partial_update + description: Endpoint Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. + required: true + tags: + - rac + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedEndpointRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Endpoint' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: rac_endpoints_destroy + description: Endpoint Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. + required: true + tags: + - rac + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /rac/endpoints/{pbm_uuid}/used_by/: + get: + operationId: rac_endpoints_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. + required: true + tags: + - rac + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /rbac/permissions/: get: operationId: rbac_permissions_list @@ -17365,6 +18177,9 @@ paths: - authentik_providers_oauth2.refreshtoken - authentik_providers_oauth2.scopemapping - authentik_providers_proxy.proxyprovider + - authentik_providers_rac.endpoint + - authentik_providers_rac.racpropertymapping + - authentik_providers_rac.racprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlpropertymapping - authentik_providers_saml.samlprovider @@ -17483,6 +18298,9 @@ paths: * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License + * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: true - in: query name: object_pk @@ -17655,6 +18473,9 @@ paths: - authentik_providers_oauth2.refreshtoken - authentik_providers_oauth2.scopemapping - authentik_providers_proxy.proxyprovider + - authentik_providers_rac.endpoint + - authentik_providers_rac.racpropertymapping + - authentik_providers_rac.racprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlpropertymapping - authentik_providers_saml.samlprovider @@ -17773,6 +18594,9 @@ paths: * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License + * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: true - in: query name: object_pk @@ -28533,6 +29357,7 @@ components: - authentik.blueprints - authentik.core - authentik.enterprise + - authentik.enterprise.providers.rac type: string description: |- * `authentik.tenants` - authentik Tenants @@ -28585,6 +29410,7 @@ components: * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise + * `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC AppleChallengeResponseRequest: type: object description: Pseudo class for plex response @@ -28730,6 +29556,14 @@ components: required: - name - slug + AuthModeEnum: + enum: + - static + - prompt + type: string + description: |- + * `static` - Static + * `prompt` - Prompt AuthTypeEnum: enum: - basic @@ -31238,6 +32072,79 @@ components: description: Activate users upon completion of stage. required: - name + Endpoint: + type: object + description: Endpoint Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pbm uuid + name: + type: string + provider: + type: integer + provider_obj: + allOf: + - $ref: '#/components/schemas/RACProvider' + readOnly: true + protocol: + $ref: '#/components/schemas/ProtocolEnum' + host: + type: string + settings: {} + property_mappings: + type: array + items: + type: string + format: uuid + auth_mode: + $ref: '#/components/schemas/AuthModeEnum' + launch_url: + type: string + nullable: true + description: |- + Build actual launch URL (the provider itself does not have one, just + individual endpoints) + readOnly: true + required: + - auth_mode + - host + - launch_url + - name + - pk + - protocol + - provider + - provider_obj + EndpointRequest: + type: object + description: Endpoint Serializer + properties: + name: + type: string + minLength: 1 + provider: + type: integer + protocol: + $ref: '#/components/schemas/ProtocolEnum' + host: + type: string + minLength: 1 + settings: {} + property_mappings: + type: array + items: + type: string + format: uuid + auth_mode: + $ref: '#/components/schemas/AuthModeEnum' + required: + - auth_mode + - host + - name + - protocol + - provider ErrorDetail: type: object description: Serializer for rest_framework's error messages @@ -31495,6 +32402,7 @@ components: * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise + * `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC model: allOf: - $ref: '#/components/schemas/ModelEnum' @@ -31577,6 +32485,9 @@ components: * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License + * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: - bound_to - component @@ -31693,6 +32604,7 @@ components: * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise + * `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC model: allOf: - $ref: '#/components/schemas/ModelEnum' @@ -31775,6 +32687,9 @@ components: * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License + * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: - name EventRequest: @@ -34091,6 +35006,9 @@ components: - authentik_core.application - authentik_core.token - authentik_enterprise.license + - authentik_providers_rac.racprovider + - authentik_providers_rac.endpoint + - authentik_providers_rac.racpropertymapping type: string description: |- * `authentik_tenants.domain` - Domain @@ -34168,6 +35086,9 @@ components: * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License + * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping NameIdPolicyEnum: enum: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress @@ -35154,11 +36075,13 @@ components: - proxy - ldap - radius + - rac type: string description: |- * `proxy` - Proxy * `ldap` - Ldap * `radius` - Radius + * `rac` - Rac PaginatedApplicationList: type: object properties: @@ -35399,6 +36322,18 @@ components: required: - pagination - results + PaginatedEndpointList: + type: object + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + type: array + items: + $ref: '#/components/schemas/Endpoint' + required: + - pagination + - results PaginatedEventList: type: object properties: @@ -35867,6 +36802,30 @@ components: required: - pagination - results + PaginatedRACPropertyMappingList: + type: object + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + type: array + items: + $ref: '#/components/schemas/RACPropertyMapping' + required: + - pagination + - results + PaginatedRACProviderList: + type: object + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + type: array + items: + $ref: '#/components/schemas/RACProvider' + required: + - pagination + - results PaginatedRadiusOutpostConfigList: type: object properties: @@ -37137,6 +38096,28 @@ components: activate_user_on_success: type: boolean description: Activate users upon completion of stage. + PatchedEndpointRequest: + type: object + description: Endpoint Serializer + properties: + name: + type: string + minLength: 1 + provider: + type: integer + protocol: + $ref: '#/components/schemas/ProtocolEnum' + host: + type: string + minLength: 1 + settings: {} + property_mappings: + type: array + items: + type: string + format: uuid + auth_mode: + $ref: '#/components/schemas/AuthModeEnum' PatchedEventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer @@ -37245,6 +38226,7 @@ components: * `authentik.blueprints` - authentik Blueprints * `authentik.core` - authentik Core * `authentik.enterprise` - authentik Enterprise + * `authentik.enterprise.providers.rac` - authentik Enterprise.Providers.RAC model: allOf: - $ref: '#/components/schemas/ModelEnum' @@ -37327,6 +38309,9 @@ components: * `authentik_core.application` - Application * `authentik_core.token` - Token * `authentik_enterprise.license` - License + * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping PatchedEventRequest: type: object description: Event Serializer @@ -38453,6 +39438,55 @@ components: minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' + PatchedRACPropertyMappingRequest: + type: object + description: RACPropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects that are managed by authentik. These objects are created + and updated automatically. This flag only indicates that an object can + be overwritten by migrations. You can still modify the objects via the + API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + static_settings: + type: object + additionalProperties: {} + PatchedRACProviderRequest: + type: object + description: RACProvider Serializer + properties: + name: + type: string + minLength: 1 + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow used for authentication when the associated application + is accessed by an un-authenticated user. + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + settings: {} + connection_expiry: + type: string + minLength: 1 + description: 'Determines how long a session lasts. Default of 0 means that + the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' PatchedRadiusProviderRequest: type: object description: RadiusProvider Serializer @@ -39878,6 +40912,16 @@ components: required: - result - successful + ProtocolEnum: + enum: + - rdp + - vnc + - ssh + type: string + description: |- + * `rdp` - Rdp + * `vnc` - Vnc + * `ssh` - Ssh Provider: type: object description: Provider Serializer @@ -39960,6 +41004,7 @@ components: - authentik_providers_ldap.ldapprovider - authentik_providers_oauth2.oauth2provider - authentik_providers_proxy.proxyprovider + - authentik_providers_rac.racprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlprovider - authentik_providers_scim.scimprovider @@ -39968,6 +41013,7 @@ components: * `authentik_providers_ldap.ldapprovider` - authentik_providers_ldap.ldapprovider * `authentik_providers_oauth2.oauth2provider` - authentik_providers_oauth2.oauth2provider * `authentik_providers_proxy.proxyprovider` - authentik_providers_proxy.proxyprovider + * `authentik_providers_rac.racprovider` - authentik_providers_rac.racprovider * `authentik_providers_radius.radiusprovider` - authentik_providers_radius.radiusprovider * `authentik_providers_saml.samlprovider` - authentik_providers_saml.samlprovider * `authentik_providers_scim.scimprovider` - authentik_providers_scim.scimprovider @@ -40375,6 +41421,189 @@ components: - authorization_flow - external_host - name + RACPropertyMapping: + type: object + description: RACPropertyMapping Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pm uuid + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects that are managed by authentik. These objects are created + and updated automatically. This flag only indicates that an object can + be overwritten by migrations. You can still modify the objects via the + API, but expect changes to be overwritten in a later update. + name: + type: string + expression: + type: string + component: + type: string + description: Get object's component so that we know how to edit the object + readOnly: true + verbose_name: + type: string + description: Return object's verbose_name + readOnly: true + verbose_name_plural: + type: string + description: Return object's plural verbose_name + readOnly: true + meta_model_name: + type: string + description: Return internal model name + readOnly: true + static_settings: + type: object + additionalProperties: {} + required: + - component + - meta_model_name + - name + - pk + - static_settings + - verbose_name + - verbose_name_plural + RACPropertyMappingRequest: + type: object + description: RACPropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects that are managed by authentik. These objects are created + and updated automatically. This flag only indicates that an object can + be overwritten by migrations. You can still modify the objects via the + API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + static_settings: + type: object + additionalProperties: {} + required: + - name + - static_settings + RACProvider: + type: object + description: RACProvider Serializer + properties: + pk: + type: integer + readOnly: true + title: ID + name: + type: string + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow used for authentication when the associated application + is accessed by an un-authenticated user. + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + component: + type: string + description: Get object component so that we know how to edit the object + readOnly: true + assigned_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_application_name: + type: string + description: Application's display Name. + readOnly: true + assigned_backchannel_application_slug: + type: string + description: Internal application name, used in URLs. + readOnly: true + assigned_backchannel_application_name: + type: string + description: Application's display Name. + readOnly: true + verbose_name: + type: string + description: Return object's verbose_name + readOnly: true + verbose_name_plural: + type: string + description: Return object's plural verbose_name + readOnly: true + meta_model_name: + type: string + description: Return internal model name + readOnly: true + settings: {} + outpost_set: + type: array + items: + type: string + readOnly: true + connection_expiry: + type: string + description: 'Determines how long a session lasts. Default of 0 means that + the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' + required: + - assigned_application_name + - assigned_application_slug + - assigned_backchannel_application_name + - assigned_backchannel_application_slug + - authorization_flow + - component + - meta_model_name + - name + - outpost_set + - pk + - verbose_name + - verbose_name_plural + RACProviderRequest: + type: object + description: RACProvider Serializer + properties: + name: + type: string + minLength: 1 + authentication_flow: + type: string + format: uuid + nullable: true + description: Flow used for authentication when the associated application + is accessed by an un-authenticated user. + authorization_flow: + type: string + format: uuid + description: Flow used when authorizing this provider. + property_mappings: + type: array + items: + type: string + format: uuid + settings: {} + connection_expiry: + type: string + minLength: 1 + description: 'Determines how long a session lasts. Default of 0 means that + the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)' + required: + - authorization_flow + - name RadiusOutpostConfig: type: object description: RadiusProvider Serializer @@ -43614,6 +44843,7 @@ components: - $ref: '#/components/schemas/LDAPProviderRequest' - $ref: '#/components/schemas/OAuth2ProviderRequest' - $ref: '#/components/schemas/ProxyProviderRequest' + - $ref: '#/components/schemas/RACProviderRequest' - $ref: '#/components/schemas/RadiusProviderRequest' - $ref: '#/components/schemas/SAMLProviderRequest' - $ref: '#/components/schemas/SCIMProviderRequest' @@ -43623,6 +44853,7 @@ components: authentik_providers_ldap.ldapprovider: '#/components/schemas/LDAPProviderRequest' authentik_providers_oauth2.oauth2provider: '#/components/schemas/OAuth2ProviderRequest' authentik_providers_proxy.proxyprovider: '#/components/schemas/ProxyProviderRequest' + authentik_providers_rac.racprovider: '#/components/schemas/RACProviderRequest' authentik_providers_radius.radiusprovider: '#/components/schemas/RadiusProviderRequest' authentik_providers_saml.samlprovider: '#/components/schemas/SAMLProviderRequest' authentik_providers_scim.scimprovider: '#/components/schemas/SCIMProviderRequest' diff --git a/tests/e2e/test_provider_ldap.py b/tests/e2e/test_provider_ldap.py index 3d476a5ad..5b112d422 100644 --- a/tests/e2e/test_provider_ldap.py +++ b/tests/e2e/test_provider_ldap.py @@ -1,8 +1,6 @@ """LDAP and Outpost e2e tests""" from dataclasses import asdict -from sys import platform from time import sleep -from unittest.case import skipUnless from docker.client import DockerClient, from_env from docker.models.containers import Container @@ -14,13 +12,13 @@ from authentik.blueprints.tests import apply_blueprint, reconcile_app from authentik.core.models import Application, User from authentik.events.models import Event, EventAction from authentik.flows.models import Flow +from authentik.lib.generators import generate_id from authentik.outposts.apps import MANAGED_OUTPOST from authentik.outposts.models import Outpost, OutpostConfig, OutpostType from authentik.providers.ldap.models import APIAccessMode, LDAPProvider from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderLDAP(SeleniumTestCase): """LDAP and Outpost e2e tests""" @@ -37,7 +35,10 @@ class TestProviderLDAP(SeleniumTestCase): container = client.containers.run( image=self.get_container_image("ghcr.io/goauthentik/dev-ldap"), detach=True, - network_mode="host", + ports={ + "3389": "3389", + "6636": "6636", + }, environment={ "AUTHENTIK_HOST": self.live_server_url, "AUTHENTIK_TOKEN": outpost.token.key, @@ -51,15 +52,15 @@ class TestProviderLDAP(SeleniumTestCase): self.user.save() ldap: LDAPProvider = LDAPProvider.objects.create( - name="ldap_provider", + name=generate_id(), authorization_flow=Flow.objects.get(slug="default-authentication-flow"), search_group=self.user.ak_groups.first(), search_mode=APIAccessMode.CACHED, ) # we need to create an application to actually access the ldap - Application.objects.create(name="ldap", slug="ldap", provider=ldap) + Application.objects.create(name=generate_id(), slug=generate_id(), provider=ldap) outpost: Outpost = Outpost.objects.create( - name="ldap_outpost", + name=generate_id(), type=OutpostType.LDAP, _config=asdict(OutpostConfig(log_level="debug")), ) diff --git a/tests/e2e/test_provider_oauth2_github.py b/tests/e2e/test_provider_oauth2_github.py index 7df12137b..5e19dd146 100644 --- a/tests/e2e/test_provider_oauth2_github.py +++ b/tests/e2e/test_provider_oauth2_github.py @@ -1,8 +1,6 @@ """test OAuth Provider flow""" -from sys import platform from time import sleep from typing import Any, Optional -from unittest.case import skipUnless from docker.types import Healthcheck from selenium.webdriver.common.by import By @@ -18,7 +16,6 @@ from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderOAuth2Github(SeleniumTestCase): """test OAuth Provider flow""" @@ -32,7 +29,9 @@ class TestProviderOAuth2Github(SeleniumTestCase): return { "image": "grafana/grafana:7.1.0", "detach": True, - "network_mode": "host", + "ports": { + "3000": "3000", + }, "auto_remove": True, "healthcheck": Healthcheck( test=["CMD", "wget", "--spider", "http://localhost:3000"], diff --git a/tests/e2e/test_provider_oauth2_grafana.py b/tests/e2e/test_provider_oauth2_grafana.py index fdb75e1b9..2538fae70 100644 --- a/tests/e2e/test_provider_oauth2_grafana.py +++ b/tests/e2e/test_provider_oauth2_grafana.py @@ -1,8 +1,6 @@ """test OAuth2 OpenID Provider flow""" -from sys import platform from time import sleep from typing import Any, Optional -from unittest.case import skipUnless from docker.types import Healthcheck from selenium.webdriver.common.by import By @@ -24,7 +22,6 @@ from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, Scope from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderOAuth2OAuth(SeleniumTestCase): """test OAuth with OAuth Provider flow""" @@ -38,13 +35,15 @@ class TestProviderOAuth2OAuth(SeleniumTestCase): return { "image": "grafana/grafana:7.1.0", "detach": True, - "network_mode": "host", "auto_remove": True, "healthcheck": Healthcheck( test=["CMD", "wget", "--spider", "http://localhost:3000"], interval=5 * 1_000 * 1_000_000, start_period=1 * 1_000 * 1_000_000, ), + "ports": { + "3000": "3000", + }, "environment": { "GF_AUTH_GENERIC_OAUTH_ENABLED": "true", "GF_AUTH_GENERIC_OAUTH_CLIENT_ID": self.client_id, diff --git a/tests/e2e/test_provider_oidc.py b/tests/e2e/test_provider_oidc.py index 23cbd1412..3180f9534 100644 --- a/tests/e2e/test_provider_oidc.py +++ b/tests/e2e/test_provider_oidc.py @@ -1,8 +1,6 @@ """test OAuth2 OpenID Provider flow""" from json import loads -from sys import platform from time import sleep -from unittest.case import skipUnless from docker import DockerClient, from_env from docker.models.containers import Container @@ -25,7 +23,6 @@ from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, Scope from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderOAuth2OIDC(SeleniumTestCase): """test OAuth with OpenID Provider flow""" @@ -36,13 +33,15 @@ class TestProviderOAuth2OIDC(SeleniumTestCase): super().setUp() def setup_client(self) -> Container: - """Setup client saml-sp container which we test SAML against""" + """Setup client oidc-test-client container which we test OIDC against""" sleep(1) client: DockerClient = from_env() container = client.containers.run( image="ghcr.io/beryju/oidc-test-client:1.3", detach=True, - network_mode="host", + ports={ + "9009": "9009", + }, environment={ "OIDC_CLIENT_ID": self.client_id, "OIDC_CLIENT_SECRET": self.client_secret, diff --git a/tests/e2e/test_provider_oidc_implicit.py b/tests/e2e/test_provider_oidc_implicit.py index e952d4e18..c5d9d37d0 100644 --- a/tests/e2e/test_provider_oidc_implicit.py +++ b/tests/e2e/test_provider_oidc_implicit.py @@ -1,8 +1,6 @@ """test OAuth2 OpenID Provider flow""" from json import loads -from sys import platform from time import sleep -from unittest.case import skipUnless from docker import DockerClient, from_env from docker.models.containers import Container @@ -25,7 +23,6 @@ from authentik.providers.oauth2.models import ClientTypes, OAuth2Provider, Scope from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderOAuth2OIDCImplicit(SeleniumTestCase): """test OAuth with OpenID Provider flow""" @@ -36,13 +33,15 @@ class TestProviderOAuth2OIDCImplicit(SeleniumTestCase): super().setUp() def setup_client(self) -> Container: - """Setup client saml-sp container which we test SAML against""" + """Setup client oidc-test-client container which we test OIDC against""" sleep(1) client: DockerClient = from_env() container = client.containers.run( image="ghcr.io/beryju/oidc-test-client:1.3", detach=True, - network_mode="host", + ports={ + "9009": "9009", + }, environment={ "OIDC_CLIENT_ID": self.client_id, "OIDC_CLIENT_SECRET": self.client_secret, diff --git a/tests/e2e/test_provider_proxy.py b/tests/e2e/test_provider_proxy.py index c8484c205..e91e80666 100644 --- a/tests/e2e/test_provider_proxy.py +++ b/tests/e2e/test_provider_proxy.py @@ -21,7 +21,6 @@ from authentik.providers.proxy.models import ProxyProvider from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderProxy(SeleniumTestCase): """Proxy and Outpost e2e tests""" @@ -36,7 +35,9 @@ class TestProviderProxy(SeleniumTestCase): return { "image": "traefik/whoami:latest", "detach": True, - "network_mode": "host", + "ports": { + "80": "80", + }, "auto_remove": True, } @@ -46,7 +47,9 @@ class TestProviderProxy(SeleniumTestCase): container = client.containers.run( image=self.get_container_image("ghcr.io/goauthentik/dev-proxy"), detach=True, - network_mode="host", + ports={ + "9000": "9000", + }, environment={ "AUTHENTIK_HOST": self.live_server_url, "AUTHENTIK_TOKEN": outpost.token.key, @@ -78,7 +81,7 @@ class TestProviderProxy(SeleniumTestCase): authorization_flow=Flow.objects.get( slug="default-provider-authorization-implicit-consent" ), - internal_host="http://localhost", + internal_host=f"http://{self.host}", external_host="http://localhost:9000", ) # Ensure OAuth2 Params are set @@ -145,7 +148,7 @@ class TestProviderProxy(SeleniumTestCase): authorization_flow=Flow.objects.get( slug="default-provider-authorization-implicit-consent" ), - internal_host="http://localhost", + internal_host=f"http://{self.host}", external_host="http://localhost:9000", basic_auth_enabled=True, basic_auth_user_attribute="basic-username", diff --git a/tests/e2e/test_provider_radius.py b/tests/e2e/test_provider_radius.py index e711e5103..b4856e034 100644 --- a/tests/e2e/test_provider_radius.py +++ b/tests/e2e/test_provider_radius.py @@ -1,8 +1,6 @@ """Radius e2e tests""" from dataclasses import asdict -from sys import platform from time import sleep -from unittest.case import skipUnless from docker.client import DockerClient, from_env from docker.models.containers import Container @@ -19,7 +17,6 @@ from authentik.providers.radius.models import RadiusProvider from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderRadius(SeleniumTestCase): """Radius Outpost e2e tests""" @@ -40,7 +37,7 @@ class TestProviderRadius(SeleniumTestCase): container = client.containers.run( image=self.get_container_image("ghcr.io/goauthentik/dev-radius"), detach=True, - network_mode="host", + ports={"1812/udp": "1812/udp"}, environment={ "AUTHENTIK_HOST": self.live_server_url, "AUTHENTIK_TOKEN": outpost.token.key, diff --git a/tests/e2e/test_provider_saml.py b/tests/e2e/test_provider_saml.py index 9252ab0c0..eefb2c45e 100644 --- a/tests/e2e/test_provider_saml.py +++ b/tests/e2e/test_provider_saml.py @@ -1,8 +1,6 @@ """test SAML Provider flow""" from json import loads -from sys import platform from time import sleep -from unittest.case import skipUnless from docker import DockerClient, from_env from docker.models.containers import Container @@ -20,7 +18,6 @@ from authentik.sources.saml.processors.constants import SAML_BINDING_POST from tests.e2e.utils import SeleniumTestCase, retry -@skipUnless(platform.startswith("linux"), "requires local docker") class TestProviderSAML(SeleniumTestCase): """test SAML Provider flow""" @@ -41,7 +38,9 @@ class TestProviderSAML(SeleniumTestCase): container = client.containers.run( image="ghcr.io/beryju/saml-test-sp:1.1", detach=True, - network_mode="host", + ports={ + "9009": "9009", + }, environment={ "SP_ENTITY_ID": provider.issuer, "SP_SSO_BINDING": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", diff --git a/tests/e2e/test_source_oauth_oauth1.py b/tests/e2e/test_source_oauth_oauth1.py new file mode 100644 index 000000000..97152321f --- /dev/null +++ b/tests/e2e/test_source_oauth_oauth1.py @@ -0,0 +1,141 @@ +"""test OAuth Source""" +from time import sleep +from typing import Any, Optional + +from selenium.webdriver.common.by import By +from selenium.webdriver.common.keys import Keys +from selenium.webdriver.support import expected_conditions as ec +from selenium.webdriver.support.wait import WebDriverWait + +from authentik.blueprints.tests import apply_blueprint +from authentik.core.models import User +from authentik.flows.models import Flow +from authentik.lib.generators import generate_id, generate_key +from authentik.sources.oauth.models import OAuthSource +from authentik.sources.oauth.types.registry import SourceType, registry +from authentik.sources.oauth.views.callback import OAuthCallback +from authentik.stages.identification.models import IdentificationStage +from tests.e2e.utils import SeleniumTestCase, retry + + +class OAuth1Callback(OAuthCallback): + """OAuth1 Callback with custom getters""" + + def get_user_id(self, info: dict[str, str]) -> str: + return info.get("id") + + def get_user_enroll_context( + self, + info: dict[str, Any], + ) -> dict[str, Any]: + return { + "username": info.get("screen_name"), + "email": info.get("email"), + "name": info.get("name"), + } + + +@registry.register() +class OAUth1Type(SourceType): + """OAuth1 Type definition""" + + callback_view = OAuth1Callback + verbose_name = "OAuth1" + name = "oauth1" + + request_token_url = "http://localhost:5001/oauth/request_token" # nosec + access_token_url = "http://localhost:5001/oauth/access_token" # nosec + authorization_url = "http://localhost:5001/oauth/authorize" + profile_url = "http://localhost:5001/api/me" + urls_customizable = False + + +class TestSourceOAuth1(SeleniumTestCase): + """Test OAuth1 Source""" + + def setUp(self) -> None: + self.client_id = generate_id() + self.client_secret = generate_key() + self.source_slug = generate_id() + super().setUp() + + def get_container_specs(self) -> Optional[dict[str, Any]]: + return { + "image": "ghcr.io/beryju/oauth1-test-server:v1.1", + "detach": True, + "ports": {"5000": "5001"}, + "auto_remove": True, + "environment": { + "OAUTH1_CLIENT_ID": self.client_id, + "OAUTH1_CLIENT_SECRET": self.client_secret, + "OAUTH1_REDIRECT_URI": self.url( + "authentik_sources_oauth:oauth-client-callback", + source_slug=self.source_slug, + ), + }, + } + + def create_objects(self): + """Create required objects""" + # Bootstrap all needed objects + authentication_flow = Flow.objects.get(slug="default-source-authentication") + enrollment_flow = Flow.objects.get(slug="default-source-enrollment") + + source = OAuthSource.objects.create( # nosec + name=generate_id(), + slug=self.source_slug, + authentication_flow=authentication_flow, + enrollment_flow=enrollment_flow, + provider_type="oauth1", + consumer_key=self.client_id, + consumer_secret=self.client_secret, + ) + ident_stage = IdentificationStage.objects.first() + ident_stage.sources.set([source]) + ident_stage.save() + + @retry() + @apply_blueprint( + "default/flow-default-authentication-flow.yaml", + "default/flow-default-invalidation-flow.yaml", + ) + @apply_blueprint( + "default/flow-default-source-authentication.yaml", + "default/flow-default-source-enrollment.yaml", + "default/flow-default-source-pre-authentication.yaml", + ) + def test_oauth_enroll(self): + """test OAuth Source With With OIDC""" + self.create_objects() + self.driver.get(self.live_server_url) + + flow_executor = self.get_shadow_root("ak-flow-executor") + identification_stage = self.get_shadow_root("ak-stage-identification", flow_executor) + wait = WebDriverWait(identification_stage, self.wait_timeout) + + wait.until( + ec.presence_of_element_located( + (By.CSS_SELECTOR, ".pf-c-login__main-footer-links-item > button") + ) + ) + identification_stage.find_element( + By.CSS_SELECTOR, ".pf-c-login__main-footer-links-item > button" + ).click() + + # Now we should be at the IDP, wait for the login field + self.wait.until(ec.presence_of_element_located((By.NAME, "username"))) + self.driver.find_element(By.NAME, "username").send_keys("example-user") + self.driver.find_element(By.NAME, "username").send_keys(Keys.ENTER) + sleep(2) + + # Wait until we're logged in + self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "[name='confirm']"))) + self.driver.find_element(By.CSS_SELECTOR, "[name='confirm']").click() + + # Wait until we've loaded the user info page + sleep(2) + # Wait until we've logged in + self.wait_for_url(self.if_user_url("/library")) + self.driver.get(self.if_user_url("/settings")) + + self.assert_user(User(username="example-user", name="test name", email="foo@example.com")) diff --git a/tests/e2e/test_source_oauth.py b/tests/e2e/test_source_oauth_oauth2.py similarity index 62% rename from tests/e2e/test_source_oauth.py rename to tests/e2e/test_source_oauth_oauth2.py index c7f0fd881..17a26279e 100644 --- a/tests/e2e/test_source_oauth.py +++ b/tests/e2e/test_source_oauth_oauth2.py @@ -1,9 +1,7 @@ """test OAuth Source""" from pathlib import Path -from sys import platform from time import sleep from typing import Any, Optional -from unittest.case import skipUnless from docker.models.containers import Container from docker.types import Healthcheck @@ -18,47 +16,12 @@ from authentik.core.models import User from authentik.flows.models import Flow from authentik.lib.generators import generate_id, generate_key from authentik.sources.oauth.models import OAuthSource -from authentik.sources.oauth.types.registry import SourceType, registry -from authentik.sources.oauth.views.callback import OAuthCallback from authentik.stages.identification.models import IdentificationStage from tests.e2e.utils import SeleniumTestCase, retry CONFIG_PATH = "/tmp/dex.yml" # nosec -class OAuth1Callback(OAuthCallback): - """OAuth1 Callback with custom getters""" - - def get_user_id(self, info: dict[str, str]) -> str: - return info.get("id") - - def get_user_enroll_context( - self, - info: dict[str, Any], - ) -> dict[str, Any]: - return { - "username": info.get("screen_name"), - "email": info.get("email"), - "name": info.get("name"), - } - - -@registry.register() -class OAUth1Type(SourceType): - """OAuth1 Type definition""" - - callback_view = OAuth1Callback - name = "OAuth1" - slug = "oauth1" - - request_token_url = "http://localhost:5000/oauth/request_token" # nosec - access_token_url = "http://localhost:5000/oauth/access_token" # nosec - authorization_url = "http://localhost:5000/oauth/authorize" - profile_url = "http://localhost:5000/api/me" - urls_customizable = False - - -@skipUnless(platform.startswith("linux"), "requires local docker") class TestSourceOAuth2(SeleniumTestCase): """test OAuth Source flow""" @@ -66,6 +29,7 @@ class TestSourceOAuth2(SeleniumTestCase): def setUp(self): self.client_secret = generate_key() + self.slug = generate_id() self.prepare_dex_config() super().setUp() @@ -83,7 +47,7 @@ class TestSourceOAuth2(SeleniumTestCase): "redirectURIs": [ self.url( "authentik_sources_oauth:oauth-client-callback", - source_slug="dex", + source_slug=self.slug, ) ], "secret": self.client_secret, @@ -108,7 +72,7 @@ class TestSourceOAuth2(SeleniumTestCase): return { "image": "ghcr.io/dexidp/dex:v2.28.1", "detach": True, - "network_mode": "host", + "ports": {"5556": "5556"}, "auto_remove": True, "command": "dex serve /config.yml", "healthcheck": Healthcheck( @@ -126,8 +90,8 @@ class TestSourceOAuth2(SeleniumTestCase): enrollment_flow = Flow.objects.get(slug="default-source-enrollment") source = OAuthSource.objects.create( # nosec - name="dex", - slug="dex", + name=generate_id(), + slug=self.slug, authentication_flow=authentication_flow, enrollment_flow=enrollment_flow, provider_type="openidconnect", @@ -229,95 +193,3 @@ class TestSourceOAuth2(SeleniumTestCase): self.driver.get(self.if_user_url("/settings")) self.assert_user(User(username="foo", name="admin", email="admin@example.com")) - - -@skipUnless(platform.startswith("linux"), "requires local docker") -class TestSourceOAuth1(SeleniumTestCase): - """Test OAuth1 Source""" - - def setUp(self) -> None: - self.client_id = generate_id() - self.client_secret = generate_key() - self.source_slug = "oauth1-test" - super().setUp() - - def get_container_specs(self) -> Optional[dict[str, Any]]: - return { - "image": "ghcr.io/beryju/oauth1-test-server:v1.1", - "detach": True, - "network_mode": "host", - "auto_remove": True, - "environment": { - "OAUTH1_CLIENT_ID": self.client_id, - "OAUTH1_CLIENT_SECRET": self.client_secret, - "OAUTH1_REDIRECT_URI": self.url( - "authentik_sources_oauth:oauth-client-callback", - source_slug=self.source_slug, - ), - }, - } - - def create_objects(self): - """Create required objects""" - # Bootstrap all needed objects - authentication_flow = Flow.objects.get(slug="default-source-authentication") - enrollment_flow = Flow.objects.get(slug="default-source-enrollment") - - source = OAuthSource.objects.create( # nosec - name="oauth1", - slug=self.source_slug, - authentication_flow=authentication_flow, - enrollment_flow=enrollment_flow, - provider_type="oauth1", - consumer_key=self.client_id, - consumer_secret=self.client_secret, - ) - ident_stage = IdentificationStage.objects.first() - ident_stage.sources.set([source]) - ident_stage.save() - - @retry() - @apply_blueprint( - "default/flow-default-authentication-flow.yaml", - "default/flow-default-invalidation-flow.yaml", - ) - @apply_blueprint( - "default/flow-default-source-authentication.yaml", - "default/flow-default-source-enrollment.yaml", - "default/flow-default-source-pre-authentication.yaml", - ) - def test_oauth_enroll(self): - """test OAuth Source With With OIDC""" - self.create_objects() - self.driver.get(self.live_server_url) - - flow_executor = self.get_shadow_root("ak-flow-executor") - identification_stage = self.get_shadow_root("ak-stage-identification", flow_executor) - wait = WebDriverWait(identification_stage, self.wait_timeout) - - wait.until( - ec.presence_of_element_located( - (By.CSS_SELECTOR, ".pf-c-login__main-footer-links-item > button") - ) - ) - identification_stage.find_element( - By.CSS_SELECTOR, ".pf-c-login__main-footer-links-item > button" - ).click() - - # Now we should be at the IDP, wait for the login field - self.wait.until(ec.presence_of_element_located((By.NAME, "username"))) - self.driver.find_element(By.NAME, "username").send_keys("example-user") - self.driver.find_element(By.NAME, "username").send_keys(Keys.ENTER) - sleep(2) - - # Wait until we're logged in - self.wait.until(ec.presence_of_element_located((By.CSS_SELECTOR, "[name='confirm']"))) - self.driver.find_element(By.CSS_SELECTOR, "[name='confirm']").click() - - # Wait until we've loaded the user info page - sleep(2) - # Wait until we've logged in - self.wait_for_url(self.if_user_url("/library")) - self.driver.get(self.if_user_url("/settings")) - - self.assert_user(User(username="example-user", name="test name", email="foo@example.com")) diff --git a/tests/e2e/test_source_saml.py b/tests/e2e/test_source_saml.py index 0921335b7..2051b56a1 100644 --- a/tests/e2e/test_source_saml.py +++ b/tests/e2e/test_source_saml.py @@ -1,8 +1,6 @@ """test SAML Source""" -from sys import platform from time import sleep from typing import Any, Optional -from unittest.case import skipUnless from docker.types import Healthcheck from guardian.utils import get_anonymous_user @@ -15,6 +13,7 @@ from authentik.blueprints.tests import apply_blueprint from authentik.core.models import User from authentik.crypto.models import CertificateKeyPair from authentik.flows.models import Flow +from authentik.lib.generators import generate_id from authentik.sources.saml.models import SAMLBindingTypes, SAMLSource from authentik.stages.identification.models import IdentificationStage from tests.e2e.utils import SeleniumTestCase, retry @@ -71,15 +70,18 @@ Sm75WXsflOxuTn08LbgGc4s= -----END PRIVATE KEY-----""" -@skipUnless(platform.startswith("linux"), "requires local docker") class TestSourceSAML(SeleniumTestCase): """test SAML Source flow""" + def setUp(self): + self.slug = generate_id() + super().setUp() + def get_container_specs(self) -> Optional[dict[str, Any]]: return { "image": "kristophjunge/test-saml-idp:1.15", "detach": True, - "network_mode": "host", + "ports": {"8080": "8080"}, "auto_remove": True, "healthcheck": Healthcheck( test=["CMD", "curl", "http://localhost:8080"], @@ -89,7 +91,7 @@ class TestSourceSAML(SeleniumTestCase): "environment": { "SIMPLESAMLPHP_SP_ENTITY_ID": "entity-id", "SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE": ( - f"{self.live_server_url}/source/saml/saml-idp-test/acs/" + self.url("authentik_sources_saml:acs", source_slug=self.slug) ), }, } @@ -111,19 +113,19 @@ class TestSourceSAML(SeleniumTestCase): enrollment_flow = Flow.objects.get(slug="default-source-enrollment") pre_authentication_flow = Flow.objects.get(slug="default-source-pre-authentication") keypair = CertificateKeyPair.objects.create( - name="test-idp-cert", + name=generate_id(), certificate_data=IDP_CERT, key_data=IDP_KEY, ) source = SAMLSource.objects.create( - name="saml-idp-test", - slug="saml-idp-test", + name=generate_id(), + slug=self.slug, authentication_flow=authentication_flow, enrollment_flow=enrollment_flow, pre_authentication_flow=pre_authentication_flow, issuer="entity-id", - sso_url="http://localhost:8080/simplesaml/saml2/idp/SSOService.php", + sso_url=f"http://{self.host}:8080/simplesaml/saml2/idp/SSOService.php", binding_type=SAMLBindingTypes.REDIRECT, signing_kp=keypair, ) @@ -181,19 +183,19 @@ class TestSourceSAML(SeleniumTestCase): enrollment_flow = Flow.objects.get(slug="default-source-enrollment") pre_authentication_flow = Flow.objects.get(slug="default-source-pre-authentication") keypair = CertificateKeyPair.objects.create( - name="test-idp-cert", + name=generate_id(), certificate_data=IDP_CERT, key_data=IDP_KEY, ) source = SAMLSource.objects.create( - name="saml-idp-test", - slug="saml-idp-test", + name=generate_id(), + slug=self.slug, authentication_flow=authentication_flow, enrollment_flow=enrollment_flow, pre_authentication_flow=pre_authentication_flow, issuer="entity-id", - sso_url="http://localhost:8080/simplesaml/saml2/idp/SSOService.php", + sso_url=f"http://{self.host}:8080/simplesaml/saml2/idp/SSOService.php", binding_type=SAMLBindingTypes.POST, signing_kp=keypair, ) @@ -264,19 +266,19 @@ class TestSourceSAML(SeleniumTestCase): enrollment_flow = Flow.objects.get(slug="default-source-enrollment") pre_authentication_flow = Flow.objects.get(slug="default-source-pre-authentication") keypair = CertificateKeyPair.objects.create( - name="test-idp-cert", + name=generate_id(), certificate_data=IDP_CERT, key_data=IDP_KEY, ) source = SAMLSource.objects.create( - name="saml-idp-test", - slug="saml-idp-test", + name=generate_id(), + slug=self.slug, authentication_flow=authentication_flow, enrollment_flow=enrollment_flow, pre_authentication_flow=pre_authentication_flow, issuer="entity-id", - sso_url="http://localhost:8080/simplesaml/saml2/idp/SSOService.php", + sso_url=f"http://{self.host}:8080/simplesaml/saml2/idp/SSOService.php", binding_type=SAMLBindingTypes.POST_AUTO, signing_kp=keypair, ) diff --git a/tests/e2e/utils.py b/tests/e2e/utils.py index 567611116..273c379d9 100644 --- a/tests/e2e/utils.py +++ b/tests/e2e/utils.py @@ -1,6 +1,7 @@ """authentik e2e testing utilities""" import json import os +import socket from functools import lru_cache, wraps from os import environ from sys import stderr @@ -44,6 +45,13 @@ def get_docker_tag() -> str: return f"gh-{branch_name}" +def get_local_ip() -> str: + """Get the local machine's IP""" + hostname = socket.gethostname() + ip_addr = socket.gethostbyname(hostname) + return ip_addr + + class DockerTestCase: """Mixin for dealing with containers""" @@ -64,6 +72,7 @@ class DockerTestCase: class SeleniumTestCase(DockerTestCase, StaticLiveServerTestCase): """StaticLiveServerTestCase which automatically creates a Webdriver instance""" + host = get_local_ip() container: Optional[Container] = None wait_timeout: int user: User diff --git a/tests/wdio/package-lock.json b/tests/wdio/package-lock.json index c9ce79620..3d56efbe1 100644 --- a/tests/wdio/package-lock.json +++ b/tests/wdio/package-lock.json @@ -7,9 +7,9 @@ "name": "@goauthentik/web-tests", "devDependencies": { "@trivago/prettier-plugin-sort-imports": "^4.3.0", - "@typescript-eslint/eslint-plugin": "^6.16.0", - "@typescript-eslint/parser": "^6.16.0", - "@wdio/cli": "^8.27.0", + "@typescript-eslint/eslint-plugin": "^6.17.0", + "@typescript-eslint/parser": "^6.17.0", + "@wdio/cli": "^8.27.1", "@wdio/local-runner": "^8.27.0", "@wdio/mocha-framework": "^8.27.0", "@wdio/spec-reporter": "^8.27.0", @@ -946,16 +946,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.16.0.tgz", - "integrity": "sha512-O5f7Kv5o4dLWQtPX4ywPPa+v9G+1q1x8mz0Kr0pXUtKsevo+gIJHLkGc8RxaZWtP8RrhwhSNIWThnW42K9/0rQ==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.17.0.tgz", + "integrity": "sha512-Vih/4xLXmY7V490dGwBQJTpIZxH4ZFH6eCVmQ4RFkB+wmaCTDAx4dtgoWwMNGKLkqRY1L6rPqzEbjorRnDo4rQ==", "dev": true, "dependencies": { "@eslint-community/regexpp": "^4.5.1", - "@typescript-eslint/scope-manager": "6.16.0", - "@typescript-eslint/type-utils": "6.16.0", - "@typescript-eslint/utils": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0", + "@typescript-eslint/scope-manager": "6.17.0", + "@typescript-eslint/type-utils": "6.17.0", + "@typescript-eslint/utils": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0", "debug": "^4.3.4", "graphemer": "^1.4.0", "ignore": "^5.2.4", @@ -981,15 +981,15 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.16.0.tgz", - "integrity": "sha512-H2GM3eUo12HpKZU9njig3DF5zJ58ja6ahj1GoHEHOgQvYxzoFJJEvC1MQ7T2l9Ha+69ZSOn7RTxOdpC/y3ikMw==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.17.0.tgz", + "integrity": "sha512-C4bBaX2orvhK+LlwrY8oWGmSl4WolCfYm513gEccdWZj0CwGadbIADb0FtVEcI+WzUyjyoBj2JRP8g25E6IB8A==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "6.16.0", - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/typescript-estree": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0", + "@typescript-eslint/scope-manager": "6.17.0", + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/typescript-estree": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0", "debug": "^4.3.4" }, "engines": { @@ -1009,13 +1009,13 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.16.0.tgz", - "integrity": "sha512-0N7Y9DSPdaBQ3sqSCwlrm9zJwkpOuc6HYm7LpzLAPqBL7dmzAUimr4M29dMkOP/tEwvOCC/Cxo//yOfJD3HUiw==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.17.0.tgz", + "integrity": "sha512-RX7a8lwgOi7am0k17NUO0+ZmMOX4PpjLtLRgLmT1d3lBYdWH4ssBUbwdmc5pdRX8rXon8v9x8vaoOSpkHfcXGA==", "dev": true, "dependencies": { - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0" + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0" }, "engines": { "node": "^16.0.0 || >=18.0.0" @@ -1026,13 +1026,13 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.16.0.tgz", - "integrity": "sha512-ThmrEOcARmOnoyQfYkHw/DX2SEYBalVECmoldVuH6qagKROp/jMnfXpAU/pAIWub9c4YTxga+XwgAkoA0pxfmg==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.17.0.tgz", + "integrity": "sha512-hDXcWmnbtn4P2B37ka3nil3yi3VCQO2QEB9gBiHJmQp5wmyQWqnjA85+ZcE8c4FqnaB6lBwMrPkgd4aBYz3iNg==", "dev": true, "dependencies": { - "@typescript-eslint/typescript-estree": "6.16.0", - "@typescript-eslint/utils": "6.16.0", + "@typescript-eslint/typescript-estree": "6.17.0", + "@typescript-eslint/utils": "6.17.0", "debug": "^4.3.4", "ts-api-utils": "^1.0.1" }, @@ -1053,9 +1053,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.16.0.tgz", - "integrity": "sha512-hvDFpLEvTJoHutVl87+MG/c5C8I6LOgEx05zExTSJDEVU7hhR3jhV8M5zuggbdFCw98+HhZWPHZeKS97kS3JoQ==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.17.0.tgz", + "integrity": "sha512-qRKs9tvc3a4RBcL/9PXtKSehI/q8wuU9xYJxe97WFxnzH8NWWtcW3ffNS+EWg8uPvIerhjsEZ+rHtDqOCiH57A==", "dev": true, "engines": { "node": "^16.0.0 || >=18.0.0" @@ -1066,13 +1066,13 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.16.0.tgz", - "integrity": "sha512-VTWZuixh/vr7nih6CfrdpmFNLEnoVBF1skfjdyGnNwXOH1SLeHItGdZDHhhAIzd3ACazyY2Fg76zuzOVTaknGA==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.17.0.tgz", + "integrity": "sha512-gVQe+SLdNPfjlJn5VNGhlOhrXz4cajwFd5kAgWtZ9dCZf4XJf8xmgCTLIqec7aha3JwgLI2CK6GY1043FRxZwg==", "dev": true, "dependencies": { - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0", + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0", "debug": "^4.3.4", "globby": "^11.1.0", "is-glob": "^4.0.3", @@ -1118,17 +1118,17 @@ } }, "node_modules/@typescript-eslint/utils": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.16.0.tgz", - "integrity": "sha512-T83QPKrBm6n//q9mv7oiSvy/Xq/7Hyw9SzSEhMHJwznEmQayfBM87+oAlkNAMEO7/MjIwKyOHgBJbxB0s7gx2A==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.17.0.tgz", + "integrity": "sha512-LofsSPjN/ITNkzV47hxas2JCsNCEnGhVvocfyOcLzT9c/tSZE7SfhS/iWtzP1lKNOEfLhRTZz6xqI8N2RzweSQ==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", "@types/json-schema": "^7.0.12", "@types/semver": "^7.5.0", - "@typescript-eslint/scope-manager": "6.16.0", - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/typescript-estree": "6.16.0", + "@typescript-eslint/scope-manager": "6.17.0", + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/typescript-estree": "6.17.0", "semver": "^7.5.4" }, "engines": { @@ -1143,12 +1143,12 @@ } }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.16.0.tgz", - "integrity": "sha512-QSFQLruk7fhs91a/Ep/LqRdbJCZ1Rq03rqBdKT5Ky17Sz8zRLUksqIe9DW0pKtg/Z35/ztbLQ6qpOCN6rOC11A==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.17.0.tgz", + "integrity": "sha512-H6VwB/k3IuIeQOyYczyyKN8wH6ed8EwliaYHLxOIhyF0dYEIsN8+Bk3GE19qafeMKyZJJHP8+O1HiFhFLUNKSg==", "dev": true, "dependencies": { - "@typescript-eslint/types": "6.16.0", + "@typescript-eslint/types": "6.17.0", "eslint-visitor-keys": "^3.4.1" }, "engines": { @@ -1166,9 +1166,9 @@ "dev": true }, "node_modules/@wdio/cli": { - "version": "8.27.0", - "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.27.0.tgz", - "integrity": "sha512-wdNYNvu52XxOqNHqDMGAtexBz+MM0RE2Z5U5ljyllbP3ed5vcvvK9vswURtI4cFGoqobVeoC7wif3VeD3aN+aQ==", + "version": "8.27.1", + "resolved": "https://registry.npmjs.org/@wdio/cli/-/cli-8.27.1.tgz", + "integrity": "sha512-RY9o4h0iN6UGpU31X5c9mu/TK2FlHtKtDaRJYunm5ycZvGahQcN+naYpea1ftDr4IpI2gGGlHxvEeHkJF7urDQ==", "dev": true, "dependencies": { "@types/node": "^20.1.1", diff --git a/tests/wdio/package.json b/tests/wdio/package.json index eeb0c124e..768dabac3 100644 --- a/tests/wdio/package.json +++ b/tests/wdio/package.json @@ -4,9 +4,9 @@ "type": "module", "devDependencies": { "@trivago/prettier-plugin-sort-imports": "^4.3.0", - "@typescript-eslint/eslint-plugin": "^6.16.0", - "@typescript-eslint/parser": "^6.16.0", - "@wdio/cli": "^8.27.0", + "@typescript-eslint/eslint-plugin": "^6.17.0", + "@typescript-eslint/parser": "^6.17.0", + "@wdio/cli": "^8.27.1", "@wdio/local-runner": "^8.27.0", "@wdio/mocha-framework": "^8.27.0", "@wdio/spec-reporter": "^8.27.0", diff --git a/web/package-lock.json b/web/package-lock.json index 8caa84294..d6305b661 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -17,7 +17,7 @@ "@codemirror/theme-one-dark": "^6.1.2", "@formatjs/intl-listformat": "^7.5.3", "@fortawesome/fontawesome-free": "^6.5.1", - "@goauthentik/api": "^2023.10.5-1703290840", + "@goauthentik/api": "^2023.10.5-1703968412", "@lit-labs/context": "^0.4.0", "@lit-labs/task": "^3.1.0", "@lit/localize": "^0.11.4", @@ -32,9 +32,10 @@ "chartjs-adapter-moment": "^1.0.1", "codemirror": "^6.0.1", "construct-style-sheets-polyfill": "^3.1.0", - "core-js": "^3.34.0", + "core-js": "^3.35.0", "country-flag-icons": "^1.5.9", "fuse.js": "^7.0.0", + "guacamole-common-js": "^1.5.0", "lit": "^2.8.0", "mermaid": "^10.6.1", "rapidoc": "^9.3.4", @@ -43,13 +44,13 @@ "yaml": "^2.3.4" }, "devDependencies": { - "@babel/core": "^7.23.6", + "@babel/core": "^7.23.7", "@babel/plugin-proposal-class-properties": "^7.18.6", - "@babel/plugin-proposal-decorators": "^7.23.6", + "@babel/plugin-proposal-decorators": "^7.23.7", "@babel/plugin-transform-private-methods": "^7.23.3", "@babel/plugin-transform-private-property-in-object": "^7.23.4", - "@babel/plugin-transform-runtime": "^7.23.6", - "@babel/preset-env": "^7.23.6", + "@babel/plugin-transform-runtime": "^7.23.7", + "@babel/preset-env": "^7.23.7", "@babel/preset-typescript": "^7.23.3", "@hcaptcha/types": "^1.0.3", "@jackfranklin/rollup-plugin-markdown": "^0.4.0", @@ -61,19 +62,20 @@ "@rollup/plugin-replace": "^5.0.5", "@rollup/plugin-terser": "^0.4.4", "@rollup/plugin-typescript": "^11.1.5", - "@storybook/addon-essentials": "^7.6.6", - "@storybook/addon-links": "^7.6.6", - "@storybook/api": "^7.6.6", + "@storybook/addon-essentials": "^7.6.7", + "@storybook/addon-links": "^7.6.7", + "@storybook/api": "^7.6.7", "@storybook/blocks": "^7.6.4", - "@storybook/manager-api": "^7.6.6", - "@storybook/web-components": "^7.6.6", - "@storybook/web-components-vite": "^7.6.6", + "@storybook/manager-api": "^7.6.7", + "@storybook/web-components": "^7.6.7", + "@storybook/web-components-vite": "^7.6.7", "@trivago/prettier-plugin-sort-imports": "^4.3.0", "@types/chart.js": "^2.9.41", "@types/codemirror": "5.60.15", "@types/grecaptcha": "^3.0.7", - "@typescript-eslint/eslint-plugin": "^6.16.0", - "@typescript-eslint/parser": "^6.16.0", + "@types/guacamole-common-js": "1.5.2", + "@typescript-eslint/eslint-plugin": "^6.17.0", + "@typescript-eslint/parser": "^6.17.0", "babel-plugin-macros": "^3.1.0", "babel-plugin-tsconfig-paths": "^1.0.3", "cross-env": "^7.0.3", @@ -90,26 +92,26 @@ "pyright": "=1.1.338", "react": "^18.2.0", "react-dom": "^18.2.0", - "rollup": "^4.9.1", + "rollup": "^4.9.2", "rollup-plugin-copy": "^3.5.0", "rollup-plugin-cssimport": "^1.0.3", "rollup-plugin-modify": "^3.0.0", "rollup-plugin-postcss-lit": "^2.1.0", - "storybook": "^7.6.6", + "storybook": "^7.6.7", "storybook-addon-mock": "^4.3.0", "ts-lit-plugin": "^2.0.1", "tslib": "^2.6.2", "turnstile-types": "^1.2.0", "typescript": "^5.3.3", - "vite-tsconfig-paths": "^4.2.2" + "vite-tsconfig-paths": "^4.2.3" }, "engines": { "node": ">=20" }, "optionalDependencies": { - "@esbuild/darwin-arm64": "^0.19.10", + "@esbuild/darwin-arm64": "^0.19.11", "@esbuild/linux-amd64": "^0.18.11", - "@esbuild/linux-arm64": "^0.19.10" + "@esbuild/linux-arm64": "^0.19.11" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -177,9 +179,9 @@ } }, "node_modules/@babel/core": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.23.6.tgz", - "integrity": "sha512-FxpRyGjrMJXh7X3wGLGhNDCRiwpWEF74sKjTLDJSG5Kyvow3QZaG0Adbqzi9ZrVjTWpsX+2cxWXD71NMg93kdw==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.23.7.tgz", + "integrity": "sha512-+UpDgowcmqe36d4NwqvKsyPMlOLNGMsfMmQ5WGCu+siCe3t3dfe9njrzGfdN4qq+bcNUt0+Vw6haRxBOycs4dw==", "dev": true, "dependencies": { "@ampproject/remapping": "^2.2.0", @@ -187,10 +189,10 @@ "@babel/generator": "^7.23.6", "@babel/helper-compilation-targets": "^7.23.6", "@babel/helper-module-transforms": "^7.23.3", - "@babel/helpers": "^7.23.6", + "@babel/helpers": "^7.23.7", "@babel/parser": "^7.23.6", "@babel/template": "^7.22.15", - "@babel/traverse": "^7.23.6", + "@babel/traverse": "^7.23.7", "@babel/types": "^7.23.6", "convert-source-map": "^2.0.0", "debug": "^4.1.0", @@ -207,9 +209,9 @@ } }, "node_modules/@babel/core/node_modules/@babel/traverse": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.6.tgz", - "integrity": "sha512-czastdK1e8YByZqezMPFiZ8ahwVMh/ESl9vPgvgdB9AmFMGP5jfpFax74AQgl5zj4XHzqeYAg2l8PuUeRS1MgQ==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.7.tgz", + "integrity": "sha512-tY3mM8rH9jM0YHFGyfC0/xf+SB5eKUu7HPj7/k3fpi9dAlsMc5YbQvDi0Sh2QTPXqMhyaAtzAr807TIyfQrmyg==", "dev": true, "dependencies": { "@babel/code-frame": "^7.23.5", @@ -289,9 +291,9 @@ } }, "node_modules/@babel/helper-create-class-features-plugin": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.23.6.tgz", - "integrity": "sha512-cBXU1vZni/CpGF29iTu4YRbOZt3Wat6zCoMDxRF1MayiEc4URxOj31tT65HUM0CRpMowA3HCJaAOVOUnMf96cw==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.23.7.tgz", + "integrity": "sha512-xCoqR/8+BoNnXOY7RVSgv6X+o7pmT5q1d+gGcRlXYkI+9B31glE4jeejhKVpA04O1AtzOt7OSQ6VYKP5FcRl9g==", "dev": true, "dependencies": { "@babel/helper-annotate-as-pure": "^7.22.5", @@ -329,9 +331,9 @@ } }, "node_modules/@babel/helper-define-polyfill-provider": { - "version": "0.4.3", - "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.3.tgz", - "integrity": "sha512-WBrLmuPP47n7PNwsZ57pqam6G/RGo1vw/87b0Blc53tZNGZ4x7YvZ6HgQe2vo1W/FR20OgjeZuGXzudPiXHFug==", + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.4.4.tgz", + "integrity": "sha512-QcJMILQCu2jm5TFPGA3lCpJJTeEP+mqeXooG/NZbg/h5FTFi6V0+99ahlRsW8/kRLyb24LZVCCiclDedhLKcBA==", "dev": true, "dependencies": { "@babel/helper-compilation-targets": "^7.22.6", @@ -554,13 +556,13 @@ } }, "node_modules/@babel/helpers": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.23.6.tgz", - "integrity": "sha512-wCfsbN4nBidDRhpDhvcKlzHWCTlgJYUUdSJfzXb2NuBssDSIjc3xcb+znA7l+zYsFljAcGM0aFkN40cR3lXiGA==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.23.7.tgz", + "integrity": "sha512-6AMnjCoC8wjqBzDHkuqpa7jAKwvMo4dC+lr/TFBz+ucfulO1XMpDnwWPGBNwClOKZ8h6xn5N81W/R5OrcKtCbQ==", "dev": true, "dependencies": { "@babel/template": "^7.22.15", - "@babel/traverse": "^7.23.6", + "@babel/traverse": "^7.23.7", "@babel/types": "^7.23.6" }, "engines": { @@ -568,9 +570,9 @@ } }, "node_modules/@babel/helpers/node_modules/@babel/traverse": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.6.tgz", - "integrity": "sha512-czastdK1e8YByZqezMPFiZ8ahwVMh/ESl9vPgvgdB9AmFMGP5jfpFax74AQgl5zj4XHzqeYAg2l8PuUeRS1MgQ==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.23.7.tgz", + "integrity": "sha512-tY3mM8rH9jM0YHFGyfC0/xf+SB5eKUu7HPj7/k3fpi9dAlsMc5YbQvDi0Sh2QTPXqMhyaAtzAr807TIyfQrmyg==", "dev": true, "dependencies": { "@babel/code-frame": "^7.23.5", @@ -647,9 +649,9 @@ } }, "node_modules/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": { - "version": "7.23.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.23.3.tgz", - "integrity": "sha512-XaJak1qcityzrX0/IU5nKHb34VaibwP3saKqG6a/tppelgllOH13LUann4ZCIBcVOeE6H18K4Vx9QKkVww3z/w==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.23.7.tgz", + "integrity": "sha512-LlRT7HgaifEpQA1ZgLVOIJZZFVPWN5iReq/7/JixwBtwcoeVGDBD53ZV28rrsLYOZs1Y/EHhA8N/Z6aazHR8cw==", "dev": true, "dependencies": { "@babel/helper-environment-visitor": "^7.22.20", @@ -680,16 +682,13 @@ } }, "node_modules/@babel/plugin-proposal-decorators": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.23.6.tgz", - "integrity": "sha512-D7Ccq9LfkBFnow3azZGJvZYgcfeqAw3I1e5LoTpj6UKIFQilh8yqXsIGcRIqbBdsPWIz+Ze7ZZfggSj62Qp+Fg==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-decorators/-/plugin-proposal-decorators-7.23.7.tgz", + "integrity": "sha512-b1s5JyeMvqj7d9m9KhJNHKc18gEJiSyVzVX3bwbiPalQBQpuvfPh6lA9F7Kk/dWH0TIiXRpB9yicwijY6buPng==", "dev": true, "dependencies": { - "@babel/helper-create-class-features-plugin": "^7.23.6", + "@babel/helper-create-class-features-plugin": "^7.23.7", "@babel/helper-plugin-utils": "^7.22.5", - "@babel/helper-replace-supers": "^7.22.20", - "@babel/helper-skip-transparent-expression-wrappers": "^7.22.5", - "@babel/helper-split-export-declaration": "^7.22.6", "@babel/plugin-syntax-decorators": "^7.23.3" }, "engines": { @@ -1022,9 +1021,9 @@ } }, "node_modules/@babel/plugin-transform-async-generator-functions": { - "version": "7.23.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.23.4.tgz", - "integrity": "sha512-efdkfPhHYTtn0G6n2ddrESE91fgXxjlqLsnUtPWnJs4a4mZIbUaK7ffqKIIUKXSHwcDvaCVX6GXkaJJFqtX7jw==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.23.7.tgz", + "integrity": "sha512-PdxEpL71bJp1byMG0va5gwQcXHxuEYC/BgI/e88mGTtohbZN28O5Yit0Plkkm/dBzCF/BxmbNcses1RH1T+urA==", "dev": true, "dependencies": { "@babel/helper-environment-visitor": "^7.22.20", @@ -1657,16 +1656,16 @@ } }, "node_modules/@babel/plugin-transform-runtime": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.23.6.tgz", - "integrity": "sha512-kF1Zg62aPseQ11orDhFRw+aPG/eynNQtI+TyY+m33qJa2cJ5EEvza2P2BNTIA9E5MyqFABHEyY6CPHwgdy9aNg==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.23.7.tgz", + "integrity": "sha512-fa0hnfmiXc9fq/weK34MUV0drz2pOL/vfKWvN7Qw127hiUPabFCUMgAbYWcchRzMJit4o5ARsK/s+5h0249pLw==", "dev": true, "dependencies": { "@babel/helper-module-imports": "^7.22.15", "@babel/helper-plugin-utils": "^7.22.5", - "babel-plugin-polyfill-corejs2": "^0.4.6", - "babel-plugin-polyfill-corejs3": "^0.8.5", - "babel-plugin-polyfill-regenerator": "^0.5.3", + "babel-plugin-polyfill-corejs2": "^0.4.7", + "babel-plugin-polyfill-corejs3": "^0.8.7", + "babel-plugin-polyfill-regenerator": "^0.5.4", "semver": "^6.3.1" }, "engines": { @@ -1834,9 +1833,9 @@ } }, "node_modules/@babel/preset-env": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.23.6.tgz", - "integrity": "sha512-2XPn/BqKkZCpzYhUUNZ1ssXw7DcXfKQEjv/uXZUXgaebCMYmkEsfZ2yY+vv+xtXv50WmL5SGhyB6/xsWxIvvOQ==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.23.7.tgz", + "integrity": "sha512-SY27X/GtTz/L4UryMNJ6p4fH4nsgWbz84y9FE0bQeWJP6O5BhgVCt53CotQKHCOeXJel8VyhlhujhlltKms/CA==", "dev": true, "dependencies": { "@babel/compat-data": "^7.23.5", @@ -1845,7 +1844,7 @@ "@babel/helper-validator-option": "^7.23.5", "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.23.3", "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.23.3", - "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.23.3", + "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.23.7", "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2", "@babel/plugin-syntax-async-generators": "^7.8.4", "@babel/plugin-syntax-class-properties": "^7.12.13", @@ -1866,7 +1865,7 @@ "@babel/plugin-syntax-top-level-await": "^7.14.5", "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6", "@babel/plugin-transform-arrow-functions": "^7.23.3", - "@babel/plugin-transform-async-generator-functions": "^7.23.4", + "@babel/plugin-transform-async-generator-functions": "^7.23.7", "@babel/plugin-transform-async-to-generator": "^7.23.3", "@babel/plugin-transform-block-scoped-functions": "^7.23.3", "@babel/plugin-transform-block-scoping": "^7.23.4", @@ -1914,9 +1913,9 @@ "@babel/plugin-transform-unicode-regex": "^7.23.3", "@babel/plugin-transform-unicode-sets-regex": "^7.23.3", "@babel/preset-modules": "0.1.6-no-external-plugins", - "babel-plugin-polyfill-corejs2": "^0.4.6", - "babel-plugin-polyfill-corejs3": "^0.8.5", - "babel-plugin-polyfill-regenerator": "^0.5.3", + "babel-plugin-polyfill-corejs2": "^0.4.7", + "babel-plugin-polyfill-corejs3": "^0.8.7", + "babel-plugin-polyfill-regenerator": "^0.5.4", "core-js-compat": "^3.31.0", "semver": "^6.3.1" }, @@ -1978,15 +1977,15 @@ } }, "node_modules/@babel/register": { - "version": "7.22.15", - "resolved": "https://registry.npmjs.org/@babel/register/-/register-7.22.15.tgz", - "integrity": "sha512-V3Q3EqoQdn65RCgTLwauZaTfd1ShhwPmbBv+1dkZV/HpCGMKVyn6oFcRlI7RaKqiDQjX2Qd3AuoEguBgdjIKlg==", + "version": "7.23.7", + "resolved": "https://registry.npmjs.org/@babel/register/-/register-7.23.7.tgz", + "integrity": "sha512-EjJeB6+kvpk+Y5DAkEAmbOBEFkh9OASx0huoEkqYTFxAZHzOAX2Oh5uwAUuL2rUddqfM0SA+KPXV2TbzoZ2kvQ==", "dev": true, "dependencies": { "clone-deep": "^4.0.1", "find-cache-dir": "^2.0.0", "make-dir": "^2.1.0", - "pirates": "^4.0.5", + "pirates": "^4.0.6", "source-map-support": "^0.5.16" }, "engines": { @@ -2434,9 +2433,9 @@ } }, "node_modules/@esbuild/darwin-arm64": { - "version": "0.19.10", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.19.10.tgz", - "integrity": "sha512-YSRRs2zOpwypck+6GL3wGXx2gNP7DXzetmo5pHXLrY/VIMsS59yKfjPizQ4lLt5vEI80M41gjm2BxrGZ5U+VMA==", + "version": "0.19.11", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.19.11.tgz", + "integrity": "sha512-ETp87DRWuSt9KdDVkqSoKoLFHYTrkyz2+65fj9nfXsaV3bMhTCjtQfw3y+um88vGRKRiF7erPrh/ZuIdLUIVxQ==", "cpu": [ "arm64" ], @@ -2513,9 +2512,9 @@ } }, "node_modules/@esbuild/linux-arm64": { - "version": "0.19.10", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.19.10.tgz", - "integrity": "sha512-QxaouHWZ+2KWEj7cGJmvTIHVALfhpGxo3WLmlYfJ+dA5fJB6lDEIg+oe/0//FuyVHuS3l79/wyBxbHr0NgtxJQ==", + "version": "0.19.11", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.19.11.tgz", + "integrity": "sha512-LneLg3ypEeveBSMuoa0kwMpCGmpu8XQUh+mL8XXwoYZ6Be2qBnVtcDI5azSvh7vioMDhoJFZzp9GWp9IWpYoUg==", "cpu": [ "arm64" ], @@ -2914,9 +2913,9 @@ } }, "node_modules/@goauthentik/api": { - "version": "2023.10.5-1703290840", - "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.10.5-1703290840.tgz", - "integrity": "sha512-xYZ2TnUskucxc6sjM7WGl6eiHyXI+ioB3xeXMBd+v07Bvx1xFuQIcv3PXwauKvFzAQD8GtSUbL8tgZ08WpePLQ==" + "version": "2023.10.5-1703968412", + "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.10.5-1703968412.tgz", + "integrity": "sha512-/2QDgGkWGXOYDqH49/2hNs+U8TqdE94hkMrJc8A6L+NAy8x/zKAY39eUHs85jmwt013N5duD/jKiJsRftHsDig==" }, "node_modules/@hcaptcha/types": { "version": "1.0.3", @@ -4583,9 +4582,9 @@ } }, "node_modules/@rollup/rollup-android-arm-eabi": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.9.1.tgz", - "integrity": "sha512-6vMdBZqtq1dVQ4CWdhFwhKZL6E4L1dV6jUjuBvsavvNJSppzi6dLBbuV+3+IyUREaj9ZFvQefnQm28v4OCXlig==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.9.2.tgz", + "integrity": "sha512-RKzxFxBHq9ysZ83fn8Iduv3A283K7zPPYuhL/z9CQuyFrjwpErJx0h4aeb/bnJ+q29GRLgJpY66ceQ/Wcsn3wA==", "cpu": [ "arm" ], @@ -4596,9 +4595,9 @@ ] }, "node_modules/@rollup/rollup-android-arm64": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.9.1.tgz", - "integrity": "sha512-Jto9Fl3YQ9OLsTDWtLFPtaIMSL2kwGyGoVCmPC8Gxvym9TCZm4Sie+cVeblPO66YZsYH8MhBKDMGZ2NDxuk/XQ==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.9.2.tgz", + "integrity": "sha512-yZ+MUbnwf3SHNWQKJyWh88ii2HbuHCFQnAYTeeO1Nb8SyEiWASEi5dQUygt3ClHWtA9My9RQAYkjvrsZ0WK8Xg==", "cpu": [ "arm64" ], @@ -4609,9 +4608,9 @@ ] }, "node_modules/@rollup/rollup-darwin-arm64": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.9.1.tgz", - "integrity": "sha512-LtYcLNM+bhsaKAIGwVkh5IOWhaZhjTfNOkGzGqdHvhiCUVuJDalvDxEdSnhFzAn+g23wgsycmZk1vbnaibZwwA==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.9.2.tgz", + "integrity": "sha512-vqJ/pAUh95FLc/G/3+xPqlSBgilPnauVf2EXOQCZzhZJCXDXt/5A8mH/OzU6iWhb3CNk5hPJrh8pqJUPldN5zw==", "cpu": [ "arm64" ], @@ -4622,9 +4621,9 @@ ] }, "node_modules/@rollup/rollup-darwin-x64": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.9.1.tgz", - "integrity": "sha512-KyP/byeXu9V+etKO6Lw3E4tW4QdcnzDG/ake031mg42lob5tN+5qfr+lkcT/SGZaH2PdW4Z1NX9GHEkZ8xV7og==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.9.2.tgz", + "integrity": "sha512-otPHsN5LlvedOprd3SdfrRNhOahhVBwJpepVKUN58L0RnC29vOAej1vMEaVU6DadnpjivVsNTM5eNt0CcwTahw==", "cpu": [ "x64" ], @@ -4635,9 +4634,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm-gnueabihf": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.9.1.tgz", - "integrity": "sha512-Yqz/Doumf3QTKplwGNrCHe/B2p9xqDghBZSlAY0/hU6ikuDVQuOUIpDP/YcmoT+447tsZTmirmjgG3znvSCR0Q==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.9.2.tgz", + "integrity": "sha512-ewG5yJSp+zYKBYQLbd1CUA7b1lSfIdo9zJShNTyc2ZP1rcPrqyZcNlsHgs7v1zhgfdS+kW0p5frc0aVqhZCiYQ==", "cpu": [ "arm" ], @@ -4648,9 +4647,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-gnu": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.9.1.tgz", - "integrity": "sha512-u3XkZVvxcvlAOlQJ3UsD1rFvLWqu4Ef/Ggl40WAVCuogf4S1nJPHh5RTgqYFpCOvuGJ7H5yGHabjFKEZGExk5Q==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.9.2.tgz", + "integrity": "sha512-pL6QtV26W52aCWTG1IuFV3FMPL1m4wbsRG+qijIvgFO/VBsiXJjDPE/uiMdHBAO6YcpV4KvpKtd0v3WFbaxBtg==", "cpu": [ "arm64" ], @@ -4661,9 +4660,9 @@ ] }, "node_modules/@rollup/rollup-linux-arm64-musl": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.9.1.tgz", - "integrity": "sha512-0XSYN/rfWShW+i+qjZ0phc6vZ7UWI8XWNz4E/l+6edFt+FxoEghrJHjX1EY/kcUGCnZzYYRCl31SNdfOi450Aw==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.9.2.tgz", + "integrity": "sha512-On+cc5EpOaTwPSNetHXBuqylDW+765G/oqB9xGmWU3npEhCh8xu0xqHGUA+4xwZLqBbIZNcBlKSIYfkBm6ko7g==", "cpu": [ "arm64" ], @@ -4674,9 +4673,9 @@ ] }, "node_modules/@rollup/rollup-linux-riscv64-gnu": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.9.1.tgz", - "integrity": "sha512-LmYIO65oZVfFt9t6cpYkbC4d5lKHLYv5B4CSHRpnANq0VZUQXGcCPXHzbCXCz4RQnx7jvlYB1ISVNCE/omz5cw==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.9.2.tgz", + "integrity": "sha512-Wnx/IVMSZ31D/cO9HSsU46FjrPWHqtdF8+0eyZ1zIB5a6hXaZXghUKpRrC4D5DcRTZOjml2oBhXoqfGYyXKipw==", "cpu": [ "riscv64" ], @@ -4687,9 +4686,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-gnu": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.9.1.tgz", - "integrity": "sha512-kr8rEPQ6ns/Lmr/hiw8sEVj9aa07gh1/tQF2Y5HrNCCEPiCBGnBUt9tVusrcBBiJfIt1yNaXN6r1CCmpbFEDpg==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.9.2.tgz", + "integrity": "sha512-ym5x1cj4mUAMBummxxRkI4pG5Vht1QMsJexwGP8547TZ0sox9fCLDHw9KCH9c1FO5d9GopvkaJsBIOkTKxksdw==", "cpu": [ "x64" ], @@ -4700,9 +4699,9 @@ ] }, "node_modules/@rollup/rollup-linux-x64-musl": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.9.1.tgz", - "integrity": "sha512-t4QSR7gN+OEZLG0MiCgPqMWZGwmeHhsM4AkegJ0Kiy6TnJ9vZ8dEIwHw1LcZKhbHxTY32hp9eVCMdR3/I8MGRw==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.9.2.tgz", + "integrity": "sha512-m0hYELHGXdYx64D6IDDg/1vOJEaiV8f1G/iO+tejvRCJNSwK4jJ15e38JQy5Q6dGkn1M/9KcyEOwqmlZ2kqaZg==", "cpu": [ "x64" ], @@ -4713,9 +4712,9 @@ ] }, "node_modules/@rollup/rollup-win32-arm64-msvc": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.9.1.tgz", - "integrity": "sha512-7XI4ZCBN34cb+BH557FJPmh0kmNz2c25SCQeT9OiFWEgf8+dL6ZwJ8f9RnUIit+j01u07Yvrsuu1rZGxJCc51g==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.9.2.tgz", + "integrity": "sha512-x1CWburlbN5JjG+juenuNa4KdedBdXLjZMp56nHFSHTOsb/MI2DYiGzLtRGHNMyydPGffGId+VgjOMrcltOksA==", "cpu": [ "arm64" ], @@ -4726,9 +4725,9 @@ ] }, "node_modules/@rollup/rollup-win32-ia32-msvc": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.9.1.tgz", - "integrity": "sha512-yE5c2j1lSWOH5jp+Q0qNL3Mdhr8WuqCNVjc6BxbVfS5cAS6zRmdiw7ktb8GNpDCEUJphILY6KACoFoRtKoqNQg==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.9.2.tgz", + "integrity": "sha512-VVzCB5yXR1QlfsH1Xw1zdzQ4Pxuzv+CPr5qpElpKhVxlxD3CRdfubAG9mJROl6/dmj5gVYDDWk8sC+j9BI9/kQ==", "cpu": [ "ia32" ], @@ -4739,9 +4738,9 @@ ] }, "node_modules/@rollup/rollup-win32-x64-msvc": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.9.1.tgz", - "integrity": "sha512-PyJsSsafjmIhVgaI1Zdj7m8BB8mMckFah/xbpplObyHfiXzKcI5UOUXRyOdHW7nz4DpMCuzLnF7v5IWHenCwYA==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.9.2.tgz", + "integrity": "sha512-SYRedJi+mweatroB+6TTnJYLts0L0bosg531xnQWtklOI6dezEagx4Q0qDyvRdK+qgdA3YZpjjGuPFtxBmddBA==", "cpu": [ "x64" ], @@ -4856,12 +4855,12 @@ "dev": true }, "node_modules/@storybook/addon-actions": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-actions/-/addon-actions-7.6.6.tgz", - "integrity": "sha512-mLJip9Evb2Chj7ymKbpaybe5NgDy3Du7oSWeURPy/0qXJ2cBqHWnhZ8CTK2DasrstsUhQSJaZVXHhaENT+fn+g==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-actions/-/addon-actions-7.6.7.tgz", + "integrity": "sha512-+6EZvhIeKEqG/RNsU3R5DxOrd60BL5GEvmzE2w60s2eKaNNxtyilDjiO1g4z2s2zDNyr7JL/Ft03pJ0Jgo0lew==", "dev": true, "dependencies": { - "@storybook/core-events": "7.6.6", + "@storybook/core-events": "7.6.7", "@storybook/global": "^5.0.0", "@types/uuid": "^9.0.1", "dequal": "^2.0.2", @@ -4874,9 +4873,9 @@ } }, "node_modules/@storybook/addon-backgrounds": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-backgrounds/-/addon-backgrounds-7.6.6.tgz", - "integrity": "sha512-w5dZ/0cOe55M2G/Lx9f+Ptk4txUPb+Ng+KqEvTaTNqHoh0Xw4QxEn/ciJwmh1u1g3aMZsOgOvwPwug7ykmLgsA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-backgrounds/-/addon-backgrounds-7.6.7.tgz", + "integrity": "sha512-55sBy1YUqponAVe+qL16qtWxdf63vHEnIoqFyHEwGpk7K9IhFA1BmdSpFr5VnWEwXeJXKj30db78frh2LUdk3Q==", "dev": true, "dependencies": { "@storybook/global": "^5.0.0", @@ -4889,12 +4888,12 @@ } }, "node_modules/@storybook/addon-controls": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-controls/-/addon-controls-7.6.6.tgz", - "integrity": "sha512-VAXXfPLi1M3RXhBf3uIBZ2hrD9UPDe7yvXHIlCzgj1HIJELODCFyUc+RtvN0mPc/nnlEfzhGfJtenZou5LYwIw==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-controls/-/addon-controls-7.6.7.tgz", + "integrity": "sha512-DJ3gfvcdCgqi7AQxu83vx0AEUKiuJrNcSATfWV3Jqi8dH6fYO2yqpemHEeWOEy+DAHxIOaqLKwb1QjIBj+vSRQ==", "dev": true, "dependencies": { - "@storybook/blocks": "7.6.6", + "@storybook/blocks": "7.6.7", "lodash": "^4.17.21", "ts-dedent": "^2.0.0" }, @@ -4904,26 +4903,26 @@ } }, "node_modules/@storybook/addon-docs": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-7.6.6.tgz", - "integrity": "sha512-l4gtoNTn1wHE11x44te1cDkqfm+/w+eNonHe56bwgSqETclS5z18wvM9bQZF32G6C9fpSefaJW3cxVvcuJL1fg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-7.6.7.tgz", + "integrity": "sha512-2dfajNhweofJ3LxjGO83UE5sBMvKtJB0Agj7q8mMtK/9PUCUcbvsFSyZnO/s6X1zAjSn5ZrirbSoTXU4IqxwSA==", "dev": true, "dependencies": { "@jest/transform": "^29.3.1", "@mdx-js/react": "^2.1.5", - "@storybook/blocks": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/components": "7.6.6", - "@storybook/csf-plugin": "7.6.6", - "@storybook/csf-tools": "7.6.6", + "@storybook/blocks": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/components": "7.6.7", + "@storybook/csf-plugin": "7.6.7", + "@storybook/csf-tools": "7.6.7", "@storybook/global": "^5.0.0", "@storybook/mdx2-csf": "^1.0.0", - "@storybook/node-logger": "7.6.6", - "@storybook/postinstall": "7.6.6", - "@storybook/preview-api": "7.6.6", - "@storybook/react-dom-shim": "7.6.6", - "@storybook/theming": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/node-logger": "7.6.7", + "@storybook/postinstall": "7.6.7", + "@storybook/preview-api": "7.6.7", + "@storybook/react-dom-shim": "7.6.7", + "@storybook/theming": "7.6.7", + "@storybook/types": "7.6.7", "fs-extra": "^11.1.0", "remark-external-links": "^8.0.0", "remark-slug": "^6.0.0", @@ -4939,17 +4938,17 @@ } }, "node_modules/@storybook/addon-docs/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -4979,24 +4978,24 @@ } }, "node_modules/@storybook/addon-essentials": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-essentials/-/addon-essentials-7.6.6.tgz", - "integrity": "sha512-OQ8A6r06mg/HvyIk/j2Gt9DK5Qtqgtwq2Ydm5IgVW6gZsuRnv1FAeUG6okf8oXowAzpYoHdsDmCVwNOAGWGO7w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-essentials/-/addon-essentials-7.6.7.tgz", + "integrity": "sha512-nNLMrpIvc04z4XCA+kval/44eKAFJlUJeeL2pxwP7F/PSzjWe5BXv1bQHOiw8inRO5II0PzqwWnVCI9jsj7K5A==", "dev": true, "dependencies": { - "@storybook/addon-actions": "7.6.6", - "@storybook/addon-backgrounds": "7.6.6", - "@storybook/addon-controls": "7.6.6", - "@storybook/addon-docs": "7.6.6", - "@storybook/addon-highlight": "7.6.6", - "@storybook/addon-measure": "7.6.6", - "@storybook/addon-outline": "7.6.6", - "@storybook/addon-toolbars": "7.6.6", - "@storybook/addon-viewport": "7.6.6", - "@storybook/core-common": "7.6.6", - "@storybook/manager-api": "7.6.6", - "@storybook/node-logger": "7.6.6", - "@storybook/preview-api": "7.6.6", + "@storybook/addon-actions": "7.6.7", + "@storybook/addon-backgrounds": "7.6.7", + "@storybook/addon-controls": "7.6.7", + "@storybook/addon-docs": "7.6.7", + "@storybook/addon-highlight": "7.6.7", + "@storybook/addon-measure": "7.6.7", + "@storybook/addon-outline": "7.6.7", + "@storybook/addon-toolbars": "7.6.7", + "@storybook/addon-viewport": "7.6.7", + "@storybook/core-common": "7.6.7", + "@storybook/manager-api": "7.6.7", + "@storybook/node-logger": "7.6.7", + "@storybook/preview-api": "7.6.7", "ts-dedent": "^2.0.0" }, "funding": { @@ -5009,17 +5008,17 @@ } }, "node_modules/@storybook/addon-essentials/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -5035,9 +5034,9 @@ } }, "node_modules/@storybook/addon-highlight": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-highlight/-/addon-highlight-7.6.6.tgz", - "integrity": "sha512-B85UaCts2uMpa0yHBSnupzy2WCdW4vfB+lfaBug9beyOyZQdel07BumblE0KwSJftYgdCNPUZ5MRlqEDzMLTWQ==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-highlight/-/addon-highlight-7.6.7.tgz", + "integrity": "sha512-2F/tJdn45d4zrvf/cmE1vsczl99wK8+I+kkj0G7jLsrJR0w1zTgbgjy6T9j86HBTBvWcnysNFNIRWPAOh5Wdbw==", "dev": true, "dependencies": { "@storybook/global": "^5.0.0" @@ -5048,9 +5047,9 @@ } }, "node_modules/@storybook/addon-links": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-7.6.6.tgz", - "integrity": "sha512-NEcqOz6zZ1dJnCcVmYdaQTAMAGIb8NFAZGnr9DU0q+t4B1fTaWUgqLtBM5V6YqIrXGSC/oKLpjWUkS5UpswlHA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-7.6.7.tgz", + "integrity": "sha512-O5LekPslkAIDtXC/TCIyg/3c0htBxDYwb/s+NrZUPTNWJsngxvTAwp6aIk6aVSeSCFUMWvBFcVsuV3hv+ndK6w==", "dev": true, "dependencies": { "@storybook/csf": "^0.1.2", @@ -5071,9 +5070,9 @@ } }, "node_modules/@storybook/addon-measure": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-measure/-/addon-measure-7.6.6.tgz", - "integrity": "sha512-b4hyCudlhsbYN1We8pfZHZJ0i0sfC8+GJvrqZQqdSqGicUmA00mggY1GE+gEoHziQ5/4auxFRS3HfUgaQWUNjg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-measure/-/addon-measure-7.6.7.tgz", + "integrity": "sha512-t1RnnNO4Xzgnsxu63FlZwsCTF0+9jKxr44NiJAUOxW9ppbCvs/JfSDOOvcDRtPWyjgnyzexNUUctMfxvLrU01A==", "dev": true, "dependencies": { "@storybook/global": "^5.0.0", @@ -5085,9 +5084,9 @@ } }, "node_modules/@storybook/addon-outline": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-outline/-/addon-outline-7.6.6.tgz", - "integrity": "sha512-BMjpjzNEnN8LC7JK92WCXyWgmJwAaEQjRDinr7eD4cBt4Uas5kbciw1g8PtTnh0GbYUsImKao0nzakSVObAdzg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-outline/-/addon-outline-7.6.7.tgz", + "integrity": "sha512-gu2y46ijjMkXlxy1f8Cctgjw5b5y8vSIqNAYlrs5/Qy+hJAWyU6lj2PFGOCCUG4L+F45fAjwWAin6qz43+WnRQ==", "dev": true, "dependencies": { "@storybook/global": "^5.0.0", @@ -5099,9 +5098,9 @@ } }, "node_modules/@storybook/addon-toolbars": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-toolbars/-/addon-toolbars-7.6.6.tgz", - "integrity": "sha512-sQm5+FcoSMSGn1ioXHoukO6OhUlcNZil0/fonAY50uvp6Z4DyI0FTU7BKIm/NoMqAExQk3sZRfAC/nZZ9Epb0Q==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-toolbars/-/addon-toolbars-7.6.7.tgz", + "integrity": "sha512-vT+YMzw8yVwndhJglI0XtELfXWq1M0HEy5ST3XPzbjmsJ54LgTf1b29UMkh0E/05qBQNFCcbT9B/tLxqWezxlg==", "dev": true, "funding": { "type": "opencollective", @@ -5109,9 +5108,9 @@ } }, "node_modules/@storybook/addon-viewport": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/addon-viewport/-/addon-viewport-7.6.6.tgz", - "integrity": "sha512-/ijbzDf1Iq30LvZW2NE8cO4TeHusw0N+jTDUK1+vhxGNMFo9DUIgRkAi6VpFEfS0aQ5d82523WSWzVso7b/Hmg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/addon-viewport/-/addon-viewport-7.6.7.tgz", + "integrity": "sha512-Q/BKjJaKzl4RWxH45K2iIXwkicj4ReVAUIpIyd7dPBb/Bx+hEDYZxR5dDg82AMkZdA71x5ttMnuDSuVpmWAE6g==", "dev": true, "dependencies": { "memoizerific": "^1.11.3" @@ -5304,13 +5303,13 @@ "dev": true }, "node_modules/@storybook/api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/api/-/api-7.6.6.tgz", - "integrity": "sha512-e3k45k7twP3z5ZJ+rCCaHI+jmYm5yoFo2eLjYmnYFUv2V3vvYPgqD2CiT0crne7uWmhpRxP49aU9DEvQaEZtdA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/api/-/api-7.6.7.tgz", + "integrity": "sha512-07cvtF10/KJ3dX/GdTsvpFbRwHNQnDziWAtR0J80Eno3niNzEdF/Dr/Ot35hGGrsnV29Snvnd6O2nF2HByOOpg==", "dev": true, "dependencies": { - "@storybook/client-logger": "7.6.6", - "@storybook/manager-api": "7.6.6" + "@storybook/client-logger": "7.6.7", + "@storybook/manager-api": "7.6.7" }, "funding": { "type": "opencollective", @@ -5318,22 +5317,22 @@ } }, "node_modules/@storybook/blocks": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/blocks/-/blocks-7.6.6.tgz", - "integrity": "sha512-QLqkiSNrtGnh8RK9ipD63jVAUenkRu+72xR31DViZWRV9V8G2hzky5E/RoZWPEx+DfmBIUJ7Tcef6cCRcxEj9A==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/blocks/-/blocks-7.6.7.tgz", + "integrity": "sha512-+QEvGQ0he/YvFS3lsZORJWxhQIyqcCDWsxbJxJiByePd+Z4my3q8xwtPhHW0TKRL0xUgNE/GnTfMMqJfevTuSw==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/components": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/components": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", - "@storybook/docs-tools": "7.6.6", + "@storybook/docs-tools": "7.6.7", "@storybook/global": "^5.0.0", - "@storybook/manager-api": "7.6.6", - "@storybook/preview-api": "7.6.6", - "@storybook/theming": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/manager-api": "7.6.7", + "@storybook/preview-api": "7.6.7", + "@storybook/theming": "7.6.7", + "@storybook/types": "7.6.7", "@types/lodash": "^4.14.167", "color-convert": "^2.0.1", "dequal": "^2.0.2", @@ -5357,17 +5356,17 @@ } }, "node_modules/@storybook/blocks/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -5383,15 +5382,15 @@ } }, "node_modules/@storybook/builder-manager": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/builder-manager/-/builder-manager-7.6.6.tgz", - "integrity": "sha512-96vmtUqh016H2n80xhvBZU2w5flTOzY7S0nW9nfxbY4UY4b39WajgwJ5wpg8l0YmCwQTrxCwY9/VE2Pd6CCqPA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/builder-manager/-/builder-manager-7.6.7.tgz", + "integrity": "sha512-6HYpj6+g/qbDMvImVz/G/aANbkhppyBa1ozfHxLK7tRD79YvozCWmj2Z9umRekPv9VIeMxnI5EEzJXOsoMX5DQ==", "dev": true, "dependencies": { "@fal-works/esbuild-plugin-global-externals": "^2.1.2", - "@storybook/core-common": "7.6.6", - "@storybook/manager": "7.6.6", - "@storybook/node-logger": "7.6.6", + "@storybook/core-common": "7.6.7", + "@storybook/manager": "7.6.7", + "@storybook/node-logger": "7.6.7", "@types/ejs": "^3.1.1", "@types/find-cache-dir": "^3.2.1", "@yarnpkg/esbuild-plugin-pnp": "^3.0.0-rc.10", @@ -5425,19 +5424,19 @@ } }, "node_modules/@storybook/builder-vite": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/builder-vite/-/builder-vite-7.6.6.tgz", - "integrity": "sha512-vDBHjsswnVScVgGHeIZ22R/LoRt5T1F62p5czusydBSxKGzma5Va4JHQJp4/IKXwiCZbXcua/Cs7VKtBLO+50A==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/builder-vite/-/builder-vite-7.6.7.tgz", + "integrity": "sha512-Sv+0ROFU9k+mkvIPsPHC0lkKDzBeMpvfO9uFRl1RDSsXBfcPPZKNo5YK7U7fOhesH0BILzurGA+U/aaITMSZ9g==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-common": "7.6.6", - "@storybook/csf-plugin": "7.6.6", - "@storybook/node-logger": "7.6.6", - "@storybook/preview": "7.6.6", - "@storybook/preview-api": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-common": "7.6.7", + "@storybook/csf-plugin": "7.6.7", + "@storybook/node-logger": "7.6.7", + "@storybook/preview": "7.6.7", + "@storybook/preview-api": "7.6.7", + "@storybook/types": "7.6.7", "@types/find-cache-dir": "^3.2.1", "browser-assert": "^1.2.1", "es-module-lexer": "^0.9.3", @@ -5470,17 +5469,17 @@ } }, "node_modules/@storybook/builder-vite/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -5526,13 +5525,13 @@ } }, "node_modules/@storybook/channels": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.6.6.tgz", - "integrity": "sha512-vvo7fBe2WffPonNNOA7Xx7jcHAto8qJYlq+VMysfheXrsRRbhHl3WQOA18Vm8hV9txtqdqk0hwQiXOWvhYVpeQ==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.6.7.tgz", + "integrity": "sha512-u1hURhfQHHtZyRIDUENRCp+CRRm7IQfcjQaoWI06XCevQPuhVEtFUfXHjG+J74aA/JuuTLFUtqwNm1zGqbXTAQ==", "dev": true, "dependencies": { - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/global": "^5.0.0", "qs": "^6.10.0", "telejson": "^7.2.0", @@ -5544,23 +5543,23 @@ } }, "node_modules/@storybook/cli": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/cli/-/cli-7.6.6.tgz", - "integrity": "sha512-FLmWrbmGOqe1VYwqyIWxU2lJcYPssORmSbSVVPw6OqQIXx3NrNBrmZDLncMwbVCDQ8eU54J1zb+MyDmSqMbVFg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/cli/-/cli-7.6.7.tgz", + "integrity": "sha512-DwDWzkifBH17ry+n+d+u52Sv69dZQ+04ETJdDDzghcyAcKnFzrRNukj4tJ21cm+ZAU/r0fKR9d4Qpbogca9fAg==", "dev": true, "dependencies": { "@babel/core": "^7.23.2", "@babel/preset-env": "^7.23.2", "@babel/types": "^7.23.0", "@ndelangen/get-tarball": "^3.0.7", - "@storybook/codemod": "7.6.6", - "@storybook/core-common": "7.6.6", - "@storybook/core-events": "7.6.6", - "@storybook/core-server": "7.6.6", - "@storybook/csf-tools": "7.6.6", - "@storybook/node-logger": "7.6.6", - "@storybook/telemetry": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/codemod": "7.6.7", + "@storybook/core-common": "7.6.7", + "@storybook/core-events": "7.6.7", + "@storybook/core-server": "7.6.7", + "@storybook/csf-tools": "7.6.7", + "@storybook/node-logger": "7.6.7", + "@storybook/telemetry": "7.6.7", + "@storybook/types": "7.6.7", "@types/semver": "^7.3.4", "@yarnpkg/fslib": "2.10.3", "@yarnpkg/libzip": "2.3.0", @@ -5724,9 +5723,9 @@ "dev": true }, "node_modules/@storybook/client-logger": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.6.6.tgz", - "integrity": "sha512-WEvVyuQR5oNF8jcMmGA13zDjxP/l46kOBBvB6JSc8toUdtLZ/kZWSnU0ioNM8+ECpFqXHjBcF2K6uSJOEb6YEg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.6.7.tgz", + "integrity": "sha512-A16zpWgsa0gSdXMR9P3bWVdC9u/1B1oG4H7Z1+JhNzgnL3CdyOYO0qFSiAtNBso4nOjIAJVb6/AoBzdRhmSVQg==", "dev": true, "dependencies": { "@storybook/global": "^5.0.0" @@ -5737,18 +5736,18 @@ } }, "node_modules/@storybook/codemod": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/codemod/-/codemod-7.6.6.tgz", - "integrity": "sha512-6QwW6T6ZgwwbTkEoZ7CAoX7lUUob7Sy7bRkMHhSjJe2++wEVFOYLvzHcLUJCupK59+WhmsJU9PpUMlXEKi40TQ==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/codemod/-/codemod-7.6.7.tgz", + "integrity": "sha512-an2pD5OHqO7CE8Wb7JxjrDnpQgeoxB22MyOs8PPJ9Rvclhpjg+Ku9RogoObYm//zR4g406l7Ec8mTltUkVCEOA==", "dev": true, "dependencies": { "@babel/core": "^7.23.2", "@babel/preset-env": "^7.23.2", "@babel/types": "^7.23.0", "@storybook/csf": "^0.1.2", - "@storybook/csf-tools": "7.6.6", - "@storybook/node-logger": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/csf-tools": "7.6.7", + "@storybook/node-logger": "7.6.7", + "@storybook/types": "7.6.7", "@types/cross-spawn": "^6.0.2", "cross-spawn": "^7.0.3", "globby": "^11.0.2", @@ -5778,18 +5777,18 @@ } }, "node_modules/@storybook/components": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/components/-/components-7.6.6.tgz", - "integrity": "sha512-FSfcRxdmV4+LJHjMk0eodGVnZdb2qrKKmbtsn0O/434z586zPA287/wJJsm4JS/Xr1WS9oTvU6mYMDChkcxgeQ==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/components/-/components-7.6.7.tgz", + "integrity": "sha512-1HN4p+MCI4Tx9VGZayZyqbW7SB7mXQLnS5fUbTE1gXaMYHpzFvcrRNROeV1LZPClJX6qx1jgE5ngZojhxGuxMA==", "dev": true, "dependencies": { "@radix-ui/react-select": "^1.2.2", "@radix-ui/react-toolbar": "^1.0.4", - "@storybook/client-logger": "7.6.6", + "@storybook/client-logger": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/theming": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/theming": "7.6.7", + "@storybook/types": "7.6.7", "memoizerific": "^1.11.3", "use-resize-observer": "^9.1.0", "util-deprecate": "^1.0.2" @@ -5804,13 +5803,13 @@ } }, "node_modules/@storybook/core-client": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/core-client/-/core-client-7.6.6.tgz", - "integrity": "sha512-P100aNf+WpvzlfULZp1NPd60/nxsppLmft2DdIyAx1j4QPMZvUJyJB+hdBMzTFiPEhIUncIMoIVf2R3UXC5DfA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/core-client/-/core-client-7.6.7.tgz", + "integrity": "sha512-ZQivyEzYsZok8vRj5Qan7LbiMUnO89rueWzTnZs4IS6JIaQtjoPI1rGVq+h6qOCM6tki478hic8FS+zwGQ6q+w==", "dev": true, "dependencies": { - "@storybook/client-logger": "7.6.6", - "@storybook/preview-api": "7.6.6" + "@storybook/client-logger": "7.6.7", + "@storybook/preview-api": "7.6.7" }, "funding": { "type": "opencollective", @@ -5818,17 +5817,17 @@ } }, "node_modules/@storybook/core-client/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -5844,14 +5843,14 @@ } }, "node_modules/@storybook/core-common": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/core-common/-/core-common-7.6.6.tgz", - "integrity": "sha512-DpbFSYw8LHuwpeU2ec5uWryxrSqslFJnWTfNA7AvpzCviWXkz4kq+YYrDee9XExF6OozNwILmG6m52SnraysBA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/core-common/-/core-common-7.6.7.tgz", + "integrity": "sha512-F1fJnauVSPQtAlpicbN/O4XW38Ai8kf/IoU0Hgm9gEwurIk6MF5hiVLsaTI/5GUbrepMl9d9J+iIL4lHAT8IyA==", "dev": true, "dependencies": { - "@storybook/core-events": "7.6.6", - "@storybook/node-logger": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/core-events": "7.6.7", + "@storybook/node-logger": "7.6.7", + "@storybook/types": "7.6.7", "@types/find-cache-dir": "^3.2.1", "@types/node": "^18.0.0", "@types/node-fetch": "^2.6.4", @@ -5879,9 +5878,9 @@ } }, "node_modules/@storybook/core-common/node_modules/@types/node": { - "version": "18.19.3", - "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.3.tgz", - "integrity": "sha512-k5fggr14DwAytoA/t8rPrIz++lXK7/DqckthCmoZOKNsEbJkId4Z//BqgApXBUGrGddrigYa1oqheo/7YmW4rg==", + "version": "18.19.4", + "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.4.tgz", + "integrity": "sha512-xNzlUhzoHotIsnFoXmJB+yWmBvFZgKCI9TtPIEdYIMM1KWfwuY8zh7wvc1u1OAXlC7dlf6mZVx/s+Y5KfFz19A==", "dev": true, "dependencies": { "undici-types": "~5.26.4" @@ -6000,9 +5999,9 @@ } }, "node_modules/@storybook/core-events": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.6.6.tgz", - "integrity": "sha512-7+q9HiZiLxaQcwpaSLQrLdjHNHBoOoUY9ZcZXI9iNFSopOgb/ItDnzzlpv08NC7CbKae1hVKJM/t5aSTl7tCMw==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.6.7.tgz", + "integrity": "sha512-KZ5d03c47pnr5/kY26pJtWq7WpmCPXLbgyjJZDSc+TTY153BdZksvlBXRHtqM1yj2UM6QsSyIuiJaADJNAbP2w==", "dev": true, "dependencies": { "ts-dedent": "^2.0.0" @@ -6013,26 +6012,26 @@ } }, "node_modules/@storybook/core-server": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/core-server/-/core-server-7.6.6.tgz", - "integrity": "sha512-QFVahaExgGtq9swBXgQAMUiCqpCcyVXOiKTIy1j+1uAhPVqhpCxBkkFoXruih5hbIMZyohE4mLPCAr/ivicoDg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/core-server/-/core-server-7.6.7.tgz", + "integrity": "sha512-elKRv/DNahNNkGcQY/FdOBrLPmZF0T0fwmAmbc4qqeAisjl+to9TO77zdo2ieaEHKyRwE3B3dOB4EXomdF4N/g==", "dev": true, "dependencies": { "@aw-web-design/x-default-browser": "1.4.126", "@discoveryjs/json-ext": "^0.5.3", - "@storybook/builder-manager": "7.6.6", - "@storybook/channels": "7.6.6", - "@storybook/core-common": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/builder-manager": "7.6.7", + "@storybook/channels": "7.6.7", + "@storybook/core-common": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", - "@storybook/csf-tools": "7.6.6", + "@storybook/csf-tools": "7.6.7", "@storybook/docs-mdx": "^0.1.0", "@storybook/global": "^5.0.0", - "@storybook/manager": "7.6.6", - "@storybook/node-logger": "7.6.6", - "@storybook/preview-api": "7.6.6", - "@storybook/telemetry": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/manager": "7.6.7", + "@storybook/node-logger": "7.6.7", + "@storybook/preview-api": "7.6.7", + "@storybook/telemetry": "7.6.7", + "@storybook/types": "7.6.7", "@types/detect-port": "^1.3.0", "@types/node": "^18.0.0", "@types/pretty-hrtime": "^1.0.0", @@ -6066,17 +6065,17 @@ } }, "node_modules/@storybook/core-server/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -6092,9 +6091,9 @@ } }, "node_modules/@storybook/core-server/node_modules/@types/node": { - "version": "18.19.3", - "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.3.tgz", - "integrity": "sha512-k5fggr14DwAytoA/t8rPrIz++lXK7/DqckthCmoZOKNsEbJkId4Z//BqgApXBUGrGddrigYa1oqheo/7YmW4rg==", + "version": "18.19.4", + "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.4.tgz", + "integrity": "sha512-xNzlUhzoHotIsnFoXmJB+yWmBvFZgKCI9TtPIEdYIMM1KWfwuY8zh7wvc1u1OAXlC7dlf6mZVx/s+Y5KfFz19A==", "dev": true, "dependencies": { "undici-types": "~5.26.4" @@ -6209,12 +6208,12 @@ } }, "node_modules/@storybook/csf-plugin": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-7.6.6.tgz", - "integrity": "sha512-SqdffT14+XNpf+7vA29Elur28VArXtFv4cXMlsCbswbRuY+a0A8vYNwVIfCUy9u4WHTcQX1/tUkDAMh80lrVRQ==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-7.6.7.tgz", + "integrity": "sha512-YL7e6H4iVcsDI0UpgpdQX2IiGDrlbgaQMHQgDLWXmZyKxBcy0ONROAX5zoT1ml44EHkL60TMaG4f7SinviJCog==", "dev": true, "dependencies": { - "@storybook/csf-tools": "7.6.6", + "@storybook/csf-tools": "7.6.7", "unplugin": "^1.3.1" }, "funding": { @@ -6223,9 +6222,9 @@ } }, "node_modules/@storybook/csf-tools": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/csf-tools/-/csf-tools-7.6.6.tgz", - "integrity": "sha512-VXOZCzfSVJL832u17pPhFu1x3PPaAN9d8VXNFX+t/2raga7tK3T7Qhe7lWfP7EZcrVvSCEEp0aMRz2EzzDGVtw==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/csf-tools/-/csf-tools-7.6.7.tgz", + "integrity": "sha512-hyRbUGa2Uxvz3U09BjcOfMNf/5IYgRum1L6XszqK2O8tK9DGte1r6hArCIAcqiEmFMC40d0kalPzqu6WMNn7sg==", "dev": true, "dependencies": { "@babel/generator": "^7.23.0", @@ -6233,7 +6232,7 @@ "@babel/traverse": "^7.23.2", "@babel/types": "^7.23.0", "@storybook/csf": "^0.1.2", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "fs-extra": "^11.1.0", "recast": "^0.23.1", "ts-dedent": "^2.0.0" @@ -6264,14 +6263,14 @@ "dev": true }, "node_modules/@storybook/docs-tools": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/docs-tools/-/docs-tools-7.6.6.tgz", - "integrity": "sha512-nc5ZjN2s8SC2PtsZoFf9Wm6gD8TcSlkYbF/mjtyLCGN+Fi+k5B5iudqoa65H19hwiLlzBdcnpQ8C89AiK33J9Q==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/docs-tools/-/docs-tools-7.6.7.tgz", + "integrity": "sha512-enTO/xVjBqwUraGCYTwdyjMvug3OSAM7TPPUEJ3KPieJNwAzcYkww/qNDMIAR4S39zPMrkAmtS3STvVadlJz7g==", "dev": true, "dependencies": { - "@storybook/core-common": "7.6.6", - "@storybook/preview-api": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/core-common": "7.6.7", + "@storybook/preview-api": "7.6.7", + "@storybook/types": "7.6.7", "@types/doctrine": "^0.0.3", "assert": "^2.1.0", "doctrine": "^3.0.0", @@ -6283,17 +6282,17 @@ } }, "node_modules/@storybook/docs-tools/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -6315,9 +6314,9 @@ "dev": true }, "node_modules/@storybook/manager": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/manager/-/manager-7.6.6.tgz", - "integrity": "sha512-Ga3LcSu/xxSyg+cLlO9AS8QjW+D667V+c9qQPmsFyU6qfFc6m6mVqcRLSmFVD5e7P/o0FL7STOf9jAKkDcW8xw==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/manager/-/manager-7.6.7.tgz", + "integrity": "sha512-ZCrkB2zEXogzdOcVzD242ZVm4tlHqrayotnI6iOn9uiun0Pgny0m2d7s9Zge6K2dTOO1vZiOHuA/Mr6nnIDjsA==", "dev": true, "funding": { "type": "opencollective", @@ -6325,23 +6324,22 @@ } }, "node_modules/@storybook/manager-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.6.6.tgz", - "integrity": "sha512-euRAbSZAUzHDt6z1Pq/g45N/RNqta9RaQAym18zt/oLWiYOIrkLmdf7kCuFYsmuA5XQBytiJqwkAD7uF1aLe0g==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.6.7.tgz", + "integrity": "sha512-3Wk/BvuGUlw/X05s57zZO7gJbzfUeE9Xe+CSIvuH7RY5jx9PYnNwqNlTXPXhJ5LPvwMthae7WJVn3SuBpbptoQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/router": "7.6.6", - "@storybook/theming": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/router": "7.6.7", + "@storybook/theming": "7.6.7", + "@storybook/types": "7.6.7", "dequal": "^2.0.2", "lodash": "^4.17.21", "memoizerific": "^1.11.3", - "semver": "^7.3.7", "store2": "^2.14.2", "telejson": "^7.2.0", "ts-dedent": "^2.0.0" @@ -6351,39 +6349,6 @@ "url": "https://opencollective.com/storybook" } }, - "node_modules/@storybook/manager-api/node_modules/lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "dev": true, - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@storybook/manager-api/node_modules/semver": { - "version": "7.5.4", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", - "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", - "dev": true, - "dependencies": { - "lru-cache": "^6.0.0" - }, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@storybook/manager-api/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", - "dev": true - }, "node_modules/@storybook/mdx2-csf": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/@storybook/mdx2-csf/-/mdx2-csf-1.1.0.tgz", @@ -6391,9 +6356,9 @@ "dev": true }, "node_modules/@storybook/node-logger": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/node-logger/-/node-logger-7.6.6.tgz", - "integrity": "sha512-b2OF9GRNI01MlBlnDGS8S6/yOpBNl8eH/0ONafuMPzFEZs5PouHGsFflJvQwwcdVTknMjF5uVS2eSmnLZ8spvA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/node-logger/-/node-logger-7.6.7.tgz", + "integrity": "sha512-XLih8MxylkpZG9+8tgp8sPGc2tldlWF+DpuAkUv6J3Mc81mPyc3cQKQWZ7Hb+m1LpRGqKV4wyOQj1rC+leVMoQ==", "dev": true, "funding": { "type": "opencollective", @@ -6401,9 +6366,9 @@ } }, "node_modules/@storybook/postinstall": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/postinstall/-/postinstall-7.6.6.tgz", - "integrity": "sha512-jamn7QNTJPZiu22nu25LqfSTJohugFhCu4b48yqP+pdMdkQ3qVd3NdDYhBlgkH/Btar+kppiJP1gRtoiJF761w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/postinstall/-/postinstall-7.6.7.tgz", + "integrity": "sha512-mrpRmcwFd9FcvtHPXA9x6vOrHLVCKScZX/Xx2QPWgAvB3W6uzP8G+8QNb1u834iToxrWeuszUMB9UXZK4Qj5yg==", "dev": true, "funding": { "type": "opencollective", @@ -6411,9 +6376,9 @@ } }, "node_modules/@storybook/preview": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview/-/preview-7.6.6.tgz", - "integrity": "sha512-Rl+Pom2bNwzc0MdlbFALmvxsbCkbIwlpTZlRZZTh5Ah8JViV9htQgP9e8uwo3NZA2BhjbDLkmnZeloWxQnI5Ig==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview/-/preview-7.6.7.tgz", + "integrity": "sha512-/ddKIyT+6b8CKGJAma1wood4nwCAoi/E1olCqgpCmviMeUtAiMzgK0xzPwvq5Mxkz/cPeXVi8CQgaQZCa4yvNA==", "dev": true, "funding": { "type": "opencollective", @@ -6507,9 +6472,9 @@ } }, "node_modules/@storybook/react-dom-shim": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-7.6.6.tgz", - "integrity": "sha512-WWNlXtCVoBWXX/kLNulUeMgzmlAEHi2aBrdIv2jz0DScPf0YxeWAkWmgK7F0zMot9mdwYncr+pk1AILbTBJSyg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-7.6.7.tgz", + "integrity": "sha512-b/rmy/YzVrwP+ifyZG4yXVIdeFVdTbmziodHUlbrWiUNsqtTZZur9kqkKRUH/7ofji9MFe81nd0MRlcTNFomqg==", "dev": true, "funding": { "type": "opencollective", @@ -6521,12 +6486,12 @@ } }, "node_modules/@storybook/router": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.6.6.tgz", - "integrity": "sha512-dkn81MtxrG7JMDbOHEcVZkTDVKsneg72CyqJ8ELZfC81iKQcDMQkV9mdmnMl45aKn6UrscudI4K23OxQmsevkw==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.6.7.tgz", + "integrity": "sha512-kkhNSdC3fXaQxILg8a26RKk4/ZbF/AUVrepUEyO8lwvbJ6LItTyWSE/4I9Ih4qV2Mjx33ncc8vLqM9p8r5qnMA==", "dev": true, "dependencies": { - "@storybook/client-logger": "7.6.6", + "@storybook/client-logger": "7.6.7", "memoizerific": "^1.11.3", "qs": "^6.10.0" }, @@ -6536,14 +6501,14 @@ } }, "node_modules/@storybook/telemetry": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/telemetry/-/telemetry-7.6.6.tgz", - "integrity": "sha512-2WdDcrMrt1bPVgdMVO0tFmVxT6YIjiPRfKbH/7wwYMOGmV75m4mJ9Ha2gzZc/oXTSK1M4/fiK12IgW+S3ErcMg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/telemetry/-/telemetry-7.6.7.tgz", + "integrity": "sha512-NHGzC/LGLXpK4AFbVj8ln5ab86ZiiNFvORQMn3+LNGwUt3ZdsHBzExN+WPZdw7OPtfk4ubUY89FXH2GedhTALw==", "dev": true, "dependencies": { - "@storybook/client-logger": "7.6.6", - "@storybook/core-common": "7.6.6", - "@storybook/csf-tools": "7.6.6", + "@storybook/client-logger": "7.6.7", + "@storybook/core-common": "7.6.7", + "@storybook/csf-tools": "7.6.7", "chalk": "^4.1.0", "detect-package-manager": "^2.0.1", "fetch-retry": "^5.0.2", @@ -6622,13 +6587,13 @@ } }, "node_modules/@storybook/theming": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.6.6.tgz", - "integrity": "sha512-hNZOOxaF55iAGUEM0dvAIP6LfGMgPKCJQIk/qyotFk+SKkg3PBqzph89XfFl9yCD3KiX5cryqarULgVuNawLJg==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.6.7.tgz", + "integrity": "sha512-+42rfC4rZtWVAXJ7JBUQKnQ6vWBXJVHZ9HtNUWzQLPR9sJSMmHnnSMV6y5tizGgZqmBnAIkuoYk+Tt6NfwUmSA==", "dev": true, "dependencies": { "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0", - "@storybook/client-logger": "7.6.6", + "@storybook/client-logger": "7.6.7", "@storybook/global": "^5.0.0", "memoizerific": "^1.11.3" }, @@ -6642,12 +6607,12 @@ } }, "node_modules/@storybook/types": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.6.6.tgz", - "integrity": "sha512-77vbQp3GX93OD8UzFkY4a0fAmkZrqLe61XVo6yABrwbVDY0EcAwaCF5gcXRhOHldlH7KYbLfEQkDkkKTBjX7ow==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.6.7.tgz", + "integrity": "sha512-VcGwrI4AkBENxkoAUJ+Z7SyMK73hpoY0TTtw2J7tc05/xdiXhkQTX15Qa12IBWIkoXCyNrtaU+q7KR8Tjzi+uw==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", + "@storybook/channels": "7.6.7", "@types/babel__core": "^7.0.0", "@types/express": "^4.7.0", "file-system-cache": "2.3.0" @@ -6658,18 +6623,18 @@ } }, "node_modules/@storybook/web-components": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/web-components/-/web-components-7.6.6.tgz", - "integrity": "sha512-oBfZBM1Vkzs/rZySk/HXCIRZ10FSYx6wgyMbiT5EmGm7Jz9y5qaqQhG/sPYKsYL0TlPRRKjf1iukHkxD6DWmpA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/web-components/-/web-components-7.6.7.tgz", + "integrity": "sha512-TrBhMctSIgV2qqyV7fhhaNIdAvuaca2jEDXLXFiH/M2NkyXRepNjG7AZndWhQUGvG01ojs1+2vRNqJZtKCmFDg==", "dev": true, "dependencies": { - "@storybook/client-logger": "7.6.6", - "@storybook/core-client": "7.6.6", - "@storybook/docs-tools": "7.6.6", + "@storybook/client-logger": "7.6.7", + "@storybook/core-client": "7.6.7", + "@storybook/docs-tools": "7.6.7", "@storybook/global": "^5.0.0", - "@storybook/manager-api": "7.6.6", - "@storybook/preview-api": "7.6.6", - "@storybook/types": "7.6.6", + "@storybook/manager-api": "7.6.7", + "@storybook/preview-api": "7.6.7", + "@storybook/types": "7.6.7", "tiny-invariant": "^1.3.1", "ts-dedent": "^2.0.0" }, @@ -6685,15 +6650,15 @@ } }, "node_modules/@storybook/web-components-vite": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/web-components-vite/-/web-components-vite-7.6.6.tgz", - "integrity": "sha512-AOxvnA7eIRnKqZ21QgUHJ/ENX1MMhJCKPiytvkX8U02gs+0HE+NnZPbhZLPh/Ruax7KfLPUGItv3BcfrIxV5lw==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/web-components-vite/-/web-components-vite-7.6.7.tgz", + "integrity": "sha512-jfnVNhmgDYBdEnOliNcfo9FwfDDke66y6Zw2zkOz9qhJy8DCd5TzgDEmE7AU2XRzb1a464A90xfvJpvlUracfA==", "dev": true, "dependencies": { - "@storybook/builder-vite": "7.6.6", - "@storybook/core-server": "7.6.6", - "@storybook/node-logger": "7.6.6", - "@storybook/web-components": "7.6.6", + "@storybook/builder-vite": "7.6.7", + "@storybook/core-server": "7.6.7", + "@storybook/node-logger": "7.6.7", + "@storybook/web-components": "7.6.7", "magic-string": "^0.30.0" }, "engines": { @@ -6705,17 +6670,17 @@ } }, "node_modules/@storybook/web-components/node_modules/@storybook/preview-api": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.6.tgz", - "integrity": "sha512-Bt6xIAR5yZ/JWc90X4BbLOA97iL65glZ1SOBgFFv2mHrdZ1lcdKhAlQr2aeJAf1mLvBtalPjvKzi9EuVY3FZ4w==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.7.tgz", + "integrity": "sha512-ja85ItrT6q2TeBQ6n0CNoRi1R6L8yF2kkis9hVeTQHpwLdZyHUTRqqR5WmhtLqqQXcofyasBPOeJV06wuOhgRQ==", "dev": true, "dependencies": { - "@storybook/channels": "7.6.6", - "@storybook/client-logger": "7.6.6", - "@storybook/core-events": "7.6.6", + "@storybook/channels": "7.6.7", + "@storybook/client-logger": "7.6.7", + "@storybook/core-events": "7.6.7", "@storybook/csf": "^0.1.2", "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.6", + "@storybook/types": "7.6.7", "@types/qs": "^6.9.5", "dequal": "^2.0.2", "lodash": "^4.17.21", @@ -7369,6 +7334,12 @@ "integrity": "sha512-ah5GDQfsiK3dnkaCbYcDFZXkZCG3o90VRu9hzXHnSe4kACrRB1KUI/ZyWHvYmqm1W5Tl8B5YxxT98uGTlkbf2Q==", "dev": true }, + "node_modules/@types/guacamole-common-js": { + "version": "1.5.2", + "resolved": "https://registry.npmjs.org/@types/guacamole-common-js/-/guacamole-common-js-1.5.2.tgz", + "integrity": "sha512-S01txydRyBscHyV8giYNdrfU7dzwUkLb8prQPP68/YCpY/gMtcL9e7BXGpQttj4XpelSUVkA++TjllalZ0AHjg==", + "dev": true + }, "node_modules/@types/http-errors": { "version": "2.0.1", "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.1.tgz", @@ -7605,16 +7576,16 @@ "dev": true }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.16.0.tgz", - "integrity": "sha512-O5f7Kv5o4dLWQtPX4ywPPa+v9G+1q1x8mz0Kr0pXUtKsevo+gIJHLkGc8RxaZWtP8RrhwhSNIWThnW42K9/0rQ==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.17.0.tgz", + "integrity": "sha512-Vih/4xLXmY7V490dGwBQJTpIZxH4ZFH6eCVmQ4RFkB+wmaCTDAx4dtgoWwMNGKLkqRY1L6rPqzEbjorRnDo4rQ==", "dev": true, "dependencies": { "@eslint-community/regexpp": "^4.5.1", - "@typescript-eslint/scope-manager": "6.16.0", - "@typescript-eslint/type-utils": "6.16.0", - "@typescript-eslint/utils": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0", + "@typescript-eslint/scope-manager": "6.17.0", + "@typescript-eslint/type-utils": "6.17.0", + "@typescript-eslint/utils": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0", "debug": "^4.3.4", "graphemer": "^1.4.0", "ignore": "^5.2.4", @@ -7673,15 +7644,15 @@ "dev": true }, "node_modules/@typescript-eslint/parser": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.16.0.tgz", - "integrity": "sha512-H2GM3eUo12HpKZU9njig3DF5zJ58ja6ahj1GoHEHOgQvYxzoFJJEvC1MQ7T2l9Ha+69ZSOn7RTxOdpC/y3ikMw==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.17.0.tgz", + "integrity": "sha512-C4bBaX2orvhK+LlwrY8oWGmSl4WolCfYm513gEccdWZj0CwGadbIADb0FtVEcI+WzUyjyoBj2JRP8g25E6IB8A==", "dev": true, "dependencies": { - "@typescript-eslint/scope-manager": "6.16.0", - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/typescript-estree": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0", + "@typescript-eslint/scope-manager": "6.17.0", + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/typescript-estree": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0", "debug": "^4.3.4" }, "engines": { @@ -7701,13 +7672,13 @@ } }, "node_modules/@typescript-eslint/scope-manager": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.16.0.tgz", - "integrity": "sha512-0N7Y9DSPdaBQ3sqSCwlrm9zJwkpOuc6HYm7LpzLAPqBL7dmzAUimr4M29dMkOP/tEwvOCC/Cxo//yOfJD3HUiw==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.17.0.tgz", + "integrity": "sha512-RX7a8lwgOi7am0k17NUO0+ZmMOX4PpjLtLRgLmT1d3lBYdWH4ssBUbwdmc5pdRX8rXon8v9x8vaoOSpkHfcXGA==", "dev": true, "dependencies": { - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0" + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0" }, "engines": { "node": "^16.0.0 || >=18.0.0" @@ -7718,13 +7689,13 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.16.0.tgz", - "integrity": "sha512-ThmrEOcARmOnoyQfYkHw/DX2SEYBalVECmoldVuH6qagKROp/jMnfXpAU/pAIWub9c4YTxga+XwgAkoA0pxfmg==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.17.0.tgz", + "integrity": "sha512-hDXcWmnbtn4P2B37ka3nil3yi3VCQO2QEB9gBiHJmQp5wmyQWqnjA85+ZcE8c4FqnaB6lBwMrPkgd4aBYz3iNg==", "dev": true, "dependencies": { - "@typescript-eslint/typescript-estree": "6.16.0", - "@typescript-eslint/utils": "6.16.0", + "@typescript-eslint/typescript-estree": "6.17.0", + "@typescript-eslint/utils": "6.17.0", "debug": "^4.3.4", "ts-api-utils": "^1.0.1" }, @@ -7745,9 +7716,9 @@ } }, "node_modules/@typescript-eslint/types": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.16.0.tgz", - "integrity": "sha512-hvDFpLEvTJoHutVl87+MG/c5C8I6LOgEx05zExTSJDEVU7hhR3jhV8M5zuggbdFCw98+HhZWPHZeKS97kS3JoQ==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.17.0.tgz", + "integrity": "sha512-qRKs9tvc3a4RBcL/9PXtKSehI/q8wuU9xYJxe97WFxnzH8NWWtcW3ffNS+EWg8uPvIerhjsEZ+rHtDqOCiH57A==", "dev": true, "engines": { "node": "^16.0.0 || >=18.0.0" @@ -7758,13 +7729,13 @@ } }, "node_modules/@typescript-eslint/typescript-estree": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.16.0.tgz", - "integrity": "sha512-VTWZuixh/vr7nih6CfrdpmFNLEnoVBF1skfjdyGnNwXOH1SLeHItGdZDHhhAIzd3ACazyY2Fg76zuzOVTaknGA==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.17.0.tgz", + "integrity": "sha512-gVQe+SLdNPfjlJn5VNGhlOhrXz4cajwFd5kAgWtZ9dCZf4XJf8xmgCTLIqec7aha3JwgLI2CK6GY1043FRxZwg==", "dev": true, "dependencies": { - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/visitor-keys": "6.16.0", + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/visitor-keys": "6.17.0", "debug": "^4.3.4", "globby": "^11.1.0", "is-glob": "^4.0.3", @@ -7843,17 +7814,17 @@ "dev": true }, "node_modules/@typescript-eslint/utils": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.16.0.tgz", - "integrity": "sha512-T83QPKrBm6n//q9mv7oiSvy/Xq/7Hyw9SzSEhMHJwznEmQayfBM87+oAlkNAMEO7/MjIwKyOHgBJbxB0s7gx2A==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.17.0.tgz", + "integrity": "sha512-LofsSPjN/ITNkzV47hxas2JCsNCEnGhVvocfyOcLzT9c/tSZE7SfhS/iWtzP1lKNOEfLhRTZz6xqI8N2RzweSQ==", "dev": true, "dependencies": { "@eslint-community/eslint-utils": "^4.4.0", "@types/json-schema": "^7.0.12", "@types/semver": "^7.5.0", - "@typescript-eslint/scope-manager": "6.16.0", - "@typescript-eslint/types": "6.16.0", - "@typescript-eslint/typescript-estree": "6.16.0", + "@typescript-eslint/scope-manager": "6.17.0", + "@typescript-eslint/types": "6.17.0", + "@typescript-eslint/typescript-estree": "6.17.0", "semver": "^7.5.4" }, "engines": { @@ -7901,12 +7872,12 @@ "dev": true }, "node_modules/@typescript-eslint/visitor-keys": { - "version": "6.16.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.16.0.tgz", - "integrity": "sha512-QSFQLruk7fhs91a/Ep/LqRdbJCZ1Rq03rqBdKT5Ky17Sz8zRLUksqIe9DW0pKtg/Z35/ztbLQ6qpOCN6rOC11A==", + "version": "6.17.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.17.0.tgz", + "integrity": "sha512-H6VwB/k3IuIeQOyYczyyKN8wH6ed8EwliaYHLxOIhyF0dYEIsN8+Bk3GE19qafeMKyZJJHP8+O1HiFhFLUNKSg==", "dev": true, "dependencies": { - "@typescript-eslint/types": "6.16.0", + "@typescript-eslint/types": "6.17.0", "eslint-visitor-keys": "^3.4.1" }, "engines": { @@ -8072,15 +8043,12 @@ } }, "node_modules/agent-base": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.0.tgz", - "integrity": "sha512-o/zjMZRhJxny7OyEF+Op8X+efiELC7k7yOjMzgfzVqOzXqkBkWI79YoTdOtsuWd5BWhAGAuOY/Xa6xpiaWXiNg==", + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-5.1.1.tgz", + "integrity": "sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g==", "dev": true, - "dependencies": { - "debug": "^4.3.4" - }, "engines": { - "node": ">= 14" + "node": ">= 6.0.0" } }, "node_modules/aggregate-error": { @@ -8355,13 +8323,13 @@ } }, "node_modules/babel-plugin-polyfill-corejs2": { - "version": "0.4.6", - "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.6.tgz", - "integrity": "sha512-jhHiWVZIlnPbEUKSSNb9YoWcQGdlTLq7z1GHL4AjFxaoOUMuuEVJ+Y4pAaQUGOGk93YsVCKPbqbfw3m0SM6H8Q==", + "version": "0.4.7", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.7.tgz", + "integrity": "sha512-LidDk/tEGDfuHW2DWh/Hgo4rmnw3cduK6ZkOI1NPFceSK3n/yAGeOsNT7FLnSGHkXj3RHGSEVkN3FsCTY6w2CQ==", "dev": true, "dependencies": { "@babel/compat-data": "^7.22.6", - "@babel/helper-define-polyfill-provider": "^0.4.3", + "@babel/helper-define-polyfill-provider": "^0.4.4", "semver": "^6.3.1" }, "peerDependencies": { @@ -8369,25 +8337,25 @@ } }, "node_modules/babel-plugin-polyfill-corejs3": { - "version": "0.8.5", - "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.5.tgz", - "integrity": "sha512-Q6CdATeAvbScWPNLB8lzSO7fgUVBkQt6zLgNlfyeCr/EQaEQR+bWiBYYPYAFyE528BMjRhL+1QBMOI4jc/c5TA==", + "version": "0.8.7", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.8.7.tgz", + "integrity": "sha512-KyDvZYxAzkC0Aj2dAPyDzi2Ym15e5JKZSK+maI7NAwSqofvuFglbSsxE7wUOvTg9oFVnHMzVzBKcqEb4PJgtOA==", "dev": true, "dependencies": { - "@babel/helper-define-polyfill-provider": "^0.4.3", - "core-js-compat": "^3.32.2" + "@babel/helper-define-polyfill-provider": "^0.4.4", + "core-js-compat": "^3.33.1" }, "peerDependencies": { "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" } }, "node_modules/babel-plugin-polyfill-regenerator": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.3.tgz", - "integrity": "sha512-8sHeDOmXC8csczMrYEOf0UTNa4yE2SxV5JGeT/LP1n0OYVDUUFPxG9vdk2AlDlIit4t+Kf0xCtpgXPBwnn/9pw==", + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.5.4.tgz", + "integrity": "sha512-S/x2iOCvDaCASLYsOOgWOq4bCfKYVqvO/uxjkaYyZ3rVsVE3CeAI/c84NpyuBBymEgNvHgjEot3a9/Z/kXvqsg==", "dev": true, "dependencies": { - "@babel/helper-define-polyfill-provider": "^0.4.3" + "@babel/helper-define-polyfill-provider": "^0.4.4" }, "peerDependencies": { "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" @@ -8873,6 +8841,15 @@ "node": ">=8" } }, + "node_modules/citty": { + "version": "0.1.5", + "resolved": "https://registry.npmjs.org/citty/-/citty-0.1.5.tgz", + "integrity": "sha512-AS7n5NSc0OQVMV9v6wt3ByujNIrne0/cTjiC2MYqhvao57VNfiuVksTSr2p17nVOhEr2KtqiAkGwHcgMC/qUuQ==", + "dev": true, + "dependencies": { + "consola": "^3.2.3" + } + }, "node_modules/clean-stack": { "version": "2.2.0", "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", @@ -9129,6 +9106,15 @@ "safe-buffer": "~5.1.0" } }, + "node_modules/consola": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/consola/-/consola-3.2.3.tgz", + "integrity": "sha512-I5qxpzLv+sJhTVEoLYNcTW+bThDCPsit0vLNKShZx6rLtpilNpmmeTPaeqJb9ZE9dV3DGaeby6Vuhrw38WjeyQ==", + "dev": true, + "engines": { + "node": "^14.18.0 || >=16.10.0" + } + }, "node_modules/construct-style-sheets-polyfill": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/construct-style-sheets-polyfill/-/construct-style-sheets-polyfill-3.1.0.tgz", @@ -9196,9 +9182,9 @@ "dev": true }, "node_modules/core-js": { - "version": "3.34.0", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.34.0.tgz", - "integrity": "sha512-aDdvlDder8QmY91H88GzNi9EtQi2TjvQhpCX6B1v/dAZHU1AuLgHvRh54RiOerpEhEW46Tkf+vgAViB/CWC0ag==", + "version": "3.35.0", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.35.0.tgz", + "integrity": "sha512-ntakECeqg81KqMueeGJ79Q5ZgQNR+6eaE8sxGCx62zMbAIj65q+uYvatToew3m6eAGdU4gNZwpZ34NMe4GYswg==", "hasInstallScript": true, "funding": { "type": "opencollective", @@ -9206,12 +9192,12 @@ } }, "node_modules/core-js-compat": { - "version": "3.32.2", - "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.32.2.tgz", - "integrity": "sha512-+GjlguTDINOijtVRUxrQOv3kfu9rl+qPNdX2LTbJ/ZyVTuxK+ksVSAGX1nHstu4hrv1En/uPTtWgq2gI5wt4AQ==", + "version": "3.35.0", + "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.35.0.tgz", + "integrity": "sha512-5blwFAddknKeNgsjBzilkdQ0+YK8L1PfqPYq40NOYMYFSS38qj+hpTcLLWwpIwA2A5bje/x5jmVn2tzUMg9IVw==", "dev": true, "dependencies": { - "browserslist": "^4.21.10" + "browserslist": "^4.22.2" }, "funding": { "type": "opencollective", @@ -11461,9 +11447,9 @@ "dev": true }, "node_modules/flow-parser": { - "version": "0.225.0", - "resolved": "https://registry.npmjs.org/flow-parser/-/flow-parser-0.225.0.tgz", - "integrity": "sha512-wTr10/1z9wBuaNf+RGdGwD5FOI6TsNcWrMDhE+JBc2vEKe1e4SZuO5zVZCBq9SrFqPyWy0wFO9+hTH4zuPDbMA==", + "version": "0.225.1", + "resolved": "https://registry.npmjs.org/flow-parser/-/flow-parser-0.225.1.tgz", + "integrity": "sha512-50fjR6zbLQcpq5IFNkheUSY/AFPxVeeLiBM5B3NQBSKId2G0cUuExOlDDOguxc49dl9lnh8hI1xcYlPJWNp4KQ==", "dev": true, "engines": { "node": ">=0.4.0" @@ -11784,16 +11770,17 @@ } }, "node_modules/giget": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/giget/-/giget-1.1.3.tgz", - "integrity": "sha512-zHuCeqtfgqgDwvXlR84UNgnJDuUHQcNI5OqWqFxxuk2BshuKbYhJWdxBsEo4PvKqoGh23lUAIvBNpChMLv7/9Q==", + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/giget/-/giget-1.2.1.tgz", + "integrity": "sha512-4VG22mopWtIeHwogGSy1FViXVo0YT+m6BrqZfz0JJFwbSsePsCdOzdLIIli5BtMp7Xe8f/o2OmBpQX2NBOC24g==", "dev": true, "dependencies": { - "colorette": "^2.0.20", - "defu": "^6.1.2", - "https-proxy-agent": "^7.0.2", - "mri": "^1.2.0", - "node-fetch-native": "^1.4.0", + "citty": "^0.1.5", + "consola": "^3.2.3", + "defu": "^6.1.3", + "node-fetch-native": "^1.6.1", + "nypm": "^0.3.3", + "ohash": "^1.1.3", "pathe": "^1.1.1", "tar": "^6.2.0" }, @@ -11801,12 +11788,6 @@ "giget": "dist/cli.mjs" } }, - "node_modules/giget/node_modules/colorette": { - "version": "2.0.20", - "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", - "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==", - "dev": true - }, "node_modules/github-from-package": { "version": "0.0.0", "resolved": "https://registry.npmjs.org/github-from-package/-/github-from-package-0.0.0.tgz", @@ -11966,6 +11947,11 @@ "node": ">=6.0" } }, + "node_modules/guacamole-common-js": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/guacamole-common-js/-/guacamole-common-js-1.5.0.tgz", + "integrity": "sha512-zxztif3GGhKbg1RgOqwmqot8kXgv2HmHFg1EvWwd4q7UfEKvBcYZ0f+7G8HzvU+FUxF0Psqm9Kl5vCbgfrRgJg==" + }, "node_modules/gunzip-maybe": { "version": "1.4.2", "resolved": "https://registry.npmjs.org/gunzip-maybe/-/gunzip-maybe-1.4.2.tgz", @@ -12131,16 +12117,16 @@ } }, "node_modules/https-proxy-agent": { - "version": "7.0.2", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.2.tgz", - "integrity": "sha512-NmLNjm6ucYwtcUmL7JQC1ZQ57LmHP4lT15FQ8D61nak1rO6DH+fz5qNK2Ap5UN4ZapYICE3/0KodcLYSPsPbaA==", + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-4.0.0.tgz", + "integrity": "sha512-zoDhWrkR3of1l9QAL8/scJZyLu8j/gBkcwcaQOZh7Gyh/+uJQzGVETdgT30akuwkpL8HTRfssqI3BZuV18teDg==", "dev": true, "dependencies": { - "agent-base": "^7.0.2", + "agent-base": "5", "debug": "4" }, "engines": { - "node": ">= 14" + "node": ">= 6.0.0" } }, "node_modules/human-signals": { @@ -14598,9 +14584,9 @@ } }, "node_modules/node-fetch-native": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/node-fetch-native/-/node-fetch-native-1.4.1.tgz", - "integrity": "sha512-NsXBU0UgBxo2rQLOeWNZqS3fvflWePMECr8CoSWoSTqCqGbVVsvl9vZu1HfQicYN0g5piV9Gh8RTEvo/uP752w==", + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/node-fetch-native/-/node-fetch-native-1.6.1.tgz", + "integrity": "sha512-bW9T/uJDPAJB2YNYEpWzE54U5O3MQidXsOyTfnbKYtTtFexRvGzb1waphBN4ZwP6EcIvYYEOwW0b72BpAqydTw==", "dev": true }, "node_modules/node-int64": { @@ -14754,6 +14740,158 @@ "node": ">=8" } }, + "node_modules/nypm": { + "version": "0.3.4", + "resolved": "https://registry.npmjs.org/nypm/-/nypm-0.3.4.tgz", + "integrity": "sha512-1JLkp/zHBrkS3pZ692IqOaIKSYHmQXgqfELk6YTOfVBnwealAmPA1q2kKK7PHJAHSMBozerThEFZXP3G6o7Ukg==", + "dev": true, + "dependencies": { + "citty": "^0.1.5", + "execa": "^8.0.1", + "pathe": "^1.1.1", + "ufo": "^1.3.2" + }, + "bin": { + "nypm": "dist/cli.mjs" + }, + "engines": { + "node": "^14.16.0 || >=16.10.0" + } + }, + "node_modules/nypm/node_modules/execa": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz", + "integrity": "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==", + "dev": true, + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^8.0.1", + "human-signals": "^5.0.0", + "is-stream": "^3.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^5.1.0", + "onetime": "^6.0.0", + "signal-exit": "^4.1.0", + "strip-final-newline": "^3.0.0" + }, + "engines": { + "node": ">=16.17" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/nypm/node_modules/get-stream": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-8.0.1.tgz", + "integrity": "sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==", + "dev": true, + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/nypm/node_modules/human-signals": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-5.0.0.tgz", + "integrity": "sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==", + "dev": true, + "engines": { + "node": ">=16.17.0" + } + }, + "node_modules/nypm/node_modules/is-stream": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz", + "integrity": "sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==", + "dev": true, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/nypm/node_modules/mimic-fn": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz", + "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/nypm/node_modules/npm-run-path": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.2.0.tgz", + "integrity": "sha512-W4/tgAXFqFA0iL7fk0+uQ3g7wkL8xJmx3XdK0VGb4cHW//eZTtKGvFBBoRKVTpY7n6ze4NL9ly7rgXcHufqXKg==", + "dev": true, + "dependencies": { + "path-key": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/nypm/node_modules/onetime": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-6.0.0.tgz", + "integrity": "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==", + "dev": true, + "dependencies": { + "mimic-fn": "^4.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/nypm/node_modules/path-key": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", + "integrity": "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/nypm/node_modules/signal-exit": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", + "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", + "dev": true, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/nypm/node_modules/strip-final-newline": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz", + "integrity": "sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==", + "dev": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, "node_modules/object-assign": { "version": "4.1.1", "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", @@ -14814,6 +14952,12 @@ "url": "https://github.com/sponsors/ljharb" } }, + "node_modules/ohash": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/ohash/-/ohash-1.1.3.tgz", + "integrity": "sha512-zuHHiGTYTA1sYJ/wZN+t5HKZaH23i4yI1HMwbuXm24Nid7Dv0KcuRlKoNKS9UNfAVSBlnGLcuQrnOKWOZoEGaw==", + "dev": true + }, "node_modules/on-finished": { "version": "2.4.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", @@ -15528,15 +15672,6 @@ "node": ">=8.16.0" } }, - "node_modules/puppeteer-core/node_modules/agent-base": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-5.1.1.tgz", - "integrity": "sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g==", - "dev": true, - "engines": { - "node": ">= 6.0.0" - } - }, "node_modules/puppeteer-core/node_modules/glob": { "version": "7.2.3", "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", @@ -15557,19 +15692,6 @@ "url": "https://github.com/sponsors/isaacs" } }, - "node_modules/puppeteer-core/node_modules/https-proxy-agent": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-4.0.0.tgz", - "integrity": "sha512-zoDhWrkR3of1l9QAL8/scJZyLu8j/gBkcwcaQOZh7Gyh/+uJQzGVETdgT30akuwkpL8HTRfssqI3BZuV18teDg==", - "dev": true, - "dependencies": { - "agent-base": "5", - "debug": "4" - }, - "engines": { - "node": ">= 6.0.0" - } - }, "node_modules/puppeteer-core/node_modules/mime": { "version": "2.6.0", "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz", @@ -16297,9 +16419,9 @@ "integrity": "sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==" }, "node_modules/rollup": { - "version": "4.9.1", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.9.1.tgz", - "integrity": "sha512-pgPO9DWzLoW/vIhlSoDByCzcpX92bKEorbgXuZrqxByte3JFk2xSW2JEeAcyLc9Ru9pqcNNW+Ob7ntsk2oT/Xw==", + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.9.2.tgz", + "integrity": "sha512-66RB8OtFKUTozmVEh3qyNfH+b+z2RXBVloqO2KCC/pjFaGaHtxP9fVfOQKPSGXg2mElmjmxjW/fZ7iKrEpMH5Q==", "dev": true, "bin": { "rollup": "dist/bin/rollup" @@ -16309,19 +16431,19 @@ "npm": ">=8.0.0" }, "optionalDependencies": { - "@rollup/rollup-android-arm-eabi": "4.9.1", - "@rollup/rollup-android-arm64": "4.9.1", - "@rollup/rollup-darwin-arm64": "4.9.1", - "@rollup/rollup-darwin-x64": "4.9.1", - "@rollup/rollup-linux-arm-gnueabihf": "4.9.1", - "@rollup/rollup-linux-arm64-gnu": "4.9.1", - "@rollup/rollup-linux-arm64-musl": "4.9.1", - "@rollup/rollup-linux-riscv64-gnu": "4.9.1", - "@rollup/rollup-linux-x64-gnu": "4.9.1", - "@rollup/rollup-linux-x64-musl": "4.9.1", - "@rollup/rollup-win32-arm64-msvc": "4.9.1", - "@rollup/rollup-win32-ia32-msvc": "4.9.1", - "@rollup/rollup-win32-x64-msvc": "4.9.1", + "@rollup/rollup-android-arm-eabi": "4.9.2", + "@rollup/rollup-android-arm64": "4.9.2", + "@rollup/rollup-darwin-arm64": "4.9.2", + "@rollup/rollup-darwin-x64": "4.9.2", + "@rollup/rollup-linux-arm-gnueabihf": "4.9.2", + "@rollup/rollup-linux-arm64-gnu": "4.9.2", + "@rollup/rollup-linux-arm64-musl": "4.9.2", + "@rollup/rollup-linux-riscv64-gnu": "4.9.2", + "@rollup/rollup-linux-x64-gnu": "4.9.2", + "@rollup/rollup-linux-x64-musl": "4.9.2", + "@rollup/rollup-win32-arm64-msvc": "4.9.2", + "@rollup/rollup-win32-ia32-msvc": "4.9.2", + "@rollup/rollup-win32-x64-msvc": "4.9.2", "fsevents": "~2.3.2" } }, @@ -16977,12 +17099,12 @@ "dev": true }, "node_modules/storybook": { - "version": "7.6.6", - "resolved": "https://registry.npmjs.org/storybook/-/storybook-7.6.6.tgz", - "integrity": "sha512-PmJxpjGdLvDOHaRzqLOvcJ3ALQPaNeW6D5Lv7rPPVbuO24wdDzd/75dPRP7gJKYcGE0NnDZ6cLQq3UlCfbkIBA==", + "version": "7.6.7", + "resolved": "https://registry.npmjs.org/storybook/-/storybook-7.6.7.tgz", + "integrity": "sha512-1Cd895dqYIT5MOUOCDlD73OTWoJubLq/sWC7AMzkMrLu76yD4Cu6f+wv1HDrRAheRaCaeT3yhYEhsMB6qHIcaA==", "dev": true, "dependencies": { - "@storybook/cli": "7.6.6" + "@storybook/cli": "7.6.7" }, "bin": { "sb": "index.js", @@ -17926,6 +18048,12 @@ "node": ">=14.17" } }, + "node_modules/ufo": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.3.2.tgz", + "integrity": "sha512-o+ORpgGwaYQXgqGDwd+hkS4PuZ3QnmqMMxRuajK/a38L6fTpcE5GPIfrf+L/KemFzfUpeUQc1rRS1iDBozvnFA==", + "dev": true + }, "node_modules/uglify-js": { "version": "3.17.4", "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.4.tgz", @@ -18353,9 +18481,9 @@ } }, "node_modules/vite-tsconfig-paths": { - "version": "4.2.2", - "resolved": "https://registry.npmjs.org/vite-tsconfig-paths/-/vite-tsconfig-paths-4.2.2.tgz", - "integrity": "sha512-dq0FjyxHHDnp0uS3P12WEOX2W7NeuLzX9AWP38D7Zw2CTbFErapwQVlCiT5DMJcVWKQ1MMdTe92PZl/rBQ7qcw==", + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/vite-tsconfig-paths/-/vite-tsconfig-paths-4.2.3.tgz", + "integrity": "sha512-xVsA2xe6QSlzBujtWF8q2NYexh7PAUYfzJ4C8Axpe/7d2pcERYxuxGgph9F4f0iQO36g5tyGq6eBUYIssdUrVw==", "dev": true, "dependencies": { "debug": "^4.1.1", diff --git a/web/package.json b/web/package.json index 4d7002840..92cb66ec9 100644 --- a/web/package.json +++ b/web/package.json @@ -42,7 +42,7 @@ "@codemirror/theme-one-dark": "^6.1.2", "@formatjs/intl-listformat": "^7.5.3", "@fortawesome/fontawesome-free": "^6.5.1", - "@goauthentik/api": "^2023.10.5-1703290840", + "@goauthentik/api": "^2023.10.5-1703968412", "@lit-labs/context": "^0.4.0", "@lit-labs/task": "^3.1.0", "@lit/localize": "^0.11.4", @@ -57,9 +57,10 @@ "chartjs-adapter-moment": "^1.0.1", "codemirror": "^6.0.1", "construct-style-sheets-polyfill": "^3.1.0", - "core-js": "^3.34.0", + "core-js": "^3.35.0", "country-flag-icons": "^1.5.9", "fuse.js": "^7.0.0", + "guacamole-common-js": "^1.5.0", "lit": "^2.8.0", "mermaid": "^10.6.1", "rapidoc": "^9.3.4", @@ -68,13 +69,13 @@ "yaml": "^2.3.4" }, "devDependencies": { - "@babel/core": "^7.23.6", + "@babel/core": "^7.23.7", "@babel/plugin-proposal-class-properties": "^7.18.6", - "@babel/plugin-proposal-decorators": "^7.23.6", + "@babel/plugin-proposal-decorators": "^7.23.7", "@babel/plugin-transform-private-methods": "^7.23.3", "@babel/plugin-transform-private-property-in-object": "^7.23.4", - "@babel/plugin-transform-runtime": "^7.23.6", - "@babel/preset-env": "^7.23.6", + "@babel/plugin-transform-runtime": "^7.23.7", + "@babel/preset-env": "^7.23.7", "@babel/preset-typescript": "^7.23.3", "@hcaptcha/types": "^1.0.3", "@jackfranklin/rollup-plugin-markdown": "^0.4.0", @@ -86,19 +87,20 @@ "@rollup/plugin-replace": "^5.0.5", "@rollup/plugin-terser": "^0.4.4", "@rollup/plugin-typescript": "^11.1.5", - "@storybook/addon-essentials": "^7.6.6", - "@storybook/addon-links": "^7.6.6", - "@storybook/api": "^7.6.6", + "@storybook/addon-essentials": "^7.6.7", + "@storybook/addon-links": "^7.6.7", + "@storybook/api": "^7.6.7", "@storybook/blocks": "^7.6.4", - "@storybook/manager-api": "^7.6.6", - "@storybook/web-components": "^7.6.6", - "@storybook/web-components-vite": "^7.6.6", + "@storybook/manager-api": "^7.6.7", + "@storybook/web-components": "^7.6.7", + "@storybook/web-components-vite": "^7.6.7", "@trivago/prettier-plugin-sort-imports": "^4.3.0", "@types/chart.js": "^2.9.41", "@types/codemirror": "5.60.15", "@types/grecaptcha": "^3.0.7", - "@typescript-eslint/eslint-plugin": "^6.16.0", - "@typescript-eslint/parser": "^6.16.0", + "@types/guacamole-common-js": "1.5.2", + "@typescript-eslint/eslint-plugin": "^6.17.0", + "@typescript-eslint/parser": "^6.17.0", "babel-plugin-macros": "^3.1.0", "babel-plugin-tsconfig-paths": "^1.0.3", "cross-env": "^7.0.3", @@ -115,23 +117,23 @@ "pyright": "=1.1.338", "react": "^18.2.0", "react-dom": "^18.2.0", - "rollup": "^4.9.1", + "rollup": "^4.9.2", "rollup-plugin-copy": "^3.5.0", "rollup-plugin-cssimport": "^1.0.3", "rollup-plugin-modify": "^3.0.0", "rollup-plugin-postcss-lit": "^2.1.0", - "storybook": "^7.6.6", + "storybook": "^7.6.7", "storybook-addon-mock": "^4.3.0", "ts-lit-plugin": "^2.0.1", "tslib": "^2.6.2", "turnstile-types": "^1.2.0", "typescript": "^5.3.3", - "vite-tsconfig-paths": "^4.2.2" + "vite-tsconfig-paths": "^4.2.3" }, "optionalDependencies": { - "@esbuild/darwin-arm64": "^0.19.10", + "@esbuild/darwin-arm64": "^0.19.11", "@esbuild/linux-amd64": "^0.18.11", - "@esbuild/linux-arm64": "^0.19.10" + "@esbuild/linux-arm64": "^0.19.11" }, "engines": { "node": ">=20" diff --git a/web/rollup.config.mjs b/web/rollup.config.mjs index 49825a29d..c4139e13e 100644 --- a/web/rollup.config.mjs +++ b/web/rollup.config.mjs @@ -129,6 +129,21 @@ export const standalone = ["api-browser", "loading"].map((input) => { }; }); +export const enterprise = ["rac"].map((input) => { + return { + input: `./src/enterprise/${input}`, + output: [ + { + format: "es", + dir: `dist/enterprise/${input}`, + sourcemap: true, + manualChunks: manualChunks, + }, + ], + ...defaultOptions, + }; +}); + export default [ POLY, // Standalone @@ -172,4 +187,6 @@ export default [ ], ...defaultOptions, }, + // Enterprise + ...enterprise, ]; diff --git a/web/src/admin/outposts/OutpostForm.ts b/web/src/admin/outposts/OutpostForm.ts index 1952cfe85..2c5ac9722 100644 --- a/web/src/admin/outposts/OutpostForm.ts +++ b/web/src/admin/outposts/OutpostForm.ts @@ -21,6 +21,7 @@ import { OutpostsServiceConnectionsAllListRequest, PaginatedLDAPProviderList, PaginatedProxyProviderList, + PaginatedRACProviderList, PaginatedRadiusProviderList, ProvidersApi, ServiceConnection, @@ -38,7 +39,8 @@ export class OutpostForm extends ModelForm { providers?: | PaginatedProxyProviderList | PaginatedLDAPProviderList - | PaginatedRadiusProviderList; + | PaginatedRadiusProviderList + | PaginatedRACProviderList; defaultConfig?: OutpostDefaultConfig; @@ -73,6 +75,12 @@ export class OutpostForm extends ModelForm { applicationIsnull: false, }); break; + case OutpostTypeEnum.Rac: + this.providers = await new ProvidersApi(DEFAULT_CONFIG).providersRacList({ + ordering: "name", + applicationIsnull: false, + }); + break; case OutpostTypeEnum.UnknownDefaultOpenApi: this.providers = undefined; } @@ -133,6 +141,12 @@ export class OutpostForm extends ModelForm { > ${msg("Radius")} + diff --git a/web/src/admin/outposts/OutpostListPage.ts b/web/src/admin/outposts/OutpostListPage.ts index 390134ad0..318355585 100644 --- a/web/src/admin/outposts/OutpostListPage.ts +++ b/web/src/admin/outposts/OutpostListPage.ts @@ -41,6 +41,8 @@ export function TypeToLabel(type?: OutpostTypeEnum): string { return msg("LDAP"); case OutpostTypeEnum.Radius: return msg("Radius"); + case OutpostTypeEnum.Rac: + return msg("RAC"); case OutpostTypeEnum.UnknownDefaultOpenApi: return msg("Unknown type"); } diff --git a/web/src/admin/property-mappings/PropertyMappingListPage.ts b/web/src/admin/property-mappings/PropertyMappingListPage.ts index e961a744c..18521f5e4 100644 --- a/web/src/admin/property-mappings/PropertyMappingListPage.ts +++ b/web/src/admin/property-mappings/PropertyMappingListPage.ts @@ -1,5 +1,6 @@ import "@goauthentik/admin/property-mappings/PropertyMappingLDAPForm"; import "@goauthentik/admin/property-mappings/PropertyMappingNotification"; +import "@goauthentik/admin/property-mappings/PropertyMappingRACForm"; import "@goauthentik/admin/property-mappings/PropertyMappingSAMLForm"; import "@goauthentik/admin/property-mappings/PropertyMappingSCIMForm"; import "@goauthentik/admin/property-mappings/PropertyMappingScopeForm"; diff --git a/web/src/admin/property-mappings/PropertyMappingRACForm.ts b/web/src/admin/property-mappings/PropertyMappingRACForm.ts new file mode 100644 index 000000000..72e2bb090 --- /dev/null +++ b/web/src/admin/property-mappings/PropertyMappingRACForm.ts @@ -0,0 +1,195 @@ +import { first } from "@goauthentik/app/common/utils"; +import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import { docLink } from "@goauthentik/common/global"; +import "@goauthentik/elements/CodeMirror"; +import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror"; +import "@goauthentik/elements/forms/FormGroup"; +import "@goauthentik/elements/forms/HorizontalFormElement"; +import { ModelForm } from "@goauthentik/elements/forms/ModelForm"; + +import { msg } from "@lit/localize"; +import { TemplateResult, html } from "lit"; +import { customElement } from "lit/decorators.js"; +import { ifDefined } from "lit/directives/if-defined.js"; + +import { PropertymappingsApi, RACPropertyMapping } from "@goauthentik/api"; + +@customElement("ak-property-mapping-rac-form") +export class PropertyMappingLDAPForm extends ModelForm { + loadInstance(pk: string): Promise { + return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsRacRetrieve({ + pmUuid: pk, + }); + } + + getSuccessMessage(): string { + if (this.instance) { + return msg("Successfully updated mapping."); + } else { + return msg("Successfully created mapping."); + } + } + + async send(data: RACPropertyMapping): Promise { + if (this.instance) { + return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsRacUpdate({ + pmUuid: this.instance.pk || "", + rACPropertyMappingRequest: data, + }); + } else { + return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsRacCreate({ + rACPropertyMappingRequest: data, + }); + } + } + + renderForm(): TemplateResult { + return html` + + + + + ${msg("General settings")} +
+ + + + + + +
+
+ + ${msg("RDP settings")} +
+ + + + + + + + + + + + +
+
+ + ${msg("Advanced settings")} +
+ + + +

+ ${msg("Expression using Python.")} + + ${msg("See documentation for a list of all variables.")} + +

+
+
+
+ `; + } +} diff --git a/web/src/admin/property-mappings/PropertyMappingWizard.ts b/web/src/admin/property-mappings/PropertyMappingWizard.ts index 9086546a0..4773dd93a 100644 --- a/web/src/admin/property-mappings/PropertyMappingWizard.ts +++ b/web/src/admin/property-mappings/PropertyMappingWizard.ts @@ -1,5 +1,6 @@ import "@goauthentik/admin/property-mappings/PropertyMappingLDAPForm"; import "@goauthentik/admin/property-mappings/PropertyMappingNotification"; +import "@goauthentik/admin/property-mappings/PropertyMappingRACForm"; import "@goauthentik/admin/property-mappings/PropertyMappingSAMLForm"; import "@goauthentik/admin/property-mappings/PropertyMappingScopeForm"; import "@goauthentik/admin/property-mappings/PropertyMappingTestForm"; diff --git a/web/src/admin/providers/ProviderListPage.ts b/web/src/admin/providers/ProviderListPage.ts index 6ff994611..87a123c82 100644 --- a/web/src/admin/providers/ProviderListPage.ts +++ b/web/src/admin/providers/ProviderListPage.ts @@ -3,6 +3,7 @@ import "@goauthentik/admin/providers/ProviderWizard"; import "@goauthentik/admin/providers/ldap/LDAPProviderForm"; import "@goauthentik/admin/providers/oauth2/OAuth2ProviderForm"; import "@goauthentik/admin/providers/proxy/ProxyProviderForm"; +import "@goauthentik/admin/providers/rac/RACProviderForm"; import "@goauthentik/admin/providers/radius/RadiusProviderForm"; import "@goauthentik/admin/providers/saml/SAMLProviderForm"; import "@goauthentik/admin/providers/scim/SCIMProviderForm"; diff --git a/web/src/admin/providers/ProviderViewPage.ts b/web/src/admin/providers/ProviderViewPage.ts index 4157081d8..5cebd14dd 100644 --- a/web/src/admin/providers/ProviderViewPage.ts +++ b/web/src/admin/providers/ProviderViewPage.ts @@ -1,6 +1,7 @@ import "@goauthentik/admin/providers/ldap/LDAPProviderViewPage"; import "@goauthentik/admin/providers/oauth2/OAuth2ProviderViewPage"; import "@goauthentik/admin/providers/proxy/ProxyProviderViewPage"; +import "@goauthentik/admin/providers/rac/RACProviderViewPage"; import "@goauthentik/admin/providers/radius/RadiusProviderViewPage"; import "@goauthentik/admin/providers/saml/SAMLProviderViewPage"; import "@goauthentik/admin/providers/scim/SCIMProviderViewPage"; @@ -65,6 +66,10 @@ export class ProviderViewPage extends AKElement { return html``; + case "ak-provider-rac-form": + return html``; default: return html`

Invalid provider type ${this.provider?.component}

`; } diff --git a/web/src/admin/providers/rac/EndpointForm.ts b/web/src/admin/providers/rac/EndpointForm.ts new file mode 100644 index 000000000..af83af23f --- /dev/null +++ b/web/src/admin/providers/rac/EndpointForm.ts @@ -0,0 +1,146 @@ +import { first } from "@goauthentik/app/common/utils"; +import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import "@goauthentik/components/ak-radio-input"; +import "@goauthentik/elements/CodeMirror"; +import "@goauthentik/elements/forms/FormGroup"; +import "@goauthentik/elements/forms/HorizontalFormElement"; +import { ModelForm } from "@goauthentik/elements/forms/ModelForm"; +import YAML from "yaml"; + +import { msg } from "@lit/localize"; +import { TemplateResult, html } from "lit"; +import { customElement, property } from "lit/decorators.js"; +import { ifDefined } from "lit/directives/if-defined.js"; + +import { + AuthModeEnum, + Endpoint, + PaginatedRACPropertyMappingList, + PropertymappingsApi, + ProtocolEnum, + RacApi, +} from "@goauthentik/api"; + +@customElement("ak-rac-endpoint-form") +export class EndpointForm extends ModelForm { + @property({ type: Number }) + providerID?: number; + + propertyMappings?: PaginatedRACPropertyMappingList; + + async load(): Promise { + this.propertyMappings = await new PropertymappingsApi( + DEFAULT_CONFIG, + ).propertymappingsRacList({ + ordering: "name", + }); + } + + loadInstance(pk: string): Promise { + return new RacApi(DEFAULT_CONFIG).racEndpointsRetrieve({ + pbmUuid: pk, + }); + } + + getSuccessMessage(): string { + return this.instance + ? msg("Successfully updated endpoint.") + : msg("Successfully created endpoint."); + } + + async send(data: Endpoint): Promise { + data.authMode = AuthModeEnum.Prompt; + if (!this.instance) { + data.provider = this.providerID || 0; + } else { + data.provider = this.instance.provider; + } + if (this.instance) { + return new RacApi(DEFAULT_CONFIG).racEndpointsPartialUpdate({ + pbmUuid: this.instance.pk || "", + patchedEndpointRequest: data, + }); + } else { + return new RacApi(DEFAULT_CONFIG).racEndpointsCreate({ + endpointRequest: data, + }); + } + } + + renderForm(): TemplateResult { + return html` + + + + + + + + + +

${msg("Hostname/IP to connect to.")}

+
+ + +

+ ${msg("Hold control/command to select multiple items.")} +

+
+ + ${msg("Advanced settings")} +
+ + + +

${msg("Connection settings.")}

+
+
+
+ `; + } +} diff --git a/web/src/admin/providers/rac/EndpointList.ts b/web/src/admin/providers/rac/EndpointList.ts new file mode 100644 index 000000000..d3c3f88c3 --- /dev/null +++ b/web/src/admin/providers/rac/EndpointList.ts @@ -0,0 +1,142 @@ +import "@goauthentik/admin/policies/BoundPoliciesList"; +import "@goauthentik/app/admin/providers/rac/EndpointForm"; +import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import { uiConfig } from "@goauthentik/common/ui/config"; +import "@goauthentik/elements/buttons/SpinnerButton"; +import "@goauthentik/elements/forms/DeleteBulkForm"; +import "@goauthentik/elements/forms/ModalForm"; +import "@goauthentik/elements/rbac/ObjectPermissionModal"; +import { PaginatedResponse, Table } from "@goauthentik/elements/table/Table"; +import { TableColumn } from "@goauthentik/elements/table/Table"; +import "@patternfly/elements/pf-tooltip/pf-tooltip.js"; + +import { msg } from "@lit/localize"; +import { CSSResult, TemplateResult, html } from "lit"; +import { customElement, property } from "lit/decorators.js"; + +import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css"; + +import { + Endpoint, + RACProvider, + RacApi, + RbacPermissionsAssignedByUsersListModelEnum, +} from "@goauthentik/api"; + +@customElement("ak-rac-endpoint-list") +export class EndpointListPage extends Table { + expandable = true; + checkbox = true; + + searchEnabled(): boolean { + return true; + } + + @property() + order = "name"; + + @property({ attribute: false }) + provider?: RACProvider; + + static get styles(): CSSResult[] { + return super.styles.concat(PFDescriptionList); + } + + async apiEndpoint(page: number): Promise> { + return new RacApi(DEFAULT_CONFIG).racEndpointsList({ + ordering: this.order, + page: page, + pageSize: (await uiConfig()).pagination.perPage, + search: this.search || "", + provider: this.provider?.pk, + superuserFullList: true, + }); + } + + columns(): TableColumn[] { + return [ + new TableColumn(msg("Name"), "name"), + new TableColumn(msg("Host"), "host"), + new TableColumn(msg("Actions")), + ]; + } + + renderToolbarSelected(): TemplateResult { + const disabled = this.selectedElements.length < 1; + return html` { + return [ + { key: msg("Name"), value: item.name }, + { key: msg("Host"), value: item.host }, + ]; + }} + .usedBy=${(item: Endpoint) => { + return new RacApi(DEFAULT_CONFIG).racEndpointsUsedByList({ + pbmUuid: item.pk, + }); + }} + .delete=${(item: Endpoint) => { + return new RacApi(DEFAULT_CONFIG).racEndpointsDestroy({ + pbmUuid: item.pk, + }); + }} + > + + `; + } + + row(item: Endpoint): TemplateResult[] { + return [ + html`${item.name}`, + html`${item.host}`, + html` + ${msg("Update")} + ${msg("Update Endpoint")} + + + + + + `, + ]; + } + + renderExpanded(item: Endpoint): TemplateResult { + return html` + +
+
+

+ ${msg( + "These bindings control which users will have access to this endpoint. Users must also have access to the application.", + )} +

+ +
+
+ `; + } + + renderObjectCreate(): TemplateResult { + return html` + + ${msg("Create")} + ${msg("Create Endpoint")} + + + + + `; + } +} diff --git a/web/src/admin/providers/rac/RACProviderForm.ts b/web/src/admin/providers/rac/RACProviderForm.ts new file mode 100644 index 000000000..53a5357a9 --- /dev/null +++ b/web/src/admin/providers/rac/RACProviderForm.ts @@ -0,0 +1,158 @@ +import "@goauthentik/admin/common/ak-crypto-certificate-search"; +import "@goauthentik/admin/common/ak-flow-search/ak-tenanted-flow-search"; +import { first } from "@goauthentik/app/common/utils"; +import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import "@goauthentik/elements/CodeMirror"; +import "@goauthentik/elements/forms/FormGroup"; +import "@goauthentik/elements/forms/HorizontalFormElement"; +import { ModelForm } from "@goauthentik/elements/forms/ModelForm"; +import "@goauthentik/elements/forms/Radio"; +import "@goauthentik/elements/forms/SearchSelect"; +import "@goauthentik/elements/utils/TimeDeltaHelp"; +import YAML from "yaml"; + +import { msg } from "@lit/localize"; +import { TemplateResult, html } from "lit"; +import { customElement, state } from "lit/decorators.js"; +import { ifDefined } from "lit/directives/if-defined.js"; + +import { + FlowsInstancesListDesignationEnum, + PaginatedEndpointList, + PaginatedRACPropertyMappingList, + PropertymappingsApi, + ProvidersApi, + RACProvider, + RacApi, +} from "@goauthentik/api"; + +@customElement("ak-provider-rac-form") +export class RACProviderFormPage extends ModelForm { + @state() + endpoints?: PaginatedEndpointList; + + propertyMappings?: PaginatedRACPropertyMappingList; + + async load(): Promise { + this.endpoints = await new RacApi(DEFAULT_CONFIG).racEndpointsList({}); + this.propertyMappings = await new PropertymappingsApi( + DEFAULT_CONFIG, + ).propertymappingsRacList({ + ordering: "name", + }); + } + + async loadInstance(pk: number): Promise { + return new ProvidersApi(DEFAULT_CONFIG).providersRacRetrieve({ + id: pk, + }); + } + + getSuccessMessage(): string { + if (this.instance) { + return msg("Successfully updated provider."); + } else { + return msg("Successfully created provider."); + } + } + + async send(data: RACProvider): Promise { + if (this.instance) { + return new ProvidersApi(DEFAULT_CONFIG).providersRacUpdate({ + id: this.instance.pk || 0, + rACProviderRequest: data, + }); + } else { + return new ProvidersApi(DEFAULT_CONFIG).providersRacCreate({ + rACProviderRequest: data, + }); + } + } + + renderForm(): TemplateResult { + return html` + + + + + + +

+ ${msg("Flow used when authorizing this provider.")} +

+
+ + +

+ ${msg( + "Determines how long a session lasts before being disconnected and requiring re-authorization.", + )} +

+ +
+ + + ${msg("Protocol settings")} +
+ + +

+ ${msg("Hold control/command to select multiple items.")} +

+
+ + + +

${msg("Connection settings.")}

+
+
+
+ `; + } +} diff --git a/web/src/admin/providers/rac/RACProviderViewPage.ts b/web/src/admin/providers/rac/RACProviderViewPage.ts new file mode 100644 index 000000000..393fa4375 --- /dev/null +++ b/web/src/admin/providers/rac/RACProviderViewPage.ts @@ -0,0 +1,181 @@ +import "@goauthentik/admin/providers/RelatedApplicationButton"; +import "@goauthentik/admin/providers/rac/EndpointForm"; +import "@goauthentik/admin/providers/rac/EndpointList"; +import "@goauthentik/admin/providers/rac/RACProviderForm"; +import "@goauthentik/app/elements/rbac/ObjectPermissionsPage"; +import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import { EVENT_REFRESH } from "@goauthentik/common/constants"; +import "@goauthentik/components/ak-status-label"; +import "@goauthentik/components/events/ObjectChangelog"; +import { AKElement } from "@goauthentik/elements/Base"; +import "@goauthentik/elements/CodeMirror"; +import "@goauthentik/elements/Tabs"; +import "@goauthentik/elements/buttons/ModalButton"; +import "@goauthentik/elements/buttons/SpinnerButton"; + +import { msg } from "@lit/localize"; +import { CSSResult, TemplateResult, html } from "lit"; +import { customElement, property } from "lit/decorators.js"; + +import PFBanner from "@patternfly/patternfly/components/Banner/banner.css"; +import PFButton from "@patternfly/patternfly/components/Button/button.css"; +import PFCard from "@patternfly/patternfly/components/Card/card.css"; +import PFContent from "@patternfly/patternfly/components/Content/content.css"; +import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css"; +import PFForm from "@patternfly/patternfly/components/Form/form.css"; +import PFFormControl from "@patternfly/patternfly/components/FormControl/form-control.css"; +import PFList from "@patternfly/patternfly/components/List/list.css"; +import PFPage from "@patternfly/patternfly/components/Page/page.css"; +import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css"; +import PFBase from "@patternfly/patternfly/patternfly-base.css"; + +import { + ProvidersApi, + RACProvider, + RbacPermissionsAssignedByUsersListModelEnum, +} from "@goauthentik/api"; + +@customElement("ak-provider-rac-view") +export class RACProviderViewPage extends AKElement { + @property() + set args(value: { [key: string]: number }) { + this.providerID = value.id; + } + + @property({ type: Number }) + set providerID(value: number) { + new ProvidersApi(DEFAULT_CONFIG) + .providersRacRetrieve({ + id: value, + }) + .then((prov) => (this.provider = prov)); + } + + @property({ attribute: false }) + provider?: RACProvider; + + static get styles(): CSSResult[] { + return [ + PFBase, + PFButton, + PFPage, + PFGrid, + PFContent, + PFList, + PFForm, + PFFormControl, + PFCard, + PFDescriptionList, + PFBanner, + ]; + } + + constructor() { + super(); + this.addEventListener(EVENT_REFRESH, () => { + if (!this.provider?.pk) return; + this.providerID = this.provider?.pk; + }); + } + + render(): TemplateResult { + if (!this.provider) { + return html``; + } + return html` +
+ ${this.renderTabOverview()} +
+
+
+
+ + +
+
+
+ +
`; + } + + renderTabOverview(): TemplateResult { + if (!this.provider) { + return html``; + } + return html`
+ ${msg("RAC is in preview.")} + ${msg("Send us feedback!")} +
+ ${this.provider?.assignedApplicationName + ? html`` + : html`
+ ${msg("Warning: Provider is not used by an Application.")} +
`} + ${this.provider?.outpostSet.length < 1 + ? html`
+ ${msg("Warning: Provider is not used by any Outpost.")} +
` + : html``} +
+
+
+
+
+
+ ${msg("Name")} +
+
+
+ ${this.provider.name} +
+
+
+
+
+ ${msg("Assigned to application")} +
+
+
+ +
+
+
+
+
+ +
+
+
${msg("Endpoints")}
+
+ +
+
+
`; + } +} diff --git a/web/src/components/events/ObjectChangelog.ts b/web/src/components/events/ObjectChangelog.ts index 160a98d73..dcfef105b 100644 --- a/web/src/components/events/ObjectChangelog.ts +++ b/web/src/components/events/ObjectChangelog.ts @@ -1,3 +1,5 @@ +import { EventGeo } from "@goauthentik/app/admin/events/utils"; +import { actionToLabel } from "@goauthentik/app/common/labels"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { EventWithContext } from "@goauthentik/common/events"; import { uiConfig } from "@goauthentik/common/ui/config"; @@ -73,7 +75,7 @@ export class ObjectChangelog extends Table { row(item: EventWithContext): TemplateResult[] { return [ - html`${item.action}`, + html`${actionToLabel(item.action)}`, html`
${item.user?.username}
${item.user.on_behalf_of ? html` @@ -81,7 +83,9 @@ export class ObjectChangelog extends Table { ` : html``}`, html`${item.created?.toLocaleString()}`, - html`${item.clientIp || msg("-")}`, + html`
${item.clientIp || msg("-")}
+ + ${EventGeo(item)}`, ]; } diff --git a/web/src/elements/LoadingOverlay.ts b/web/src/elements/LoadingOverlay.ts index 25ed89667..8420156df 100644 --- a/web/src/elements/LoadingOverlay.ts +++ b/web/src/elements/LoadingOverlay.ts @@ -1,5 +1,5 @@ import { AKElement } from "@goauthentik/elements/Base"; -import { PFSize } from "@goauthentik/elements/Spinner"; +import "@goauthentik/elements/EmptyState"; import { CSSResult, TemplateResult, css, html } from "lit"; import { customElement, property } from "lit/decorators.js"; @@ -33,6 +33,8 @@ export class LoadingOverlay extends AKElement { } render(): TemplateResult { - return html``; + return html` + + `; } } diff --git a/web/src/elements/table/Table.ts b/web/src/elements/table/Table.ts index 0b78c4dfb..82fb9f5ae 100644 --- a/web/src/elements/table/Table.ts +++ b/web/src/elements/table/Table.ts @@ -27,6 +27,11 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css"; import { Pagination, ResponseError } from "@goauthentik/api"; +export interface TableLike { + order?: string; + fetch: () => void; +} + export class TableColumn { title: string; orderBy?: string; @@ -38,7 +43,7 @@ export class TableColumn { this.orderBy = orderBy; } - headerClickHandler(table: Table): void { + headerClickHandler(table: TableLike): void { if (!this.orderBy) { return; } @@ -46,7 +51,7 @@ export class TableColumn { table.fetch(); } - private getSortIndicator(table: Table): string { + private getSortIndicator(table: TableLike): string { switch (table.order) { case this.orderBy: return "fa-long-arrow-alt-down"; @@ -57,7 +62,7 @@ export class TableColumn { } } - renderSortable(table: Table): TemplateResult { + renderSortable(table: TableLike): TemplateResult { return html` `; } - render(table: Table): TemplateResult { + render(table: TableLike): TemplateResult { const classes = { "pf-c-table__sort": !!this.orderBy, "pf-m-selected": table.order === this.orderBy || table.order === `-${this.orderBy}`, @@ -89,7 +94,7 @@ export interface PaginatedResponse { results: Array; } -export abstract class Table extends AKElement { +export abstract class Table extends AKElement implements TableLike { abstract apiEndpoint(page: number): Promise>; abstract columns(): TableColumn[]; abstract row(item: T): TemplateResult[]; @@ -123,6 +128,12 @@ export abstract class Table extends AKElement { @property({ type: Boolean }) checkbox = false; + @property({ type: Boolean }) + clickable = false; + + @property({ attribute: false }) + clickHandler: (item: T) => void = () => {}; + @property({ type: Boolean }) radioSelect = false; @@ -356,8 +367,12 @@ export abstract class Table extends AKElement { return html` { + this.clickHandler(item); + } + : itemSelectHandler} > ${this.checkbox ? renderCheckbox() : html``} ${this.expandable ? renderExpansion() : html``} diff --git a/web/src/elements/table/TableModal.ts b/web/src/elements/table/TableModal.ts index 328f5ffdf..341951fe6 100644 --- a/web/src/elements/table/TableModal.ts +++ b/web/src/elements/table/TableModal.ts @@ -19,7 +19,18 @@ export abstract class TableModal extends Table { size: PFSize = PFSize.Large; @property({ type: Boolean }) - open = false; + set open(value: boolean) { + this._open = value; + if (value) { + this.fetch(); + } + } + + get open(): boolean { + return this._open; + } + + _open = false; static get styles(): CSSResult[] { return super.styles.concat( @@ -43,6 +54,13 @@ export abstract class TableModal extends Table { }); } + public async fetch(): Promise { + if (!this.open) { + return; + } + return super.fetch(); + } + resetForms(): void { this.querySelectorAll("[slot=form]").forEach((form) => { if ("resetForm" in form) { diff --git a/web/src/enterprise/rac/index.ts b/web/src/enterprise/rac/index.ts new file mode 100644 index 000000000..272ba2211 --- /dev/null +++ b/web/src/enterprise/rac/index.ts @@ -0,0 +1,326 @@ +import { TITLE_DEFAULT } from "@goauthentik/app/common/constants"; +import { Interface } from "@goauthentik/elements/Base"; +import "@goauthentik/elements/LoadingOverlay"; +import Guacamole from "guacamole-common-js"; + +import { msg, str } from "@lit/localize"; +import { CSSResult, TemplateResult, css, html } from "lit"; +import { customElement, property, state } from "lit/decorators.js"; + +import AKGlobal from "@goauthentik/common/styles/authentik.css"; +import PFContent from "@patternfly/patternfly/components/Content/content.css"; +import PFPage from "@patternfly/patternfly/components/Page/page.css"; +import PFBase from "@patternfly/patternfly/patternfly-base.css"; + +enum GuacClientState { + IDLE = 0, + CONNECTING = 1, + WAITING = 2, + CONNECTED = 3, + DISCONNECTING = 4, + DISCONNECTED = 5, +} + +const AUDIO_INPUT_MIMETYPE = "audio/L16;rate=44100,channels=2"; +const RECONNECT_ATTEMPTS_INITIAL = 5; +const RECONNECT_ATTEMPTS = 5; + +@customElement("ak-rac") +export class RacInterface extends Interface { + static get styles(): CSSResult[] { + return [ + PFBase, + PFPage, + PFContent, + AKGlobal, + css` + :host { + cursor: none; + } + canvas { + z-index: unset !important; + } + .container { + overflow: hidden; + height: 100vh; + background-color: black; + display: flex; + justify-content: center; + align-items: center; + } + ak-loading-overlay { + z-index: 5; + } + `, + ]; + } + + client?: Guacamole.Client; + tunnel?: Guacamole.Tunnel; + + @state() + container?: HTMLElement; + + @state() + clientState?: GuacClientState; + + @state() + reconnectingMessage = ""; + + @property() + token?: string; + + @property() + endpointName?: string; + + @state() + clipboardWatcherTimer = 0; + + _previousClipboardValue: unknown; + + // Set to `true` if we've successfully connected once + hasConnected = false; + // Keep track of current connection attempt + connectionAttempt = 0; + + static domSize(): DOMRect { + return document.body.getBoundingClientRect(); + } + + constructor() { + super(); + this.initKeyboard(); + this.checkClipboard(); + this.clipboardWatcherTimer = setInterval( + this.checkClipboard.bind(this), + 500, + ) as unknown as number; + } + + connectedCallback(): void { + super.connectedCallback(); + window.addEventListener( + "focus", + () => { + this.checkClipboard(); + }, + { + capture: false, + }, + ); + window.addEventListener("resize", () => { + this.client?.sendSize( + Math.floor(RacInterface.domSize().width), + Math.floor(RacInterface.domSize().height), + ); + }); + } + + disconnectedCallback(): void { + super.disconnectedCallback(); + clearInterval(this.clipboardWatcherTimer); + } + + async firstUpdated(): Promise { + this.updateTitle(); + const wsUrl = `${window.location.protocol.replace("http", "ws")}//${ + window.location.host + }/ws/rac/${this.token}/`; + this.tunnel = new Guacamole.WebSocketTunnel(wsUrl); + this.tunnel.receiveTimeout = 10 * 1000; // 10 seconds + this.tunnel.onerror = (status) => { + console.debug("authentik/rac: tunnel error: ", status); + this.reconnect(); + }; + this.client = new Guacamole.Client(this.tunnel); + this.client.onerror = (err) => { + console.debug("authentik/rac: error: ", err); + this.reconnect(); + }; + this.client.onstatechange = (state) => { + this.clientState = state; + if (state === GuacClientState.CONNECTED) { + this.onConnected(); + } + }; + this.client.onclipboard = (stream, mimetype) => { + // If the received data is text, read it as a simple string + if (/^text\//.exec(mimetype)) { + const reader = new Guacamole.StringReader(stream); + let data = ""; + reader.ontext = (text) => { + data += text; + }; + reader.onend = () => { + this._previousClipboardValue = data; + navigator.clipboard.writeText(data); + }; + } else { + const reader = new Guacamole.BlobReader(stream, mimetype); + reader.onend = () => { + const blob = reader.getBlob(); + navigator.clipboard.write([ + new ClipboardItem({ + [blob.type]: blob, + }), + ]); + }; + } + console.debug("authentik/rac: updated clipboard from remote"); + }; + const params = new URLSearchParams(); + params.set("screen_width", Math.floor(RacInterface.domSize().width).toString()); + params.set("screen_height", Math.floor(RacInterface.domSize().height).toString()); + params.set("screen_dpi", (window.devicePixelRatio * 96).toString()); + this.client.connect(params.toString()); + } + + reconnect(): void { + this.clientState = undefined; + this.connectionAttempt += 1; + if (!this.hasConnected) { + // Check connection attempts if we haven't had a successful connection + if (this.connectionAttempt >= RECONNECT_ATTEMPTS_INITIAL) { + this.hasConnected = true; + this.reconnectingMessage = msg( + str`Connection failed after ${this.connectionAttempt} attempts.`, + ); + return; + } + } else { + if (this.connectionAttempt >= RECONNECT_ATTEMPTS) { + this.reconnectingMessage = msg( + str`Connection failed after ${this.connectionAttempt} attempts.`, + ); + return; + } + } + const delay = 500 * this.connectionAttempt; + this.reconnectingMessage = msg( + str`Re-connecting in ${Math.max(1, delay / 1000)} second(s).`, + ); + setTimeout(() => { + this.firstUpdated(); + }, delay); + } + + updateTitle(): void { + let title = this.tenant?.brandingTitle || TITLE_DEFAULT; + if (this.endpointName) { + title = `${this.endpointName} - ${title}`; + } + document.title = `${title}`; + } + + onConnected(): void { + console.debug("authentik/rac: connected"); + if (!this.client) { + return; + } + this.hasConnected = true; + this.container = this.client.getDisplay().getElement(); + this.initMouse(this.container); + this.client?.sendSize( + Math.floor(RacInterface.domSize().width), + Math.floor(RacInterface.domSize().height), + ); + } + + initMouse(container: HTMLElement): void { + const mouse = new Guacamole.Mouse(container); + const handler = (mouseState: Guacamole.Mouse.State, scaleMouse = false) => { + if (!this.client) return; + + if (scaleMouse) { + mouseState.y = mouseState.y / this.client.getDisplay().getScale(); + mouseState.x = mouseState.x / this.client.getDisplay().getScale(); + } + + this.client.sendMouseState(mouseState); + }; + // @ts-ignore + mouse.onEach(["mouseup", "mousedown"], (ev: Guacamole.Mouse.Event) => { + this.container?.focus(); + handler(ev.state); + }); + // @ts-ignore + mouse.on("mousemove", (ev: Guacamole.Mouse.Event) => { + handler(ev.state, true); + }); + } + + initAudioInput(): void { + const stream = this.client?.createAudioStream(AUDIO_INPUT_MIMETYPE); + if (!stream) return; + // Guacamole.AudioPlayer + const recorder = Guacamole.AudioRecorder.getInstance(stream, AUDIO_INPUT_MIMETYPE); + // If creation of the AudioRecorder failed, simply end the stream + if (!recorder) { + stream.sendEnd(); + return; + } + // Otherwise, ensure that another audio stream is created after this + // audio stream is closed + recorder.onclose = this.initAudioInput.bind(this); + } + + initKeyboard(): void { + const keyboard = new Guacamole.Keyboard(document); + keyboard.onkeydown = (keysym) => { + this.client?.sendKeyEvent(1, keysym); + }; + keyboard.onkeyup = (keysym) => { + this.client?.sendKeyEvent(0, keysym); + }; + } + + async checkClipboard(): Promise { + try { + if (!this._previousClipboardValue) { + this._previousClipboardValue = await navigator.clipboard.readText(); + return; + } + const newValue = await navigator.clipboard.readText(); + if (newValue !== this._previousClipboardValue) { + console.debug(`authentik/rac: new clipboard value: ${newValue}`); + this._previousClipboardValue = newValue; + this.writeClipboard(newValue); + } + } catch (ex) { + // The error is most likely caused by the document not being in focus + // in which case we can ignore it and just retry + if (ex instanceof DOMException) { + return; + } + console.warn("authentik/rac: error reading clipboard", ex); + } + } + + private writeClipboard(value: string) { + if (!this.client) { + return; + } + const stream = this.client.createClipboardStream("text/plain"); + const writer = new Guacamole.StringWriter(stream); + writer.sendText(value); + writer.sendEnd(); + console.debug("authentik/rac: Sent clipboard"); + } + + render(): TemplateResult { + return html` + ${this.clientState !== GuacClientState.CONNECTED + ? html` + + + ${this.hasConnected + ? html`${this.reconnectingMessage}` + : html`${msg("Connecting...")}`} + + + ` + : html``} +
${this.container}
+ `; + } +} diff --git a/web/src/user/LibraryApplication/RACLaunchEndpointModal.ts b/web/src/user/LibraryApplication/RACLaunchEndpointModal.ts new file mode 100644 index 000000000..40f5668f7 --- /dev/null +++ b/web/src/user/LibraryApplication/RACLaunchEndpointModal.ts @@ -0,0 +1,71 @@ +import { DEFAULT_CONFIG } from "@goauthentik/app/common/api/config"; +import { PaginatedResponse, TableColumn } from "@goauthentik/app/elements/table/Table"; +import { TableModal } from "@goauthentik/app/elements/table/TableModal"; + +import { msg } from "@lit/localize"; +import { TemplateResult, html } from "lit"; +import { customElement, property } from "lit/decorators.js"; + +import { Application, Endpoint, RacApi } from "@goauthentik/api"; + +@customElement("ak-library-rac-endpoint-launch") +export class RACLaunchEndpointModal extends TableModal { + clickable = true; + searchEnabled(): boolean { + return true; + } + + clickHandler = (item: Endpoint) => { + if (!item.launchUrl) { + return; + } + if (this.app?.openInNewTab) { + window.open(item.launchUrl); + } else { + window.location.assign(item.launchUrl); + } + }; + + @property({ attribute: false }) + app?: Application; + + async apiEndpoint(page: number): Promise> { + const endpoints = await new RacApi(DEFAULT_CONFIG).racEndpointsList({ + provider: this.app?.provider || 0, + page: page, + search: this.search, + }); + if (this.open && endpoints.pagination.count === 1) { + this.clickHandler(endpoints.results[0]); + this.open = false; + } + return endpoints; + } + + columns(): TableColumn[] { + return [new TableColumn("Name")]; + } + + row(item: Endpoint): TemplateResult[] { + return [html`${item.name}`]; + } + + renderModalInner(): TemplateResult { + return html`
+
+

${msg("Select endpoint to connect to")}

+
+
+
${this.renderTable()}
+
+ { + this.open = false; + }} + class="pf-m-secondary" + > + ${msg("Cancel")} + +
`; + } +} diff --git a/web/src/user/LibraryApplication/index.ts b/web/src/user/LibraryApplication/index.ts index 282ce63b2..35f60804f 100644 --- a/web/src/user/LibraryApplication/index.ts +++ b/web/src/user/LibraryApplication/index.ts @@ -3,6 +3,7 @@ import { truncateWords } from "@goauthentik/common/utils"; import "@goauthentik/components/ak-app-icon"; import { AKElement, rootInterface } from "@goauthentik/elements/Base"; import "@goauthentik/elements/Expand"; +import "@goauthentik/user/LibraryApplication/RACLaunchEndpointModal"; import { UserInterface } from "@goauthentik/user/UserInterface"; import { msg } from "@lit/localize"; @@ -85,6 +86,22 @@ export class LibraryApplication extends AKElement { `; } + renderLaunch(): TemplateResult { + if (!this.application) { + return html``; + } + if (this.application?.launchUrl === "goauthentik.io://providers/rac/launch") { + return html` + ${this.application.name} + `; + } + return html`${this.application.name}`; + } + render(): TemplateResult { if (!this.application) { return html``; @@ -111,13 +128,7 @@ export class LibraryApplication extends AKElement { - +
${this.renderLaunch()}
${expandable ? this.renderExpansion(this.application) : nothing} `; diff --git a/web/src/user/LibraryPage/LibraryPageImpl.utils.ts b/web/src/user/LibraryPage/LibraryPageImpl.utils.ts index bac9186e8..0b3375dc3 100644 --- a/web/src/user/LibraryPage/LibraryPageImpl.utils.ts +++ b/web/src/user/LibraryPage/LibraryPageImpl.utils.ts @@ -2,10 +2,16 @@ import type { Application } from "@goauthentik/api"; const isFullUrlRe = new RegExp("://"); const isHttpRe = new RegExp("http(s?)://"); +const isAuthentikSpecialRe = new RegExp("goauthentik.io://"); const isNotFullUrl = (url: string) => !isFullUrlRe.test(url); const isHttp = (url: string) => isHttpRe.test(url); +const isAuthentikSpecial = (url: string) => isAuthentikSpecialRe.test(url); export const appHasLaunchUrl = (app: Application) => { const url = app.launchUrl; - return !!(typeof url === "string" && url !== "" && (isHttp(url) || isNotFullUrl(url))); + return !!( + typeof url === "string" && + url !== "" && + (isHttp(url) || isNotFullUrl(url) || isAuthentikSpecial(url)) + ); }; diff --git a/web/xliff/de.xlf b/web/xliff/de.xlf index 5e8869ffd..5d7e39665 100644 --- a/web/xliff/de.xlf +++ b/web/xliff/de.xlf @@ -1,9 +1,5583 @@ - + - - - - Admin + + + + English + Englisch + + + French + Französisch + + + Turkish + Türkisch + + + Spanish + Spanisch + + + Polish + Polnisch + + + Taiwanese Mandarin + Taiwanesisches Mandarin + + + Chinese (simplified) + Chinesisch (vereinfacht) + + + Chinese (traditional) + Chinesisch (traditionell) + + + German + Deutsch + + + Loading... + Laden... + + + Application + Anwendung + + + Logins + Anmeldungen + + + Show less + Zeige weniger + + + Show more + Zeig mehr + + + UID + UID + + + Name + Name + + + App + App + + + Model Name + Modellname + + + Message + Nachricht + + + Subject + Betreff + + + From + Von + + + To + Zu + + + Context + Kontext + + + User + Benutzer + + + Affected model: + Betroffenes Modell: + + + Authorized application: + Autorisierte Applikation: + + + Using flow + Nutze Ablauf + + + Email info: + E-Mail-Info: + + + Secret: + Geheimnis: + + + Open issue on GitHub... + Offenes Problem auf GitHub... + + + Exception + Ausnahme + + + Expression + Ausdruck + + + Binding + Verknüpfung + + + Request + Anfrage + + + Object + Objekt + + + Result + Ergebnis + + + Passing + Erlauben + + + Messages + Nachrichten + + + Using source + Quelle verwenden + + + Attempted to log in as + Loginversuch als + + + + No additional data available. + Keine weiteren Daten vorhanden. + + + Click to change value + Klicken Sie, um den Wert zu ändern + + + Select an object. + Wählen Sie ein Objekt aus. + + + Loading options... + + + Connection error, reconnecting... + Verbindungsfehler, erneuter Verbindungsaufbau... + + + Login + Anmeldung + + + Failed login + Fehlgeschlagene Anmeldung + + + Logout + Abmelden + + + User was written to + Benutzer wurde geschrieben nach + + + Suspicious request + Verdächtige Anfrage + + + Password set + Passwort festgelegt + + + Secret was viewed + Geheimnis wurde angesehen + + + Secret was rotated + Geheimnis wurde rotiert + + + Invitation used + Einladung verwendet + + + Application authorized + Anwendung authorisiert + + + Source linked + Quelle verknüpft + + + Impersonation started + Identitätswechsel gestarted + + + Impersonation ended + Identitätswechsel beenden + + + Flow execution + Ablauf-Ausführung + + + Policy execution + Richtlinien-Ausführung + + + Policy exception + Richtlinien-Ausnahme + + + Property Mapping exception + Ausnahme der Eigenschaftszuordnung + + + System task execution + Ausführung von Systemtasks + + + System task exception + Systemtask-Ausnahme + + + General system exception + Allgemeine Systemausnahme + + + Configuration error + Fehler bei der Konfiguration + + + Model created + Modell erstellt + + + Model updated + Modell aktualisiert + + + Model deleted + Modell gelöscht + + + Email sent + E-Mail gesendet + + + Update available + Update verfügbar + + + Unknown severity + + + Alert + Alarm + + + Notice + Hinweis + + + Warning + Warnung + + + no tabs defined + Keine Registerkarten definiert + + + - of + + - + von + + + + Go to previous page + Zurück zur vorherigen Seite + + + Go to next page + Weiter zur nächsten Seite + + + Search... + Suche... + + + Loading + Wird geladen + + + No objects found. + Keine Objekte gefunden. + + + Failed to fetch objects. + + + Refresh + Aktualisieren + + + Select all rows + Wählen Sie alle Zeilen aus + + + Action + Aktion + + + Creation Date + Erstellungsdatum + + + Client IP + Client-IP + + + Recent events + + + On behalf of + Im Namen von + + + + - + - + + + No Events found. + Keine Ereignisse gefunden. + + + No matching events could be found. + Es konnten keine passenden Ereignisse gefunden werden. + + + Embedded outpost is not configured correctly. + Der System-Outpost ist nicht richtig konfiguriert. + + + Check outposts. + Outposts prüfen + + + HTTPS is not detected correctly + HTTPS wird nicht korrekt erkannt + + + Server and client are further than 5 seconds apart. + Server und Client sind mehr als 5 Sekunden voneinander entfernt. + + + OK + OK + + + Everything is ok. + Alles funktioniert. + + + System status + Systemzustand + + + Based on + + + is available! + + ist verfügbar! + + + Up-to-date! + Aktuell! + + + Version + Version + + + Workers + Arbeiter + + + No workers connected. Background tasks will not run. + Keine Worker verbunden. Hintergrundaufgaben werden nicht ausgeführt. + + + hour(s) ago + + + day(s) ago + + + Authorizations + Berechtigungen + + + Failed Logins + Fehlgeschlagene Anmeldungen + + + Successful Logins + Erfolgreiche Anmeldungen + + + : + + : + + + + Cancel + Abbrechen + + + LDAP Source + LDAP Quelle + + + SCIM Provider + + + Healthy + + + Healthy outposts + Intakte Outposts + + + Admin + Admin + + + Not found + Nicht gefunden + + + The URL "" was not found. + Die URL " + " wurde nicht gefunden. + + + Return home + Zurück zum Home + + + General system status + Allgemeiner Systemzustand + + + Welcome, . + Willkommen, + ! + + + Quick actions + Schnellaktionen + + + Create a new application + Erstelle eine neue Anwendung + + + Check the logs + Logs überprüfen + + + Explore integrations + Integrationen erkunden + + + Manage users + + + Outpost status + Outpost Status + + + Sync status + Status synchronisieren + + + Logins and authorizations over the last week (per 8 hours) + + + Apps with most usage + Meistgenutzte Apps + + + days ago + vor + Tagen + + + Objects created + Objekte erstellt + + + Users created per day in the last month + Benutzer, die im letzten Monat pro Tag erstellt wurden + + + Logins per day in the last month + Anmeldungen pro Tag im letzten Monat + + + Failed Logins per day in the last month + Fehlgeschlagene Anmeldungen pro Tag im letzten Monat + + + Clear search + Sucheingabe löschen + + + System Tasks + Systemoperationen + + + Long-running operations which authentik executes in the background. + Langlaufende Operationen, die Authentik im Hintergrund ausführt. + + + Identifier + Kennung + + + Description + Beschreibung + + + Last run + Letzter Lauf + + + Status + Status + + + Actions + Aktionen + + + Successful + Erfolgreich + + + Error + Fehler + + + Unknown + Unbekannt + + + Duration + + + seconds + + + Authentication + Authentifizierung + + + Authorization + Autorisierung + + + Enrollment + Registrierung + + + Invalidation + Invalidierung + + + Recovery + Wiederherstellung + + + Stage Configuration + Phasen Konfiguration + + + Unenrollment + Abmeldung + + + Unknown designation + + + Stacked + Gestapelt + + + Content left + Inhalt links + + + Content right + Inhalt rechts + + + Sidebar left + Sidebar links + + + Sidebar right + Sidebar rechts + + + Unknown layout + + + Successfully updated provider. + Provider erfolgreich aktualisiert. + + + Successfully created provider. + Anbieter erfolgreich erstellt. + + + Bind flow + Ablauf-Verknüpfung + + + Flow used for users to authenticate. + + + Search group + Suchgruppe + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + Benutzer in der ausgewählten Gruppe können Suchanfragen stellen. Wenn keine Gruppe ausgewählt ist, sind keine LDAP-Suchen zulässig. + + + Bind mode + Bindungsmodus + + + Cached binding + + + Flow is executed and session is cached in memory. Flow is executed when session expires + + + Direct binding + + + Always execute the configured bind flow to authenticate the user + + + Configure how the outpost authenticates requests. + Konfigurieren Sie, wie der Außenposten Anfragen authentifiziert. + + + Search mode + Suchmodus + + + Cached querying + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + + + Direct querying + + + Always returns the latest data, but slower than cached querying + + + Configure how the outpost queries the core authentik server's users. + Konfigurieren Sie, wie der Outpost die Benutzer des Core-Authentik-Servers abfragt. + + + Protocol settings + Protokolleinstellungen + + + Base DN + Base DN + + + LDAP DN under which bind requests and search requests can be made. + LDAP DN, unter dem Bind-Requests und Suchanfragen gestellt werden können. + + + Certificate + Zertifikat + + + UID start number + UID-Startnummer + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + Der Anfang für uidNumbers, diese Zahl wird zu user.Pk hinzugefügt, um sicherzustellen, dass die Zahlen für POSIX-Benutzer nicht zu niedrig sind. Standardwert ist 2000, um sicherzustellen, dass wir nicht mit lokalen Benutzer kollidieren + + + GID start number + GID-Startnummer + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + Der Anfang für gidNumbers, diese Zahl wird zu einer aus der group.Pk generierten Zahl addiert, um sicherzustellen, dass die Zahlen für POSIX-Gruppen nicht zu niedrig sind. Der Standardwert ist 4000, um sicherzustellen, dass wir nicht mit lokalen Gruppen oder primären Benutzergruppen kollidieren. + + + (Format: hours=-1;minutes=-2;seconds=-3). + (Format: hours=-1;minutes=-2;seconds=-3). + + + (Format: hours=1;minutes=2;seconds=3). + (Format: hours=-1;minutes=-2;seconds=-3). + + + The following keywords are supported: + + + Authentication flow + Authentifizierungsablauf + + + Flow used when a user access this provider and is not authenticated. + + + Authorization flow + Autorisierungsablauf + + + Flow used when authorizing this provider. + Flow der zur Authorisierung des Anbieter verwendet wird. + + + Client type + Clienttyp + + + Confidential + Vertraulich + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + + Public + Öffentlich + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + + Client ID + Client ID + + + Client Secret + Client Geheimnis + + + Redirect URIs/Origins (RegEx) + Redirect URIs/Origins (RegEx) + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + Gültige Umleitungs-URLs nach einem erfolgreichen Autorisierungsablauf. Geben Sie hier auch alle Ursprünge für implizite Flüsse an. + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + Wenn keine expliziten Umleitungs-URIs angegeben sind, wird die erste erfolgreich verwendete Umleitungs-URI gespeichert. + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + + Signing Key + Signaturschlüssel + + + Key used to sign the tokens. + Schlüssel zum Signieren der Token. + + + Advanced protocol settings + Erweiterte Protokolleinstellungen + + + Access code validity + Gültigkeit des Zugangsschlüssels + + + Configure how long access codes are valid for. + Konfiguriere, wie lange Zugangsschlüssel gültig sind. + + + Access Token validity + + + Configure how long access tokens are valid for. + Konfiguriere, wie lange Zugangstoken gültig sind. + + + Refresh Token validity + + + Configure how long refresh tokens are valid for. + + + Scopes + Umfang + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + Wählen Sie aus, welche Bereiche vom Client verwendet werden können. Der Client muss noch den Bereich für den Zugriff auf die Daten angeben. + + + Hold control/command to select multiple items. + Halten Sie die Strg-/Befehlstaste gedrückt, um mehrere Elemente auszuwählen. + + + Subject mode + Betreffmodus + + + Based on the User's hashed ID + + + Based on the User's ID + + + Based on the User's UUID + + + Based on the User's username + + + Based on the User's Email + + + This is recommended over the UPN mode. + + + Based on the User's UPN + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + Konfigurieren Sie, welche Daten als eindeutige Benutzerkennung verwendet werden sollen. In den meisten Fällen sollte die Standardeinstellung in Ordnung sein. + + + Include claims in id_token + Ansprüche in id_token berücksichtigen + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Schließen Sie Benutzeransprüche aus Bereichen in das id_token ein, für Anwendungen, die nicht auf den userinfo-Endpunkt zugreifen. + + + Issuer mode + Ausstellermodus + + + Each provider has a different issuer, based on the application slug + + + Same identifier is used for all providers + Für alle Anbieter wird dieselbe Kennung verwendet + + + Configure how the issuer field of the ID Token should be filled. + Konfigurieren Sie, wie der Flow-Executor mit einer ungültigen Antwort auf eine Abfrage umgehen soll. + + + Machine-to-Machine authentication settings + Machine-to-Machine-Authentifizierungseinstellungen + + + Trusted OIDC Sources + Trusted OIDC Sources + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + + HTTP-Basic Username Key + HTTP-Basic Benutzername Schlüssel + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + Benutzer-/Gruppenattribut, das für den Benutzerteil des HTTP-Basic-Headers verwendet wird. Wenn nicht festgelegt, wird die E-Mail-Adresse des Benutzers verwendet. + + + HTTP-Basic Password Key + HTTP-Basic Passwort Schlüssel + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + Nutzer-/Gruppe-Attribut wird für den Passwort-Teil im HTTP-Basic Header verwendet. + + + Proxy + Proxy + + + Forward auth (single application) + Forward Auth (einzelne Anwendung) + + + Forward auth (domain level) + Authentifizierung weiterleiten (Domänenebene) + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + Dieser Anbieter verhält sich wie ein transparenter Reverse-Proxy, außer dass Anforderungen authentifiziert werden müssen. Wenn Ihre Upstream-Anwendung HTTPS verwendet, stellen Sie sicher, dass Sie sich auch über HTTPS mit dem Outpost verbinden. + + + External host + Externer Host + + + The external URL you'll access the application at. Include any non-standard port. + Die externe URL, unter der Sie auf die Anwendung zugreifen. Schließen Sie alle Nicht-Standard-Ports ein. + + + Internal host + Interner Host + + + Upstream host that the requests are forwarded to. + Upstream-Host, an den die Anfragen weitergeleitet werden. + + + Internal host SSL Validation + Interne Host-SSL-Validierung + + + Validate SSL Certificates of upstream servers. + SSL-Zertifikate der Upstream-Server prüfen. + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + Verwenden Sie diesen Anbieter mit auth_request von nginx oder forwardAuth von traefik. Pro Root-Domain wird nur ein einziger Anbieter benötigt. Sie können keine Autorisierung pro Anwendung vornehmen, aber Sie müssen nicht für jede Anwendung einen Anbieter erstellen. + + + An example setup can look like this: + Ein Beispiel-Setup kann so aussehen: + + + authentik running on auth.example.com + Authentik läuft auf auth.example.com + + + app1 running on app1.example.com + app1 läuft auf app1.example.com + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + In diesem Fall würden Sie die Authentifizierungs-URL auf auth.example.com und die Cookie-Domain auf example.com setzen. + + + Authentication URL + URL zur Authentifizierung + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + Die externe URL, bei der Sie sich authentifizieren. Unter dieser URL sollte der Authentik Core Server erreichbar sein. + + + Cookie domain + Cookie-Domain + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + Stellen Sie dies auf die Domäne ein, für die die Authentifizierung gültig sein soll. Muss eine übergeordnete Domain der obigen URL sein. Wenn Sie Anwendungen als app1.domain.tld, app2.domain.tld ausführen, setzen Sie dies auf „domain.tld“. + + + Unknown proxy mode + + + Token validity + Token-Gültigkeit + + + Configure how long tokens are valid for. + Konfigurieren Sie, wie lange Token gültig sind. + + + Additional scopes + Zusätzliche Scopes + + + Additional scope mappings, which are passed to the proxy. + Zusätzliche Bereichszuordnungen, die an den Proxy übergeben werden. + + + Unauthenticated URLs + Nicht authentifizierte URLs + + + Unauthenticated Paths + Nicht authentifizierte Pfade + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + Reguläre Ausdrücke, für die keine Authentifizierung erforderlich ist. Jede neue Zeile wird als neuer Ausdruck interpretiert. + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + Bei Verwendung des Proxy- oder Forward-Authentifizierungsmodus (Einzelanwendung) wird der angeforderte URL-Pfad mit den regulären Ausdrücken verglichen. Bei Verwendung von Forward Auth (Domänenmodus) wird die vollständige angeforderte URL einschließlich Schema und Host mit den regulären Ausdrücken abgeglichen. + + + Authentication settings + + + Intercept header authentication + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + + + Send HTTP-Basic Authentication + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + + + ACS URL + ACS URL + + + Issuer + Aussteller + + + Also known as EntityID. + Auch bekannt als EntityID. + + + Service Provider Binding + Service Anbieter Bindung + + + Redirect + Umleiten + + + Post + Post + + + Determines how authentik sends the response back to the Service Provider. + Legt fest, wie authentik die Antwort an den Service Provider zurücksendet. + + + Audience + Zielgruppe + + + Signing Certificate + Signierzertifikat + + + Certificate used to sign outgoing Responses going to the Service Provider. + Zertifikat, das zum Signieren ausgehender Antworten an den Dienstanbieter verwendet wird. + + + Verification Certificate + Zertifikat zur Überprüfung + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + Wenn diese Option ausgewählt ist, werden die Signaturen eingehender Behauptungen anhand dieses Zertifikats validiert. Um nicht signierte Anfragen zuzulassen, belassen Sie die Standardeinstellung. + + + Property mappings + Eigenschaftszuordnung(en) + + + NameID Property Mapping + Name ID Eigenschaft + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + Konfigurieren Sie, wie der NameID-Wert erstellt wird. Wenn es leer gelassen wird, wird die NameIDPolicy der eingehenden Anfrage respektiert. + + + Assertion valid not before + SAML Assertion nicht gültig vor + + + Configure the maximum allowed time drift for an assertion. + Konfigurieren Sie die maximal zulässige Zeitdrift für eine 'Assertion' + + + Assertion valid not on or after + SAML Assertion gilt nicht am oder danach + + + Assertion not valid on or after current time + this value. + Behauptung nicht gültig am oder nach dem aktuellen Zeitpunkt + diesem Wert. + + + Session valid not on or after + Session gültig nicht am oder nach + + + Session not valid on or after current time + this value. + + + Digest algorithm + Digest-Algorithmus + + + Signature algorithm + Signaturalgorithmus + + + Successfully imported provider. + Anbieter erfolgreich importiert. + + + Metadata + Metadaten + + + Apply changes + + + Close + Schließen + + + Finish + Fertig + + + Back + Zurück + + + No form found + Kein Formular gefunden + + + Form didn't return a promise for submitting + Das Formular hat keinen Wert zum Absenden zurückgegeben + + + Select type + Wählen Sie einen Typen. + + + Try the new application wizard + + + The new application wizard greatly simplifies the steps required to create applications and providers. + + + Try it now + + + Create + Erstellen + + + New provider + Neuer Anbieter + + + Create a new provider. + Neuen Anbieter erstellen. + + + Create + + erstellen + + + Shared secret + + + Client Networks + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + + + URL + + + SCIM base url, usually ends in /v2. + + + Token + Token + + + Token to authenticate with. Currently only bearer authentication is supported. + + + User filtering + + + Exclude service accounts + + + Group + Gruppe + + + Only sync users within the selected group. + + + Attribute mapping + + + User Property Mappings + Benutzereigenschaftszuordnungen + + + Property mappings used to user mapping. + + + Group Property Mappings + Gruppeneigenschaftszuordnungen + + + Property mappings used to group creation. + Für die Gruppenerstellung verwendete Eigenschaftszuordnungen. + + + Not used by any other object. + Von keinem anderen Objekt verwendet. + + + object will be DELETED + Objekt wird GELÖSCHT + + + connection will be deleted + Verbindung wird gelöscht + + + reference will be reset to default value + Referenz wird auf den Standardwert zurückgesetzt + + + reference will be set to an empty value + Referenz wird auf einen leeren Wert gesetzt + + + () + + ( + ) + + + ID + ID + + + Successfully deleted + + + Failed to delete : + Löschen von + fehlgeschlagen: + + + + Delete + + löschen + + + Are you sure you want to delete ? + + + Delete + Löschen + + + Providers + Anbieter + + + Provide support for protocols like SAML and OAuth to assigned applications. + Stellen Unterstützung für Protokolle wie SAML und OAuth für zugewiesene Anwendungen bereit. + + + Type + Typ + + + Provider(s) + Anbieter + + + Assigned to application + Zugewiesen an Anwendung + + + Assigned to application (backchannel) + + + Warning: Provider not assigned to any application. + Warnung: Provider ist keiner Applikation zugewiesen + + + Update + Aktualisieren + + + Update + Aktualisiere + + + + Select providers to add to application + + + Add + Hinzufügen + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Geben Sie entweder eine vollständige URL oder einen relativen Pfad ein oder geben Sie 'fa://fa-test' ein, um das Font Awesome-Icon "fa-test" zu verwenden + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + + + Successfully updated application. + Anwendung erfolgreich aktualisiert. + + + Successfully created application. + Anwendung erfolgreich erstellt. + + + Application's display Name. + Anzeigename der Applikation + + + Slug + Slug + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + Geben Sie optional einen Gruppennamen ein. Anwendungen in gleicher Gruppe werden gruppiert angezeigt. + + + Provider + Schnittstellen + + + Select a provider that this application should use. + + + Select backchannel providers which augment the functionality of the main provider. + + + Policy engine mode + Richtlinien-Engine-Modus + + + Any policy must match to grant access + + + All policies must match to grant access + + + UI settings + UI-Einstellungen + + + Launch URL + Start URL + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + Wenn diese Option leer bleibt, versucht authentik, die Start-URL auf der Grundlage des ausgewählten Anbieters zu extrahieren. + + + Open in new tab + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + + + Icon + Symbol + + + Currently set to: + Aktuell eingestellt auf: + + + Clear icon + Symbol zurücksetzen + + + Publisher + Herausgeber + + + Create Application + Anwendung erstellen + + + Overview + Übersicht + + + Changelog + Versionsverlauf + + + Warning: Provider is not used by any Outpost. + Warnung: Der Anbieter wird von keinem Outpost verwendet. + + + Assigned to application + Zugewiesen an Anwendung + + + Update LDAP Provider + Aktualisieren Sie den LDAP-Anbieter + + + Edit + Bearbeiten + + + How to connect + So verbinden Sie sich + + + Connect to the LDAP Server on port 389: + Verbindung zum LDAP Server auf Port 389: + + + Check the IP of the Kubernetes service, or + IP des Kubernetes-Service überprüfen, oder + + + The Host IP of the docker host + Die Host-IP des Docker-Hosts + + + Bind DN + Bind DN + + + Bind Password + Bind Password + + + Search base + Suchbasis + + + Preview + + + Warning: Provider is not used by an Application. + Warnung: Der Anbieter wird nicht von einer Anwendung verwendet. + + + Redirect URIs + URIs weiterleiten + + + Update OAuth2 Provider + Aktualisieren Sie den OAuth2-Anbieter + + + OpenID Configuration URL + OpenID-Konfigurations-URL + + + OpenID Configuration Issuer + OpenID-Konfigurations-Aussteller + + + Authorize URL + Autorisiere URL + + + Token URL + Token URL + + + Userinfo URL + Benutzerinfo-URL + + + Logout URL + Abmelde-URL + + + JWKS URL + JWKS URL + + + Example JWT payload (for currently authenticated user) + + + Forward auth (domain-level) + Authentifizierung weiterleiten (Domänenebene) + + + Nginx (Ingress) + Nginx (Ingress) + + + Nginx (Proxy Manager) + Nginx (Proxy-Manager) + + + Nginx (standalone) + Nginx (eigenständig) + + + Traefik (Ingress) + Traefik (Ingress) + + + Traefik (Compose) + Traefik (Compose) + + + Traefik (Standalone) + Traefik (eigenständig) + + + Caddy (Standalone) + + + Internal Host + Interner Host + + + External Host + Externer Host + + + Basic-Auth + Basic-Auth + + + Yes + Ja + + + Mode + Modus + + + Update Proxy Provider + Proxy-Anbieter aktualisieren + + + Protocol Settings + Protokolleinstellungen + + + Allowed Redirect URIs + Erlaubte Weiterleitungs-URIs + + + Setup + Einrichtung + + + No additional setup is required. + Keine weitere Einrichtung benötigt. + + + Update Radius Provider + + + Download + Download + + + Copy download URL + Download URL kopieren + + + Download signing certificate + Signierzertifikat herunterladen + + + Related objects + Verwandte Objekte + + + Update SAML Provider + Aktualisieren Sie den SAML-Anbieter + + + SAML Configuration + + + EntityID/Issuer + + + SSO URL (Post) + + + SSO URL (Redirect) + + + SSO URL (IdP-initiated Login) + + + SLO URL (Post) + + + SLO URL (Redirect) + + + SAML Metadata + SAML-Metadaten + + + Example SAML attributes + + + NameID attribute + + + Warning: Provider is not assigned to an application as backchannel provider. + + + Update SCIM Provider + + + Run sync again + Synchronisation erneut ausführen + + + Modern applications, APIs and Single-page applications. + + + LDAP + LDAP + + + Provide an LDAP interface for applications and users to authenticate against. + + + New application + + + Applications + Anwendungen + + + Provider Type + Anbietertyp + + + Application(s) + Anwendung(en) + + + Application Icon + Anwendungs-Symbol + + + Update Application + Anwendung aktualisieren + + + Successfully sent test-request. + Testanfrage erfolgreich gesendet. + + + Log messages + Logeinträge + + + No log messages. + Keine Logeinträge. + + + Active + Aktiv + + + Last login + Letzte Anmeldung + + + Select users to add + Wählen Sie die hinzuzufügenden Benutzer aus + + + Successfully updated group. + Gruppe erfolgreich aktualisiert. + + + Successfully created group. + Gruppe erfolgreich erstellt. + + + Is superuser + Ist Admin + + + Users added to this group will be superusers. + Benutzer dieser Gruppe werden als Superuser hinzugefügt. + + + Parent + Übergeordnet + + + Attributes + Attribute + + + Set custom attributes using YAML or JSON. + Selbstdefinierte Attribute können mittels YAML oder JSON festgelegt werden. + + + Successfully updated binding. + Bindung erfolgreich aktualisiert. + + + Successfully created binding. + Bindung erfolgreich erstellt. + + + Policy + Richtlinie + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + Gruppenzuordnungen können nur überprüft werden, wenn der Benutzer beim Zugriff auf diese Quelle bereits angemeldet ist. + + + User mappings can only be checked if a user is already logged in when trying to access this source. + Benutzerzuordnungen können nur überprüft werden, wenn der Benutzer beim Zugriff auf diese Quelle bereits angemeldet ist. + + + Enabled + Aktiviert + + + Negate result + Ergebnis verneinen + + + Negates the outcome of the binding. Messages are unaffected. + Negiert das Ergebnis der Bindung. Nachrichten sind nicht betroffen. + + + Order + Reihenfolge + + + Timeout + Zeitlimit + + + Successfully updated policy. + Richtlinie erfolgreich aktualisiert. + + + Successfully created policy. + Richtlinie erfolgreich erstellt. + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + Eine Richtlinie, die zum Testen verwendet wird. Gibt nach einer zufälligen Wartezeit immer das unten angegeben Ergebnis zurück. + + + Execution logging + Ausführungsprotokollierung + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + Wenn diese Option aktiviert ist, werden alle Ausführungen dieser Richtlinie protokolliert. Standardmäßig werden nur Ausführungsfehler protokolliert. + + + Policy-specific settings + Richtlinienspezifische Einstellungen + + + Pass policy? + Pass-Richtlinie? + + + Wait (min) + Wartezeit (min.) + + + The policy takes a random time to execute. This controls the minimum time it will take. + Die Ausführung der Richtlinie dauert eine zufällige Zeit. Dies steuert die Mindestzeit, die dafür benötigt wird. + + + Wait (max) + Wartezeit (max.) + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + Gleicht ein Ereignis mit einer Reihe von Kriterien ab. Wenn einer der konfigurierten Werte übereinstimmt, wird die Richtlinie bestanden. + + + Match created events with this action type. When left empty, all action types will be matched. + Ordnen Sie erstellte Ereignisse diesem Aktionstyp zu. Wenn es leer gelassen wird, werden alle Aktionstypen abgeglichen. + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + Stimmt mit der Client-IP des Ereignisses überein (strenge Übereinstimmung, verwenden Sie für die Netzwerkübereinstimmung eine Ausdrucksrichtlinie. + + + Match events created by selected application. When left empty, all applications are matched. + Übereinstimmungsereignisse, die von der ausgewählten Anwendung erstellt wurden. Wenn es leer gelassen wird, werden alle Anwendungen abgeglichen. + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + Überprüft, ob das Passwort des Benutzers der Anfrage in den letzten x Tagen geändert wurde, und lehnt es basierend auf den Einstellungen ab. + + + Maximum age (in days) + Höchstalter (in Tagen) + + + Only fail the policy, don't invalidate user's password + + + Executes the python snippet to determine whether to allow or deny a request. + Führt das Python-Snippet aus, um zu bestimmen, ob eine Anfrage zugelassen oder abgelehnt werden soll. + + + Expression using Python. + Ausdruck mit Python. + + + See documentation for a list of all variables. + Eine Liste aller Variablen finden Sie in der Dokumentation. + + + Static rules + + + Minimum length + Mindestlänge + + + Minimum amount of Uppercase Characters + Mindestanzahl an Großbuchstaben + + + Minimum amount of Lowercase Characters + Mindestanzahl an Kleinbuchstaben + + + Minimum amount of Digits + Mindestanzahl von Ziffern + + + Minimum amount of Symbols Characters + Mindestanzahl an Sonderzeichen + + + Error message + Fehlermeldung + + + Symbol charset + Symbolzeichensatz + + + Characters which are considered as symbols. + Zeichen, die als Symbole betrachtet werden. + + + HaveIBeenPwned settings + + + Allowed count + Erlaubte Anzahl + + + Allow up to N occurrences in the HIBP database. + Erlaube bis zu N Einträge in der HIBP Datenbank. + + + zxcvbn settings + + + Score threshold + + + If the password's score is less than or equal this value, the policy will fail. + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + Überprüft den Wert aus der Richtlinienanforderung anhand mehrerer Regeln, die hauptsächlich zur Gewährleistung der Kennwortstärke verwendet werden. + + + Password field + Passwortfeld + + + Field key to check, field keys defined in Prompt stages are available. + Zu prüfender Feldschlüssel, die in den Aufforderungsstufen definierten Feldschlüssel sind verfügbar. + + + Check static rules + + + Check haveibeenpwned.com + + + For more info see: + + + Check zxcvbn + + + Password strength estimator created by Dropbox, see: + + + Allows/denys requests based on the users and/or the IPs reputation. + Erlaubt/verweigert Anfragen auf der Grundlage der Reputation der Nutzer und/oder der IPs. + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + + + Check IP + IP prüfen + + + Check Username + Benutzername prüfen + + + Threshold + Schwellwert + + + New policy + Neue Richtlinie + + + Create a new policy. + Neue Richtlinie erstellen. + + + Create Binding + Verknüpfung erstellen + + + Superuser + Administrator + + + Members + Mitglieder + + + Select groups to add user to + Wählen Sie Gruppen aus, denen Benutzer hinzugefügt werden sollen + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + + + Successfully updated user. + Benutzer erfolgreich aktualisiert. + + + Successfully created user. + Nutzer erfolgreich erstellt. + + + Username + Anmeldename + + + User's primary identifier. 150 characters or fewer. + + + User's display name. + Anzeigename + + + Email + E-Mail + + + Is active + Ist aktiv + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + Legt fest, ob dieser Benutzer als aktiv behandelt werden soll. Deaktivieren Sie dies, anstatt Konten zu löschen + + + Path + + + Policy / User / Group + Richtlinie / Benutzer / Gruppe + + + Policy + Richtlinie + + + + Group + Gruppe + + + + User + Benutzer + + + + Edit Policy + Richtlinie bearbeiten + + + Update Group + Gruppe aktualisieren + + + Edit Group + Gruppe bearbeiten + + + Update User + Benutzer ändern + + + Edit User + Benutzer bearbeiten + + + Policy binding(s) + Richtlinienbindung(en) + + + Update Binding + Bindung aktualisieren + + + Edit Binding + Verknüpfung bearbeiten + + + No Policies bound. + Keine Richtlinien verknüpft. + + + No policies are currently bound to this object. + Aktuell sind keine Richtlinien mit diesem Objekt verknüpft. + + + Bind existing policy + + + Warning: Application is not used by any Outpost. + Warnung: Die Anwendung wird von keinem Outpost verwendet. + + + Related + Verwandt + + + Backchannel Providers + + + Check access + Zugang prüfen + + + Check + Prüfung + + + Check Application access + Anwendungszugriff überprüfen + + + Test + Testen + + + Launch + Starten + + + Logins over the last week (per 8 hours) + + + Policy / Group / User Bindings + Richtlinien / Gruppen / Nutzerverknüpfungen + + + These policies control which users can access this application. + Diese Richtlinien steuern, welche Benutzer auf diese Anwendung zugreifen können. + + + Successfully updated source. + Quelle erfolgreich aktualisiert + + + Successfully created source. + Quelle erfolgreich erstellt. + + + Sync users + Benutzer synchronisieren + + + User password writeback + Rückschreiben des Benutzerkennworts + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + Das Login-Passwort wird automatisch von LDAP in Authentik synchronisiert. Aktivieren Sie diese Option nur, um Passwortänderungen in Authentik zurück in LDAP zu schreiben. + + + Sync groups + Gruppen synchronisieren + + + Connection settings + Verbindungseinstellungen + + + Server URI + Server URI + + + Specify multiple server URIs by separating them with a comma. + Geben Sie mehrere Server-URIs an, indem Sie sie durch ein Komma trennen. + + + Enable StartTLS + Aktiviere StartTLS + + + To use SSL instead, use 'ldaps://' and disable this option. + Um stattdessen SSL zu verwenden, verwenden Sie 'ldaps://' und deaktivieren Sie diese Option. + + + TLS Verification Certificate + TLS-Verifizierungszertifikat + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + Bei der Verbindung zu einem LDAP-Server mit TLS werden Zertifikate standardmäßig nicht geprüft. Geben Sie ein Schlüsselpaar an, um das Remote-Zertifikat zu validieren. + + + Bind CN + Bind CN + + + LDAP Attribute mapping + LDAP-Attributzuordnung + + + Property mappings used to user creation. + Für die Benutzererstellung verwendete Eigenschaftszuordnungen. + + + Additional settings + Weitere Einstellungen + + + Parent group for all the groups imported from LDAP. + Übergeordnete Gruppe für alle aus LDAP importierten Gruppen. + + + User path + + + Addition User DN + Zusatz Benutzer-DN + + + Additional user DN, prepended to the Base DN. + Zusätzlicher Benutzer-DN, dem Basis-DN vorangestellt. + + + Addition Group DN + Zusatz Gruppen-DN + + + Additional group DN, prepended to the Base DN. + Zusätzlicher Gruppen-DN, dem Basis-DN vorangestellt. + + + User object filter + Benutzerobjektfilter + + + Consider Objects matching this filter to be Users. + Betrachten Sie Objekte, die diesem Filter entsprechen, als Benutzer. + + + Group object filter + Gruppenobjektfilter + + + Consider Objects matching this filter to be Groups. + Betrachten Sie Objekte, die diesem Filter entsprechen, als Gruppen. + + + Group membership field + Gruppenmitgliedschaftsfeld + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Feld, das Mitglieder einer Gruppe enthält. Beachten Sie, dass bei Verwendung des Felds „memberUid“ davon ausgegangen wird, dass der Wert einen relativ definierten Namen enthält. z.B. 'memberUid=some-user' statt 'memberUid=cn=some-user,ou=groups,...' + + + Object uniqueness field + Feld für die Eindeutigkeit des Objekts + + + Field which contains a unique Identifier. + Feld das eine einzigartige Kennung beinhaltet + + + Link users on unique identifier + Verknüpfen Sie Benutzer mit einer eindeutigen Kennung + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + Link zu einem Benutzer mit identischer E-Mail-Adresse. Kann Auswirkungen auf die Sicherheit haben, wenn eine Quelle E-Mail-Adressen nicht validiert + + + Use the user's email address, but deny enrollment when the email address already exists + + + Link to a user with identical username. Can have security implications when a username is used with another source + + + Use the user's username, but deny enrollment when the username already exists + + + Unknown user matching mode + + + URL settings + URL-Einstellungen + + + Authorization URL + Autorisierungs-URL + + + URL the user is redirect to to consent the authorization. + URL, zu der Benutzer weitergeleitet werden um die Authorisierung zu bestätigen. + + + Access token URL + Zugangstoken-URL + + + URL used by authentik to retrieve tokens. + URL, die von Authentik zum Abrufen von Token verwendet wird. + + + Profile URL + Profil URL + + + URL used by authentik to get user information. + URL, die von Authentik verwendet wird, um Benutzerinformationen zu erhalten. + + + Request token URL + Token-URL anfordern + + + URL used to request the initial token. This URL is only required for OAuth 1. + URL, die zur Anforderung des anfänglichen Tokens verwendet wird. Diese URL ist nur für OAuth 1 erforderlich + + + OIDC Well-known URL + OIDC Well-known URL + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + Bekannte OIDC-Konfigurations-URL. Kann verwendet werden, um die obigen URLs automatisch zu konfigurieren. + + + OIDC JWKS URL + OIDC JWKS URL + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + + + OIDC JWKS + OIDC JWKS + + + Raw JWKS data. + + + User matching mode + Benutzer-Matching-Modus + + + Delete currently set icon. + Lösche das aktuell festgelegte Symbol. + + + Consumer key + Schlüssel + + + Consumer secret + Geheimniss + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + + + Flow settings + Ablauf-Einstellungen + + + Flow to use when authenticating existing users. + Flow der zur Authorisierung bereits ersteller Nutzer verwendet wird + + + Enrollment flow + Registrierungsablauf + + + Flow to use when enrolling new users. + Flow der zum Anlegen bereits neuer Nutzer verwendet wird + + + Load servers + Server laden + + + Re-authenticate with plex + Mit Plex erneut authentifizieren + + + Allow friends to authenticate via Plex, even if you don't share any servers + Freunden erlauben sich via Plex zu authentifizieren, auch wenn keine Server geteilt werden. + + + Allowed servers + Erlaubte Server + + + Select which server a user has to be a member of to be allowed to authenticate. + Wählen Sie aus, bei welchem Server ein Benutzer Mitglied sein muss, um sich authentifizieren zu dürfen. + + + SSO URL + SSO URL + + + URL that the initial Login request is sent to. + URL, an die die erste Login-Anfrage gesendet wird. + + + SLO URL + SLO URL + + + Optional URL if the IDP supports Single-Logout. + Optionale URL, falls der IDP Einmalabmeldung (SLO) unterstützt. + + + Also known as Entity ID. Defaults the Metadata URL. + Auch bekannt als Entity ID. Standardmäßig wird die Metadaten-URL verwendet. + + + Binding Type + Verknüpfungstyp + + + Redirect binding + Bindings umleiten + + + Post-auto binding + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + + + Post binding + POST Bindung + + + Signing keypair + Schlüsselpaar signieren + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + Schlüsselpaar, das zum Signieren ausgehender Anfragen verwendet wird. Leer lassen, um das Signieren zu deaktivieren. + + + Allow IDP-initiated logins + IDP-initiierte Anmeldungen zulassen + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + Ermöglicht vom IdP initiierte Authentifizierungsströmen. Dies kann ein Sicherheitsrisiko darstellen, da keine Validierung der Anfrage-ID erfolgt. + + + NameID Policy + NameID Richtlinie + + + Persistent + Persistent + + + Email address + E-Mail-Adresse + + + Windows + Fenster + + + X509 Subject + X509 Betreff + + + Transient + Vorübergehend + + + Delete temporary users after + Temporäre Benutzer danach löschen + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + + + Pre-authentication flow + Vor-Authentifizierungs Ablauf + + + Flow used before authentication. + Flow der vor Authorisierung verwendet wird + + + New source + Neue Quelle + + + Create a new source. + Neue Quelle erstellen. + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Identitätsquellen, die entweder mit der Datenbank von authentik synchronisiert oder von Benutzern verwendet werden können, um sich selbst zu authentifizieren und zu registrieren. + + + Source(s) + Quellen + + + Disabled + Deaktiviert + + + Built-in + Eingebaut + + + Update LDAP Source + Aktualisieren Sie die LDAP-Quelle + + + Not synced yet. + Noch nicht synchronisiert. + + + Task finished with warnings + Aufgabe mit Warnungen beendet + + + Task finished with errors + Aufgabe mit Fehlern beendet + + + Last sync: + Letzte Synchronisierung: + + + + OAuth Source + + + Generic OpenID Connect + Generisches OpenID Connect + + + Unknown provider type + + + Details + Details + + + Callback URL + Callback URL + + + Access Key + Zugangsschlüssel + + + Update OAuth Source + OAuth-Quelle aktualisieren + + + Diagram + Diagramm + + + Policy Bindings + Regelwerk Bindungen + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + + + Update Plex Source + Aktualisieren Sie die Plex-Quelle + + + Update SAML Source + Aktualisieren Sie die SAML-Quelle + + + Successfully updated mapping. + Zuordnung erfolgreich aktualisiert. + + + Successfully created mapping. + Verknüpfung erfolgreich erstellt. + + + Object field + Objektfeld + + + Field of the user object this value is written to. + Feld des Benutzerobjekts, in das dieser Wert geschrieben wird. + + + SAML Attribute Name + SAML-Attributsname + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + Der für die SAML Assertion verwendete Attributname. Kann eine URN OID, eine Schemareferenz oder eine beliebige andere Zeichenfolge sein. Wenn diese Eigenschaftszuordnung für die NameID-Eigenschaft verwendet wird, wird dieses Feld verworfen. + + + Friendly Name + Name + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + Legen Sie optional den Wert „FriendlyName“ des Assertion-Attributs fest. + + + Scope name + Bereichsname + + + Scope which the client can specify to access these properties. + Gültigkeitsbereich, den der Client angeben kann, um auf diese Eigenschaften zuzugreifen. + + + Description shown to the user when consenting. If left empty, the user won't be informed. + Beschreibung, die Benutzer sehen, wenn sie Einwilligen. Falls leer gelassen, werden Benutzer nicht informiert. + + + Example context data + + + Active Directory User + + + Active Directory Group + + + New property mapping + Neue Eigenschaft + + + Create a new property mapping. + Neue Eigenschaftszuordnung erstellen. + + + Property Mappings + Eigenschaften + + + Control how authentik exposes and interprets information. + Kontrollieren Sie, wie authentik Informationen offenlegt und interpretiert. + + + Property Mapping(s) + Eigenschaftszuordnung(en) + + + Test Property Mapping + Eigenschaftszuordnung testen + + + Hide managed mappings + Verwaltete Zuordnungen ausblenden + + + Successfully updated token. + Token erfolgreich aktualisiert. + + + Successfully created token. + Token erfolgreich erstellt. + + + Unique identifier the token is referenced by. + Einzigartige Kennung zur Referenzierung des Token. + + + Intent + Zweck + + + API Token + API Token + + + Used to access the API programmatically + + + App password. + + + Used to login using a flow executor + + + Expiring + Ablaufend + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + Wenn dies ausgewählt ist, läuft das Token ab. Nach Ablauf wird der Token rotiert. + + + Expires on + Läuft ab am + + + API Access + API Zugriff + + + App password + App Passwort + + + Verification + Überprüfung + + + Unknown intent + + + Tokens + Tokens + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Token werden bei authentik für E-Mail-Validierungsphasen, Wiederherstellungsschlüssel und API-Zugriff verwendet. + + + Expires? + Läuft ab? + + + Expiry date + Ablaufdatum + + + Token(s) + Token(s) + + + Create Token + Token erstellen + + + Token is managed by authentik. + Token wird von Authentik verwaltet. + + + Update Token + Token aktualisieren + + + Domain + Domain + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + Der Abgleich erfolgt basierend auf dem Domänensuffix. Wenn Sie also domain.tld eingeben, wird foo.domain.tld immer noch übereinstimmen. + + + Default + Standard + + + Branding settings + Branding-Einstellungen + + + Title + Titel + + + Branding shown in page title and several other places. + Das Branding wird im Seitentitel und an mehreren anderen Stellen angezeigt. + + + Logo + Logo + + + Icon shown in sidebar/header and flow executor. + Bild, das in der Seitenleiste/dem Header und in Abläufen zu sehen ist. + + + Favicon + Favicon + + + Icon shown in the browser tab. + Symbol im Browsertab. + + + Default flows + Standardabläufe + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + Ablauf zur Authentifizierung von Benutzern. Wenn es leer gelassen wird, wird der erste anwendbare Fluss, sortiert nach dem Slug, verwendet. + + + Invalidation flow + Ablauf der Invalidierung + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + Ablauf, der zum Abmelden genutzt wird. Wenn keiner angegeben ist, wird der erste anwendbare Ablauf, sortiert nach Slug, verwendet. + + + Recovery flow + Wiederherstellungsfluss + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + Wiederherstellungsfluss. Wenn es leer gelassen wird, wird der erste anwendbare Fluss, sortiert nach dem Slug, verwendet. + + + Unenrollment flow + Ablauf der Abmeldung + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + Wenn festgelegt, können sich Benutzer mit diesem Ablauf selbst abmelden. Wenn kein Ablauf eingestellt ist, wird die Option nicht angezeigt. + + + User settings flow + Ablauf für Benutzereinstellungen + + + If set, users are able to configure details of their profile. + Wenn aktiviert, können Nutzer Profildetails selbstständig ändern. + + + Device code flow + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + + + Other global settings + Weitere globale Einstellungen + + + Web Certificate + Web-Zertifikat + + + Event retention + Ereignisspeicherung + + + Duration after which events will be deleted from the database. + Dauer, nach der ein Ereignis aus der Datenbank gelöscht wird. + + + When using an external logging solution for archiving, this can be set to "minutes=5". + Falls eine externe Protokollierlösung zum archivieren genutzt wird, könnte dies auf „minutes=5“ gesetzt werden. + + + This setting only affects new Events, as the expiration is saved per-event. + Diese Einstellung betrifft nur neue Ereignisse, da die Ablaufzeit für jedes Ereignis gespeichert wird. + + + Configure visual settings and defaults for different domains. + Konfiguriere visuelle Einstellungen und Standards für verschiedene Domains. + + + Default? + Standard? + + + Policies + Richtlinien + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + Erlauben Sie Benutzern die Verwendung von Anwendungen auf der Grundlage von Eigenschaften, erzwingen Sie Passwortkriterien und wende ausgewählte Stages an. + + + Assigned to object(s). + Zugewiesen zu + Objekt(en). + + + Warning: Policy is not assigned. + Warnung: Keine Richtlinie zugewiesen + + + Test Policy + Testrichtlinie + + + Policy / Policies + Richtlinie / Richtlinien + + + Successfully cleared policy cache + Richtlinien-Cache erfolgreich geleert + + + Failed to delete policy cache + Richtlinienpuffer löschen fehlgeschlagen + + + Clear cache + Cache löschen + + + Clear Policy cache + Löschen Sie den Richtlinien-Cache + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + + + Reputation scores + Reputation Punkte + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + Reputation für IP und Benutzerkennungen. Die Punktzahl wird für jede fehlgeschlagene Anmeldung verringert und für jede erfolgreiche Anmeldung erhöht. + + + IP + IP + + + Score + Punkt(e) + + + Updated + Aktualisiert + + + Reputation + Reputation + + + Groups + Gruppen + + + Group users together and give them permissions based on the membership. + Gruppieren Sie Benutzer und erteilen Sie ihnen Berechtigungen basierend auf der Mitgliedschaft. + + + Superuser privileges? + Administrationsrechte? + + + Group(s) + Gruppe(n) + + + Create Group + Gruppe erstellen + + + Create group + Gruppe erstellen + + + Enabling this toggle will create a group named after the user, with the user as member. + Durch Aktivieren dieses Schalters wird eine nach dem Benutzer benannte Gruppe mit dem Benutzer als Mitglied erstellt. + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + Verwenden Sie den Benutzernamen und das Passwort unten, um sich zu authentifizieren. Das Passwort kann später auf der Seite Tokens abgerufen werden. + + + Password + Passwort + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + Gültig für 360 Tage, danach rotiert das Passwort automatisch. Sie können das Passwort aus der Token-Liste kopieren. + + + The following objects use + Die folgenden Objekte verwenden + + + + connecting object will be deleted + Verbindungsobjekt wird gelöscht + + + Successfully updated + + + Failed to update : + Aktualisieren von + fehlgeschlagen: + + + + Are you sure you want to update ""? + Sind Sie sicher, dass Sie + " + " aktualisieren wollen? + + + Successfully updated password. + Passwort erfolgreich aktualisiert. + + + Successfully sent email. + E-Mail erfolgreich gesendet. + + + Email stage + E-Mail-Stufe + + + Successfully added user(s). + + + Users to add + + + User(s) + Benutzer + + + Remove Users(s) + + + Are you sure you want to remove the selected users from the group ? + + + Remove + + + Impersonate + Identitätswechsel + + + User status + Benutzerstatus + + + Change status + Status ändern + + + Deactivate + Deaktivieren + + + Update password + Passwort ändern + + + Set password + Passwort festlegen + + + Successfully generated recovery link + Erfolgreich generierter Wiederherstellungslink + + + No recovery flow is configured. + Es ist kein Wiederherstellungsablauf konfiguriert. + + + Copy recovery link + Wiederherstellungslink kopieren + + + Send link + Link senden + + + Send recovery link to user + Wiederherstellungslink an Benutzer senden + + + Email recovery link + E-Mail-Wiederherstellungslink + + + Recovery link cannot be emailed, user has no email address saved. + Der Wiederherstellungslink kann nicht per E-Mail gesendet werden, der Benutzer hat keine E-Mail-Adresse gespeichert. + + + Add User + Benutzer hinzufügen + + + Warning: This group is configured with superuser access. Added users will have superuser access. + + + Add existing user + Bestehenden Benutzer hinzufügen + + + Create user + + + Create User + Benutzer erstellen + + + Create Service account + Internes Konto erstellen + + + Hide service-accounts + Interne Konten ausblenden + + + Group Info + Gruppeninformationen + + + Notes + + + Edit the notes attribute of this group to add notes here. + + + Users + Benutzer + + + Root + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + Warnung: Sie sind im Begriff, den Benutzer zu löschen, als den Sie angemeldet sind ( + ). Fahren Sie auf eigene Gefahr fort. + + + Hide deactivated user + + + User folders + + + Successfully added user to group(s). + + + Groups to add + + + Remove from Group(s) + + + Are you sure you want to remove user from the following groups? + + + Add Group + Gruppe hinzufügen + + + Add to existing group + Zu bestehender Gruppe hinzufügen + + + Add new group + Neue Gruppe hinzufügen + + + Application authorizations + Applikationsgenehmigungen + + + Revoked? + Widerrufen? + + + Expires + Läuft ab + + + ID Token + ID-Token + + + Refresh Tokens(s) + + + Last IP + Letzte IP + + + Session(s) + Sitzung(en) + + + Expiry + Ablaufdatum + + + (Current session) + + + Permissions + + + Consent(s) + Einwilligung(en) + + + Successfully updated device. + Gerät erfolgreich aktualisiert. + + + Static tokens + Statische Token + + + TOTP Device + TOTP-Gerät + + + Enroll + Registrieren + + + Device(s) + Gerät(e) + + + Update Device + Gerät aktualisieren + + + Confirmed + + + User Info + Benutzerinformation + + + Actions over the last week (per 8 hours) + Aktionen der letzten Woche (pro 8 Stunden) + + + Edit the notes attribute of this user to add notes here. + + + Sessions + Sitzungen + + + User events + Benutzerereignisse + + + Explicit Consent + Explizite Einwilligung + + + OAuth Refresh Tokens + + + MFA Authenticators + + + Successfully updated invitation. + Einladung erfolgreich aktualisiert. + + + Successfully created invitation. + Integration erfolgreich erstellt. + + + Flow + Ablauf + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + Optionale Daten, die in die Kontextvariable „prompt_data“ des Flows geladen werden. YAML oder JSON. + + + Single use + Einmalbenutzung + + + When enabled, the invitation will be deleted after usage. + Wenn diese Option aktiviert ist, wird die Einladung nach ihrer Benutzung gelöscht. + + + Select an enrollment flow + Registrierungsablauf wählen + + + Link to use the invitation. + Einladungslink + + + Invitations + Einladungen + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Erstelle Einladungslinks um Benutzer zu registrieren und optional spezifische Attribute zu deren Konto hinzuzufügen. + + + Created by + Erstellt von + + + Invitation(s) + Einladung(en) + + + Invitation not limited to any flow, and can be used with any enrollment flow. + + + Update Invitation + Einladung aktualisieren + + + Create Invitation + Einladung erstellen + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + Warnung: Keine Einladungsphase ist an einen Ablauf gebunden. Einladungen funktionieren nicht wie erwartet. + + + Auto-detect (based on your browser) + Automatische Erkennung (basierend auf Ihrem Browser) + + + Required. + Erforderlich + + + Continue + Weiter + + + Successfully updated prompt. + Eingabeaufforderung erfolgreich aktualisiert. + + + Successfully created prompt. + Eingabeaufforderung erfolgreich erstellt. + + + Text: Simple Text input + Text: Einfaches Texteingabefeld + + + Text Area: Multiline text input + + + Text (read-only): Simple Text input, but cannot be edited. + Text (read-only): Einfaches Texteingabefeld, nicht editierbar + + + Text Area (read-only): Multiline text input, but cannot be edited. + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + Benutzername: Wie bei der Texteingabe, prüft jedoch auf doppelte Benutzernamen und verhindert diese. + + + Email: Text field with Email type. + E-Mail: Textfeld mit E-Mail-Typ. + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + + Number + Nummer + + + Checkbox + Checkbox + + + Radio Button Group (fixed choice) + + + Dropdown (fixed choice) + + + Date + Datum + + + Date Time + Zeitlicher Termin + + + File + Datei + + + Separator: Static Separator Line + Trennzeichen: Statische Trennungslinie + + + Hidden: Hidden field, can be used to insert data into form. + Versteckt: Verstecktes Feld, kann zum Einfügen von Daten in das Formular verwendet werden. + + + Static: Static value, displayed as-is. + Statisch: Statischer Wert, wird so angezeigt, wie er ist. + + + authentik: Locale: Displays a list of locales authentik supports. + authentik: Gebietsschema: Zeigt eine Liste von Gebietsschemas, die Authentik unterstützt. + + + Preview errors + + + Data preview + + + Unique name of this field, used for selecting fields in prompt stages. + + + Field Key + Schlüsselfeld + + + Name of the form field, also used to store the value. + Name des Formularfelds, das auch zum Speichern des Werts verwendet wird. + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + Bei Verwendung in Verbindung mit einer User Write-Phase verwenden Sie attributes.foo zum Schreiben von Attributen. + + + Label + Beschriftung + + + Label shown next to/above the prompt. + Beschriftung neben/über der Eingabeaufforderung + + + Required + Erforderlich + + + Interpret placeholder as expression + Platzhalter aus Ausdruck interpretieren + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + + + Placeholder + Platzhalter + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + + + Interpret initial value as expression + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + + + Initial value + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + + + Help text + Hilfetext + + + Any HTML can be used. + Jedes HTML kann verwendet werden. + + + Prompts + Eingabeaufforderungen + + + Single Prompts that can be used for Prompt Stages. + Einzelne Eingabeaufforderungen, die für Eingabeaufforderungsphasen verwendet werden können. + + + Field + Feld + + + Stages + Phasen + + + Prompt(s) + Eingabeaufforderung(en) + + + Update Prompt + Aktualisierungsaufforderung + + + Create Prompt + Eingabeaufforderung erstellen + + + Target + Ziel + + + Stage + Phase + + + Evaluate when flow is planned + + + Evaluate policies during the Flow planning process. + + + Evaluate when stage is run + + + Evaluate policies before the Stage is present to the user. + Werten Sie Richtlinien aus, bevor die Phase dem Benutzer angezeigt wird. + + + Invalid response behavior + + + Returns the error message and a similar challenge to the executor + + + Restarts the flow from the beginning + + + Restarts the flow from the beginning, while keeping the flow context + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + + + Successfully updated stage. + Phase erfolgreich aktualisiert. + + + Successfully created stage. + Phase erfolgreich erstellt. + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Phase, die zum Konfigurieren eines Duo-basierten Authentifikators verwendet wird. Diese Phase sollte für Konfigurationsabläufe verwendet werden. + + + Authenticator type name + + + Display name of this authenticator, used by users when they enroll an authenticator. + + + API Hostname + API Hostname + + + Duo Auth API + Duo Auth API + + + Integration key + Integrationsschlüssel + + + Secret key + Geheimer Schlüssel + + + Duo Admin API (optional) + Duo Admin API (optional) + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + + + Stage-specific settings + Phasenspezifische Einstellungen + + + Configuration flow + Ablauf der Konfiguration + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + Ablauf der von einem authentifizierten Benutzer verwendet wird, um diese Phase zu konfigurieren. Wenn leer, kann der Benutzer diese Phase nicht konfigurieren. + + + Twilio Account SID + Twilio Konto SID + + + Get this value from https://console.twilio.com + Holen Sie sich diesen Wert von https://console.twilio.com + + + Twilio Auth Token + Twilio Authentifizierungs Token + + + Authentication Type + Authentifizierungsart + + + Basic Auth + Basic Auth + + + Bearer Token + Bearer Token + + + External API URL + Externe API URL + + + This is the full endpoint to send POST requests to. + Dies ist der vollständige Endpunkt, an den POST-Anforderungen gesendet werden. + + + API Auth Username + API Auth Benutzername + + + This is the username to be used with basic auth or the token when used with bearer token + Dies ist der Benutzername, der mit Basic Auth verwendet werden soll, oder das Token, wenn es mit Bearer-Token verwendet wird + + + API Auth password + API Auth Passwort + + + This is the password to be used with basic auth + Dies ist das Passwort, das mit der Basisauthentifizierung verwendet werden soll + + + Mapping + + + Modify the payload sent to the custom provider. + + + Stage used to configure an SMS-based TOTP authenticator. + Phase, die zum Konfigurieren eines SMS-basierten TOTP-Authentifikators verwendet wird. + + + Twilio + Twilio + + + Generic + Generisch + + + From number + Von Nummer + + + Number the SMS will be sent from. + Nummer, von der die SMS gesendet wird + + + Hash phone number + Hash-Telefonnummer + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Phase, die zum Konfigurieren eines statischen Authentifikators (d. h. statischer Token) verwendet wird. Diese Phase sollte für Konfigurationsabläufe verwendet werden + + + Token count + Token Count + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Phase zum Konfigurieren eines TOTP-Authentifikators (z. B. Authy/Google Authenticator) + + + Digits + Ziffern + + + 6 digits, widely compatible + 6 Ziffern, weitestgehend kompatibel + + + 8 digits, not compatible with apps like Google Authenticator + 8 Ziffern, nicht kompatibel mit Anwendungen wie Google Authenticator + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Phase, die verwendet wird, um einen beliebigen Authentifikator zu validieren. Diese Phase sollte während Authentifizierungs- oder Autorisierungsabläufen verwendet werden. + + + Device classes + Geräteklassen + + + Static Tokens + Statische Token + + + TOTP Authenticators + TOTP-Authentifikatoren + + + WebAuthn Authenticators + WebAuthn-Authentifikatoren + + + Duo Authenticators + Duo-Authentifikatoren + + + SMS-based Authenticators + SMS-basierte Authentifikatoren + + + Device classes which can be used to authenticate. + Geräteklassen, die zur Authentifizierung verwendet werden können. + + + Last validation threshold + Letzte Validierungsschwelle + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + Wenn eines der oben ausgewählten Geräte innerhalb dieser Zeitspanne benutzt wurde, wird dieser Schritt übersprungen. + + + Not configured action + Nicht konfigurierte Aktion + + + Force the user to configure an authenticator + Benutzer auffordern einen Authenticator einzurichten + + + Deny the user access + Dem Benutzer den Zugang verweigern + + + WebAuthn User verification + + + User verification must occur. + Die Benutzerüberprüfung muss erfolgen. + + + User verification is preferred if available, but not required. + Die Benutzerüberprüfung wird bevorzugt, falls verfügbar, aber nicht erforderlich. + + + User verification should not occur. + Die Benutzerüberprüfung sollte nicht stattfinden. + + + Configuration stages + Konfiguration Stufen + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + Stufen zur Konfiguration des Authenticators, wenn der Benutzer keine kompatiblen Geräte besitzt. Nachdem diese Konfigurationsstufe abgeschlossen ist, wird der Benutzer nicht mehr dazu aufgefordert. + + + When multiple stages are selected, the user can choose which one they want to enroll. + Wenn mehrere Stufen ausgewählt sind, kann der Benutzer wählen, welche er registrieren möchte. + + + User verification + Benutzerüberprüfung + + + Resident key requirement + Resident-Key-Anforderung + + + Authenticator Attachment + Authenticator-Anhang + + + No preference is sent + Keine Präferenz wird gesendet + + + A non-removable authenticator, like TouchID or Windows Hello + Ein nicht abnehmbarer Authentifikator, wie TouchID oder Windows Hello + + + A "roaming" authenticator, like a YubiKey + Ein "Roaming"-Authentifikator, wie ein YubiKey + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + + + Public Key + Öffentlicher Schlüssel + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Öffentlicher Schlüssel, erworben von https://www.google.com/recaptcha/intro/v3.html. + + + Private Key + Privater Schlüssel + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Privater Schlüssel, erworben von https://www.google.com/recaptcha/intro/v3.html. + + + Advanced settings + Erweiterte Einstellungen + + + JS URL + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + + + API URL + API URL + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + Abfrage zur Einwilligung von Benutzern. Die Einwilligung kann entweder permanent gelten oder in einer bestimmten Zeit ablaufen. + + + Always require consent + Immer nach Zustimmung fragen + + + Consent given last indefinitely + Einwilligung gilt unbegrenzt + + + Consent expires. + Einwilligung erlischt. + + + Consent expires in + Einwilligung erlischt in + + + Offset after which consent expires. + + + Dummy stage used for testing. Shows a simple continue button and always passes. + Dummy-Stage zum Testen verwendet. Zeigt eine einfache Schaltfläche zum Fortfahren und besteht immer. + + + Throw error? + + + SMTP Host + SMTP Server + + + SMTP Port + SMTP Port + + + SMTP Username + SMTP Benutzername + + + SMTP Password + SMTP Passwort + + + Use TLS + TLS verwenden + + + Use SSL + SSL verwenden + + + From address + Absenderadresse + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + Überprüfen Sie die E-Mail-Adresse des Benutzers, indem Sie ihm einen einmaligen Link senden. Kann auch für die Wiederherstellung verwendet werden, um die Authentizität des Benutzers zu überprüfen. + + + Activate pending user on success + Aktiviere ausstehenden Benutzer bei Erfolg + + + When a user returns from the email successfully, their account will be activated. + Wenn ein Benutzer erfolgreich von der E-Mail zurückkehrt, wird sein Konto aktiviert + + + Use global settings + Verwende globale Einstellungen + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + Wenn diese Option aktiviert ist, werden die globalen E-Mail Verbindungseinstellungen benutzt und die unten angegebenen Einstellungen ignoriert + + + Token expiry + Ablauf des Tokens + + + Time in minutes the token sent is valid. + Zeit in Minuten wie lange der verschickte Token gültig ist + + + Template + Schablone + + + Let the user identify themselves with their username or Email address. + Lassen Sie den Benutzer sich mit seinem Benutzernamen oder seiner E-Mail-Adresse identifizieren. + + + User fields + Benutzerfelder + + + UPN + UPN + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + Felder, mit denen sich ein Benutzer identifizieren kann. Wenn keine Felder ausgewählt sind, kann der Benutzer nur Quellen verwenden. + + + Password stage + Passwort-Phase + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + Wenn diese Option ausgewählt ist, wird ein Passwortfeld auf derselben Seite statt auf einer separaten Seite angezeigt. Dadurch werden Angriffe auf die Aufzählung von Benutzernamen verhindert. + + + Case insensitive matching + Abgleich ohne Berücksichtigung der Groß-/Kleinschreibung + + + When enabled, user fields are matched regardless of their casing. + Wenn diese Option aktiviert ist, werden Benutzerfelder unabhängig von ihrem Format abgeglichen. + + + Show matched user + Passenden Benutzer anzeigen + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + Sofern eine gültige E-Mailadresse oder Benutzername angegeben wurde und diese Option aktiviert ist, wird das Profilbild und der Benutzername des Benutzers angezeigt. Ansonsten wird der vom Benutzer eingegebene Text angezeigt. + + + Source settings + + + Sources + Quellen + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + Es sollten ausgewählte Quellen angezeigt werden, mit denen sich Benutzer authentifizieren können. Dies betrifft nur webbasierte Quellen, nicht LDAP. + + + Show sources' labels + Bezeichnungen der Quellen anzeigen + + + By default, only icons are shown for sources. Enable this to show their full names. + Standardmäßig werden für Quellen nur Symbole angezeigt. Aktiviere diese Option, um den vollständigen Namen anzuzeigen. + + + Passwordless flow + Passwortloser Ablauf + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + Optionaler passwortloser Ablauf, der unten auf der Seite verlinkt ist. Nach der Konfiguration können Benutzer diesen Ablauf verwenden, um sich mit einem WebAuthn-Authentifikator zu authentifizieren, ohne Details einzugeben. + + + Optional enrollment flow, which is linked at the bottom of the page. + Optionaler Anmeldevorgang, der unten auf der Seite verlinkt ist. + + + Optional recovery flow, which is linked at the bottom of the page. + Optionaler Wiederherstellungsablauf, der unten auf der Seite verlinkt ist. + + + This stage can be included in enrollment flows to accept invitations. + Diese Phase kann in Registrierungsabläufe aufgenommen werden, um Einladungen anzunehmen. + + + Continue flow without invitation + Ablauf mit Einladung fortsetzen + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + Wenn dieses Flag gesetzt ist, springt diese Stufe zur nächsten Stufe, wenn keine Einladung gegeben wird. Standardmäßig bricht diese Phase den Flow ab, wenn keine Einladung gegeben wird. + + + Validate the user's password against the selected backend(s). + Validieren Sie das Passwort des Benutzers mit den ausgewählten Backends. + + + Backends + Backends + + + User database + standard password + Benutzer Datenbank + Standardpasswort + + + User database + app passwords + Benutzer Datenbank + Applikations Passwort + + + User database + LDAP password + Benutzer Datenbank + LDAP Passwort + + + Selection of backends to test the password against. + Auswahl der Backends, mit denen das Kennwort getestet werden soll. + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + Ablauf, der von einem authentifizierten Benutzer verwendet wird, um sein Passwort zu konfigurieren. Wenn leer, kann der Benutzer sein Passwort nicht ändern. + + + Failed attempts before cancel + Fehlgeschlagene Versuche vor Abbruch + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + Anzahl der Versuche, die Benutzer haben, bevor der Ablauf abgebrochen wird. Um Benutzer auszuschließen kann eine Reputations-Richtlinie und eine user_write-Stufe genutzt werden. + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + Zeigen Sie dem Benutzer beliebige Eingabefelder, beispielsweise während der Registrierung. Daten werden im Flow-Kontext unter der Variablen „prompt_data“ gespeichert. + + + Fields + Felder + + + ("", of type ) + + (" + ", vom Typ + ) + + + Validation Policies + Validierungsrichtlinien + + + Selected policies are executed when the stage is submitted to validate the data. + Ausgewählte Richtlinien werden ausgeführt, wenn die Stufe zur Validierung der Daten übermittelt wird. + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + + Log the currently pending user in. + Melden Sie den aktuell ausstehenden Benutzer an. + + + Session duration + Sessionsdauer + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + Legt fest, wie lange eine Sitzung dauert. Der Standardwert von 0 Sekunden bedeutet, dass die Sitzungen dauern, bis der Browser geschlossen wird. + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + + See here. + + + Stay signed in offset + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + + Terminate other sessions + + + When enabled, all previous sessions of the user will be terminated. + + + Remove the user from the current session. + Entfernen Sie den Benutzer aus der aktuellen Sitzung. + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + + + Never create users + + + When no user is present in the flow context, the stage will fail. + + + Create users when required + + + When no user is present in the the flow context, a new user is created. + + + Always create new users + Immer neuen Benutzer erzeugen + + + Create a new user even if a user is in the flow context. + + + Create users as inactive + Benutzer als inaktiv anlegen + + + Mark newly created users as inactive. + Neu erstellte Benutzer als inaktiv markieren. + + + User path template + + + Path new users will be created under. If left blank, the default path will be used. + + + Newly created users are added to this group, if a group is selected. + Neu erstellte Benutzer werden dieser Gruppe hinzugefügt, wenn eine Gruppe ausgewählt ist. + + + New stage + Neue Stufe + + + Create a new stage. + Neue Stufe erstellen. + + + Successfully imported device. + + + The user in authentik this device will be assigned to. + + + Duo User ID + Duo User ID + + + The user ID in Duo, can be found in the URL after clicking on a user. + + + Automatic import + + + Successfully imported devices. + + + Start automatic import + + + Or manually import + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + Phasen sind einzelne Schritte eines Flows, durch die ein Benutzer geführt wird. Eine Phase kann nur innerhalb eines Flows ausgeführt werden. + + + Flows + Abläufe + + + Stage(s) + Phase(n) + + + Import + Importieren + + + Import Duo device + Duo Gerät importieren + + + Successfully updated flow. + Ablauf erfolgreich aktualisiert. + + + Successfully created flow. + Ablauf erfolgreich erstellt. + + + Shown as the Title in Flow pages. + Wird als Titel auf den Ablaufseiten angezeigt. + + + Visible in the URL. + Sichtbar in der URL + + + Designation + Bezeichnung + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + Entscheidet, wofür dieser Flow verwendet wird. Beispielsweise wird der Authentifizierungsablauf umgeleitet, wenn ein nicht authentifizierter Benutzer authentik besucht. + + + No requirement + + + Require authentication + + + Require no authentication. + + + Require superuser. + + + Required authentication level for this flow. + + + Behavior settings + + + Compatibility mode + Kompatibilitätsmodus + + + Increases compatibility with password managers and mobile devices. + + + Denied action + + + Will follow the ?next parameter if set, otherwise show a message + + + Will either follow the ?next parameter or redirect to the default interface + + + Will notify the user the flow isn't applicable + + + Decides the response when a policy denies access to this flow for a user. + + + Appearance settings + + + Layout + Aufbau + + + Background + Hintergrund + + + Background shown during execution. + Hintergrund während der Ausführung. + + + Clear background + + + Delete currently set background image. + Aktuelles Hintergrundbild löschen + + + Successfully imported flow. + Ablauf erfolgreich importiert. + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + Abläufe beschreiben eine Kette von Phasen zum Authentifizieren, Registrieren oder Wiederherstellen eines Benutzers. Phasen werden basierend auf den auf sie angewendeten Richtlinien ausgewählt. + + + Flow(s) + Ablauf/Abläufe + + + Update Flow + Ablauf aktualisieren + + + Create Flow + Ablauf erstellen + + + Import Flow + Ablauf importieren + + + Successfully cleared flow cache + Der Ablauf-Cache wurde erfolgreich geleert + + + Failed to delete flow cache + Ablaufpuffer löschen fehlgeschlagen + + + Clear Flow cache + Flow-Cache löschen + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + + + Stage binding(s) + Phasen Bindung(en) + + + Stage type + Phasen Typ + + + Edit Stage + Stufe bearbeiten + + + Update Stage binding + Phasenbindung aktualisieren + + + These bindings control if this stage will be applied to the flow. + Diese Bindungen steuern, ob diese Stufe auf den Ablauf angewendet wird. + + + No Stages bound + Keine Phasen verknüpft. + + + No stages are currently bound to this flow. + Aktuell sind keine Phasen mit diesem Ablauf verknüpft. + + + Create Stage binding + Stage Bindung erstellen + + + Bind stage + Phasen-Verknüpfung + + + Bind existing stage + + + Flow Overview + Ablauf Übersicht + + + Related actions + + + Execute flow + Ablauf ausführen + + + Normal + Normal + + + with current user + mit aktuellem Nutzer + + + with inspector + mit Inspektor + + + Export flow + Ablauf exportieren + + + Export + Exportieren + + + Stage Bindings + Phasen Bindungen + + + These bindings control which users can access this flow. + Diese Bindungen steuern, welche Benutzer auf diesen Ablauf zugreifen können. + + + Event Log + Ereignisprotokoll + + + Event + Ereignis + + + + Event info + Ereignisinfo + + + Created + + + Successfully updated transport. + Zustellungsart erfolgreich aktualisiert. + + + Successfully created transport. + Zustellungsart erfolgreich erstellt. + + + Local (notifications will be created within authentik) + Lokal (Benachrichtigungen werden innerhalb von authentik erstellt) + + + Webhook (generic) + Webhook (generic) + + + Webhook (Slack/Discord) + Webhook (Slack/Discord) + + + Webhook URL + Webhook URL + + + Webhook Mapping + Webhook Zuordnung + + + Send once + Einmal senden + + + Only send notification once, for example when sending a webhook into a chat channel. + Benachrichtigung nur einmal senden, z. B. beim Senden eines Webhooks in einen Chat-Kanal + + + Notification Transports + Mitteilungszustellungsarten + + + Define how notifications are sent to users, like Email or Webhook. + Definieren Sie, wie Benachrichtigungen an Benutzer gesendet werden, z. B. E-Mail oder Webhook. + + + Notification transport(s) + Mitteilungszustellungsart(en) + + + Update Notification Transport + Mitteilungszustellungsart aktualisieren + + + Create Notification Transport + Mitteilungszustellungsart erstellen + + + Successfully updated rule. + Regel erfolgreich aktualisiert. + + + Successfully created rule. + Regel erfolgreich erstellt. + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + + + Transports + Zustellungsarten + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + Wählen Sie, welche Zustellungsart genutzt werden soll um Benutzer zu benachrichtigen. Wenn keine gewählt wurde, werden Benachrichtigungen nur in der Authentik-Oberfläche angezeigt. + + + Severity + Schweregrad + + + Notification Rules + Benachrichtigungsregeln + + + Send notifications whenever a specific Event is created and matched by policies. + Senden Sie Benachrichtigungen, wenn ein bestimmtes Ereignis erstellt und mit Richtlinien abgeglichen wird. + + + Sent to group + An Gruppe gesendet + + + Notification rule(s) + Benachrichtigungsregel(n) + + + None (rule disabled) + Keine (Regel deaktiviert) + + + Update Notification Rule + Benachrichtigungsregel aktualisieren + + + Create Notification Rule + Benachrichtigungsregel erstellen + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + + + Outpost Deployment Info + Outpost-Installationsinfo + + + View deployment documentation + Installationsdokumentation anzeigen + + + Click to copy token + Token kopieren + + + If your authentik Instance is using a self-signed certificate, set this value. + Wenn Ihre authentik-Instanz ein selbstsigniertes Zertifikat verwendet, setzen Sie diesen Wert. + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + Wenn Ihre authentik_host-Einstellung nicht der URL entspricht, mit der Sie sich anmelden, fügen Sie diese Einstellung hinzu. + + + Successfully updated outpost. + Outpost erfolgreich aktualisiert. + + + Successfully created outpost. + Outpost erfolgreich erstellt. + + + Radius + + + Integration + Integration + + + Selecting an integration enables the management of the outpost by authentik. + Die Auswahl einer Integration ermöglicht die Verwaltung des Outposts durch Authentik. + + + You can only select providers that match the type of the outpost. + Sie können nur Anbieter auswählen, die zum Typ des Outposts passen. + + + Configuration + Konfiguration + + + See more here: + + + Documentation + + + Last seen + + + , should be + " + ", sollte " + " sein + + + Hostname + + + Not available + Nicht verfügbar + + + Last seen: + Überprüft: + + + + Unknown type + + + Outposts + Outposts + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Outposts sind Installationen von authentik-Komponenten, die Unterstützung für unterschiedliche Umgebungen und Protokolle wie Reverse Proxies bereitsstellen. + + + Health and Version + Zustand und Version + + + Warning: authentik Domain is not configured, authentication will not work. + Warnung: authentik-Domain ist nicht konfiguriert. Authentifizierungen werden nicht funktionieren. + + + Logging in via . + Anmelden über + . + + + No integration active + Keine Integrationen aktiv + + + Update Outpost + Outpost aktualisieren + + + View Deployment Info + Installationsinfo anzeigen + + + Detailed health (one instance per column, data is cached so may be out of date) + + + Outpost(s) + Outpost(s) + + + Create Outpost + Außenposten erstellen + + + Successfully updated integration. + Integration erfolgreich aktualisiert. + + + Successfully created integration. + Integration erfolgreich erstellt. + + + Local + Lokal + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + Nutze, wenn aktiviert, die lokale Verbindung. Benötigt Docker socket/Kubernetes Integration. + + + Docker URL + Docker URL + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + Kann das Format 'unix://' haben, wenn eine Verbindung zu einem lokalen Docker-Daemon hergestellt wird, oder 'ssh://', wenn eine Verbindung über SSH hergestellt wird, oder 'https://:2376', wenn eine Verbindung zu einem entfernten System hergestellt wird. + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + CA, anhand derer das Zertifikat des Endpunkts überprüft wird. Kann leer gelassen werden, um keine Validierung durchzuführen. + + + TLS Authentication Certificate/SSH Keypair + TLS-Authentifizierungszertifikat/SSH-Schlüsselpaar + + + Certificate/Key used for authentication. Can be left empty for no authentication. + Zertifikat/Schlüssel für die Authentifizierung. Kann leer gelassen werden, wenn keine Authentifizierung erfolgt. + + + When connecting via SSH, this keypair is used for authentication. + Bei Verbindung via SSH wird dieses Schlüsselpaar zur Authentifizierung genutzt. + + + Kubeconfig + Kubeconfig + + + Verify Kubernetes API SSL Certificate + + + New outpost integration + Neue Outpost-Integration + + + Create a new outpost integration. + Neue Outpost-Integration erstellen. + + + State + Zustand + + + Unhealthy + Defekt + + + Outpost integration(s) + Outpostintegration(en) + + + Successfully generated certificate-key pair. + Zertifikat-Schlüsselpaar erfolgreich generiert. + + + Common Name + Gemeinsamer Name + + + Subject-alt name + SAN + + + Optional, comma-separated SubjectAlt Names. + Optionale, durch Kommas getrennte SubjectAlt-Namen + + + Validity days + Gültigkeitstage + + + Successfully updated certificate-key pair. + Zertifikat-Schlüsselpaar erfolgreich aktualisiert. + + + Successfully created certificate-key pair. + Zertifikat-Schlüsselpaar erfolgreich erstellt. + + + PEM-encoded Certificate data. + PEM-codierte Zertifikatsdaten. + + + Optional Private Key. If this is set, you can use this keypair for encryption. + Optionaler privater Schlüssel. Wenn dies eingestellt ist, können Sie dieses Schlüsselpaar für die Verschlüsselung verwenden. + + + Certificate-Key Pairs + Zertifikat-Schlüsselpaare + + + Import certificates of external providers or create certificates to sign requests with. + Importieren Sie Zertifikate externer Anbieter oder erstellen Sie Zertifikate zum Signieren von Anfragen. + + + Private key available? + Privater Schlüssel vorhanden? + + + Certificate-Key Pair(s) + Zertifikat Schlüsselpaar(e) + + + Managed by authentik + Verwaltet durch Authentik + + + Managed by authentik (Discovered) + Verwaltet von authentik (Discovered) + + + Yes () + Ja ( + ) + + + No + Nein + + + Update Certificate-Key Pair + Aktualisieren Sie das Zertifikatschlüsselpaar + + + Certificate Fingerprint (SHA1) + Zertifikat-Fingerabdruck (SHA1) + + + Certificate Fingerprint (SHA256) + Zertifikat-Fingerabdruck (SHA256) + + + Certificate Subject + Zertifikat Betreff + + + Download Certificate + Zertifikat herunterladen + + + Download Private key + Privaten Schlüssel herunterladen + + + Create Certificate-Key Pair + Zertifikat-Schlüsselpaar generieren + + + Generate + Generiere + + + Generate Certificate-Key Pair + Zertifikat-Schlüsselpaar generieren + + + Successfully updated instance. + + + Successfully created instance. + + + Disabled blueprints are never applied. + + + Local path + + + OCI Registry + + + Internal + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + + + See more about OCI support here: + + + Blueprint + + + Configure the blueprint context, used for templating. + + + Orphaned + + + Blueprints + + + Automate and template configuration within authentik. + + + Last applied + + + Blueprint(s) + + + Update Blueprint + + + Create Blueprint Instance + + + API Requests + API Anfragen + + + Open API Browser + API-Browser öffnen + + + Notifications + Benachrichtigungen + + + unread + + ungelesen + + + Successfully cleared notifications + Benachrichtigungen erfolgreich gelöscht + + + Clear all + Alles löschen + + + A newer version of the frontend is available. + Eine neuere Version des Frontends ist verfügbar. + + + You're currently impersonating . Click to stop. + Sie geben sich gerade als + aus. Klicken Sie zum Stoppen. + + + User interface + Benutzeroberfläche + + + Dashboards + Dashboards + + + Events + Events + + + Logs + Logs + + + Customisation + Anpassung + + + Directory + Verzeichnis + + + System + System + + + Certificates + Zertifikate + + + Outpost Integrations + Outpostintegrationen + + + API request failed + API Anfrage fehlgeschlagen + + + User's avatar + Avatar des Benutzers + + + Something went wrong! Please try again later. + Etwas ist schiefgelaufen. Bitte probiere es später wieder + + + Request ID + + + You may close this page now. + + + You're about to be redirect to the following URL. + Sie werden gleich zur folgenden URL weitergeleitet + + + Follow redirect + Weiterleitung folgen + + + Request has been denied. + Anfrage wurde verweigert + + + Not you? + Nicht Sie? + + + Need an account? + Wird ein Konto gebraucht? + + + Sign up. + Registrieren. + + + Forgot username or password? + Benutzername oder Passwort vergessen? + + + Select one of the sources below to login. + Wählen Sie eine der folgenden Quellen aus, um sich anzumelden. + + + Or + + + Use a security key + Verwenden Sie einen Sicherheitsschlüssel + + + Login to continue to . + Anmelden um mit + fortzufahren. + + + Please enter your password + Bitte geben Sie Ihr Passwort ein + + + Forgot password? + Passwort vergessen? + + + Application requires following permissions: + Anwendung benötigt die folgenden Berechtigungen: + + + Application already has access to the following permissions: + + + Application requires following new permissions: + + + Check your Inbox for a verification email. + Prüfen Sie Ihren Posteingang auf eine Bestätigungsmail. + + + Send Email again. + E-Mail erneut senden. + + + Successfully copied TOTP Config. + TOTP Config erfolgreich kopiert + + + Copy + Kopieren + + + Code + Code + + + Please enter your TOTP Code + Bitte geben Sie Ihren TOTP-Code ein. + + + Duo activation QR code + + + Alternatively, if your current device has Duo installed, click on this link: + Alternativ kannst Du auch auf diesen Link klicken, wenn Du Duo auf Deinem Gerät installiert hast: + + + Duo activation + Duo-Aktivierung + + + Check status + Status überprüfen + + + Make sure to keep these tokens in a safe place. + Bewahren Sie diese Tokens an einem sicheren Ort auf. + + + Phone number + Telefonnummer + + + Please enter your Phone number. + Bitte geben Sie Ihre Telefonnummer ein. + + + Please enter the code you received via SMS + + + A code has been sent to you via SMS. + Ihnen wurde ein Code per SMS gesendet. + + + Open your two-factor authenticator app to view your authentication code. + + + Static token + Statische Token + + + Authentication code + + + Please enter your code + + + Return to device picker + Zurück zur Geräteauswahl + + + Sending Duo push notification + + + Assertions is empty + SAML Assertion ist leer + + + Error when creating credential: + Fehler beim Erstellen der Anmeldedaten: + + + + Error when validating assertion on server: + Fehler beim Validieren der Assertion auf dem Server: + + + + Retry authentication + Authentifizierung erneut versuchen + + + Duo push-notifications + Duo Push-Benachrichtigungen + + + Receive a push notification on your device. + Erhalten Sie eine Push-Benachrichtigung auf Ihrem Gerät. + + + Authenticator + Authentifikator + + + Use a security key to prove your identity. + Verwenden Sie einen Sicherheitsschlüssel, um Ihre Identität nachzuweisen + + + Traditional authenticator + Traditioneller Authentifikator + + + Use a code-based authenticator. + Verwenden Sie einen Code-basierten Authentifikator + + + Recovery keys + Wiederherstellungsschlüssel + + + In case you can't access any other method. + Falls Sie auf keine andere Methode zugreifen können. + + + SMS + SMS + + + Tokens sent via SMS. + Per SMS versendete Token. + + + Select an authentication method. + Wählen Sie eine Authentifizierungsmethode aus. + + + Stay signed in? + Eingeloggt bleiben? + + + Select Yes to reduce the number of times you're asked to sign in. + Wähle 'Ja' um die Anzahl der Anmeldeaufforderungen zu reduzieren. + + + Authenticating with Plex... + Authentifizierung mit Plex... + + + Waiting for authentication... + + + If no Plex popup opens, click the button below. + + + Open login + + + Authenticating with Apple... + Authentifizierung mit Apple... + + + Retry + Erneut versuchen + + + Enter the code shown on your device. + + + Please enter your Code + Bitte geben Sie Ihren Code ein + + + You've successfully authenticated your device. + + + Flow inspector + Ablauf-Inspektor + + + Next stage + Nächste Phase + + + Stage name + Phasenname + + + Stage kind + Art der Phase + + + Stage object + Phasen Objekt + + + This flow is completed. + Dieser Ablauf ist abgeschlossen. + + + Plan history + History + + + Current plan context + Aktueller Plankontext + + + Session ID + Sitzungs-ID + + + Powered by authentik + Erstellt durch Authentik + + + Background image + Hintergrundbild + + + Error creating credential: + Fehler beim Erstellen der Anmeldedaten: + + + + Server validation of credential failed: + Servervalidierung der Anmeldedaten fehlgeschlagen: + + + + Register device + Gerät registrieren + + + Refer to documentation + + + No Applications available. + Keine Anwendungen vorhanden. + + + Either no applications are defined, or you don’t have access to any. + + + My Applications + Meine Anwendungen + + + My applications + Meine Anwendungen + + + Change your password + Ändern Sie Ihr Passwort + + + Change password + Password ändern + + + + + + + + + Save + Speichern + + + Delete account + Account löschen + + + Successfully updated details + Details erfolgreich aktualisiert. + + + Open settings + Einstellungen öffnen + + + No settings flow configured. + Kein Ablauf für Einstellungen konfiguriert. + + + Update details + Angaben aktualisieren + + + Successfully disconnected source + Quelle erfolgreich getrennt + + + Failed to disconnected source: + Quelle konnte nicht getrennt werden: + + + + Disconnect + Verbindung trennen + + + Connect + Verbinden + + + Error: unsupported source settings: + Fehler: nicht unterstützte Quelleinstellungen: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Verknüpfen Sie Ihr Konto mit einem der unten aufgeführten Dienste, um das Anmelden mit dem Dienst, anstatt der üblichen Anmeldedaten zu ermöglichen. + + + No services available. + Keine Dienste verfügbar. + + + Create App password + App Passwort erstellen + + + User details + Nutzerdetails + + + Consent + Einwilligung + + + MFA Devices + Multifaktor-Authentifzierungs Geräte + + + Connected services + Verknüpfte Dienste + + + Tokens and App passwords + Tokens und App Passwörter + + + Unread notifications + Ungelesene Benachrichtigungen + + + Admin interface + Admin Interface + + + Stop impersonation + Beenden Sie den Identitätswechsel + + + Avatar image + Profilbild + + + Failed + + + Unsynced / N/A + + + Outdated outposts + Obsolete Outposts + + + Unhealthy outposts + Defekte Outposts + + + Next + Weiter + + + Inactive + Inaktiv + + + Regular user + Regelmäßiger Benutzer + + + Activate + Aktivieren + + + Use Server URI for SNI verification + + + Required for servers using TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + + + TLS Server name + + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + + + TLS Client authentication certificate + + + Model + + + Match events created by selected model. When left empty, all models are matched. + + + Code-based MFA Support + + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + + + User type + + + Successfully updated license. + + + Successfully created license. + + + Install ID + + + License key + + + Licenses + + + License(s) + + + Enterprise is in preview. + + + Cumulative license expiry + + + Update License + + + Warning: The current user count has exceeded the configured licenses. + + + Click here for more info. + + + Enterprise + + + Manage enterprise licenses + + + No licenses found. + + + Send us feedback! + + + Get a license + + + Go to Customer Portal + + + Forecast internal users + + + Estimated user count one year from now based on current internal users and forecasted internal users. + + + Forecast external users + + + Estimated user count one year from now based on current external users and forecasted external users. + + + Install + + + Install License + + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + + + Service accounts should be used for machine-to-machine authentication or other automations. + + + Less details + + + More details + + + Remove item Open API drawer @@ -11,1702 +5585,74 @@ Open Notification drawer - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - Restart task - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - Add provider - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber - - - The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate - - - TLS Server name - - - UID start number - - - GID start number - - - Successfully updated provider. - - - Successfully created provider. - - - (Format: hours=-1;minutes=-2;seconds=-3). - - - (Format: hours=1;minutes=2;seconds=3). - - - The following keywords are supported: - - - Confidential - - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets - - - Public - - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. - - - Based on the User's hashed ID - - - Based on the User's ID - - - Based on the User's UUID - - - Based on the User's username - - - Based on the User's Email - - - This is recommended over the UPN mode. - - - Based on the User's UPN - - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. - - - Each provider has a different issuer, based on the application slug - - - Same identifier is used for all providers - - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. - - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. - - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - - - Authentication flow - - - Flow used when a user access this provider and is not authenticated. - - - Authorization flow - - - Flow used when authorizing this provider. - - - Client type - - - Client ID - - - Client Secret - - - Redirect URIs/Origins (RegEx) - - - Signing Key - - - Key used to sign the tokens. - - - Advanced protocol settings - - - Access code validity - - - Configure how long access codes are valid for. - - - Access Token validity - - - Configure how long access tokens are valid for. - - - Refresh Token validity - - - Configure how long refresh tokens are valid for. - - - Scopes - - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. - - - Hold control/command to select multiple items. - - - Subject mode - - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - - - Include claims in id_token - - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. - - - Issuer mode - - - Configure how the issuer field of the ID Token should be filled. - - - Machine-to-Machine authentication settings - - - Trusted OIDC Sources - - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. - - - Configure OAuth2/OpenId Provider - - - HTTP-Basic Username Key - - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. - - - HTTP-Basic Password Key - - - User/Group Attribute used for the password part of the HTTP-Basic Header. - - - Configure Proxy Provider - - - Token validity - - - Configure how long tokens are valid for. - - - AdditionalScopes - - - Additional scope mappings, which are passed to the proxy. - - - Unauthenticated URLs - - - Unauthenticated Paths - - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. - - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. - - - Authentication settings - - - Intercept header authentication - - - When enabled, authentik will intercept the Authorization header to authenticate the request. - - - Send HTTP-Basic Authentication - - - Send a custom HTTP-Basic Authentication header based on values from authentik. - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. - - - An example setup can look like this: - - - authentik running on auth.example.com - - - app1 running on app1.example.com - - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. - - - External host - - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. - - - Cookie domain - - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. - - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. - - - The external URL you'll access the application at. Include any non-standard port. - - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. - - - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application - - - Don't show this message again. - - - One hint, 'New Application Wizard', is currently hidden - - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - Open - - Successfully sent test-request. + + Copy token - - Log messages + + Add users - - No log messages. + + Add group - - Active + + Import devices - - Last login + + Execute - - Select users to add + + Show details - - Successfully updated group. + + Apply - - Successfully created group. + + Settings - - Is superuser + + Sign out - - Users added to this group will be superusers. + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - Parent + + Token length - - Roles + + The length of the individual generated tokens. Can be increased to improve security. - - Select roles to grant this groups' users' permissions from the selected roles. + + Internal: - - Attributes + + External: - - Set custom attributes using YAML or JSON. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - Successfully updated binding. + + Create and bind Policy - - Successfully created binding. + + Federation and Social login - - Policy + + Create and bind Stage - - Group mappings can only be checked if a user is already logged in when trying to access this source. + + Flows and Stages - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout + + New version available Failure result @@ -1720,1346 +5666,23 @@ Result used when policy execution fails. - - Successfully updated policy. + + Required: User verification must occur. - - Successfully created policy. + + Preferred: User verification is preferred if available, but not required. - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + Discouraged: User verification should not occur. - - Execution logging + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info + + Discouraged: The authenticator should not create a dedicated credential Lock the user out of this system @@ -3076,29 +5699,144 @@ doesn't pass when either or both of the selected options are equal or above the Create a link for this user to reset their password - - Create Recovery Link + + WebAuthn requires this page to be accessed via HTTPS. - - Actions over the last week (per 8 hours) + + WebAuthn not supported by browser. - - Edit the notes attribute of this user to add notes here. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - Sessions + + Default relay state - - User events + + When using IDP-initiated logins, the relay state will be set to this value. - - Explicit Consent + + Flow Info - - OAuth Refresh Tokens + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - MFA Authenticators +<<<<<<< HEAD + + Internal application name used in URLs. + + + Submit + + + UI Settings + + + Transparent Reverse Proxy + + + For transparent reverse proxies with required authentication + + + Configure SAML provider manually + + + Configure RADIUS provider manually + + + Configure SCIM provider manually + + + Saving Application... + + + Authentik was unable to save this application: + + + Your application has been saved + + + Method's display Name. + + + Use this provider with nginx's auth_request or traefik's + forwardAuth. Each application/domain needs its own provider. + Additionally, on each domain, /outpost.goauthentik.io must be + routed to the outpost (when using a managed outpost, this is done for you). + + + Custom attributes + + + Don't show this message again. + + + Failed to fetch + + + Failed to fetch data. + + + Successfully assigned permission. + + + Role + + + Assign + + + Assign permission to role + + + Assign to new role + + + Directly assigned + + + Assign permission to user + + + Assign to new user + + + User Object Permissions + + + Role Object Permissions + + + Roles + + + Select roles to grant this groups' users' permissions from the selected roles. + + + Update Permissions + + + Editing is disabled for managed tokens + + + Select permissions to grant + + + Permissions to add + + + Select permissions + + + Assign permission + + + Permission(s) + + + Permission + + + User doesn't have view permission so description cannot be retrieved. Assigned permissions @@ -3136,519 +5874,17 @@ doesn't pass when either or both of the selected options are equal or above the Role Info - - Successfully updated invitation. + + Pseudolocale (for testing) - - Successfully created invitation. + + Create With Wizard - - Flow + + One hint, 'New Application Wizard', is currently hidden - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Deny message @@ -3656,80 +5892,128 @@ doesn't pass when either or both of the selected options are equal or above the Message shown when this stage is run. - - Dummy stage used for testing. Shows a simple continue button and always passes. + + Open Wizard - - Throw error? + + Demo Wizard - - SMTP Host + + Run the demo wizard - - SMTP Port + + OAuth2/OIDC (Open Authorization/OpenID Connect) - - SMTP Username + + LDAP (Lightweight Directory Access Protocol) - - SMTP Password + + Forward Auth (Single Application) - - Use TLS + + Forward Auth (Domain Level) - - Use SSL + + SAML (Security Assertion Markup Language) - - From address + + RADIUS (Remote Authentication Dial-In User Service) - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + SCIM (System for Cross-domain Identity Management) - - Activate pending user on success + + The token has been copied to your clipboard - - When a user returns from the email successfully, their account will be activated. + + The token was displayed because authentik does not have permission to write to the clipboard - - Use global settings + + A copy of this recovery link has been placed in your clipboard - - When enabled, global Email connection settings will be used and connection settings below will be ignored. + + Create recovery link - - Token expiry + + Create Recovery Link - - Time in minutes the token sent is valid. + + External - - Template + + Service account - - Let the user identify themselves with their username or Email address. + + Service account (internal) - - User fields + + Check the release notes - - UPN + + User Statistics - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + <No name set> - - Password stage + + For nginx's auth_request or traefik's forwardAuth - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + For nginx's auth_request or traefik's forwardAuth per root domain - - Case insensitive matching + + RBAC is in preview. - - When enabled, user fields are matched regardless of their casing. + + User type used for newly created users. + + + Users created + + + Failed logins + + + Also known as Client ID. + + + Also known as Client Secret. + + + Global status + + + Vendor + + + No sync status. + + + Sync currently running. + + + Connectivity + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + + + Successfully created user and added to group + + + This user will be added to the group "". Pretend user exists @@ -3737,113 +6021,122 @@ doesn't pass when either or both of the selected options are equal or above the When enabled, the stage will always accept the given user identifier and continue. - - Show matched user + + There was an error in the application. - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + Review the application. - - Source settings + + There was an error in the provider. - - Sources + + Review the provider. - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + There was an error - - Show sources' labels + + There was an error creating the application, but no error message was sent. Please review the server logs. - - By default, only icons are shown for sources. Enable this to show their full names. + + Configure LDAP Provider - - Passwordless flow + + Configure OAuth2/OpenId Provider - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + Configure Proxy Provider - - Optional enrollment flow, which is linked at the bottom of the page. + + AdditionalScopes - - Optional recovery flow, which is linked at the bottom of the page. + + Configure Radius Provider - - This stage can be included in enrollment flows to accept invitations. + + Configure SAML Provider - - Continue flow without invitation + + Property mappings used for user mapping. - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + Configure SCIM Provider - - Validate the user's password against the selected backend(s). + + Property mappings used for group creation. - - Backends + + Event volume - - User database + standard password + + Require Outpost (flow can only be executed from an outpost). - - User database + app passwords + + Connection settings. - - User database + LDAP password + + Successfully updated endpoint. - - Selection of backends to test the password against. + + Successfully created endpoint. - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + Protocol - - Failed attempts before cancel + + RDP - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + SSH - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + VNC - - Fields + + Host - - ("", of type ) + + Hostname/IP to connect to. - - Validation Policies + + Endpoint(s) - - Selected policies are executed when the stage is submitted to validate the data. + + Update Endpoint - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - Log the currently pending user in. + + Create Endpoint - - Session duration + + RAC is in preview. - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + Update RAC Provider - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + Endpoints - - See here. + + General settings - - Stay signed in offset + + RDP settings - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Ignore server certificate + + + Enable wallpaper + + + Enable font-smoothing + + + Enable full window dragging Network binding @@ -3878,593 +6171,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +6287,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +6308,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/en.xlf b/web/xliff/en.xlf index 429448042..003266f4c 100644 --- a/web/xliff/en.xlf +++ b/web/xliff/en.xlf @@ -1,9 +1,5858 @@ - + - - - - Admin + + + + English + English + + + French + French + + + Turkish + Turkish + + + Spanish + Spanish + + + Polish + Polish + + + Taiwanese Mandarin + Taiwanese Mandarin + + + Chinese (simplified) + Chinese (simplified) + + + Chinese (traditional) + Chinese (traditional) + + + German + German + + + Loading... + Loading... + + + Application + Application + + + Logins + Logins + + + Show less + Show less + + + Show more + Show more + + + UID + UID + + + Name + Name + + + App + App + + + Model Name + Model Name + + + Message + Message + + + Subject + Subject + + + From + From + + + To + To + + + Context + Context + + + User + User + + + Affected model: + Affected model: + + + Authorized application: + Authorized application: + + + Using flow + Using flow + + + Email info: + Email info: + + + Secret: + Secret: + + + Open issue on GitHub... + Open issue on GitHub... + + + Exception + Exception + + + Expression + Expression + + + Binding + Binding + + + Request + Request + + + Object + Object + + + Result + Result + + + Passing + Passing + + + Messages + Messages + + + Using source + Using source + + + Attempted to log in as + Attempted to log in as + + + + No additional data available. + No additional data available. + + + Click to change value + Click to change value + + + Select an object. + Select an object. + + + Loading options... + Loading options... + + + Connection error, reconnecting... + Connection error, reconnecting... + + + Login + Login + + + Failed login + Failed login + + + Logout + Logout + + + User was written to + User was written to + + + Suspicious request + Suspicious request + + + Password set + Password set + + + Secret was viewed + Secret was viewed + + + Secret was rotated + Secret was rotated + + + Invitation used + Invitation used + + + Application authorized + Application authorized + + + Source linked + Source linked + + + Impersonation started + Impersonation started + + + Impersonation ended + Impersonation ended + + + Flow execution + Flow execution + + + Policy execution + Policy execution + + + Policy exception + Policy exception + + + Property Mapping exception + Property Mapping exception + + + System task execution + System task execution + + + System task exception + System task exception + + + General system exception + General system exception + + + Configuration error + Configuration error + + + Model created + Model created + + + Model updated + Model updated + + + Model deleted + Model deleted + + + Email sent + Email sent + + + Update available + Update available + + + Unknown severity + Unknown severity + + + Alert + Alert + + + Notice + Notice + + + Warning + Warning + + + no tabs defined + no tabs defined + + + - of + + - + of + + + + Go to previous page + Go to previous page + + + Go to next page + Go to next page + + + Search... + Search... + + + Loading + Loading + + + No objects found. + No objects found. + + + Failed to fetch objects. + Failed to fetch objects. + + + Refresh + Refresh + + + Select all rows + Select all rows + + + Action + Action + + + Creation Date + Creation Date + + + Client IP + Client IP + + + Recent events + Recent events + + + On behalf of + On behalf of + + + + - + - + + + No Events found. + No Events found. + + + No matching events could be found. + No matching events could be found. + + + Embedded outpost is not configured correctly. + Embedded outpost is not configured correctly. + + + Check outposts. + Check outposts. + + + HTTPS is not detected correctly + HTTPS is not detected correctly + + + Server and client are further than 5 seconds apart. + Server and client are further than 5 seconds apart. + + + OK + OK + + + Everything is ok. + Everything is ok. + + + System status + System status + + + Based on + Based on + + + + is available! + + is available! + + + Up-to-date! + Up-to-date! + + + Version + Version + + + Workers + Workers + + + No workers connected. Background tasks will not run. + No workers connected. Background tasks will not run. + + + hour(s) ago + + hour(s) ago + + + day(s) ago + + day(s) ago + + + Authorizations + Authorizations + + + Failed Logins + Failed Logins + + + Successful Logins + Successful Logins + + + : + + : + + + + Cancel + Cancel + + + LDAP Source + LDAP Source + + + SCIM Provider + SCIM Provider + + + Healthy + Healthy + + + Healthy outposts + Healthy outposts + + + Admin + Admin + + + Not found + Not found + + + The URL "" was not found. + The URL " + " was not found. + + + Return home + Return home + + + General system status + General system status + + + Welcome, . + Welcome, + . + + + Quick actions + Quick actions + + + Create a new application + Create a new application + + + Check the logs + Check the logs + + + Explore integrations + Explore integrations + + + Manage users + Manage users + + + Outpost status + Outpost status + + + Sync status + Sync status + + + Logins and authorizations over the last week (per 8 hours) + Logins and authorizations over the last week (per 8 hours) + + + Apps with most usage + Apps with most usage + + + days ago + + days ago + + + Objects created + Objects created + + + Users created per day in the last month + Users created per day in the last month + + + Logins per day in the last month + Logins per day in the last month + + + Failed Logins per day in the last month + Failed Logins per day in the last month + + + Clear search + Clear search + + + System Tasks + System Tasks + + + Long-running operations which authentik executes in the background. + Long-running operations which authentik executes in the background. + + + Identifier + Identifier + + + Description + Description + + + Last run + Last run + + + Status + Status + + + Actions + Actions + + + Successful + Successful + + + Error + Error + + + Unknown + Unknown + + + Duration + Duration + + + seconds + + seconds + + + Authentication + Authentication + + + Authorization + Authorization + + + Enrollment + Enrollment + + + Invalidation + Invalidation + + + Recovery + Recovery + + + Stage Configuration + Stage Configuration + + + Unenrollment + Unenrollment + + + Unknown designation + Unknown designation + + + Stacked + Stacked + + + Content left + Content left + + + Content right + Content right + + + Sidebar left + Sidebar left + + + Sidebar right + Sidebar right + + + Unknown layout + Unknown layout + + + Successfully updated provider. + Successfully updated provider. + + + Successfully created provider. + Successfully created provider. + + + Bind flow + Bind flow + + + Flow used for users to authenticate. + Flow used for users to authenticate. + + + Search group + Search group + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + + + Bind mode + Bind mode + + + Cached binding + Cached binding + + + Flow is executed and session is cached in memory. Flow is executed when session expires + Flow is executed and session is cached in memory. Flow is executed when session expires + + + Direct binding + Direct binding + + + Always execute the configured bind flow to authenticate the user + Always execute the configured bind flow to authenticate the user + + + Configure how the outpost authenticates requests. + Configure how the outpost authenticates requests. + + + Search mode + Search mode + + + Cached querying + Cached querying + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + + + Direct querying + Direct querying + + + Always returns the latest data, but slower than cached querying + Always returns the latest data, but slower than cached querying + + + Configure how the outpost queries the core authentik server's users. + Configure how the outpost queries the core authentik server's users. + + + Protocol settings + Protocol settings + + + Base DN + Base DN + + + LDAP DN under which bind requests and search requests can be made. + LDAP DN under which bind requests and search requests can be made. + + + Certificate + Certificate + + + UID start number + UID start number + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + + + GID start number + GID start number + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + + + (Format: hours=-1;minutes=-2;seconds=-3). + (Format: hours=-1;minutes=-2;seconds=-3). + + + (Format: hours=1;minutes=2;seconds=3). + (Format: hours=1;minutes=2;seconds=3). + + + The following keywords are supported: + The following keywords are supported: + + + Authentication flow + Authentication flow + + + Flow used when a user access this provider and is not authenticated. + Flow used when a user access this provider and is not authenticated. + + + Authorization flow + Authorization flow + + + Flow used when authorizing this provider. + Flow used when authorizing this provider. + + + Client type + Client type + + + Confidential + Confidential + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + + Public + Public + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + + Client ID + Client ID + + + Client Secret + Client Secret + + + Redirect URIs/Origins (RegEx) + Redirect URIs/Origins (RegEx) + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + + Signing Key + Signing Key + + + Key used to sign the tokens. + Key used to sign the tokens. + + + Advanced protocol settings + Advanced protocol settings + + + Access code validity + Access code validity + + + Configure how long access codes are valid for. + Configure how long access codes are valid for. + + + Access Token validity + Access Token validity + + + Configure how long access tokens are valid for. + Configure how long access tokens are valid for. + + + Refresh Token validity + Refresh Token validity + + + Configure how long refresh tokens are valid for. + Configure how long refresh tokens are valid for. + + + Scopes + Scopes + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + + + Hold control/command to select multiple items. + Hold control/command to select multiple items. + + + Subject mode + Subject mode + + + Based on the User's hashed ID + Based on the User's hashed ID + + + Based on the User's ID + Based on the User's ID + + + Based on the User's UUID + Based on the User's UUID + + + Based on the User's username + Based on the User's username + + + Based on the User's Email + Based on the User's Email + + + This is recommended over the UPN mode. + This is recommended over the UPN mode. + + + Based on the User's UPN + Based on the User's UPN + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + + + Include claims in id_token + Include claims in id_token + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + + + Issuer mode + Issuer mode + + + Each provider has a different issuer, based on the application slug + Each provider has a different issuer, based on the application slug + + + Same identifier is used for all providers + Same identifier is used for all providers + + + Configure how the issuer field of the ID Token should be filled. + Configure how the issuer field of the ID Token should be filled. + + + Machine-to-Machine authentication settings + Machine-to-Machine authentication settings + + + Trusted OIDC Sources + Trusted OIDC Sources + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + + HTTP-Basic Username Key + HTTP-Basic Username Key + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + + + HTTP-Basic Password Key + HTTP-Basic Password Key + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + User/Group Attribute used for the password part of the HTTP-Basic Header. + + + Proxy + Proxy + + + Forward auth (single application) + Forward auth (single application) + + + Forward auth (domain level) + Forward auth (domain level) + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + + + External host + External host + + + The external URL you'll access the application at. Include any non-standard port. + The external URL you'll access the application at. Include any non-standard port. + + + Internal host + Internal host + + + Upstream host that the requests are forwarded to. + Upstream host that the requests are forwarded to. + + + Internal host SSL Validation + Internal host SSL Validation + + + Validate SSL Certificates of upstream servers. + Validate SSL Certificates of upstream servers. + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + + + An example setup can look like this: + An example setup can look like this: + + + authentik running on auth.example.com + authentik running on auth.example.com + + + app1 running on app1.example.com + app1 running on app1.example.com + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + + + Authentication URL + Authentication URL + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + + + Cookie domain + Cookie domain + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + + + Unknown proxy mode + Unknown proxy mode + + + Token validity + Token validity + + + Configure how long tokens are valid for. + Configure how long tokens are valid for. + + + Additional scopes + Additional scopes + + + Additional scope mappings, which are passed to the proxy. + Additional scope mappings, which are passed to the proxy. + + + Unauthenticated URLs + Unauthenticated URLs + + + Unauthenticated Paths + Unauthenticated Paths + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + + + Authentication settings + Authentication settings + + + Intercept header authentication + Intercept header authentication + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + When enabled, authentik will intercept the Authorization header to authenticate the request. + + + Send HTTP-Basic Authentication + Send HTTP-Basic Authentication + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + Send a custom HTTP-Basic Authentication header based on values from authentik. + + + ACS URL + ACS URL + + + Issuer + Issuer + + + Also known as EntityID. + Also known as EntityID. + + + Service Provider Binding + Service Provider Binding + + + Redirect + Redirect + + + Post + Post + + + Determines how authentik sends the response back to the Service Provider. + Determines how authentik sends the response back to the Service Provider. + + + Audience + Audience + + + Signing Certificate + Signing Certificate + + + Certificate used to sign outgoing Responses going to the Service Provider. + Certificate used to sign outgoing Responses going to the Service Provider. + + + Verification Certificate + Verification Certificate + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + + + Property mappings + Property mappings + + + NameID Property Mapping + NameID Property Mapping + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + + + Assertion valid not before + Assertion valid not before + + + Configure the maximum allowed time drift for an assertion. + Configure the maximum allowed time drift for an assertion. + + + Assertion valid not on or after + Assertion valid not on or after + + + Assertion not valid on or after current time + this value. + Assertion not valid on or after current time + this value. + + + Session valid not on or after + Session valid not on or after + + + Session not valid on or after current time + this value. + Session not valid on or after current time + this value. + + + Digest algorithm + Digest algorithm + + + Signature algorithm + Signature algorithm + + + Successfully imported provider. + Successfully imported provider. + + + Metadata + Metadata + + + Apply changes + Apply changes + + + Close + Close + + + Finish + Finish + + + Back + Back + + + No form found + No form found + + + Form didn't return a promise for submitting + Form didn't return a promise for submitting + + + Select type + Select type + + + Try the new application wizard + Try the new application wizard + + + The new application wizard greatly simplifies the steps required to create applications and providers. + The new application wizard greatly simplifies the steps required to create applications and providers. + + + Try it now + Try it now + + + Create + Create + + + New provider + New provider + + + Create a new provider. + Create a new provider. + + + Create + Create + + + + Shared secret + Shared secret + + + Client Networks + Client Networks + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + + + URL + URL + + + SCIM base url, usually ends in /v2. + SCIM base url, usually ends in /v2. + + + Token + Token + + + Token to authenticate with. Currently only bearer authentication is supported. + Token to authenticate with. Currently only bearer authentication is supported. + + + User filtering + User filtering + + + Exclude service accounts + Exclude service accounts + + + Group + Group + + + Only sync users within the selected group. + Only sync users within the selected group. + + + Attribute mapping + Attribute mapping + + + User Property Mappings + User Property Mappings + + + Property mappings used to user mapping. + Property mappings used to user mapping. + + + Group Property Mappings + Group Property Mappings + + + Property mappings used to group creation. + Property mappings used to group creation. + + + Not used by any other object. + Not used by any other object. + + + object will be DELETED + object will be DELETED + + + connection will be deleted + connection will be deleted + + + reference will be reset to default value + reference will be reset to default value + + + reference will be set to an empty value + reference will be set to an empty value + + + () + + ( + ) + + + ID + ID + + + Successfully deleted + + + Failed to delete : + Failed to delete + : + + + + Delete + Delete + + + + Are you sure you want to delete ? + + + Delete + Delete + + + Providers + Providers + + + Provide support for protocols like SAML and OAuth to assigned applications. + Provide support for protocols like SAML and OAuth to assigned applications. + + + Type + Type + + + Provider(s) + Provider(s) + + + Assigned to application + Assigned to application + + + Assigned to application (backchannel) + Assigned to application (backchannel) + + + Warning: Provider not assigned to any application. + Warning: Provider not assigned to any application. + + + Update + Update + + + Update + Update + + + + Select providers to add to application + Select providers to add to application + + + Add + Add + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + + + Successfully updated application. + Successfully updated application. + + + Successfully created application. + Successfully created application. + + + Application's display Name. + Application's display Name. + + + Slug + Slug + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + Optionally enter a group name. Applications with identical groups are shown grouped together. + + + Provider + Provider + + + Select a provider that this application should use. + Select a provider that this application should use. + + + Select backchannel providers which augment the functionality of the main provider. + Select backchannel providers which augment the functionality of the main provider. + + + Policy engine mode + Policy engine mode + + + Any policy must match to grant access + Any policy must match to grant access + + + All policies must match to grant access + All policies must match to grant access + + + UI settings + UI settings + + + Launch URL + Launch URL + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + If left empty, authentik will try to extract the launch URL based on the selected provider. + + + Open in new tab + Open in new tab + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + If checked, the launch URL will open in a new browser tab or window from the user's application library. + + + Icon + Icon + + + Currently set to: + Currently set to: + + + Clear icon + Clear icon + + + Publisher + Publisher + + + Create Application + Create Application + + + Overview + Overview + + + Changelog + Changelog + + + Warning: Provider is not used by any Outpost. + Warning: Provider is not used by any Outpost. + + + Assigned to application + Assigned to application + + + Update LDAP Provider + Update LDAP Provider + + + Edit + Edit + + + How to connect + How to connect + + + Connect to the LDAP Server on port 389: + Connect to the LDAP Server on port 389: + + + Check the IP of the Kubernetes service, or + Check the IP of the Kubernetes service, or + + + The Host IP of the docker host + The Host IP of the docker host + + + Bind DN + Bind DN + + + Bind Password + Bind Password + + + Search base + Search base + + + Preview + Preview + + + Warning: Provider is not used by an Application. + Warning: Provider is not used by an Application. + + + Redirect URIs + Redirect URIs + + + Update OAuth2 Provider + Update OAuth2 Provider + + + OpenID Configuration URL + OpenID Configuration URL + + + OpenID Configuration Issuer + OpenID Configuration Issuer + + + Authorize URL + Authorize URL + + + Token URL + Token URL + + + Userinfo URL + Userinfo URL + + + Logout URL + Logout URL + + + JWKS URL + JWKS URL + + + Example JWT payload (for currently authenticated user) + Example JWT payload (for currently authenticated user) + + + Forward auth (domain-level) + Forward auth (domain-level) + + + Nginx (Ingress) + Nginx (Ingress) + + + Nginx (Proxy Manager) + Nginx (Proxy Manager) + + + Nginx (standalone) + Nginx (standalone) + + + Traefik (Ingress) + Traefik (Ingress) + + + Traefik (Compose) + Traefik (Compose) + + + Traefik (Standalone) + Traefik (Standalone) + + + Caddy (Standalone) + Caddy (Standalone) + + + Internal Host + Internal Host + + + External Host + External Host + + + Basic-Auth + Basic-Auth + + + Yes + Yes + + + Mode + Mode + + + Update Proxy Provider + Update Proxy Provider + + + Protocol Settings + Protocol Settings + + + Allowed Redirect URIs + Allowed Redirect URIs + + + Setup + Setup + + + No additional setup is required. + No additional setup is required. + + + Update Radius Provider + Update Radius Provider + + + Download + Download + + + Copy download URL + Copy download URL + + + Download signing certificate + Download signing certificate + + + Related objects + Related objects + + + Update SAML Provider + Update SAML Provider + + + SAML Configuration + SAML Configuration + + + EntityID/Issuer + EntityID/Issuer + + + SSO URL (Post) + SSO URL (Post) + + + SSO URL (Redirect) + SSO URL (Redirect) + + + SSO URL (IdP-initiated Login) + SSO URL (IdP-initiated Login) + + + SLO URL (Post) + SLO URL (Post) + + + SLO URL (Redirect) + SLO URL (Redirect) + + + SAML Metadata + SAML Metadata + + + Example SAML attributes + Example SAML attributes + + + NameID attribute + NameID attribute + + + Warning: Provider is not assigned to an application as backchannel provider. + Warning: Provider is not assigned to an application as backchannel provider. + + + Update SCIM Provider + Update SCIM Provider + + + Run sync again + Run sync again + + + Modern applications, APIs and Single-page applications. + Modern applications, APIs and Single-page applications. + + + LDAP + LDAP + + + Provide an LDAP interface for applications and users to authenticate against. + Provide an LDAP interface for applications and users to authenticate against. + + + New application + New application + + + Applications + Applications + + + Provider Type + Provider Type + + + Application(s) + Application(s) + + + Application Icon + Application Icon + + + Update Application + Update Application + + + Successfully sent test-request. + Successfully sent test-request. + + + Log messages + Log messages + + + No log messages. + No log messages. + + + Active + Active + + + Last login + Last login + + + Select users to add + Select users to add + + + Successfully updated group. + Successfully updated group. + + + Successfully created group. + Successfully created group. + + + Is superuser + Is superuser + + + Users added to this group will be superusers. + Users added to this group will be superusers. + + + Parent + Parent + + + Attributes + Attributes + + + Set custom attributes using YAML or JSON. + Set custom attributes using YAML or JSON. + + + Successfully updated binding. + Successfully updated binding. + + + Successfully created binding. + Successfully created binding. + + + Policy + Policy + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + Group mappings can only be checked if a user is already logged in when trying to access this source. + + + User mappings can only be checked if a user is already logged in when trying to access this source. + User mappings can only be checked if a user is already logged in when trying to access this source. + + + Enabled + Enabled + + + Negate result + Negate result + + + Negates the outcome of the binding. Messages are unaffected. + Negates the outcome of the binding. Messages are unaffected. + + + Order + Order + + + Timeout + Timeout + + + Successfully updated policy. + Successfully updated policy. + + + Successfully created policy. + Successfully created policy. + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + + Execution logging + Execution logging + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + + Policy-specific settings + Policy-specific settings + + + Pass policy? + Pass policy? + + + Wait (min) + Wait (min) + + + The policy takes a random time to execute. This controls the minimum time it will take. + The policy takes a random time to execute. This controls the minimum time it will take. + + + Wait (max) + Wait (max) + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + + + Match created events with this action type. When left empty, all action types will be matched. + Match created events with this action type. When left empty, all action types will be matched. + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + + + Match events created by selected application. When left empty, all applications are matched. + Match events created by selected application. When left empty, all applications are matched. + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + + + Maximum age (in days) + Maximum age (in days) + + + Only fail the policy, don't invalidate user's password + Only fail the policy, don't invalidate user's password + + + Executes the python snippet to determine whether to allow or deny a request. + Executes the python snippet to determine whether to allow or deny a request. + + + Expression using Python. + Expression using Python. + + + See documentation for a list of all variables. + See documentation for a list of all variables. + + + Static rules + Static rules + + + Minimum length + Minimum length + + + Minimum amount of Uppercase Characters + Minimum amount of Uppercase Characters + + + Minimum amount of Lowercase Characters + Minimum amount of Lowercase Characters + + + Minimum amount of Digits + Minimum amount of Digits + + + Minimum amount of Symbols Characters + Minimum amount of Symbols Characters + + + Error message + Error message + + + Symbol charset + Symbol charset + + + Characters which are considered as symbols. + Characters which are considered as symbols. + + + HaveIBeenPwned settings + HaveIBeenPwned settings + + + Allowed count + Allowed count + + + Allow up to N occurrences in the HIBP database. + Allow up to N occurrences in the HIBP database. + + + zxcvbn settings + zxcvbn settings + + + Score threshold + Score threshold + + + If the password's score is less than or equal this value, the policy will fail. + If the password's score is less than or equal this value, the policy will fail. + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + Checks the value from the policy request against several rules, mostly used to ensure password strength. + + + Password field + Password field + + + Field key to check, field keys defined in Prompt stages are available. + Field key to check, field keys defined in Prompt stages are available. + + + Check static rules + Check static rules + + + Check haveibeenpwned.com + Check haveibeenpwned.com + + + For more info see: + For more info see: + + + Check zxcvbn + Check zxcvbn + + + Password strength estimator created by Dropbox, see: + Password strength estimator created by Dropbox, see: + + + Allows/denys requests based on the users and/or the IPs reputation. + Allows/denys requests based on the users and/or the IPs reputation. + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + + + Check IP + Check IP + + + Check Username + Check Username + + + Threshold + Threshold + + + New policy + New policy + + + Create a new policy. + Create a new policy. + + + Create Binding + Create Binding + + + Superuser + Superuser + + + Members + Members + + + Select groups to add user to + Select groups to add user to + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + Warning: Adding the user to the selected group(s) will give them superuser permissions. + + + Successfully updated user. + Successfully updated user. + + + Successfully created user. + Successfully created user. + + + Username + Username + + + User's primary identifier. 150 characters or fewer. + User's primary identifier. 150 characters or fewer. + + + User's display name. + User's display name. + + + Email + Email + + + Is active + Is active + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + + + Path + Path + + + Policy / User / Group + Policy / User / Group + + + Policy + Policy + + + + Group + Group + + + + User + User + + + + Edit Policy + Edit Policy + + + Update Group + Update Group + + + Edit Group + Edit Group + + + Update User + Update User + + + Edit User + Edit User + + + Policy binding(s) + Policy binding(s) + + + Update Binding + Update Binding + + + Edit Binding + Edit Binding + + + No Policies bound. + No Policies bound. + + + No policies are currently bound to this object. + No policies are currently bound to this object. + + + Bind existing policy + Bind existing policy + + + Warning: Application is not used by any Outpost. + Warning: Application is not used by any Outpost. + + + Related + Related + + + Backchannel Providers + Backchannel Providers + + + Check access + Check access + + + Check + Check + + + Check Application access + Check Application access + + + Test + Test + + + Launch + Launch + + + Logins over the last week (per 8 hours) + Logins over the last week (per 8 hours) + + + Policy / Group / User Bindings + Policy / Group / User Bindings + + + These policies control which users can access this application. + These policies control which users can access this application. + + + Successfully updated source. + Successfully updated source. + + + Successfully created source. + Successfully created source. + + + Sync users + Sync users + + + User password writeback + User password writeback + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + + + Sync groups + Sync groups + + + Connection settings + Connection settings + + + Server URI + Server URI + + + Specify multiple server URIs by separating them with a comma. + Specify multiple server URIs by separating them with a comma. + + + Enable StartTLS + Enable StartTLS + + + To use SSL instead, use 'ldaps://' and disable this option. + To use SSL instead, use 'ldaps://' and disable this option. + + + TLS Verification Certificate + TLS Verification Certificate + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + + + Bind CN + Bind CN + + + LDAP Attribute mapping + LDAP Attribute mapping + + + Property mappings used to user creation. + Property mappings used to user creation. + + + Additional settings + Additional settings + + + Parent group for all the groups imported from LDAP. + Parent group for all the groups imported from LDAP. + + + User path + User path + + + Addition User DN + Addition User DN + + + Additional user DN, prepended to the Base DN. + Additional user DN, prepended to the Base DN. + + + Addition Group DN + Addition Group DN + + + Additional group DN, prepended to the Base DN. + Additional group DN, prepended to the Base DN. + + + User object filter + User object filter + + + Consider Objects matching this filter to be Users. + Consider Objects matching this filter to be Users. + + + Group object filter + Group object filter + + + Consider Objects matching this filter to be Groups. + Consider Objects matching this filter to be Groups. + + + Group membership field + Group membership field + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + + + Object uniqueness field + Object uniqueness field + + + Field which contains a unique Identifier. + Field which contains a unique Identifier. + + + Link users on unique identifier + Link users on unique identifier + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + + + Use the user's email address, but deny enrollment when the email address already exists + Use the user's email address, but deny enrollment when the email address already exists + + + Link to a user with identical username. Can have security implications when a username is used with another source + Link to a user with identical username. Can have security implications when a username is used with another source + + + Use the user's username, but deny enrollment when the username already exists + Use the user's username, but deny enrollment when the username already exists + + + Unknown user matching mode + Unknown user matching mode + + + URL settings + URL settings + + + Authorization URL + Authorization URL + + + URL the user is redirect to to consent the authorization. + URL the user is redirect to to consent the authorization. + + + Access token URL + Access token URL + + + URL used by authentik to retrieve tokens. + URL used by authentik to retrieve tokens. + + + Profile URL + Profile URL + + + URL used by authentik to get user information. + URL used by authentik to get user information. + + + Request token URL + Request token URL + + + URL used to request the initial token. This URL is only required for OAuth 1. + URL used to request the initial token. This URL is only required for OAuth 1. + + + OIDC Well-known URL + OIDC Well-known URL + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + + + OIDC JWKS URL + OIDC JWKS URL + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + + + OIDC JWKS + OIDC JWKS + + + Raw JWKS data. + Raw JWKS data. + + + User matching mode + User matching mode + + + Delete currently set icon. + Delete currently set icon. + + + Consumer key + Consumer key + + + Consumer secret + Consumer secret + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + + + Flow settings + Flow settings + + + Flow to use when authenticating existing users. + Flow to use when authenticating existing users. + + + Enrollment flow + Enrollment flow + + + Flow to use when enrolling new users. + Flow to use when enrolling new users. + + + Load servers + Load servers + + + Re-authenticate with plex + Re-authenticate with plex + + + Allow friends to authenticate via Plex, even if you don't share any servers + Allow friends to authenticate via Plex, even if you don't share any servers + + + Allowed servers + Allowed servers + + + Select which server a user has to be a member of to be allowed to authenticate. + Select which server a user has to be a member of to be allowed to authenticate. + + + SSO URL + SSO URL + + + URL that the initial Login request is sent to. + URL that the initial Login request is sent to. + + + SLO URL + SLO URL + + + Optional URL if the IDP supports Single-Logout. + Optional URL if the IDP supports Single-Logout. + + + Also known as Entity ID. Defaults the Metadata URL. + Also known as Entity ID. Defaults the Metadata URL. + + + Binding Type + Binding Type + + + Redirect binding + Redirect binding + + + Post-auto binding + Post-auto binding + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + Post binding but the request is automatically sent and the user doesn't have to confirm. + + + Post binding + Post binding + + + Signing keypair + Signing keypair + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + + + Allow IDP-initiated logins + Allow IDP-initiated logins + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + + + NameID Policy + NameID Policy + + + Persistent + Persistent + + + Email address + Email address + + + Windows + Windows + + + X509 Subject + X509 Subject + + + Transient + Transient + + + Delete temporary users after + Delete temporary users after + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + + + Pre-authentication flow + Pre-authentication flow + + + Flow used before authentication. + Flow used before authentication. + + + New source + New source + + + Create a new source. + Create a new source. + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + + + Source(s) + Source(s) + + + Disabled + Disabled + + + Built-in + Built-in + + + Update LDAP Source + Update LDAP Source + + + Not synced yet. + Not synced yet. + + + Task finished with warnings + Task finished with warnings + + + Task finished with errors + Task finished with errors + + + Last sync: + Last sync: + + + + OAuth Source + OAuth Source + + + + Generic OpenID Connect + Generic OpenID Connect + + + Unknown provider type + Unknown provider type + + + Details + Details + + + Callback URL + Callback URL + + + Access Key + Access Key + + + Update OAuth Source + Update OAuth Source + + + Diagram + Diagram + + + Policy Bindings + Policy Bindings + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + + + Update Plex Source + Update Plex Source + + + Update SAML Source + Update SAML Source + + + Successfully updated mapping. + Successfully updated mapping. + + + Successfully created mapping. + Successfully created mapping. + + + Object field + Object field + + + Field of the user object this value is written to. + Field of the user object this value is written to. + + + SAML Attribute Name + SAML Attribute Name + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + + + Friendly Name + Friendly Name + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + Optionally set the 'FriendlyName' value of the Assertion attribute. + + + Scope name + Scope name + + + Scope which the client can specify to access these properties. + Scope which the client can specify to access these properties. + + + Description shown to the user when consenting. If left empty, the user won't be informed. + Description shown to the user when consenting. If left empty, the user won't be informed. + + + Example context data + Example context data + + + Active Directory User + Active Directory User + + + Active Directory Group + Active Directory Group + + + New property mapping + New property mapping + + + Create a new property mapping. + Create a new property mapping. + + + Property Mappings + Property Mappings + + + Control how authentik exposes and interprets information. + Control how authentik exposes and interprets information. + + + Property Mapping(s) + Property Mapping(s) + + + Test Property Mapping + Test Property Mapping + + + Hide managed mappings + Hide managed mappings + + + Successfully updated token. + Successfully updated token. + + + Successfully created token. + Successfully created token. + + + Unique identifier the token is referenced by. + Unique identifier the token is referenced by. + + + Intent + Intent + + + API Token + API Token + + + Used to access the API programmatically + Used to access the API programmatically + + + App password. + App password. + + + Used to login using a flow executor + Used to login using a flow executor + + + Expiring + Expiring + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + If this is selected, the token will expire. Upon expiration, the token will be rotated. + + + Expires on + Expires on + + + API Access + API Access + + + App password + App password + + + Verification + Verification + + + Unknown intent + Unknown intent + + + Tokens + Tokens + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + + + Expires? + Expires? + + + Expiry date + Expiry date + + + Token(s) + Token(s) + + + Create Token + Create Token + + + Token is managed by authentik. + Token is managed by authentik. + + + Update Token + Update Token + + + Domain + Domain + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + + + Default + Default + + + Branding settings + Branding settings + + + Title + Title + + + Branding shown in page title and several other places. + Branding shown in page title and several other places. + + + Logo + Logo + + + Icon shown in sidebar/header and flow executor. + Icon shown in sidebar/header and flow executor. + + + Favicon + Favicon + + + Icon shown in the browser tab. + Icon shown in the browser tab. + + + Default flows + Default flows + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + + + Invalidation flow + Invalidation flow + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + + + Recovery flow + Recovery flow + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + + + Unenrollment flow + Unenrollment flow + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + + + User settings flow + User settings flow + + + If set, users are able to configure details of their profile. + If set, users are able to configure details of their profile. + + + Device code flow + Device code flow + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + + + Other global settings + Other global settings + + + Web Certificate + Web Certificate + + + Event retention + Event retention + + + Duration after which events will be deleted from the database. + Duration after which events will be deleted from the database. + + + When using an external logging solution for archiving, this can be set to "minutes=5". + When using an external logging solution for archiving, this can be set to "minutes=5". + + + This setting only affects new Events, as the expiration is saved per-event. + This setting only affects new Events, as the expiration is saved per-event. + + + Configure visual settings and defaults for different domains. + Configure visual settings and defaults for different domains. + + + Default? + Default? + + + Policies + Policies + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + + + Assigned to object(s). + Assigned to + object(s). + + + Warning: Policy is not assigned. + Warning: Policy is not assigned. + + + Test Policy + Test Policy + + + Policy / Policies + Policy / Policies + + + Successfully cleared policy cache + Successfully cleared policy cache + + + Failed to delete policy cache + Failed to delete policy cache + + + Clear cache + Clear cache + + + Clear Policy cache + Clear Policy cache + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + + + Reputation scores + Reputation scores + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + + + IP + IP + + + Score + Score + + + Updated + Updated + + + Reputation + Reputation + + + Groups + Groups + + + Group users together and give them permissions based on the membership. + Group users together and give them permissions based on the membership. + + + Superuser privileges? + Superuser privileges? + + + Group(s) + Group(s) + + + Create Group + Create Group + + + Create group + Create group + + + Enabling this toggle will create a group named after the user, with the user as member. + Enabling this toggle will create a group named after the user, with the user as member. + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + + + Password + Password + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + + + The following objects use + The following objects use + + + + connecting object will be deleted + connecting object will be deleted + + + Successfully updated + + + Failed to update : + Failed to update + : + + + + Are you sure you want to update ""? + Are you sure you want to update + " + "? + + + Successfully updated password. + Successfully updated password. + + + Successfully sent email. + Successfully sent email. + + + Email stage + Email stage + + + Successfully added user(s). + Successfully added user(s). + + + Users to add + Users to add + + + User(s) + User(s) + + + Remove Users(s) + Remove Users(s) + + + Are you sure you want to remove the selected users from the group ? + Are you sure you want to remove the selected users from the group + ? + + + Remove + Remove + + + Impersonate + Impersonate + + + User status + User status + + + Change status + Change status + + + Deactivate + Deactivate + + + Update password + Update password + + + Set password + Set password + + + Successfully generated recovery link + Successfully generated recovery link + + + No recovery flow is configured. + No recovery flow is configured. + + + Copy recovery link + Copy recovery link + + + Send link + Send link + + + Send recovery link to user + Send recovery link to user + + + Email recovery link + Email recovery link + + + Recovery link cannot be emailed, user has no email address saved. + Recovery link cannot be emailed, user has no email address saved. + + + Add User + Add User + + + Warning: This group is configured with superuser access. Added users will have superuser access. + Warning: This group is configured with superuser access. Added users will have superuser access. + + + Add existing user + Add existing user + + + Create user + Create user + + + Create User + Create User + + + Create Service account + Create Service account + + + Hide service-accounts + Hide service-accounts + + + Group Info + Group Info + + + Notes + Notes + + + Edit the notes attribute of this group to add notes here. + Edit the notes attribute of this group to add notes here. + + + Users + Users + + + Root + Root + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + Warning: You're about to delete the user you're logged in as ( + ). Proceed at your own risk. + + + Hide deactivated user + Hide deactivated user + + + User folders + User folders + + + Successfully added user to group(s). + Successfully added user to group(s). + + + Groups to add + Groups to add + + + Remove from Group(s) + Remove from Group(s) + + + Are you sure you want to remove user from the following groups? + Are you sure you want to remove user + from the following groups? + + + Add Group + Add Group + + + Add to existing group + Add to existing group + + + Add new group + Add new group + + + Application authorizations + Application authorizations + + + Revoked? + Revoked? + + + Expires + Expires + + + ID Token + ID Token + + + Refresh Tokens(s) + Refresh Tokens(s) + + + Last IP + Last IP + + + Session(s) + Session(s) + + + Expiry + Expiry + + + (Current session) + (Current session) + + + Permissions + Permissions + + + Consent(s) + Consent(s) + + + Successfully updated device. + Successfully updated device. + + + Static tokens + Static tokens + + + TOTP Device + TOTP Device + + + Enroll + Enroll + + + Device(s) + Device(s) + + + Update Device + Update Device + + + Confirmed + Confirmed + + + User Info + User Info + + + Actions over the last week (per 8 hours) + Actions over the last week (per 8 hours) + + + Edit the notes attribute of this user to add notes here. + Edit the notes attribute of this user to add notes here. + + + Sessions + Sessions + + + User events + User events + + + Explicit Consent + Explicit Consent + + + OAuth Refresh Tokens + OAuth Refresh Tokens + + + MFA Authenticators + MFA Authenticators + + + Successfully updated invitation. + Successfully updated invitation. + + + Successfully created invitation. + Successfully created invitation. + + + Flow + Flow + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + + + Single use + Single use + + + When enabled, the invitation will be deleted after usage. + When enabled, the invitation will be deleted after usage. + + + Select an enrollment flow + Select an enrollment flow + + + Link to use the invitation. + Link to use the invitation. + + + Invitations + Invitations + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + + + Created by + Created by + + + Invitation(s) + Invitation(s) + + + Invitation not limited to any flow, and can be used with any enrollment flow. + Invitation not limited to any flow, and can be used with any enrollment flow. + + + Update Invitation + Update Invitation + + + Create Invitation + Create Invitation + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + + + Auto-detect (based on your browser) + Auto-detect (based on your browser) + + + Required. + Required. + + + Continue + Continue + + + Successfully updated prompt. + Successfully updated prompt. + + + Successfully created prompt. + Successfully created prompt. + + + Text: Simple Text input + Text: Simple Text input + + + Text Area: Multiline text input + Text Area: Multiline text input + + + Text (read-only): Simple Text input, but cannot be edited. + Text (read-only): Simple Text input, but cannot be edited. + + + Text Area (read-only): Multiline text input, but cannot be edited. + Text Area (read-only): Multiline text input, but cannot be edited. + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + Username: Same as Text input, but checks for and prevents duplicate usernames. + + + Email: Text field with Email type. + Email: Text field with Email type. + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + + Number + Number + + + Checkbox + Checkbox + + + Radio Button Group (fixed choice) + Radio Button Group (fixed choice) + + + Dropdown (fixed choice) + Dropdown (fixed choice) + + + Date + Date + + + Date Time + Date Time + + + File + File + + + Separator: Static Separator Line + Separator: Static Separator Line + + + Hidden: Hidden field, can be used to insert data into form. + Hidden: Hidden field, can be used to insert data into form. + + + Static: Static value, displayed as-is. + Static: Static value, displayed as-is. + + + authentik: Locale: Displays a list of locales authentik supports. + authentik: Locale: Displays a list of locales authentik supports. + + + Preview errors + Preview errors + + + Data preview + Data preview + + + Unique name of this field, used for selecting fields in prompt stages. + Unique name of this field, used for selecting fields in prompt stages. + + + Field Key + Field Key + + + Name of the form field, also used to store the value. + Name of the form field, also used to store the value. + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + + + Label + Label + + + Label shown next to/above the prompt. + Label shown next to/above the prompt. + + + Required + Required + + + Interpret placeholder as expression + Interpret placeholder as expression + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + + + Placeholder + Placeholder + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + + + Interpret initial value as expression + Interpret initial value as expression + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + + + Initial value + Initial value + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + + + Help text + Help text + + + Any HTML can be used. + Any HTML can be used. + + + Prompts + Prompts + + + Single Prompts that can be used for Prompt Stages. + Single Prompts that can be used for Prompt Stages. + + + Field + Field + + + Stages + Stages + + + Prompt(s) + Prompt(s) + + + Update Prompt + Update Prompt + + + Create Prompt + Create Prompt + + + Target + Target + + + Stage + Stage + + + Evaluate when flow is planned + Evaluate when flow is planned + + + Evaluate policies during the Flow planning process. + Evaluate policies during the Flow planning process. + + + Evaluate when stage is run + Evaluate when stage is run + + + Evaluate policies before the Stage is present to the user. + Evaluate policies before the Stage is present to the user. + + + Invalid response behavior + Invalid response behavior + + + Returns the error message and a similar challenge to the executor + Returns the error message and a similar challenge to the executor + + + Restarts the flow from the beginning + Restarts the flow from the beginning + + + Restarts the flow from the beginning, while keeping the flow context + Restarts the flow from the beginning, while keeping the flow context + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + + + Successfully updated stage. + Successfully updated stage. + + + Successfully created stage. + Successfully created stage. + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + + + Authenticator type name + Authenticator type name + + + Display name of this authenticator, used by users when they enroll an authenticator. + Display name of this authenticator, used by users when they enroll an authenticator. + + + API Hostname + API Hostname + + + Duo Auth API + Duo Auth API + + + Integration key + Integration key + + + Secret key + Secret key + + + Duo Admin API (optional) + Duo Admin API (optional) + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + + + Stage-specific settings + Stage-specific settings + + + Configuration flow + Configuration flow + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + + + Twilio Account SID + Twilio Account SID + + + Get this value from https://console.twilio.com + Get this value from https://console.twilio.com + + + Twilio Auth Token + Twilio Auth Token + + + Authentication Type + Authentication Type + + + Basic Auth + Basic Auth + + + Bearer Token + Bearer Token + + + External API URL + External API URL + + + This is the full endpoint to send POST requests to. + This is the full endpoint to send POST requests to. + + + API Auth Username + API Auth Username + + + This is the username to be used with basic auth or the token when used with bearer token + This is the username to be used with basic auth or the token when used with bearer token + + + API Auth password + API Auth password + + + This is the password to be used with basic auth + This is the password to be used with basic auth + + + Mapping + Mapping + + + Modify the payload sent to the custom provider. + Modify the payload sent to the custom provider. + + + Stage used to configure an SMS-based TOTP authenticator. + Stage used to configure an SMS-based TOTP authenticator. + + + Twilio + Twilio + + + Generic + Generic + + + From number + From number + + + Number the SMS will be sent from. + Number the SMS will be sent from. + + + Hash phone number + Hash phone number + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + + + Token count + Token count + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + + + Digits + Digits + + + 6 digits, widely compatible + 6 digits, widely compatible + + + 8 digits, not compatible with apps like Google Authenticator + 8 digits, not compatible with apps like Google Authenticator + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + + + Device classes + Device classes + + + Static Tokens + Static Tokens + + + TOTP Authenticators + TOTP Authenticators + + + WebAuthn Authenticators + WebAuthn Authenticators + + + Duo Authenticators + Duo Authenticators + + + SMS-based Authenticators + SMS-based Authenticators + + + Device classes which can be used to authenticate. + Device classes which can be used to authenticate. + + + Last validation threshold + Last validation threshold + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + + + Not configured action + Not configured action + + + Force the user to configure an authenticator + Force the user to configure an authenticator + + + Deny the user access + Deny the user access + + + WebAuthn User verification + WebAuthn User verification + + + User verification must occur. + User verification must occur. + + + User verification is preferred if available, but not required. + User verification is preferred if available, but not required. + + + User verification should not occur. + User verification should not occur. + + + Configuration stages + Configuration stages + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + + + When multiple stages are selected, the user can choose which one they want to enroll. + When multiple stages are selected, the user can choose which one they want to enroll. + + + User verification + User verification + + + Resident key requirement + Resident key requirement + + + Authenticator Attachment + Authenticator Attachment + + + No preference is sent + No preference is sent + + + A non-removable authenticator, like TouchID or Windows Hello + A non-removable authenticator, like TouchID or Windows Hello + + + A "roaming" authenticator, like a YubiKey + A "roaming" authenticator, like a YubiKey + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + + + Public Key + Public Key + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + + + Private Key + Private Key + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + + + Advanced settings + Advanced settings + + + JS URL + JS URL + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + + + API URL + API URL + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + + + Always require consent + Always require consent + + + Consent given last indefinitely + Consent given last indefinitely + + + Consent expires. + Consent expires. + + + Consent expires in + Consent expires in + + + Offset after which consent expires. + Offset after which consent expires. + + + Dummy stage used for testing. Shows a simple continue button and always passes. + Dummy stage used for testing. Shows a simple continue button and always passes. + + + Throw error? + Throw error? + + + SMTP Host + SMTP Host + + + SMTP Port + SMTP Port + + + SMTP Username + SMTP Username + + + SMTP Password + SMTP Password + + + Use TLS + Use TLS + + + Use SSL + Use SSL + + + From address + From address + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + + Activate pending user on success + Activate pending user on success + + + When a user returns from the email successfully, their account will be activated. + When a user returns from the email successfully, their account will be activated. + + + Use global settings + Use global settings + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + When enabled, global Email connection settings will be used and connection settings below will be ignored. + + + Token expiry + Token expiry + + + Time in minutes the token sent is valid. + Time in minutes the token sent is valid. + + + Template + Template + + + Let the user identify themselves with their username or Email address. + Let the user identify themselves with their username or Email address. + + + User fields + User fields + + + UPN + UPN + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + + Password stage + Password stage + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + + Case insensitive matching + Case insensitive matching + + + When enabled, user fields are matched regardless of their casing. + When enabled, user fields are matched regardless of their casing. + + + Show matched user + Show matched user + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + + Source settings + Source settings + + + Sources + Sources + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + + Show sources' labels + Show sources' labels + + + By default, only icons are shown for sources. Enable this to show their full names. + By default, only icons are shown for sources. Enable this to show their full names. + + + Passwordless flow + Passwordless flow + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + + Optional enrollment flow, which is linked at the bottom of the page. + Optional enrollment flow, which is linked at the bottom of the page. + + + Optional recovery flow, which is linked at the bottom of the page. + Optional recovery flow, which is linked at the bottom of the page. + + + This stage can be included in enrollment flows to accept invitations. + This stage can be included in enrollment flows to accept invitations. + + + Continue flow without invitation + Continue flow without invitation + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + + Validate the user's password against the selected backend(s). + Validate the user's password against the selected backend(s). + + + Backends + Backends + + + User database + standard password + User database + standard password + + + User database + app passwords + User database + app passwords + + + User database + LDAP password + User database + LDAP password + + + Selection of backends to test the password against. + Selection of backends to test the password against. + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + + Failed attempts before cancel + Failed attempts before cancel + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + + Fields + Fields + + + ("", of type ) + + (" + ", of type + ) + + + Validation Policies + Validation Policies + + + Selected policies are executed when the stage is submitted to validate the data. + Selected policies are executed when the stage is submitted to validate the data. + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + + Log the currently pending user in. + Log the currently pending user in. + + + Session duration + Session duration + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + + See here. + See here. + + + Stay signed in offset + Stay signed in offset + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + + Terminate other sessions + Terminate other sessions + + + When enabled, all previous sessions of the user will be terminated. + When enabled, all previous sessions of the user will be terminated. + + + Remove the user from the current session. + Remove the user from the current session. + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + + + Never create users + Never create users + + + When no user is present in the flow context, the stage will fail. + When no user is present in the flow context, the stage will fail. + + + Create users when required + Create users when required + + + When no user is present in the the flow context, a new user is created. + When no user is present in the the flow context, a new user is created. + + + Always create new users + Always create new users + + + Create a new user even if a user is in the flow context. + Create a new user even if a user is in the flow context. + + + Create users as inactive + Create users as inactive + + + Mark newly created users as inactive. + Mark newly created users as inactive. + + + User path template + User path template + + + Path new users will be created under. If left blank, the default path will be used. + Path new users will be created under. If left blank, the default path will be used. + + + Newly created users are added to this group, if a group is selected. + Newly created users are added to this group, if a group is selected. + + + New stage + New stage + + + Create a new stage. + Create a new stage. + + + Successfully imported device. + Successfully imported device. + + + The user in authentik this device will be assigned to. + The user in authentik this device will be assigned to. + + + Duo User ID + Duo User ID + + + The user ID in Duo, can be found in the URL after clicking on a user. + The user ID in Duo, can be found in the URL after clicking on a user. + + + Automatic import + Automatic import + + + Successfully imported devices. + Successfully imported + devices. + + + Start automatic import + Start automatic import + + + Or manually import + Or manually import + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + + + Flows + Flows + + + Stage(s) + Stage(s) + + + Import + Import + + + Import Duo device + Import Duo device + + + Successfully updated flow. + Successfully updated flow. + + + Successfully created flow. + Successfully created flow. + + + Shown as the Title in Flow pages. + Shown as the Title in Flow pages. + + + Visible in the URL. + Visible in the URL. + + + Designation + Designation + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + + + No requirement + No requirement + + + Require authentication + Require authentication + + + Require no authentication. + Require no authentication. + + + Require superuser. + Require superuser. + + + Required authentication level for this flow. + Required authentication level for this flow. + + + Behavior settings + Behavior settings + + + Compatibility mode + Compatibility mode + + + Increases compatibility with password managers and mobile devices. + Increases compatibility with password managers and mobile devices. + + + Denied action + Denied action + + + Will follow the ?next parameter if set, otherwise show a message + Will follow the ?next parameter if set, otherwise show a message + + + Will either follow the ?next parameter or redirect to the default interface + Will either follow the ?next parameter or redirect to the default interface + + + Will notify the user the flow isn't applicable + Will notify the user the flow isn't applicable + + + Decides the response when a policy denies access to this flow for a user. + Decides the response when a policy denies access to this flow for a user. + + + Appearance settings + Appearance settings + + + Layout + Layout + + + Background + Background + + + Background shown during execution. + Background shown during execution. + + + Clear background + Clear background + + + Delete currently set background image. + Delete currently set background image. + + + Successfully imported flow. + Successfully imported flow. + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + + + Flow(s) + Flow(s) + + + Update Flow + Update Flow + + + Create Flow + Create Flow + + + Import Flow + Import Flow + + + Successfully cleared flow cache + Successfully cleared flow cache + + + Failed to delete flow cache + Failed to delete flow cache + + + Clear Flow cache + Clear Flow cache + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + + + Stage binding(s) + Stage binding(s) + + + Stage type + Stage type + + + Edit Stage + Edit Stage + + + Update Stage binding + Update Stage binding + + + These bindings control if this stage will be applied to the flow. + These bindings control if this stage will be applied to the flow. + + + No Stages bound + No Stages bound + + + No stages are currently bound to this flow. + No stages are currently bound to this flow. + + + Create Stage binding + Create Stage binding + + + Bind stage + Bind stage + + + Bind existing stage + Bind existing stage + + + Flow Overview + Flow Overview + + + Related actions + Related actions + + + Execute flow + Execute flow + + + Normal + Normal + + + with current user + with current user + + + with inspector + with inspector + + + Export flow + Export flow + + + Export + Export + + + Stage Bindings + Stage Bindings + + + These bindings control which users can access this flow. + These bindings control which users can access this flow. + + + Event Log + Event Log + + + Event + Event + + + + Event info + Event info + + + Created + Created + + + Successfully updated transport. + Successfully updated transport. + + + Successfully created transport. + Successfully created transport. + + + Local (notifications will be created within authentik) + Local (notifications will be created within authentik) + + + Webhook (generic) + Webhook (generic) + + + Webhook (Slack/Discord) + Webhook (Slack/Discord) + + + Webhook URL + Webhook URL + + + Webhook Mapping + Webhook Mapping + + + Send once + Send once + + + Only send notification once, for example when sending a webhook into a chat channel. + Only send notification once, for example when sending a webhook into a chat channel. + + + Notification Transports + Notification Transports + + + Define how notifications are sent to users, like Email or Webhook. + Define how notifications are sent to users, like Email or Webhook. + + + Notification transport(s) + Notification transport(s) + + + Update Notification Transport + Update Notification Transport + + + Create Notification Transport + Create Notification Transport + + + Successfully updated rule. + Successfully updated rule. + + + Successfully created rule. + Successfully created rule. + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + + + Transports + Transports + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + + + Severity + Severity + + + Notification Rules + Notification Rules + + + Send notifications whenever a specific Event is created and matched by policies. + Send notifications whenever a specific Event is created and matched by policies. + + + Sent to group + Sent to group + + + Notification rule(s) + Notification rule(s) + + + None (rule disabled) + None (rule disabled) + + + Update Notification Rule + Update Notification Rule + + + Create Notification Rule + Create Notification Rule + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + + + Outpost Deployment Info + Outpost Deployment Info + + + View deployment documentation + View deployment documentation + + + Click to copy token + Click to copy token + + + If your authentik Instance is using a self-signed certificate, set this value. + If your authentik Instance is using a self-signed certificate, set this value. + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + If your authentik_host setting does not match the URL you want to login with, add this setting. + + + Successfully updated outpost. + Successfully updated outpost. + + + Successfully created outpost. + Successfully created outpost. + + + Radius + Radius + + + Integration + Integration + + + Selecting an integration enables the management of the outpost by authentik. + Selecting an integration enables the management of the outpost by authentik. + + + You can only select providers that match the type of the outpost. + You can only select providers that match the type of the outpost. + + + Configuration + Configuration + + + See more here: + See more here: + + + Documentation + Documentation + + + Last seen + Last seen + + + , should be + + , should be + + + + Hostname + Hostname + + + Not available + Not available + + + Last seen: + Last seen: + + + + Unknown type + Unknown type + + + Outposts + Outposts + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + + + Health and Version + Health and Version + + + Warning: authentik Domain is not configured, authentication will not work. + Warning: authentik Domain is not configured, authentication will not work. + + + Logging in via . + Logging in via + . + + + No integration active + No integration active + + + Update Outpost + Update Outpost + + + View Deployment Info + View Deployment Info + + + Detailed health (one instance per column, data is cached so may be out of date) + Detailed health (one instance per column, data is cached so may be out of date) + + + Outpost(s) + Outpost(s) + + + Create Outpost + Create Outpost + + + Successfully updated integration. + Successfully updated integration. + + + Successfully created integration. + Successfully created integration. + + + Local + Local + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + + + Docker URL + Docker URL + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + + + TLS Authentication Certificate/SSH Keypair + TLS Authentication Certificate/SSH Keypair + + + Certificate/Key used for authentication. Can be left empty for no authentication. + Certificate/Key used for authentication. Can be left empty for no authentication. + + + When connecting via SSH, this keypair is used for authentication. + When connecting via SSH, this keypair is used for authentication. + + + Kubeconfig + Kubeconfig + + + Verify Kubernetes API SSL Certificate + Verify Kubernetes API SSL Certificate + + + New outpost integration + New outpost integration + + + Create a new outpost integration. + Create a new outpost integration. + + + State + State + + + Unhealthy + Unhealthy + + + Outpost integration(s) + Outpost integration(s) + + + Successfully generated certificate-key pair. + Successfully generated certificate-key pair. + + + Common Name + Common Name + + + Subject-alt name + Subject-alt name + + + Optional, comma-separated SubjectAlt Names. + Optional, comma-separated SubjectAlt Names. + + + Validity days + Validity days + + + Successfully updated certificate-key pair. + Successfully updated certificate-key pair. + + + Successfully created certificate-key pair. + Successfully created certificate-key pair. + + + PEM-encoded Certificate data. + PEM-encoded Certificate data. + + + Optional Private Key. If this is set, you can use this keypair for encryption. + Optional Private Key. If this is set, you can use this keypair for encryption. + + + Certificate-Key Pairs + Certificate-Key Pairs + + + Import certificates of external providers or create certificates to sign requests with. + Import certificates of external providers or create certificates to sign requests with. + + + Private key available? + Private key available? + + + Certificate-Key Pair(s) + Certificate-Key Pair(s) + + + Managed by authentik + Managed by authentik + + + Managed by authentik (Discovered) + Managed by authentik (Discovered) + + + Yes () + Yes ( + ) + + + No + No + + + Update Certificate-Key Pair + Update Certificate-Key Pair + + + Certificate Fingerprint (SHA1) + Certificate Fingerprint (SHA1) + + + Certificate Fingerprint (SHA256) + Certificate Fingerprint (SHA256) + + + Certificate Subject + Certificate Subject + + + Download Certificate + Download Certificate + + + Download Private key + Download Private key + + + Create Certificate-Key Pair + Create Certificate-Key Pair + + + Generate + Generate + + + Generate Certificate-Key Pair + Generate Certificate-Key Pair + + + Successfully updated instance. + Successfully updated instance. + + + Successfully created instance. + Successfully created instance. + + + Disabled blueprints are never applied. + Disabled blueprints are never applied. + + + Local path + Local path + + + OCI Registry + OCI Registry + + + Internal + Internal + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + + + See more about OCI support here: + See more about OCI support here: + + + Blueprint + Blueprint + + + Configure the blueprint context, used for templating. + Configure the blueprint context, used for templating. + + + Orphaned + Orphaned + + + Blueprints + Blueprints + + + Automate and template configuration within authentik. + Automate and template configuration within authentik. + + + Last applied + Last applied + + + Blueprint(s) + Blueprint(s) + + + Update Blueprint + Update Blueprint + + + Create Blueprint Instance + Create Blueprint Instance + + + API Requests + API Requests + + + Open API Browser + Open API Browser + + + Notifications + Notifications + + + unread + + unread + + + Successfully cleared notifications + Successfully cleared notifications + + + Clear all + Clear all + + + A newer version of the frontend is available. + A newer version of the frontend is available. + + + You're currently impersonating . Click to stop. + You're currently impersonating + . Click to stop. + + + User interface + User interface + + + Dashboards + Dashboards + + + Events + Events + + + Logs + Logs + + + Customisation + Customisation + + + Directory + Directory + + + System + System + + + Certificates + Certificates + + + Outpost Integrations + Outpost Integrations + + + API request failed + API request failed + + + User's avatar + User's avatar + + + Something went wrong! Please try again later. + Something went wrong! Please try again later. + + + Request ID + Request ID + + + You may close this page now. + You may close this page now. + + + You're about to be redirect to the following URL. + You're about to be redirect to the following URL. + + + Follow redirect + Follow redirect + + + Request has been denied. + Request has been denied. + + + Not you? + Not you? + + + Need an account? + Need an account? + + + Sign up. + Sign up. + + + Forgot username or password? + Forgot username or password? + + + Select one of the sources below to login. + Select one of the sources below to login. + + + Or + Or + + + Use a security key + Use a security key + + + Login to continue to . + Login to continue to + . + + + Please enter your password + Please enter your password + + + Forgot password? + Forgot password? + + + Application requires following permissions: + Application requires following permissions: + + + Application already has access to the following permissions: + Application already has access to the following permissions: + + + Application requires following new permissions: + Application requires following new permissions: + + + Check your Inbox for a verification email. + Check your Inbox for a verification email. + + + Send Email again. + Send Email again. + + + Successfully copied TOTP Config. + Successfully copied TOTP Config. + + + Copy + Copy + + + Code + Code + + + Please enter your TOTP Code + Please enter your TOTP Code + + + Duo activation QR code + Duo activation QR code + + + Alternatively, if your current device has Duo installed, click on this link: + Alternatively, if your current device has Duo installed, click on this link: + + + Duo activation + Duo activation + + + Check status + Check status + + + Make sure to keep these tokens in a safe place. + Make sure to keep these tokens in a safe place. + + + Phone number + Phone number + + + Please enter your Phone number. + Please enter your Phone number. + + + Please enter the code you received via SMS + Please enter the code you received via SMS + + + A code has been sent to you via SMS. + A code has been sent to you via SMS. + + + Open your two-factor authenticator app to view your authentication code. + Open your two-factor authenticator app to view your authentication code. + + + Static token + Static token + + + Authentication code + Authentication code + + + Please enter your code + Please enter your code + + + Return to device picker + Return to device picker + + + Sending Duo push notification + Sending Duo push notification + + + Assertions is empty + Assertions is empty + + + Error when creating credential: + Error when creating credential: + + + + Error when validating assertion on server: + Error when validating assertion on server: + + + + Retry authentication + Retry authentication + + + Duo push-notifications + Duo push-notifications + + + Receive a push notification on your device. + Receive a push notification on your device. + + + Authenticator + Authenticator + + + Use a security key to prove your identity. + Use a security key to prove your identity. + + + Traditional authenticator + Traditional authenticator + + + Use a code-based authenticator. + Use a code-based authenticator. + + + Recovery keys + Recovery keys + + + In case you can't access any other method. + In case you can't access any other method. + + + SMS + SMS + + + Tokens sent via SMS. + Tokens sent via SMS. + + + Select an authentication method. + Select an authentication method. + + + Stay signed in? + Stay signed in? + + + Select Yes to reduce the number of times you're asked to sign in. + Select Yes to reduce the number of times you're asked to sign in. + + + Authenticating with Plex... + Authenticating with Plex... + + + Waiting for authentication... + Waiting for authentication... + + + If no Plex popup opens, click the button below. + If no Plex popup opens, click the button below. + + + Open login + Open login + + + Authenticating with Apple... + Authenticating with Apple... + + + Retry + Retry + + + Enter the code shown on your device. + Enter the code shown on your device. + + + Please enter your Code + Please enter your Code + + + You've successfully authenticated your device. + You've successfully authenticated your device. + + + Flow inspector + Flow inspector + + + Next stage + Next stage + + + Stage name + Stage name + + + Stage kind + Stage kind + + + Stage object + Stage object + + + This flow is completed. + This flow is completed. + + + Plan history + Plan history + + + Current plan context + Current plan context + + + Session ID + Session ID + + + Powered by authentik + Powered by authentik + + + Background image + Background image + + + Error creating credential: + Error creating credential: + + + + Server validation of credential failed: + Server validation of credential failed: + + + + Register device + Register device + + + Refer to documentation + + + No Applications available. + No Applications available. + + + Either no applications are defined, or you don’t have access to any. + + + My Applications + My Applications + + + My applications + My applications + + + Change your password + Change your password + + + Change password + Change password + + + + + + + + + Save + Save + + + Delete account + Delete account + + + Successfully updated details + Successfully updated details + + + Open settings + Open settings + + + No settings flow configured. + No settings flow configured. + + + Update details + Update details + + + Successfully disconnected source + Successfully disconnected source + + + Failed to disconnected source: + Failed to disconnected source: + + + + Disconnect + Disconnect + + + Connect + Connect + + + Error: unsupported source settings: + Error: unsupported source settings: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + + + No services available. + No services available. + + + Create App password + Create App password + + + User details + User details + + + Consent + Consent + + + MFA Devices + MFA Devices + + + Connected services + Connected services + + + Tokens and App passwords + Tokens and App passwords + + + Unread notifications + Unread notifications + + + Admin interface + Admin interface + + + Stop impersonation + Stop impersonation + + + Avatar image + Avatar image + + + Failed + Failed + + + Unsynced / N/A + Unsynced / N/A + + + Outdated outposts + Outdated outposts + + + Unhealthy outposts + Unhealthy outposts + + + Next + Next + + + Inactive + Inactive + + + Regular user + Regular user + + + Activate + Activate + + + Use Server URI for SNI verification + + + Required for servers using TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + + + TLS Server name + + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + + + TLS Client authentication certificate + + + Model + + + Match events created by selected model. When left empty, all models are matched. + + + Code-based MFA Support + + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + + + User type + + + Successfully updated license. + + + Successfully created license. + + + Install ID + + + License key + + + Licenses + + + License(s) + + + Enterprise is in preview. + + + Cumulative license expiry + + + Update License + + + Warning: The current user count has exceeded the configured licenses. + + + Click here for more info. + + + Enterprise + + + Manage enterprise licenses + + + No licenses found. + + + Send us feedback! + + + Get a license + + + Go to Customer Portal + + + Forecast internal users + + + Estimated user count one year from now based on current internal users and forecasted internal users. + + + Forecast external users + + + Estimated user count one year from now based on current external users and forecasted external users. + + + Install + + + Install License + + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + + + Service accounts should be used for machine-to-machine authentication or other automations. + + + Less details + + + More details + + + Remove item Open API drawer @@ -11,1702 +5860,74 @@ Open Notification drawer - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - Restart task - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - Add provider - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber - - - The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate - - - TLS Server name - - - UID start number - - - GID start number - - - Successfully updated provider. - - - Successfully created provider. - - - (Format: hours=-1;minutes=-2;seconds=-3). - - - (Format: hours=1;minutes=2;seconds=3). - - - The following keywords are supported: - - - Confidential - - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets - - - Public - - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. - - - Based on the User's hashed ID - - - Based on the User's ID - - - Based on the User's UUID - - - Based on the User's username - - - Based on the User's Email - - - This is recommended over the UPN mode. - - - Based on the User's UPN - - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. - - - Each provider has a different issuer, based on the application slug - - - Same identifier is used for all providers - - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. - - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. - - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - - - Authentication flow - - - Flow used when a user access this provider and is not authenticated. - - - Authorization flow - - - Flow used when authorizing this provider. - - - Client type - - - Client ID - - - Client Secret - - - Redirect URIs/Origins (RegEx) - - - Signing Key - - - Key used to sign the tokens. - - - Advanced protocol settings - - - Access code validity - - - Configure how long access codes are valid for. - - - Access Token validity - - - Configure how long access tokens are valid for. - - - Refresh Token validity - - - Configure how long refresh tokens are valid for. - - - Scopes - - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. - - - Hold control/command to select multiple items. - - - Subject mode - - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - - - Include claims in id_token - - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. - - - Issuer mode - - - Configure how the issuer field of the ID Token should be filled. - - - Machine-to-Machine authentication settings - - - Trusted OIDC Sources - - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. - - - Configure OAuth2/OpenId Provider - - - HTTP-Basic Username Key - - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. - - - HTTP-Basic Password Key - - - User/Group Attribute used for the password part of the HTTP-Basic Header. - - - Configure Proxy Provider - - - Token validity - - - Configure how long tokens are valid for. - - - AdditionalScopes - - - Additional scope mappings, which are passed to the proxy. - - - Unauthenticated URLs - - - Unauthenticated Paths - - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. - - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. - - - Authentication settings - - - Intercept header authentication - - - When enabled, authentik will intercept the Authorization header to authenticate the request. - - - Send HTTP-Basic Authentication - - - Send a custom HTTP-Basic Authentication header based on values from authentik. - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. - - - An example setup can look like this: - - - authentik running on auth.example.com - - - app1 running on app1.example.com - - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. - - - External host - - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. - - - Cookie domain - - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. - - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. - - - The external URL you'll access the application at. Include any non-standard port. - - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. - - - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application - - - Don't show this message again. - - - One hint, 'New Application Wizard', is currently hidden - - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - Open - - Successfully sent test-request. + + Copy token - - Log messages + + Add users - - No log messages. + + Add group - - Active + + Import devices - - Last login + + Execute - - Select users to add + + Show details - - Successfully updated group. + + Apply - - Successfully created group. + + Settings - - Is superuser + + Sign out - - Users added to this group will be superusers. + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - Parent + + Token length - - Roles + + The length of the individual generated tokens. Can be increased to improve security. - - Select roles to grant this groups' users' permissions from the selected roles. + + Internal: - - Attributes + + External: - - Set custom attributes using YAML or JSON. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - Successfully updated binding. + + Create and bind Policy - - Successfully created binding. + + Federation and Social login - - Policy + + Create and bind Stage - - Group mappings can only be checked if a user is already logged in when trying to access this source. + + Flows and Stages - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout + + New version available Failure result @@ -1720,1346 +5941,23 @@ Result used when policy execution fails. - - Successfully updated policy. + + Required: User verification must occur. - - Successfully created policy. + + Preferred: User verification is preferred if available, but not required. - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + Discouraged: User verification should not occur. - - Execution logging + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info + + Discouraged: The authenticator should not create a dedicated credential Lock the user out of this system @@ -3076,29 +5974,144 @@ doesn't pass when either or both of the selected options are equal or above the Create a link for this user to reset their password - - Create Recovery Link + + WebAuthn requires this page to be accessed via HTTPS. - - Actions over the last week (per 8 hours) + + WebAuthn not supported by browser. - - Edit the notes attribute of this user to add notes here. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - Sessions + + Default relay state - - User events + + When using IDP-initiated logins, the relay state will be set to this value. - - Explicit Consent + + Flow Info - - OAuth Refresh Tokens + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - MFA Authenticators +<<<<<<< HEAD + + Internal application name used in URLs. + + + Submit + + + UI Settings + + + Transparent Reverse Proxy + + + For transparent reverse proxies with required authentication + + + Configure SAML provider manually + + + Configure RADIUS provider manually + + + Configure SCIM provider manually + + + Saving Application... + + + Authentik was unable to save this application: + + + Your application has been saved + + + Method's display Name. + + + Use this provider with nginx's auth_request or traefik's + forwardAuth. Each application/domain needs its own provider. + Additionally, on each domain, /outpost.goauthentik.io must be + routed to the outpost (when using a managed outpost, this is done for you). + + + Custom attributes + + + Don't show this message again. + + + Failed to fetch + + + Failed to fetch data. + + + Successfully assigned permission. + + + Role + + + Assign + + + Assign permission to role + + + Assign to new role + + + Directly assigned + + + Assign permission to user + + + Assign to new user + + + User Object Permissions + + + Role Object Permissions + + + Roles + + + Select roles to grant this groups' users' permissions from the selected roles. + + + Update Permissions + + + Editing is disabled for managed tokens + + + Select permissions to grant + + + Permissions to add + + + Select permissions + + + Assign permission + + + Permission(s) + + + Permission + + + User doesn't have view permission so description cannot be retrieved. Assigned permissions @@ -3136,519 +6149,17 @@ doesn't pass when either or both of the selected options are equal or above the Role Info - - Successfully updated invitation. + + Pseudolocale (for testing) - - Successfully created invitation. + + Create With Wizard - - Flow + + One hint, 'New Application Wizard', is currently hidden - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Deny message @@ -3656,80 +6167,128 @@ doesn't pass when either or both of the selected options are equal or above the Message shown when this stage is run. - - Dummy stage used for testing. Shows a simple continue button and always passes. + + Open Wizard - - Throw error? + + Demo Wizard - - SMTP Host + + Run the demo wizard - - SMTP Port + + OAuth2/OIDC (Open Authorization/OpenID Connect) - - SMTP Username + + LDAP (Lightweight Directory Access Protocol) - - SMTP Password + + Forward Auth (Single Application) - - Use TLS + + Forward Auth (Domain Level) - - Use SSL + + SAML (Security Assertion Markup Language) - - From address + + RADIUS (Remote Authentication Dial-In User Service) - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + SCIM (System for Cross-domain Identity Management) - - Activate pending user on success + + The token has been copied to your clipboard - - When a user returns from the email successfully, their account will be activated. + + The token was displayed because authentik does not have permission to write to the clipboard - - Use global settings + + A copy of this recovery link has been placed in your clipboard - - When enabled, global Email connection settings will be used and connection settings below will be ignored. + + Create recovery link - - Token expiry + + Create Recovery Link - - Time in minutes the token sent is valid. + + External - - Template + + Service account - - Let the user identify themselves with their username or Email address. + + Service account (internal) - - User fields + + Check the release notes - - UPN + + User Statistics - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + <No name set> - - Password stage + + For nginx's auth_request or traefik's forwardAuth - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + For nginx's auth_request or traefik's forwardAuth per root domain - - Case insensitive matching + + RBAC is in preview. - - When enabled, user fields are matched regardless of their casing. + + User type used for newly created users. + + + Users created + + + Failed logins + + + Also known as Client ID. + + + Also known as Client Secret. + + + Global status + + + Vendor + + + No sync status. + + + Sync currently running. + + + Connectivity + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + + + Successfully created user and added to group + + + This user will be added to the group "". Pretend user exists @@ -3737,113 +6296,122 @@ doesn't pass when either or both of the selected options are equal or above the When enabled, the stage will always accept the given user identifier and continue. - - Show matched user + + There was an error in the application. - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + Review the application. - - Source settings + + There was an error in the provider. - - Sources + + Review the provider. - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + There was an error - - Show sources' labels + + There was an error creating the application, but no error message was sent. Please review the server logs. - - By default, only icons are shown for sources. Enable this to show their full names. + + Configure LDAP Provider - - Passwordless flow + + Configure OAuth2/OpenId Provider - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + Configure Proxy Provider - - Optional enrollment flow, which is linked at the bottom of the page. + + AdditionalScopes - - Optional recovery flow, which is linked at the bottom of the page. + + Configure Radius Provider - - This stage can be included in enrollment flows to accept invitations. + + Configure SAML Provider - - Continue flow without invitation + + Property mappings used for user mapping. - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + Configure SCIM Provider - - Validate the user's password against the selected backend(s). + + Property mappings used for group creation. - - Backends + + Event volume - - User database + standard password + + Require Outpost (flow can only be executed from an outpost). - - User database + app passwords + + Connection settings. - - User database + LDAP password + + Successfully updated endpoint. - - Selection of backends to test the password against. + + Successfully created endpoint. - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + Protocol - - Failed attempts before cancel + + RDP - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + SSH - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + VNC - - Fields + + Host - - ("", of type ) + + Hostname/IP to connect to. - - Validation Policies + + Endpoint(s) - - Selected policies are executed when the stage is submitted to validate the data. + + Update Endpoint - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - Log the currently pending user in. + + Create Endpoint - - Session duration + + RAC is in preview. - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + Update RAC Provider - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + Endpoints - - See here. + + General settings - - Stay signed in offset + + RDP settings - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Ignore server certificate + + + Enable wallpaper + + + Enable font-smoothing + + + Enable full window dragging Network binding @@ -3878,593 +6446,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +6562,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +6583,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/es.xlf b/web/xliff/es.xlf index c457c535c..0c0e2ba01 100644 --- a/web/xliff/es.xlf +++ b/web/xliff/es.xlf @@ -1,9 +1,5499 @@ - + - - - - Admin + + + + English + Inglés + + + French + francés + + + Turkish + turco + + + Spanish + + + Polish + + + Taiwanese Mandarin + + + Chinese (simplified) + + + Chinese (traditional) + + + German + + + Loading... + Cargando... + + + Application + Aplicación + + + Logins + Inicios de sesión + + + Show less + Mostrar menos + + + Show more + Mostrar más + + + UID + UID + + + Name + Nombre + + + App + App + + + Model Name + Nombre del modelo + + + Message + Mensaje + + + Subject + Asunto + + + From + Desde + + + To + Para + + + Context + Contexto + + + User + Usuario + + + Affected model: + Modelo afectado: + + + Authorized application: + Solicitud autorizada: + + + Using flow + Uso del flujo + + + Email info: + Información de correo electrónico: + + + Secret: + Secreto: + + + Open issue on GitHub... + Problema abierto en GitHub... + + + Exception + Excepción + + + Expression + Expresión + + + Binding + Vinculante + + + Request + Solicitud + + + Object + Objeto + + + Result + Resultado + + + Passing + Paso + + + Messages + Mensajes + + + Using source + Uso de la fuente + + + Attempted to log in as + Se intentó iniciar sesión como + + + + No additional data available. + No hay datos adicionales disponibles. + + + Click to change value + Haga clic para cambiar el valor + + + Select an object. + + + Loading options... + + + Connection error, reconnecting... + Error de conexión, reconexión... + + + Login + Iniciar sesión + + + Failed login + Inicio de sesión incorrecto + + + Logout + Cerrar sesión + + + User was written to + Se escribió al usuario a + + + Suspicious request + Solicitud sospechosa + + + Password set + Conjunto de contraseñas + + + Secret was viewed + Se ha visto el secreto + + + Secret was rotated + Se ha rotado el + + + Invitation used + Invitación utilizada + + + Application authorized + Solicitud autorizada + + + Source linked + Fuente enlazada + + + Impersonation started + Se ha iniciado la suplantación + + + Impersonation ended + Finalizó la suplantación + + + Flow execution + Ejecución de flujo + + + Policy execution + Ejecución de políticas + + + Policy exception + Excepción de política + + + Property Mapping exception + excepción de asignación de propiedades + + + System task execution + Ejecución de tareas del sistema + + + System task exception + Excepción tarea del sistema + + + General system exception + Excepción general del sistema + + + Configuration error + Error de configuración + + + Model created + Modelo creado + + + Model updated + Modelo actualizado + + + Model deleted + Modelo eliminado + + + Email sent + Correo electrónico enviado + + + Update available + Actualización disponible + + + Unknown severity + + + Alert + Alerta + + + Notice + Notificación + + + Warning + Aviso + + + no tabs defined + no se han definido pestañas + + + - of + + - + de + + + + Go to previous page + Ir a la página anterior + + + Go to next page + Ir a la página siguiente + + + Search... + Buscar... + + + Loading + Cargando + + + No objects found. + No se han encontrado objetos. + + + Failed to fetch objects. + + + Refresh + Actualizar + + + Select all rows + Seleccionar todas las filas + + + Action + Acción + + + Creation Date + Fecha de creación + + + Client IP + IP del cliente + + + Recent events + + + On behalf of + En nombre de + + + + - + - + + + No Events found. + No se han encontrado eventos. + + + No matching events could be found. + No se han encontrado eventos coincidentes. + + + Embedded outpost is not configured correctly. + El puesto avanzado integrado no está configurado correctamente. + + + Check outposts. + Revisa los puestos avanzados. + + + HTTPS is not detected correctly + HTTPS no se detecta correctamente + + + Server and client are further than 5 seconds apart. + El servidor y el cliente están separados por más de 5 segundos. + + + OK + DE ACUERDO + + + Everything is ok. + Está todo bien. + + + System status + Estado del sistema + + + Based on + + + is available! + + está disponible. + + + Up-to-date! + ¡Actuales! + + + Version + Versión + + + Workers + Trabajadores + + + No workers connected. Background tasks will not run. + No hay trabajadores conectados. No se ejecutarán tareas en segundo plano. + + + hour(s) ago + + + day(s) ago + + + Authorizations + Autorizaciones + + + Failed Logins + inicios de sesión fallidos + + + Successful Logins + Inicios de sesión exitosos + + + : + + : + + + + Cancel + Cancelar + + + LDAP Source + Fuente LDAP + + + SCIM Provider + + + Healthy + + + Healthy outposts + Puestos avanzados saludables + + + Admin + Admin + + + Not found + No se ha encontrado + + + The URL "" was not found. + No se encontró la URL « + ». + + + Return home + Regresar a casa + + + General system status + Situación general del sistema + + + Welcome, . + Bienvenido, + . + + + Quick actions + Acciones rápidas + + + Create a new application + Crea una nueva aplicación + + + Check the logs + Comprobar los registros + + + Explore integrations + Explore las integraciones + + + Manage users + + + Outpost status + Estado de avanzada + + + Sync status + Estado de sincronización + + + Logins and authorizations over the last week (per 8 hours) + + + Apps with most usage + Aplicaciones con mayor uso + + + days ago + + días atrás + + + Objects created + Objetos creados + + + Users created per day in the last month + Usuarios creados por día en el último mes + + + Logins per day in the last month + Inicios de sesión por día en el último mes + + + Failed Logins per day in the last month + Inicios de sesión fallidos por día en el último mes + + + Clear search + + + System Tasks + Tareas del sistema + + + Long-running operations which authentik executes in the background. + Operaciones de larga ejecución que authentik se ejecuta en segundo plano. + + + Identifier + Identificador + + + Description + Descripción + + + Last run + Última ejecución + + + Status + Estatus + + + Actions + Acciones + + + Successful + Éxito + + + Error + Error + + + Unknown + Desconocido + + + Duration + + + seconds + + + Authentication + autenticación + + + Authorization + Autorización + + + Enrollment + Inscripción + + + Invalidation + Invalidación + + + Recovery + Recuperación + + + Stage Configuration + Configuración de escenario + + + Unenrollment + Anular la inscripción + + + Unknown designation + + + Stacked + + + Content left + + + Content right + + + Sidebar left + + + Sidebar right + + + Unknown layout + + + Successfully updated provider. + El proveedor se actualizó correctamente. + + + Successfully created provider. + El proveedor se creó correctamente. + + + Bind flow + Flujo de enlace + + + Flow used for users to authenticate. + + + Search group + Grupo de búsqueda + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + Los usuarios del grupo seleccionado pueden realizar consultas de búsqueda. Si no se selecciona ningún grupo, no se permiten búsquedas LDAP. + + + Bind mode + + + Cached binding + + + Flow is executed and session is cached in memory. Flow is executed when session expires + + + Direct binding + + + Always execute the configured bind flow to authenticate the user + + + Configure how the outpost authenticates requests. + + + Search mode + Modo de búsqueda + + + Cached querying + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + + + Direct querying + + + Always returns the latest data, but slower than cached querying + + + Configure how the outpost queries the core authentik server's users. + Configure la forma en que el puesto avanzado consulta a los usuarios del servidor auténtico principal. + + + Protocol settings + Configuración del protocolo + + + Base DN + DN base + + + LDAP DN under which bind requests and search requests can be made. + DN de LDAP con el que se pueden realizar solicitudes de enlace y solicitudes de búsqueda. + + + Certificate + Certificado + + + UID start number + Número inicial de UID + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + El comienzo de UIDNumbers, este número se agrega a User.pk para asegurarse de que los números no sean demasiado bajos para los usuarios de POSIX. El valor predeterminado es 2000 para garantizar que no colisionemos con el UIDNumber de los usuarios locales + + + GID start number + Número inicial de GID + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + El comienzo de GIDNumbers, este número se agrega a un número generado por el grupo.pk para asegurarse de que los números no sean demasiado bajos para los grupos POSIX. El valor predeterminado es 4000 para garantizar que no choquemos con los grupos locales o los grupos principales de los usuarios (GIDNumber). + + + (Format: hours=-1;minutes=-2;seconds=-3). + (Formato: horas = -1; minutos = -2; segundos = -3). + + + (Format: hours=1;minutes=2;seconds=3). + (Formato: horas = 1; minutos = 2; segundos = 3). + + + The following keywords are supported: + + + Authentication flow + Flujo de autenticación + + + Flow used when a user access this provider and is not authenticated. + + + Authorization flow + Flujo de autorización + + + Flow used when authorizing this provider. + Flujo utilizado al autorizar a este proveedor. + + + Client type + Tipo de cliente + + + Confidential + Confidencial + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + + Public + Público + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + + Client ID + ID de cliente + + + Client Secret + Secreto del cliente + + + Redirect URIs/Origins (RegEx) + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + URL de redireccionamiento válidas después de un flujo de autorización correcto. Especifique también cualquier origen aquí para los flujos implícitos. + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + Si no se especifican URI de redireccionamiento explícitos, se guardará el primer URI de redireccionamiento utilizado correctamente. + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + + Signing Key + Clave de firma + + + Key used to sign the tokens. + Clave utilizada para firmar los tokens. + + + Advanced protocol settings + Configuración de protocolo avanzada + + + Access code validity + Validez código de acceso + + + Configure how long access codes are valid for. + Configure durante cuánto tiempo son válidos los códigos de acceso. + + + Access Token validity + + + Configure how long access tokens are valid for. + Configure durante cuánto tiempo son válidos los tokens de acceso. + + + Refresh Token validity + + + Configure how long refresh tokens are valid for. + + + Scopes + Ámbitos + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + Seleccione los ámbitos que puede utilizar el cliente. El cliente aún tiene que especificar el alcance para acceder a los datos. + + + Hold control/command to select multiple items. + Mantenga presionado el control/comando para seleccionar varios elementos. + + + Subject mode + Modo asignatura + + + Based on the User's hashed ID + + + Based on the User's ID + + + Based on the User's UUID + + + Based on the User's username + + + Based on the User's Email + + + This is recommended over the UPN mode. + + + Based on the User's UPN + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + Configure qué datos deben usarse como identificador de usuario único. En la mayoría de los casos, el valor predeterminado debería estar bien. + + + Include claims in id_token + Incluir reclamos en id_token + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Incluya las notificaciones de los usuarios de los ámbitos en id_token, para aplicaciones que no acceden al extremo userinfo. + + + Issuer mode + Modo emisor + + + Each provider has a different issuer, based on the application slug + + + Same identifier is used for all providers + Se usa el mismo identificador para todos los proveedores + + + Configure how the issuer field of the ID Token should be filled. + Configure cómo se debe rellenar el campo emisor del token de ID. + + + Machine-to-Machine authentication settings + + + Trusted OIDC Sources + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + + HTTP-Basic Username Key + Clave de nombre de usuario básica HTTP + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + Atributo de usuario/grupo utilizado para la parte de usuario del encabezado HTTP-Basic. Si no se establece, se utiliza la dirección de correo electrónico del usuario. + + + HTTP-Basic Password Key + Clave de contraseña básica HTTP + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + Atributo de usuario/grupo utilizado para la parte de contraseña del encabezado HTTP-Basic. + + + Proxy + Proxy + + + Forward auth (single application) + Autenticación directa (aplicación única) + + + Forward auth (domain level) + Autenticación directa (nivel de dominio) + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + Este proveedor se comportará como un proxy inverso transparente, excepto que las solicitudes deben autenticarse. Si su aplicación ascendente usa HTTPS, asegúrese de conectarse al puesto avanzado también mediante HTTPS. + + + External host + Anfitrión externo + + + The external URL you'll access the application at. Include any non-standard port. + La URL externa en la que accederás a la aplicación. Incluya cualquier puerto no estándar. + + + Internal host + Anfitrión interno + + + Upstream host that the requests are forwarded to. + Host ascendente al que se reenvían las solicitudes. + + + Internal host SSL Validation + Validación SSL de host interno + + + Validate SSL Certificates of upstream servers. + Validar los certificados SSL de los servidores ascendentes. + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + Use este proveedor con auth_request de nginx o ForwardAuth de traefik. Solo se requiere un único proveedor por dominio raíz. No puede realizar la autorización por solicitud, pero no tiene que crear un proveedor para cada solicitud. + + + An example setup can look like this: + Un ejemplo de configuración puede verse así: + + + authentik running on auth.example.com + authentik ejecutándose en auth.example.com + + + app1 running on app1.example.com + app1 que se ejecuta en app1.example.com + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + En este caso, establecería la URL de autenticación en auth.example.com y el dominio Cookie en example.com. + + + Authentication URL + URL de autenticación + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + La URL externa en la que te autenticarás. Se debe poder acceder al servidor principal de authentik en esta URL. + + + Cookie domain + Dominio de cookies + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + Defina esto en el dominio para el que desea que la autenticación sea válida. Debe ser un dominio principal de la URL anterior. Si ejecuta aplicaciones como app1.domain.tld, app2.domain.tld, defina esto en «domain.tld». + + + Unknown proxy mode + + + Token validity + Validez del token + + + Configure how long tokens are valid for. + Configure durante cuánto tiempo son válidos los tokens. + + + Additional scopes + + + Additional scope mappings, which are passed to the proxy. + Asignaciones de ámbitos adicionales, que se pasan al proxy. + + + Unauthenticated URLs + URL no autenticadas + + + Unauthenticated Paths + Rutas no autenticadas + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + Expresiones regulares para las que no se requiere autenticación. Cada línea nueva se interpreta como una expresión nueva. + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + Cuando se usa el modo proxy o de autenticación directa (aplicación única), la ruta de URL solicitada se compara con las expresiones regulares. Cuando se usa la autenticación directa (modo de dominio), la URL solicitada completa, incluidos el esquema y el host, se compara con las expresiones regulares. + + + Authentication settings + + + Intercept header authentication + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + + + Send HTTP-Basic Authentication + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + + + ACS URL + URL + + + Issuer + Emisor + + + Also known as EntityID. + + + Service Provider Binding + Enlace de proveedores de servicios + + + Redirect + Redirigir + + + Post + Publicar + + + Determines how authentik sends the response back to the Service Provider. + Determina cómo authentik devuelve la respuesta al proveedor de servicios. + + + Audience + Audiencia + + + Signing Certificate + Certificado de firma + + + Certificate used to sign outgoing Responses going to the Service Provider. + Certificado utilizado para firmar respuestas salientes que van al proveedor de servicios. + + + Verification Certificate + Certificado de verificación + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + Cuando se selecciona, las firmas de la aserción entrante se validarán con este certificado. Para permitir solicitudes sin firmar, déjelo en el valor predeterminado. + + + Property mappings + Mapeos de propiedades + + + NameID Property Mapping + Asignación de propiedades NameID + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + Configure cómo se creará el valor NameID. Cuando se deja vacío, se respetará la NameIDPolicy de la solicitud entrante. + + + Assertion valid not before + Afirmación válida no antes + + + Configure the maximum allowed time drift for an assertion. + Configure la desviación de tiempo máxima permitida para una afirmación. + + + Assertion valid not on or after + Afirmación válida no el o después + + + Assertion not valid on or after current time + this value. + + + Session valid not on or after + Sesión válida no el día o después + + + Session not valid on or after current time + this value. + + + Digest algorithm + algoritmo de resumen + + + Signature algorithm + algoritmo de firma + + + Successfully imported provider. + El proveedor se importó correctamente. + + + Metadata + Metadatos + + + Apply changes + + + Close + Cerrar + + + Finish + + + Back + + + No form found + No se encontró ningún formulario + + + Form didn't return a promise for submitting + El formulario no devolvió una promesa para enviarla + + + Select type + + + Try the new application wizard + + + The new application wizard greatly simplifies the steps required to create applications and providers. + + + Try it now + + + Create + Crear + + + New provider + + + Create a new provider. + + + Create + Crear + + + + Shared secret + + + Client Networks + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + + + URL + + + SCIM base url, usually ends in /v2. + + + Token + Token + + + Token to authenticate with. Currently only bearer authentication is supported. + + + User filtering + + + Exclude service accounts + + + Group + Grupo + + + Only sync users within the selected group. + + + Attribute mapping + + + User Property Mappings + Asignaciones de propiedades de usuario + + + Property mappings used to user mapping. + + + Group Property Mappings + Asignaciones de propiedades de grupos + + + Property mappings used to group creation. + Asignaciones de propiedades utilizadas para la creación de grupos. + + + Not used by any other object. + No lo usa ningún otro objeto. + + + object will be DELETED + objeto se ELIMINARÁ + + + connection will be deleted + se eliminará la conexión + + + reference will be reset to default value + la referencia se restablecerá al valor predeterminado + + + reference will be set to an empty value + la referencia se establecerá en un valor vacío + + + () + + ( + ) + + + ID + ID + + + Successfully deleted + + + Failed to delete : + No se pudo eliminar + : + + + + Delete + Eliminar + + + + Are you sure you want to delete ? + + + Delete + Borrar + + + Providers + Proveedores + + + Provide support for protocols like SAML and OAuth to assigned applications. + Proporcionar soporte para protocolos como SAML y OAuth a las aplicaciones asignadas. + + + Type + Tipo + + + Provider(s) + Proveedor (s) + + + Assigned to application + Asignado a la aplicación + + + Assigned to application (backchannel) + + + Warning: Provider not assigned to any application. + Advertencia: el proveedor no está asignado a ninguna aplicación. + + + Update + Actualización + + + Update + Actualización + + + + Select providers to add to application + + + Add + Añadir + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Ingrese una URL completa, una ruta relativa o use 'fa: //fa-test' para usar el ícono Font Awesome «fa-test». + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + + + Successfully updated application. + La aplicación se actualizó correctamente. + + + Successfully created application. + La aplicación se creó correctamente. + + + Application's display Name. + Nombre para mostrar de la aplicación. + + + Slug + babosa + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + + + Provider + Proveedor + + + Select a provider that this application should use. + + + Select backchannel providers which augment the functionality of the main provider. + + + Policy engine mode + Modo de motor de políticas + + + Any policy must match to grant access + + + All policies must match to grant access + + + UI settings + Configuración de IU + + + Launch URL + URL de lanzamiento + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + Si se deja vacío, authentik intentará extraer la URL de inicio en función del proveedor seleccionado. + + + Open in new tab + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + + + Icon + Icono + + + Currently set to: + Configurado actualmente en: + + + Clear icon + Ícono Borrar + + + Publisher + Editorial + + + Create Application + Crear aplicación + + + Overview + Resumen + + + Changelog + Registro de cambios + + + Warning: Provider is not used by any Outpost. + Advertencia: ningún puesto avanzado utiliza el proveedor. + + + Assigned to application + Asignado a la aplicación + + + Update LDAP Provider + Actualizar proveedor LDAP + + + Edit + Editar + + + How to connect + Cómo conectarse + + + Connect to the LDAP Server on port 389: + Conéctese al servidor LDAP en el puerto 389: + + + Check the IP of the Kubernetes service, or + Comprueba la IP del servicio de Kubernetes, o + + + The Host IP of the docker host + La IP de host del host de docker + + + Bind DN + Enlazar DN + + + Bind Password + Enlazar contraseña + + + Search base + Base de búsqueda + + + Preview + + + Warning: Provider is not used by an Application. + Advertencia: Una aplicación no utiliza el proveedor. + + + Redirect URIs + Redirigir los URI + + + Update OAuth2 Provider + Actualizar proveedor OAuth2 + + + OpenID Configuration URL + URL de configuración de OpenID + + + OpenID Configuration Issuer + Emisor de configuración de OpenID + + + Authorize URL + Autorizar URL + + + Token URL + URL simbólica + + + Userinfo URL + URL de información de usuario + + + Logout URL + URL de cierre de sesión + + + JWKS URL + + + Example JWT payload (for currently authenticated user) + + + Forward auth (domain-level) + Autenticación directa (nivel de dominio) + + + Nginx (Ingress) + Nginx (entrada) + + + Nginx (Proxy Manager) + Nginx (administrador de proxy) + + + Nginx (standalone) + Nginx (independiente) + + + Traefik (Ingress) + Traefik (entrada) + + + Traefik (Compose) + Traefik (Redactar) + + + Traefik (Standalone) + Traefik (autónomo) + + + Caddy (Standalone) + + + Internal Host + Anfitrión interno + + + External Host + Anfitrión externo + + + Basic-Auth + Autenticación básica + + + Yes + + + + Mode + Moda + + + Update Proxy Provider + Actualizar proveedor de proxy + + + Protocol Settings + Configuración de protocolo + + + Allowed Redirect URIs + URI de redireccionamiento permitidos + + + Setup + Configuración + + + No additional setup is required. + No se requiere ninguna configuración adicional. + + + Update Radius Provider + + + Download + Descargar + + + Copy download URL + Copiar URL de descarga + + + Download signing certificate + Descargar certificado de firma + + + Related objects + Objetos relacionados + + + Update SAML Provider + Actualizar proveedor SAML + + + SAML Configuration + + + EntityID/Issuer + + + SSO URL (Post) + + + SSO URL (Redirect) + + + SSO URL (IdP-initiated Login) + + + SLO URL (Post) + + + SLO URL (Redirect) + + + SAML Metadata + Metadatos SAML + + + Example SAML attributes + + + NameID attribute + + + Warning: Provider is not assigned to an application as backchannel provider. + + + Update SCIM Provider + + + Run sync again + Vuelve a ejecutar la sincronización + + + Modern applications, APIs and Single-page applications. + + + LDAP + LDAP + + + Provide an LDAP interface for applications and users to authenticate against. + + + New application + + + Applications + Aplicaciones + + + Provider Type + Tipo de proveedor + + + Application(s) + Solicitud (s) + + + Application Icon + Icono de aplicación + + + Update Application + Aplicación de actualización + + + Successfully sent test-request. + La solicitud de prueba se envió correctamente. + + + Log messages + + + No log messages. + + + Active + Activo + + + Last login + Último inicio de sesión + + + Select users to add + Seleccione los usuarios que desea añadir + + + Successfully updated group. + El grupo se actualizó correctamente. + + + Successfully created group. + Se ha creado el grupo correctamente. + + + Is superuser + Es superusuario + + + Users added to this group will be superusers. + Los usuarios añadidos a este grupo serán superusuarios. + + + Parent + Padre + + + Attributes + atributos + + + Set custom attributes using YAML or JSON. + Establece atributos personalizados con YAML o JSON. + + + Successfully updated binding. + Se actualizó correctamente el enlace. + + + Successfully created binding. + Se ha creado correctamente el enlace. + + + Policy + Política + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + + + User mappings can only be checked if a user is already logged in when trying to access this source. + + + Enabled + Habilitado + + + Negate result + Negar el resultado + + + Negates the outcome of the binding. Messages are unaffected. + Niega el resultado de la unión. Los mensajes no se ven afectados. + + + Order + Orden + + + Timeout + Tiempo límite + + + Successfully updated policy. + La política se ha actualizado correctamente. + + + Successfully created policy. + La política se creó correctamente. + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + Una política utilizada para las pruebas. Siempre devuelve el mismo resultado que se especifica a continuación después de esperar una duración aleatoria. + + + Execution logging + Registro de ejecución + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + Cuando se habilita esta opción, se registrarán todas las ejecuciones de esta política. De forma predeterminada, solo se registran los errores de ejecución. + + + Policy-specific settings + Configuración específica de políticas + + + Pass policy? + ¿Política de pases? + + + Wait (min) + Espera (min) + + + The policy takes a random time to execute. This controls the minimum time it will take. + La política tarda un tiempo aleatorio en ejecutarse. Esto controla el tiempo mínimo que tardará. + + + Wait (max) + Espera (máx.) + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + Coincide con un evento con un conjunto de criterios. Si alguno de los valores configurados coincide, se aprueba la política. + + + Match created events with this action type. When left empty, all action types will be matched. + Haga coincidir los eventos creados con este tipo de acción. Cuando se deja vacío, todos los tipos de acción coincidirán. + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + Coincide con la IP del cliente del evento (coincidencia estricta, para la coincidencia de red, use una política de expresión + + + Match events created by selected application. When left empty, all applications are matched. + Coincidir con eventos creados por la aplicación seleccionada. Cuando se deja vacío, todas las solicitudes coinciden. + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + Comprueba si la contraseña del usuario de la solicitud se ha cambiado en los últimos x días y la rechaza según la configuración. + + + Maximum age (in days) + Edad máxima (en días) + + + Only fail the policy, don't invalidate user's password + + + Executes the python snippet to determine whether to allow or deny a request. + Ejecuta el fragmento de Python para determinar si se permite o deniega una solicitud. + + + Expression using Python. + Expresión con Python. + + + See documentation for a list of all variables. + Consulte la documentación para obtener una lista de todas las variables. + + + Static rules + + + Minimum length + Longitud mínima + + + Minimum amount of Uppercase Characters + Cantidad mínima de caracteres en mayúscula + + + Minimum amount of Lowercase Characters + Cantidad mínima de caracteres en minúscula + + + Minimum amount of Digits + Cantidad mínima de dígitos + + + Minimum amount of Symbols Characters + Cantidad mínima de caracteres de símbolos + + + Error message + Mensaje de error + + + Symbol charset + Juego de caracteres de símbolo + + + Characters which are considered as symbols. + Personajes que se consideran símbolos. + + + HaveIBeenPwned settings + + + Allowed count + Recuento permitido + + + Allow up to N occurrences in the HIBP database. + Permite hasta N ocurrencias en la base de datos HIBP. + + + zxcvbn settings + + + Score threshold + + + If the password's score is less than or equal this value, the policy will fail. + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + Comprueba el valor de la solicitud de política en relación con varias reglas, que se utilizan principalmente para garantizar la seguridad de la contraseña. + + + Password field + Campo de contraseña + + + Field key to check, field keys defined in Prompt stages are available. + Tecla de campo para comprobar, están disponibles las claves de campo definidas en las etapas de solicitud. + + + Check static rules + + + Check haveibeenpwned.com + + + For more info see: + + + Check zxcvbn + + + Password strength estimator created by Dropbox, see: + + + Allows/denys requests based on the users and/or the IPs reputation. + Permitir/denegar solicitudes en función de los usuarios y/o la reputación de las IP. + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + + + Check IP + Comprobar IP + + + Check Username + Verificar nombre de usuario + + + Threshold + umbral + + + New policy + + + Create a new policy. + + + Create Binding + Crear enlace + + + Superuser + Superusuario + + + Members + Miembros + + + Select groups to add user to + Seleccione los grupos a los que añadir usuarios + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + + + Successfully updated user. + El usuario se actualizó correctamente. + + + Successfully created user. + Se creó correctamente el usuario. + + + Username + Nombre usuario + + + User's primary identifier. 150 characters or fewer. + + + User's display name. + Nombre para mostrar del usuario. + + + Email + Correo + + + Is active + Está activo + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + Designa si este usuario debe tratarse como activo. Deseleccione esto en lugar de eliminar cuentas. + + + Path + + + Policy / User / Group + Política/Usuario/Grupo + + + Policy + Política + + + + Group + Grupo + + + + User + Usuario + + + + Edit Policy + Modificar política + + + Update Group + Grupo de actualización + + + Edit Group + Editar grupo + + + Update User + Actualizar usuario + + + Edit User + Editar usuario + + + Policy binding(s) + Política vinculante (s) + + + Update Binding + Enlace de actualización + + + Edit Binding + Editar enlace + + + No Policies bound. + Sin políticas vinculadas. + + + No policies are currently bound to this object. + Actualmente, no hay políticas vinculadas a este objeto. + + + Bind existing policy + + + Warning: Application is not used by any Outpost. + Advertencia: La aplicación no es utilizada por ningún puesto avanzado. + + + Related + Relacionado + + + Backchannel Providers + + + Check access + Comprobar acceso + + + Check + Comprobar + + + Check Application access + Comprobar acceso a aplicaciones + + + Test + Prueba + + + Launch + Lanzamiento + + + Logins over the last week (per 8 hours) + + + Policy / Group / User Bindings + Vinculaciones de políticas/grupos/usuarios + + + These policies control which users can access this application. + Estas políticas controlan qué usuarios pueden acceder a esta aplicación. + + + Successfully updated source. + La fuente se actualizó correctamente. + + + Successfully created source. + La fuente se creó correctamente. + + + Sync users + Sincronizar usuarios + + + User password writeback + Reescritura de contraseña de usuario + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + La contraseña de inicio de sesión se sincroniza automáticamente desde LDAP en authentik. Habilite esta opción solo para volver a escribir los cambios de contraseña en authentik en LDAP. + + + Sync groups + Sincronizar grupos + + + Connection settings + Configuración de conexión + + + Server URI + URI de servidor + + + Specify multiple server URIs by separating them with a comma. + Especifique los URI de varios servidores separándolos con una coma. + + + Enable StartTLS + Habilitar StartTLS + + + To use SSL instead, use 'ldaps://' and disable this option. + Para usar SSL en su lugar, use 'ldaps: //' y deshabilite esta opción. + + + TLS Verification Certificate + Certificado de verificación de TLS + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + Al conectarse a un servidor LDAP con TLS, los certificados no se comprueban de forma predeterminada. Especifique un par de claves para validar el certificado remoto. + + + Bind CN + Enlazar CN + + + LDAP Attribute mapping + Mapeo de atributos LDAP + + + Property mappings used to user creation. + Asignaciones de propiedades utilizadas para la creación de usuarios. + + + Additional settings + Configuraciones adicionales + + + Parent group for all the groups imported from LDAP. + Grupo principal para todos los grupos importados desde LDAP. + + + User path + + + Addition User DN + DN de usuario adicional + + + Additional user DN, prepended to the Base DN. + DN de usuario adicional, antepuesto al DN base. + + + Addition Group DN + DN de grupo de adición + + + Additional group DN, prepended to the Base DN. + DN de grupo adicional, antepuesto al DN base. + + + User object filter + Filtro de objetos de usuario + + + Consider Objects matching this filter to be Users. + Considere que los objetos que coinciden con este filtro son usuarios. + + + Group object filter + Filtro de objetos de grupo + + + Consider Objects matching this filter to be Groups. + Considere que los objetos que coinciden con este filtro son grupos. + + + Group membership field + Campo pertenencia a grupos + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Campo que contiene los miembros de un grupo. Tenga en cuenta que si se utiliza el campo «MemberUID», se supone que el valor contiene un nombre distintivo relativo. Por ejemplo, 'memberUid=alguno-usuario' en lugar de 'memberUid=CN=alguno-usuario, ou=grupos,... ' + + + Object uniqueness field + Campo de unicidad de objetos + + + Field which contains a unique Identifier. + Campo que contiene un identificador único. + + + Link users on unique identifier + Vincular usuarios en un identificador único + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + Enlace a un usuario con una dirección de correo electrónico idéntica. Puede tener implicaciones de seguridad cuando una fuente no valida las direcciones de correo electrónico + + + Use the user's email address, but deny enrollment when the email address already exists + + + Link to a user with identical username. Can have security implications when a username is used with another source + + + Use the user's username, but deny enrollment when the username already exists + + + Unknown user matching mode + + + URL settings + Configuración de URL + + + Authorization URL + URL de autorización + + + URL the user is redirect to to consent the authorization. + URL a la que se redirige al usuario para dar su consentimiento a la autorización. + + + Access token URL + URL de token de acceso + + + URL used by authentik to retrieve tokens. + URL utilizada por authentik para recuperar tokens. + + + Profile URL + URL del perfil + + + URL used by authentik to get user information. + URL utilizada por authentik para obtener información del usuario. + + + Request token URL + URL de token de solicitud + + + URL used to request the initial token. This URL is only required for OAuth 1. + URL utilizada para solicitar el token inicial. Esta URL solo es necesaria para OAuth 1. + + + OIDC Well-known URL + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + + + OIDC JWKS URL + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + + + OIDC JWKS + + + Raw JWKS data. + + + User matching mode + Modo de coincidencia de usuarios + + + Delete currently set icon. + Eliminar el icono configurado actualmente. + + + Consumer key + Clave de consumidor + + + Consumer secret + Secreto del consumidor + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + + + Flow settings + Configuración de flujo + + + Flow to use when authenticating existing users. + Flujo que se utilizará al autenticar a los usuarios existentes. + + + Enrollment flow + Flujo de inscripción + + + Flow to use when enrolling new users. + Flujo que se utilizará al inscribir nuevos usuarios. + + + Load servers + Servidores de carga + + + Re-authenticate with plex + Vuelva a autenticarse con plex + + + Allow friends to authenticate via Plex, even if you don't share any servers + Permite que tus amigos se autentiquen a través de Plex, incluso si no compartes ningún servidor + + + Allowed servers + Servidores permitidos + + + Select which server a user has to be a member of to be allowed to authenticate. + Seleccione el servidor del que debe pertenecer un usuario para que se le permita autenticarse. + + + SSO URL + URL SSO + + + URL that the initial Login request is sent to. + URL a la que se envía la solicitud de inicio de sesión inicial. + + + SLO URL + URL LENTO + + + Optional URL if the IDP supports Single-Logout. + URL opcional si el IDP admite el cierre de sesión único. + + + Also known as Entity ID. Defaults the Metadata URL. + También se conoce como ID de entidad. Default la URL de metadatos. + + + Binding Type + Tipo de enlace + + + Redirect binding + Enlace de redirección + + + Post-auto binding + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + + + Post binding + Encuadernación + + + Signing keypair + Par de claves de firma + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + Keypair que se usa para firmar solicitudes salientes. Déjelo vacío para deshabilitar la firma. + + + Allow IDP-initiated logins + Permitir inicios de sesión iniciados por el proveedor + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + Permite los flujos de autenticación iniciados por el IdP. Esto puede suponer un riesgo para la seguridad, ya que no se valida el identificador de la solicitud. + + + NameID Policy + Política de NameID + + + Persistent + persistente + + + Email address + Dirección de correo electrónico + + + Windows + Windows + + + X509 Subject + Asunto X509 + + + Transient + transitorio + + + Delete temporary users after + Eliminar usuarios temporales después + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + + + Pre-authentication flow + Flujo de autenticación previa + + + Flow used before authentication. + Flujo utilizado antes de la autenticación. + + + New source + + + Create a new source. + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Fuentes de identidades, que se pueden sincronizar en la base de datos de authentik o que los usuarios pueden utilizar para autenticarse e inscribirse ellos mismos. + + + Source(s) + Fuente (s) + + + Disabled + Discapacitado + + + Built-in + Incorporado + + + Update LDAP Source + Actualizar fuente LDAP + + + Not synced yet. + Aún no se ha sincronizado. + + + Task finished with warnings + Tarea finalizada con advertencias + + + Task finished with errors + La tarea ha finalizado con errores + + + Last sync: + Última sincronización: + + + + OAuth Source + + + Generic OpenID Connect + Conexión OpenID genérica + + + Unknown provider type + + + Details + + + Callback URL + URL de devolución de llamada + + + Access Key + Clave de acceso + + + Update OAuth Source + Actualizar fuente de OAuth + + + Diagram + Diagrama + + + Policy Bindings + Vinculaciones de políticas + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + + + Update Plex Source + Actualizar fuente de Plex + + + Update SAML Source + Actualizar fuente SAML + + + Successfully updated mapping. + Se ha actualizado correctamente la asignación. + + + Successfully created mapping. + La asignación se creó correctamente. + + + Object field + Campo objeto + + + Field of the user object this value is written to. + Campo del objeto de usuario en el que se escribe este valor. + + + SAML Attribute Name + Nombre de atributo SAML + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + Nombre de atributo utilizado para aserciones SAML. Puede ser un OID de URN, una referencia de esquema o cualquier otra cadena. Si esta asignación de propiedades se utiliza para la propiedad NameID, este campo se descarta. + + + Friendly Name + Nombre descriptivo + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + Si lo desea, defina el valor «FriendlyName» del atributo Assertion. + + + Scope name + Nombre del ámbito + + + Scope which the client can specify to access these properties. + Ámbito que el cliente puede especificar para acceder a estas propiedades. + + + Description shown to the user when consenting. If left empty, the user won't be informed. + Descripción que se muestra al usuario al dar su consentimiento. Si se deja vacío, no se informará al usuario. + + + Example context data + + + Active Directory User + + + Active Directory Group + + + New property mapping + + + Create a new property mapping. + + + Property Mappings + Asignaciones de propiedades + + + Control how authentik exposes and interprets information. + Controla cómo authentik expone e interpreta la información. + + + Property Mapping(s) + Mapeo (s) de propiedades + + + Test Property Mapping + Asignación de propiedades de + + + Hide managed mappings + Ocultar asignaciones administradas + + + Successfully updated token. + El token se actualizó correctamente. + + + Successfully created token. + El token se creó correctamente. + + + Unique identifier the token is referenced by. + Identificador único por el que se hace referencia al token. + + + Intent + Intención + + + API Token + + + Used to access the API programmatically + + + App password. + + + Used to login using a flow executor + + + Expiring + A punto de vencer + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + Si se selecciona, el token caducará. Al expirar, el token se rotará. + + + Expires on + Caduca el + + + API Access + Acceso a la API + + + App password + contraseña de la aplicación + + + Verification + Verificación + + + Unknown intent + + + Tokens + Fichas + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Los tokens se utilizan en authentik para las etapas de validación de correo electrónico, las claves de recuperación y el acceso a la + + + Expires? + ¿Caduca? + + + Expiry date + Fecha de caducidad + + + Token(s) + Token (s) + + + Create Token + Crear token + + + Token is managed by authentik. + El token es administrado por authentik. + + + Update Token + Token de actualización + + + Domain + Dominio + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + La coincidencia se realiza en función del sufijo del dominio, por lo que si ingresa domain.tld, foo.domain.tld seguirá coincidiendo. + + + Default + Predeterminado + + + Branding settings + Configuración de marca + + + Title + Título + + + Branding shown in page title and several other places. + La marca se muestra en el título de la página y en otros lugares. + + + Logo + Logotipo + + + Icon shown in sidebar/header and flow executor. + Se muestra el icono en la barra lateral/encabezado y en el ejecutor de flujo. + + + Favicon + Favicon + + + Icon shown in the browser tab. + Icono que se muestra en la pestaña del navegador. + + + Default flows + Flujos predeterminados + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + Flujo utilizado para autenticar a los usuarios. Si se deja vacío, se usa el primer flujo aplicable clasificado por la carga. + + + Invalidation flow + Flujo de invalidación + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + Flujo utilizado para cerrar sesión. Si se deja vacío, se usa el primer flujo aplicable clasificado por la carga. + + + Recovery flow + Flujo de recuperación + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + Flujo de recuperación. Si se deja vacío, se usa el primer flujo aplicable clasificado por la carga. + + + Unenrollment flow + Flujo de cancelación de inscripción + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + Si se establece, los usuarios pueden darse de baja ellos mismos mediante este flujo. Si no se establece ningún flujo, no se muestra la opción. + + + User settings flow + + + If set, users are able to configure details of their profile. + + + Device code flow + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + + + Other global settings + Otros ajustes globales + + + Web Certificate + Certificado web + + + Event retention + Retención de eventos + + + Duration after which events will be deleted from the database. + Duración tras la cual los eventos se eliminarán de la base de datos. + + + When using an external logging solution for archiving, this can be set to "minutes=5". + Cuando se utiliza una solución de registro externa para archivar, se puede establecer en «minutes = 5". + + + This setting only affects new Events, as the expiration is saved per-event. + Esta configuración solo afecta a los eventos nuevos, ya que la caducidad se guarda por evento. + + + Configure visual settings and defaults for different domains. + Configure los ajustes visuales y los valores predeterminados para los diferentes dominios. + + + Default? + ¿Por defecto? + + + Policies + Políticas + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + Permita a los usuarios utilizar aplicaciones en función de las propiedades, aplicar criterios de contraseña y aplicar etapas de forma selectiva. + + + Assigned to object(s). + Se asigna a + objetos. + + + Warning: Policy is not assigned. + Advertencia: la política no está asignada. + + + Test Policy + Política de pruebas + + + Policy / Policies + Políticas/políticas + + + Successfully cleared policy cache + La caché de directivas se borró + + + Failed to delete policy cache + No se pudo eliminar la caché de directivas + + + Clear cache + Limpiar caché + + + Clear Policy cache + Borrar caché de políticas + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + + + Reputation scores + Puntuación de reputación + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + Reputación de identificadores de usuario e IP. Las puntuaciones disminuyen por cada inicio de sesión fallido y aumentan por cada inicio de sesión exitoso. + + + IP + IP + + + Score + Puntuación + + + Updated + Actualizado + + + Reputation + Reputación + + + Groups + Grupos + + + Group users together and give them permissions based on the membership. + Agrupe a los usuarios y otorgue permisos en función de la membresía. + + + Superuser privileges? + ¿Los privilegios de superusuario? + + + Group(s) + Grupo (s) + + + Create Group + Crear grupo + + + Create group + Crear grupo + + + Enabling this toggle will create a group named after the user, with the user as member. + Al habilitar esta opción, se creará un grupo con el nombre del usuario, con el usuario como miembro. + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + Use el nombre de usuario y la contraseña a continuación para autenticarse. La contraseña se puede recuperar más adelante en la página Tokens. + + + Password + Contraseña + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + Válido durante 360 días, después de lo cual la contraseña cambiará automáticamente. Puede copiar la contraseña de la lista de tokens. + + + The following objects use + Los siguientes objetos usan + + + + connecting object will be deleted + se eliminará el objeto de conexión + + + Successfully updated + + + Failed to update : + No se pudo actualizar + : + + + + Are you sure you want to update ""? + ¿Seguro que quieres actualizar + « + »? + + + Successfully updated password. + La contraseña se actualizó correctamente. + + + Successfully sent email. + El correo electrónico se envió correctamente. + + + Email stage + Etapa de correo electrónico + + + Successfully added user(s). + + + Users to add + + + User(s) + Usuario (s) + + + Remove Users(s) + + + Are you sure you want to remove the selected users from the group ? + + + Remove + + + Impersonate + Suplantar + + + User status + Estado del usuario + + + Change status + Cambiar estado + + + Deactivate + Desactivar + + + Update password + Actualizar contraseña + + + Set password + Establecer contraseña + + + Successfully generated recovery link + Enlace de recuperación generado correctamente + + + No recovery flow is configured. + No se configura ningún flujo de recuperación. + + + Copy recovery link + Enlace de recuperación de copia + + + Send link + Enviar enlace + + + Send recovery link to user + Enviar enlace de recuperación al usuario + + + Email recovery link + Enlace de recuperación de correo + + + Recovery link cannot be emailed, user has no email address saved. + El enlace de recuperación no se puede enviar por correo electrónico, el usuario no tiene ninguna dirección de correo electrónico + + + Add User + + + Warning: This group is configured with superuser access. Added users will have superuser access. + + + Add existing user + + + Create user + + + Create User + Crear usuario + + + Create Service account + Crear cuenta de servicio + + + Hide service-accounts + Ocultar cuentas de servicio + + + Group Info + + + Notes + + + Edit the notes attribute of this group to add notes here. + + + Users + Usuarios + + + Root + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + Advertencia: Vas a eliminar el usuario con el que iniciaste sesión ( + ). Proceda bajo su propio riesgo. + + + Hide deactivated user + + + User folders + + + Successfully added user to group(s). + + + Groups to add + + + Remove from Group(s) + + + Are you sure you want to remove user from the following groups? + + + Add Group + + + Add to existing group + + + Add new group + + + Application authorizations + Autorizaciones de solicitudes + + + Revoked? + ¿Revocado? + + + Expires + Caduca + + + ID Token + Token de identificación + + + Refresh Tokens(s) + + + Last IP + Última IP + + + Session(s) + Sesión (s) + + + Expiry + Caducidad + + + (Current session) + + + Permissions + + + Consent(s) + Consentimiento (s) + + + Successfully updated device. + El dispositivo se actualizó correctamente. + + + Static tokens + Fichas estáticas + + + TOTP Device + Dispositivo TOTP + + + Enroll + Enrolar + + + Device(s) + Dispositivo (s) + + + Update Device + Actualizar dispositivo + + + Confirmed + + + User Info + Información del usuario + + + Actions over the last week (per 8 hours) + + + Edit the notes attribute of this user to add notes here. + + + Sessions + Sesiones + + + User events + Eventos del usuario + + + Explicit Consent + Consentimiento explícito + + + OAuth Refresh Tokens + + + MFA Authenticators + + + Successfully updated invitation. + La invitación se actualizó correctamente. + + + Successfully created invitation. + La invitación se creó correctamente. + + + Flow + Flujo + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + Datos opcionales que se cargan en la variable de contexto «prompt_data» del flujo. YAML o JSON. + + + Single use + De un solo uso + + + When enabled, the invitation will be deleted after usage. + Cuando se habilita, la invitación se eliminará después de su uso. + + + Select an enrollment flow + Seleccione un flujo de inscripción + + + Link to use the invitation. + Enlace para usar la invitación. + + + Invitations + Invitaciones + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Cree enlaces de invitación para inscribir usuarios y, opcionalmente, forzar atributos específicos de su cuenta. + + + Created by + Creado por + + + Invitation(s) + Invitación (s) + + + Invitation not limited to any flow, and can be used with any enrollment flow. + + + Update Invitation + + + Create Invitation + Crear invitación + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + Advertencia: ninguna etapa de invitación está vinculada a ningún flujo. Las invitaciones no funcionarán como se esperaba. + + + Auto-detect (based on your browser) + Detección automática (según su navegador) + + + Required. + Necesario. + + + Continue + Continuar + + + Successfully updated prompt. + Se actualizó correctamente el mensaje. + + + Successfully created prompt. + Se ha creado el mensaje correctamente. + + + Text: Simple Text input + Texto: entrada de texto simple + + + Text Area: Multiline text input + + + Text (read-only): Simple Text input, but cannot be edited. + Texto (solo lectura): entrada de texto simple, pero no se puede editar. + + + Text Area (read-only): Multiline text input, but cannot be edited. + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + Nombre de usuario: igual que la entrada de texto, pero comprueba y evita los nombres de usuario duplicados. + + + Email: Text field with Email type. + Correo electrónico: campo de texto con tipo de correo electrónico. + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + + Number + Número + + + Checkbox + Casilla de verificación + + + Radio Button Group (fixed choice) + + + Dropdown (fixed choice) + + + Date + Fecha + + + Date Time + Fecha y hora + + + File + + + Separator: Static Separator Line + Separador: Línea separadora estática + + + Hidden: Hidden field, can be used to insert data into form. + Oculto: campo oculto, se puede utilizar para insertar datos en el formulario. + + + Static: Static value, displayed as-is. + Estático: valor estático, que se muestra tal cual. + + + authentik: Locale: Displays a list of locales authentik supports. + + + Preview errors + + + Data preview + + + Unique name of this field, used for selecting fields in prompt stages. + + + Field Key + Clave de campo + + + Name of the form field, also used to store the value. + Nombre del campo del formulario, que también se utiliza para almacenar el valor. + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + Cuando se usa junto con una etapa User Write, use attribues.foo para escribir atributos. + + + Label + Etiqueta + + + Label shown next to/above the prompt. + La etiqueta se muestra al lado o encima de la solicitud. + + + Required + Requerido + + + Interpret placeholder as expression + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + + + Placeholder + Marcador de posición + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + + + Interpret initial value as expression + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + + + Initial value + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + + + Help text + Texto de ayuda + + + Any HTML can be used. + Se puede usar cualquier código HTML. + + + Prompts + Indicaciones + + + Single Prompts that can be used for Prompt Stages. + Indicaciones únicas que se pueden utilizar para las etapas de selección dinámica. + + + Field + Campo + + + Stages + Etapas + + + Prompt(s) + Mensaje (s) + + + Update Prompt + Mensaje de actualización + + + Create Prompt + Crear solicitud + + + Target + Objetivo + + + Stage + Escenario + + + Evaluate when flow is planned + + + Evaluate policies during the Flow planning process. + + + Evaluate when stage is run + + + Evaluate policies before the Stage is present to the user. + Evalúe las políticas antes de que Stage esté presente para el usuario. + + + Invalid response behavior + + + Returns the error message and a similar challenge to the executor + + + Restarts the flow from the beginning + + + Restarts the flow from the beginning, while keeping the flow context + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + + + Successfully updated stage. + Se ha actualizado correctamente la fase. + + + Successfully created stage. + Se ha creado correctamente la etapa. + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Etapa utilizada para configurar un autenticador basado en dúo. Esta etapa se debe usar para los flujos de configuración. + + + Authenticator type name + + + Display name of this authenticator, used by users when they enroll an authenticator. + + + API Hostname + Nombre de host de API + + + Duo Auth API + + + Integration key + Clave de integración + + + Secret key + Clave secreta + + + Duo Admin API (optional) + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + + + Stage-specific settings + Configuraciones específicas de cada etapa + + + Configuration flow + Flujo de configuración + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + Flujo utilizado por un usuario autenticado para configurar esta etapa. Si está vacío, el usuario no podrá configurar esta etapa. + + + Twilio Account SID + SID de cuenta Twilio + + + Get this value from https://console.twilio.com + Obtenga este valor de https://console.twilio.com + + + Twilio Auth Token + Token de autenticación de Twilio + + + Authentication Type + Tipo de autenticación + + + Basic Auth + Autenticación básica + + + Bearer Token + Token portador + + + External API URL + URL de API externa + + + This is the full endpoint to send POST requests to. + Este es el punto final completo al que enviar solicitudes POST. + + + API Auth Username + Nombre de usuario de autenticación de API + + + This is the username to be used with basic auth or the token when used with bearer token + Este es el nombre de usuario que se utilizará con la autenticación básica o el token cuando se usa con el token del portador + + + API Auth password + Contraseña de autenticación de API + + + This is the password to be used with basic auth + Esta es la contraseña que se utilizará con la autenticación básica + + + Mapping + + + Modify the payload sent to the custom provider. + + + Stage used to configure an SMS-based TOTP authenticator. + Etapa utilizada para configurar un autenticador TOTP basado en SMS. + + + Twilio + Twilio + + + Generic + Genérico + + + From number + Desde el número + + + Number the SMS will be sent from. + Número desde el que se enviará el SMS. + + + Hash phone number + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Etapa utilizada para configurar un autenticador estático (es decir, tokens estáticos). Esta etapa se debe usar para los flujos de configuración. + + + Token count + Recuento de tokens + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Etapa utilizada para configurar un autenticador TOTP (es decir, Authy/Google Authenticator). + + + Digits + dígitos + + + 6 digits, widely compatible + 6 dígitos, ampliamente compatible + + + 8 digits, not compatible with apps like Google Authenticator + 8 dígitos, no compatible con aplicaciones como Google Authenticator + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Etapa utilizada para validar cualquier autenticador. Esta etapa se debe usar durante los flujos de autenticación o autorización. + + + Device classes + Clases de dispositivos + + + Static Tokens + Fichas estáticas + + + TOTP Authenticators + Autenticadores TOTP + + + WebAuthn Authenticators + Autenticadores WebAuthn + + + Duo Authenticators + Autenticadores duo + + + SMS-based Authenticators + Autenticadores basados en SMS + + + Device classes which can be used to authenticate. + Clases de dispositivos que se pueden usar para autenticarse. + + + Last validation threshold + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + + + Not configured action + Acción no configurada + + + Force the user to configure an authenticator + Obligar al usuario a configurar un autenticador + + + Deny the user access + Denegar el acceso al usuario + + + WebAuthn User verification + + + User verification must occur. + Debe producirse la verificación del usuario. + + + User verification is preferred if available, but not required. + Se prefiere la verificación del usuario si está disponible, pero no es obligatoria. + + + User verification should not occur. + No se debe realizar la verificación del usuario. + + + Configuration stages + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + + + When multiple stages are selected, the user can choose which one they want to enroll. + + + User verification + Verificación del usuario + + + Resident key requirement + Requisito clave residente + + + Authenticator Attachment + Adjunto de autenticador + + + No preference is sent + No se envía ninguna preferencia + + + A non-removable authenticator, like TouchID or Windows Hello + Un autenticador no extraíble, como TouchID o Windows Hello + + + A "roaming" authenticator, like a YubiKey + Un autenticador «roaming», como YubiKey + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + + + Public Key + Clave pública + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Clave pública, adquirida en https://www.google.com/recaptcha/intro/v3.html. + + + Private Key + Clave privada + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Clave privada, adquirida en https://www.google.com/recaptcha/intro/v3.html. + + + Advanced settings + Configuraciones avanzadas + + + JS URL + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + + + API URL + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + Solicitar el consentimiento del usuario. El consentimiento puede ser permanente o caducar en un período de tiempo definido. + + + Always require consent + Exigir siempre el consentimiento + + + Consent given last indefinitely + El último consentimiento otorgado indefinidamente + + + Consent expires. + El consentimiento caduca. + + + Consent expires in + El consentimiento vence en + + + Offset after which consent expires. + + + Dummy stage used for testing. Shows a simple continue button and always passes. + Escenario ficticio utilizado para las pruebas. Muestra un botón de continuar simple y siempre pasa. + + + Throw error? + + + SMTP Host + Host SMTP + + + SMTP Port + Puerto SMTP + + + SMTP Username + Nombre de usuario SMTP + + + SMTP Password + Contraseña SMTP + + + Use TLS + Usar TLS + + + Use SSL + Usar SSL + + + From address + Dirección del remitente + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + Verifique la dirección de correo electrónico del usuario enviándole un enlace único. También se puede utilizar para la recuperación para verificar la autenticidad del usuario. + + + Activate pending user on success + Activar usuario pendiente en caso de éxito + + + When a user returns from the email successfully, their account will be activated. + Cuando un usuario regresa del correo electrónico con éxito, su cuenta se activará. + + + Use global settings + Usar la configuración global + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + Cuando se habilita, se utilizará la configuración global de conexión de correo electrónico y se ignorarán las configuraciones de conexión que se indican a continuación + + + Token expiry + Caducidad del token + + + Time in minutes the token sent is valid. + El tiempo en minutos que se envía el token es válido. + + + Template + Plantilla + + + Let the user identify themselves with their username or Email address. + Permite que el usuario se identifique con su nombre de usuario o dirección de correo electrónico. + + + User fields + Campos de usuario + + + UPN + UPN + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + Campos con los que un usuario puede identificarse. Si no se seleccionan campos, el usuario solo podrá usar fuentes. + + + Password stage + Etapa de contraseña + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + Cuando se selecciona, se muestra un campo de contraseña en la misma página en lugar de en una página separada. Esto evita ataques de enumeración de nombres de usuario. + + + Case insensitive matching + Coincidencia insensible a mayúsculas + + + When enabled, user fields are matched regardless of their casing. + Cuando se habilita, los campos de usuario coinciden independientemente de su carcasa. + + + Show matched user + Mostrar usuario coincidente + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + Cuando se haya introducido un nombre de usuario/correo electrónico válido y esta opción esté habilitada, se mostrarán el nombre de usuario y el avatar del usuario. De lo contrario, se mostrará el texto introducido por el usuario. + + + Source settings + + + Sources + Fuentes + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + Se deben mostrar las fuentes seleccionadas para que los usuarios se autentiquen con ellas. Esto solo afecta a las fuentes basadas en web, no a LDAP. + + + Show sources' labels + Mostrar etiquetas de fuentes + + + By default, only icons are shown for sources. Enable this to show their full names. + De forma predeterminada, solo se muestran los iconos de las fuentes. Actívela para mostrar sus nombres completos. + + + Passwordless flow + Flujo sin contraseña + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + Flujo sin contraseña opcional, que se vincula en la parte inferior de la página. Cuando se configura, los usuarios pueden usar este flujo para autenticarse con un autenticador WebAuthn, sin introducir ningún detalle. + + + Optional enrollment flow, which is linked at the bottom of the page. + Flujo de inscripción opcional, que se enlaza en la parte inferior de la página. + + + Optional recovery flow, which is linked at the bottom of the page. + Flujo de recuperación opcional, que se enlaza en la parte inferior de la página. + + + This stage can be included in enrollment flows to accept invitations. + Esta etapa se puede incluir en los flujos de inscripción para aceptar invitaciones. + + + Continue flow without invitation + Continuar el flujo sin invitación + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + Si se establece esta bandera, esta etapa saltará a la siguiente etapa cuando no se dé ninguna invitación. De forma predeterminada, esta etapa cancelará el flujo cuando no se dé ninguna invitación. + + + Validate the user's password against the selected backend(s). + Valide la contraseña del usuario en relación con los backend seleccionados. + + + Backends + Backends + + + User database + standard password + Base de datos de usuarios + contraseña estándar + + + User database + app passwords + Base de datos de usuario+contraseñas + + + User database + LDAP password + Base de datos de usuarios+contraseña + + + Selection of backends to test the password against. + Selección de backends para probar la contraseña. + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + Flujo utilizado por un usuario autenticado para configurar su contraseña. Si está vacío, el usuario no podrá configurar el cambio de contraseña. + + + Failed attempts before cancel + Intentos fallidos antes de cancelar + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + Cuántos intentos tiene un usuario antes de que se cancele el flujo. Para bloquear al usuario, usa una política de reputación y una etapa user_write. + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + Mostrar campos de entrada arbitrarios al usuario, por ejemplo, durante la inscripción. Los datos se guardan en el contexto de flujo en la variable «prompt_data». + + + Fields + Campos + + + ("", of type ) + + (« + », de tipo + ) + + + Validation Policies + Políticas de validación + + + Selected policies are executed when the stage is submitted to validate the data. + Las políticas seleccionadas se ejecutan cuando se envía la etapa para validar los datos. + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + + Log the currently pending user in. + Registra al usuario pendiente en ese momento. + + + Session duration + Duración de la sesión + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + Determina la duración de una sesión. El valor predeterminado de 0 segundos significa que las sesiones duran hasta que se cierra el navegador. + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + + See here. + + + Stay signed in offset + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + + Terminate other sessions + + + When enabled, all previous sessions of the user will be terminated. + + + Remove the user from the current session. + Elimina al usuario de la sesión actual. + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + + + Never create users + + + When no user is present in the flow context, the stage will fail. + + + Create users when required + + + When no user is present in the the flow context, a new user is created. + + + Always create new users + + + Create a new user even if a user is in the flow context. + + + Create users as inactive + Crear usuarios como inactivos + + + Mark newly created users as inactive. + Marque los usuarios recién creados como inactivos. + + + User path template + + + Path new users will be created under. If left blank, the default path will be used. + + + Newly created users are added to this group, if a group is selected. + Los usuarios recién creados se agregan a este grupo, si se selecciona un grupo. + + + New stage + + + Create a new stage. + + + Successfully imported device. + + + The user in authentik this device will be assigned to. + + + Duo User ID + + + The user ID in Duo, can be found in the URL after clicking on a user. + + + Automatic import + + + Successfully imported devices. + + + Start automatic import + + + Or manually import + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + Las etapas son pasos individuales de un flujo por los que se guía al usuario. Una etapa solo se puede ejecutar desde dentro de un flujo. + + + Flows + Flujos + + + Stage(s) + Etapa (s) + + + Import + Importación + + + Import Duo device + + + Successfully updated flow. + Se actualizó correctamente el flujo. + + + Successfully created flow. + El flujo se creó correctamente. + + + Shown as the Title in Flow pages. + Se muestra como título en las páginas de flujo. + + + Visible in the URL. + Visible en la URL. + + + Designation + Designación + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + Decide para qué se utiliza este flujo. Por ejemplo, el flujo de autenticación se redirige a cuando un usuario no autenticado visita authentick. + + + No requirement + + + Require authentication + + + Require no authentication. + + + Require superuser. + + + Required authentication level for this flow. + + + Behavior settings + + + Compatibility mode + Modo de compatibilidad + + + Increases compatibility with password managers and mobile devices. + + + Denied action + + + Will follow the ?next parameter if set, otherwise show a message + + + Will either follow the ?next parameter or redirect to the default interface + + + Will notify the user the flow isn't applicable + + + Decides the response when a policy denies access to this flow for a user. + + + Appearance settings + + + Layout + + + Background + Fondo + + + Background shown during execution. + Se muestra el fondo durante la ejecución. + + + Clear background + + + Delete currently set background image. + Elimina la imagen de fondo configurada actualmente. + + + Successfully imported flow. + El flujo se importó correctamente. + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + .yaml, que se pueden encontrar en goauthentik.io y que authentik puede exportar. + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + Los flujos describen una cadena de etapas para autenticar, inscribir o recuperar un usuario. Las etapas se eligen en función de las políticas que se les aplican. + + + Flow(s) + Flujo (s) + + + Update Flow + Flujo de actualización + + + Create Flow + Crear flujo + + + Import Flow + Flujo de importación + + + Successfully cleared flow cache + Se borró correctamente la memoria caché + + + Failed to delete flow cache + No se pudo eliminar la caché de flujo + + + Clear Flow cache + Borrar caché de flujo + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + + + Stage binding(s) + Encuadernación (s) + + + Stage type + Tipo de escenario + + + Edit Stage + Editar etapa + + + Update Stage binding + Enlace Update Stage + + + These bindings control if this stage will be applied to the flow. + Estos enlaces controlan si esta etapa se aplicará al flujo. + + + No Stages bound + Sin límite de etapas + + + No stages are currently bound to this flow. + Actualmente, no hay etapas vinculadas a este flujo. + + + Create Stage binding + Crear enlace de escenario + + + Bind stage + Etapa Bind + + + Bind existing stage + + + Flow Overview + Descripción general del flujo + + + Related actions + + + Execute flow + Ejecutar flujo + + + Normal + Normal + + + with current user + + + with inspector + con inspector + + + Export flow + Flujo de exportación + + + Export + Exportar + + + Stage Bindings + Fijaciones de escenario + + + These bindings control which users can access this flow. + Estos enlaces controlan qué usuarios pueden acceder a este flujo. + + + Event Log + Registro de eventos + + + Event + Evento + + + + Event info + Información del evento + + + Created + + + Successfully updated transport. + Se ha actualizado correctamente el transporte. + + + Successfully created transport. + Se ha creado el transporte correctamente. + + + Local (notifications will be created within authentik) + + + Webhook (generic) + Webhook (genérico) + + + Webhook (Slack/Discord) + Webhook (Slack/Discord) + + + Webhook URL + URL de webhook + + + Webhook Mapping + Mapeo de webhook + + + Send once + Enviar una vez + + + Only send notification once, for example when sending a webhook into a chat channel. + Envía notificaciones solo una vez, por ejemplo, al enviar un webhook a un canal de chat. + + + Notification Transports + Transportes de notificación + + + Define how notifications are sent to users, like Email or Webhook. + Defina cómo se envían las notificaciones a los usuarios, como el correo electrónico o el webhook. + + + Notification transport(s) + Transporte (s) de notificación + + + Update Notification Transport + Transporte de notificaciones de actualización + + + Create Notification Transport + Crear transporte de notificaciones + + + Successfully updated rule. + La regla se ha actualizado correctamente. + + + Successfully created rule. + La regla se creó correctamente. + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + + + Transports + Transportes + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + Seleccione qué transportes se deben usar para notificar al usuario. Si no se selecciona ninguno, la notificación solo se mostrará en la interfaz de usuario de authentik. + + + Severity + Gravedad + + + Notification Rules + Reglas de notificación + + + Send notifications whenever a specific Event is created and matched by policies. + Envía notificaciones siempre que se cree un evento específico y las políticas coincidan con ellas. + + + Sent to group + Enviado al grupo + + + Notification rule(s) + Regla (s) de notificación + + + None (rule disabled) + Ninguno (regla deshabilitada) + + + Update Notification Rule + Regla de notificación de actualización + + + Create Notification Rule + Crear regla de notificación + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + + + Outpost Deployment Info + Información de implementación de Outpost + + + View deployment documentation + Ver la documentación de implementación + + + Click to copy token + Haga clic para copiar el token + + + If your authentik Instance is using a self-signed certificate, set this value. + Si la instancia de authentik utiliza un certificado autofirmado, defina este valor. + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + Si la configuración de authentik_host no coincide con la URL con la que desea iniciar sesión, añada esta configuración. + + + Successfully updated outpost. + Se actualizó correctamente el puesto avanzado. + + + Successfully created outpost. + Puesto avanzado creado correctamente. + + + Radius + + + Integration + Integración + + + Selecting an integration enables the management of the outpost by authentik. + La selección de una integración permite la gestión del puesto avanzado por authentik. + + + You can only select providers that match the type of the outpost. + Solo puede seleccionar proveedores que coincidan con el tipo de puesto avanzado. + + + Configuration + Configuración + + + See more here: + + + Documentation + + + Last seen + + + , should be + + , debe ser + + + + Hostname + + + Not available + No disponible + + + Last seen: + Visto por última vez: + + + + Unknown type + + + Outposts + Puestos avanzados + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Los puestos avanzados son implementaciones de componentes auténticos para admitir diferentes entornos y protocolos, como proxies inversos. + + + Health and Version + Salud y versión + + + Warning: authentik Domain is not configured, authentication will not work. + Advertencia: el dominio authentik no está configurado, la autenticación no funcionará. + + + Logging in via . + Iniciar sesión a través de + . + + + No integration active + Sin integración activa + + + Update Outpost + Actualización Outpost + + + View Deployment Info + Ver información de implementación + + + Detailed health (one instance per column, data is cached so may be out of date) + + + Outpost(s) + Puesto (s) avanzado (s) + + + Create Outpost + Crear puesto avanzado + + + Successfully updated integration. + La integración se ha actualizado correctamente. + + + Successfully created integration. + La integración se creó correctamente. + + + Local + Local + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + Si está habilitada, use la conexión local. Se requiere la integración de Docker Socket/Kubernetes. + + + Docker URL + URL de Docker + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + Puede tener el formato de 'unix: //' cuando se conecta a un daemon de docker local, usando 'ssh: //' para conectarse a través de SSH, o 'https://:2376' cuando se conecta a un sistema remoto. + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + CA con la que se verifica el certificado del punto final. Se puede dejar vacío para que no se valide. + + + TLS Authentication Certificate/SSH Keypair + Certificado de autenticación TLS/par de claves SSH + + + Certificate/Key used for authentication. Can be left empty for no authentication. + Certificado/clave utilizados para la autenticación. Se puede dejar en blanco si no se realiza ninguna autenticación. + + + When connecting via SSH, this keypair is used for authentication. + Cuando se conecta a través de SSH, este par de claves se usa para la autenticación. + + + Kubeconfig + Configuración de Kube + + + Verify Kubernetes API SSL Certificate + + + New outpost integration + + + Create a new outpost integration. + + + State + Estado + + + Unhealthy + Insalubres + + + Outpost integration(s) + Integración (s) avanzada (s) + + + Successfully generated certificate-key pair. + Se ha generado correctamente el par de claves de certificado. + + + Common Name + Nombre común + + + Subject-alt name + Nombre de asunto ALT + + + Optional, comma-separated SubjectAlt Names. + Nombres Alt de asunto separados por comas opcionales. + + + Validity days + Días de validez + + + Successfully updated certificate-key pair. + Se actualizó correctamente el par de claves de certificado. + + + Successfully created certificate-key pair. + Se creó correctamente el par de claves de certificado. + + + PEM-encoded Certificate data. + Datos del certificado codificados en PEM. + + + Optional Private Key. If this is set, you can use this keypair for encryption. + Clave privada opcional. Si está configurado, puede usar este par de claves para el cifrado. + + + Certificate-Key Pairs + Pares de claves de certificado + + + Import certificates of external providers or create certificates to sign requests with. + Importe certificados de proveedores externos o cree certificados para firmar solicitudes con ellos. + + + Private key available? + ¿Clave privada disponible? + + + Certificate-Key Pair(s) + Par (s) de claves de certificado + + + Managed by authentik + Administrado por authentik + + + Managed by authentik (Discovered) + Administrado por authentik (descubierto) + + + Yes () + Sí ( + ) + + + No + No + + + Update Certificate-Key Pair + Actualizar par de claves de certificado + + + Certificate Fingerprint (SHA1) + Huella digital de certificado (SHA1) + + + Certificate Fingerprint (SHA256) + Huella digital de certificado (SHA256) + + + Certificate Subject + Asunto del certificado + + + Download Certificate + Descargar certificado + + + Download Private key + Descargar clave privada + + + Create Certificate-Key Pair + Crear par de claves de certificado + + + Generate + Generar + + + Generate Certificate-Key Pair + Generar par de claves de certificado + + + Successfully updated instance. + + + Successfully created instance. + + + Disabled blueprints are never applied. + + + Local path + + + OCI Registry + + + Internal + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + + + See more about OCI support here: + + + Blueprint + + + Configure the blueprint context, used for templating. + + + Orphaned + + + Blueprints + + + Automate and template configuration within authentik. + + + Last applied + + + Blueprint(s) + + + Update Blueprint + + + Create Blueprint Instance + + + API Requests + Solicitudes de API + + + Open API Browser + Abrir navegador de API + + + Notifications + Notificaciones + + + unread + + sin leer + + + Successfully cleared notifications + Notificaciones eliminadas correctamente + + + Clear all + Borrar todo + + + A newer version of the frontend is available. + Está disponible una versión más reciente de la interfaz. + + + You're currently impersonating . Click to stop. + Estás suplantando a + . Haga clic para parar. + + + User interface + Interfaz de usuario + + + Dashboards + Paneles + + + Events + Eventos + + + Logs + troncos + + + Customisation + Personalización + + + Directory + Directorio + + + System + Sistema + + + Certificates + Certificados + + + Outpost Integrations + Integraciones de Outpost + + + API request failed + Solicitud de API fallida + + + User's avatar + Avatar del usuario + + + Something went wrong! Please try again later. + ¡Algo salió mal! Inténtelo de nuevo más tarde. + + + Request ID + + + You may close this page now. + + + You're about to be redirect to the following URL. + Estás a punto de ser redirigido a la siguiente URL. + + + Follow redirect + Seguir la redirección + + + Request has been denied. + Se ha denegado la solicitud. + + + Not you? + ¿Tú no? + + + Need an account? + ¿Necesitas una cuenta? + + + Sign up. + Inscríbete. + + + Forgot username or password? + ¿Olvidó su nombre de usuario + + + Select one of the sources below to login. + Seleccione una de las fuentes a continuación para iniciar sesión. + + + Or + + + Use a security key + Use una llave de seguridad + + + Login to continue to . + Inicie sesión para continuar en + . + + + Please enter your password + Por favor, introduzca su contraseña + + + Forgot password? + ¿Has olvidado tu contraseña + + + Application requires following permissions: + La aplicación requiere los siguientes permisos: + + + Application already has access to the following permissions: + + + Application requires following new permissions: + + + Check your Inbox for a verification email. + Busca un correo electrónico de verificación en tu bandeja de entrada. + + + Send Email again. + Vuelve a enviar el correo electrónico. + + + Successfully copied TOTP Config. + Se copió correctamente TOTP Config. + + + Copy + Copia + + + Code + Código + + + Please enter your TOTP Code + Por favor, introduzca su código TOTP + + + Duo activation QR code + + + Alternatively, if your current device has Duo installed, click on this link: + Como alternativa, si su dispositivo actual tiene instalado Duo, haga clic en este enlace: + + + Duo activation + Activación dúo + + + Check status + Comprobar el estado + + + Make sure to keep these tokens in a safe place. + Asegúrese de guardar estas fichas en un lugar seguro. + + + Phone number + Número de teléfono + + + Please enter your Phone number. + Por favor, introduzca su número de teléfono. + + + Please enter the code you received via SMS + + + A code has been sent to you via SMS. + Se le ha enviado un código por SMS. + + + Open your two-factor authenticator app to view your authentication code. + + + Static token + Token estático + + + Authentication code + + + Please enter your code + + + Return to device picker + Regresar al selector de dispositivos + + + Sending Duo push notification + + + Assertions is empty + Las afirmaciones están vacías + + + Error when creating credential: + Error al crear la credencial: + + + + Error when validating assertion on server: + Error al validar la afirmación en el servidor: + + + + Retry authentication + Reintentar la autenticación + + + Duo push-notifications + Notificaciones push dúo + + + Receive a push notification on your device. + Reciba una notificación push en su dispositivo. + + + Authenticator + Autenticador + + + Use a security key to prove your identity. + Use una llave de seguridad para demostrar su identidad. + + + Traditional authenticator + Autenticador tradicional + + + Use a code-based authenticator. + Use un autenticador basado en código. + + + Recovery keys + Teclas de recuperación + + + In case you can't access any other method. + En caso de que no puedas acceder a ningún otro método. + + + SMS + SMS + + + Tokens sent via SMS. + Tokens enviados por SMS. + + + Select an authentication method. + Seleccione un método de autenticación. + + + Stay signed in? + + + Select Yes to reduce the number of times you're asked to sign in. + + + Authenticating with Plex... + Autenticando con Plex... + + + Waiting for authentication... + + + If no Plex popup opens, click the button below. + + + Open login + + + Authenticating with Apple... + Autenticando con Apple... + + + Retry + Intentar de nuevo + + + Enter the code shown on your device. + + + Please enter your Code + Por favor, introduzca su código + + + You've successfully authenticated your device. + + + Flow inspector + inspector de flujo + + + Next stage + Próxima etapa + + + Stage name + Nombre artístico + + + Stage kind + Tipo de escenario + + + Stage object + Objeto escénico + + + This flow is completed. + Este flujo se ha completado. + + + Plan history + Historial del plan + + + Current plan context + Contexto actual del plan + + + Session ID + ID de sesión + + + Powered by authentik + Desarrollado por authentik + + + Background image + Imagen de fondo + + + Error creating credential: + Error creando la credencial: + + + + Server validation of credential failed: + No se pudo validar la credencial en el servidor: + + + + Register device + Registrar dispositivo + + + Refer to documentation + + + No Applications available. + No hay aplicaciones disponibles. + + + Either no applications are defined, or you don’t have access to any. + + + My Applications + Mis aplicaciones + + + My applications + Mis solicitudes + + + Change your password + Cambia tu contraseña + + + Change password + Cambiar contraseña + + + + + + + + + Save + Guardar + + + Delete account + Eliminar cuenta + + + Successfully updated details + + + Open settings + + + No settings flow configured. + + + Update details + Detalles de actualización + + + Successfully disconnected source + + + Failed to disconnected source: + + + Disconnect + Desconectar + + + Connect + Conectar + + + Error: unsupported source settings: + Error: configuración de origen no admitida: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Conecte su cuenta de usuario a los servicios que se enumeran a continuación para permitirle iniciar sesión con el servicio en lugar de las credenciales tradicionales. + + + No services available. + No hay servicios disponibles. + + + Create App password + Crear contraseña de aplicación + + + User details + Detalles del usuario + + + Consent + Consentimiento + + + MFA Devices + Dispositivos de MFA + + + Connected services + Servicios conectados + + + Tokens and App passwords + Tokens y contraseñas de aplicaciones + + + Unread notifications + Notificaciones sin leer + + + Admin interface + Interfaz de administrador + + + Stop impersonation + Detener la suplantación + + + Avatar image + Imagen de avatar + + + Failed + + + Unsynced / N/A + + + Outdated outposts + Puestos avanzados anticuados + + + Unhealthy outposts + Puestos avanzados insalubres + + + Next + + + Inactive + Inactivo + + + Regular user + Usuario habitual + + + Activate + Activar + + + Use Server URI for SNI verification + + + Required for servers using TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + + + TLS Server name + + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + + + TLS Client authentication certificate + + + Model + + + Match events created by selected model. When left empty, all models are matched. + + + Code-based MFA Support + + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + + + User type + + + Successfully updated license. + + + Successfully created license. + + + Install ID + + + License key + + + Licenses + + + License(s) + + + Enterprise is in preview. + + + Cumulative license expiry + + + Update License + + + Warning: The current user count has exceeded the configured licenses. + + + Click here for more info. + + + Enterprise + + + Manage enterprise licenses + + + No licenses found. + + + Send us feedback! + + + Get a license + + + Go to Customer Portal + + + Forecast internal users + + + Estimated user count one year from now based on current internal users and forecasted internal users. + + + Forecast external users + + + Estimated user count one year from now based on current external users and forecasted external users. + + + Install + + + Install License + + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + + + Service accounts should be used for machine-to-machine authentication or other automations. + + + Less details + + + More details + + + Remove item Open API drawer @@ -11,1702 +5501,74 @@ Open Notification drawer - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - Restart task - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - Add provider - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber - - - The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate - - - TLS Server name - - - UID start number - - - GID start number - - - Successfully updated provider. - - - Successfully created provider. - - - (Format: hours=-1;minutes=-2;seconds=-3). - - - (Format: hours=1;minutes=2;seconds=3). - - - The following keywords are supported: - - - Confidential - - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets - - - Public - - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. - - - Based on the User's hashed ID - - - Based on the User's ID - - - Based on the User's UUID - - - Based on the User's username - - - Based on the User's Email - - - This is recommended over the UPN mode. - - - Based on the User's UPN - - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. - - - Each provider has a different issuer, based on the application slug - - - Same identifier is used for all providers - - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. - - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. - - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - - - Authentication flow - - - Flow used when a user access this provider and is not authenticated. - - - Authorization flow - - - Flow used when authorizing this provider. - - - Client type - - - Client ID - - - Client Secret - - - Redirect URIs/Origins (RegEx) - - - Signing Key - - - Key used to sign the tokens. - - - Advanced protocol settings - - - Access code validity - - - Configure how long access codes are valid for. - - - Access Token validity - - - Configure how long access tokens are valid for. - - - Refresh Token validity - - - Configure how long refresh tokens are valid for. - - - Scopes - - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. - - - Hold control/command to select multiple items. - - - Subject mode - - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - - - Include claims in id_token - - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. - - - Issuer mode - - - Configure how the issuer field of the ID Token should be filled. - - - Machine-to-Machine authentication settings - - - Trusted OIDC Sources - - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. - - - Configure OAuth2/OpenId Provider - - - HTTP-Basic Username Key - - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. - - - HTTP-Basic Password Key - - - User/Group Attribute used for the password part of the HTTP-Basic Header. - - - Configure Proxy Provider - - - Token validity - - - Configure how long tokens are valid for. - - - AdditionalScopes - - - Additional scope mappings, which are passed to the proxy. - - - Unauthenticated URLs - - - Unauthenticated Paths - - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. - - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. - - - Authentication settings - - - Intercept header authentication - - - When enabled, authentik will intercept the Authorization header to authenticate the request. - - - Send HTTP-Basic Authentication - - - Send a custom HTTP-Basic Authentication header based on values from authentik. - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. - - - An example setup can look like this: - - - authentik running on auth.example.com - - - app1 running on app1.example.com - - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. - - - External host - - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. - - - Cookie domain - - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. - - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. - - - The external URL you'll access the application at. Include any non-standard port. - - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. - - - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application - - - Don't show this message again. - - - One hint, 'New Application Wizard', is currently hidden - - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - Open - - Successfully sent test-request. + + Copy token - - Log messages + + Add users - - No log messages. + + Add group - - Active + + Import devices - - Last login + + Execute - - Select users to add + + Show details - - Successfully updated group. + + Apply - - Successfully created group. + + Settings - - Is superuser + + Sign out - - Users added to this group will be superusers. + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - Parent + + Token length - - Roles + + The length of the individual generated tokens. Can be increased to improve security. - - Select roles to grant this groups' users' permissions from the selected roles. + + Internal: - - Attributes + + External: - - Set custom attributes using YAML or JSON. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - Successfully updated binding. + + Create and bind Policy - - Successfully created binding. + + Federation and Social login - - Policy + + Create and bind Stage - - Group mappings can only be checked if a user is already logged in when trying to access this source. + + Flows and Stages - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout + + New version available Failure result @@ -1720,1346 +5582,23 @@ Result used when policy execution fails. - - Successfully updated policy. + + Required: User verification must occur. - - Successfully created policy. + + Preferred: User verification is preferred if available, but not required. - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + Discouraged: User verification should not occur. - - Execution logging + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info + + Discouraged: The authenticator should not create a dedicated credential Lock the user out of this system @@ -3076,29 +5615,144 @@ doesn't pass when either or both of the selected options are equal or above the Create a link for this user to reset their password - - Create Recovery Link + + WebAuthn requires this page to be accessed via HTTPS. - - Actions over the last week (per 8 hours) + + WebAuthn not supported by browser. - - Edit the notes attribute of this user to add notes here. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - Sessions + + Default relay state - - User events + + When using IDP-initiated logins, the relay state will be set to this value. - - Explicit Consent + + Flow Info - - OAuth Refresh Tokens + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - MFA Authenticators +<<<<<<< HEAD + + Internal application name used in URLs. + + + Submit + + + UI Settings + + + Transparent Reverse Proxy + + + For transparent reverse proxies with required authentication + + + Configure SAML provider manually + + + Configure RADIUS provider manually + + + Configure SCIM provider manually + + + Saving Application... + + + Authentik was unable to save this application: + + + Your application has been saved + + + Method's display Name. + + + Use this provider with nginx's auth_request or traefik's + forwardAuth. Each application/domain needs its own provider. + Additionally, on each domain, /outpost.goauthentik.io must be + routed to the outpost (when using a managed outpost, this is done for you). + + + Custom attributes + + + Don't show this message again. + + + Failed to fetch + + + Failed to fetch data. + + + Successfully assigned permission. + + + Role + + + Assign + + + Assign permission to role + + + Assign to new role + + + Directly assigned + + + Assign permission to user + + + Assign to new user + + + User Object Permissions + + + Role Object Permissions + + + Roles + + + Select roles to grant this groups' users' permissions from the selected roles. + + + Update Permissions + + + Editing is disabled for managed tokens + + + Select permissions to grant + + + Permissions to add + + + Select permissions + + + Assign permission + + + Permission(s) + + + Permission + + + User doesn't have view permission so description cannot be retrieved. Assigned permissions @@ -3136,519 +5790,17 @@ doesn't pass when either or both of the selected options are equal or above the Role Info - - Successfully updated invitation. + + Pseudolocale (for testing) - - Successfully created invitation. + + Create With Wizard - - Flow + + One hint, 'New Application Wizard', is currently hidden - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Deny message @@ -3656,80 +5808,128 @@ doesn't pass when either or both of the selected options are equal or above the Message shown when this stage is run. - - Dummy stage used for testing. Shows a simple continue button and always passes. + + Open Wizard - - Throw error? + + Demo Wizard - - SMTP Host + + Run the demo wizard - - SMTP Port + + OAuth2/OIDC (Open Authorization/OpenID Connect) - - SMTP Username + + LDAP (Lightweight Directory Access Protocol) - - SMTP Password + + Forward Auth (Single Application) - - Use TLS + + Forward Auth (Domain Level) - - Use SSL + + SAML (Security Assertion Markup Language) - - From address + + RADIUS (Remote Authentication Dial-In User Service) - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + SCIM (System for Cross-domain Identity Management) - - Activate pending user on success + + The token has been copied to your clipboard - - When a user returns from the email successfully, their account will be activated. + + The token was displayed because authentik does not have permission to write to the clipboard - - Use global settings + + A copy of this recovery link has been placed in your clipboard - - When enabled, global Email connection settings will be used and connection settings below will be ignored. + + Create recovery link - - Token expiry + + Create Recovery Link - - Time in minutes the token sent is valid. + + External - - Template + + Service account - - Let the user identify themselves with their username or Email address. + + Service account (internal) - - User fields + + Check the release notes - - UPN + + User Statistics - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + <No name set> - - Password stage + + For nginx's auth_request or traefik's forwardAuth - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + For nginx's auth_request or traefik's forwardAuth per root domain - - Case insensitive matching + + RBAC is in preview. - - When enabled, user fields are matched regardless of their casing. + + User type used for newly created users. + + + Users created + + + Failed logins + + + Also known as Client ID. + + + Also known as Client Secret. + + + Global status + + + Vendor + + + No sync status. + + + Sync currently running. + + + Connectivity + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + + + Successfully created user and added to group + + + This user will be added to the group "". Pretend user exists @@ -3737,113 +5937,122 @@ doesn't pass when either or both of the selected options are equal or above the When enabled, the stage will always accept the given user identifier and continue. - - Show matched user + + There was an error in the application. - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + Review the application. - - Source settings + + There was an error in the provider. - - Sources + + Review the provider. - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + There was an error - - Show sources' labels + + There was an error creating the application, but no error message was sent. Please review the server logs. - - By default, only icons are shown for sources. Enable this to show their full names. + + Configure LDAP Provider - - Passwordless flow + + Configure OAuth2/OpenId Provider - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + Configure Proxy Provider - - Optional enrollment flow, which is linked at the bottom of the page. + + AdditionalScopes - - Optional recovery flow, which is linked at the bottom of the page. + + Configure Radius Provider - - This stage can be included in enrollment flows to accept invitations. + + Configure SAML Provider - - Continue flow without invitation + + Property mappings used for user mapping. - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + Configure SCIM Provider - - Validate the user's password against the selected backend(s). + + Property mappings used for group creation. - - Backends + + Event volume - - User database + standard password + + Require Outpost (flow can only be executed from an outpost). - - User database + app passwords + + Connection settings. - - User database + LDAP password + + Successfully updated endpoint. - - Selection of backends to test the password against. + + Successfully created endpoint. - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + Protocol - - Failed attempts before cancel + + RDP - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + SSH - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + VNC - - Fields + + Host - - ("", of type ) + + Hostname/IP to connect to. - - Validation Policies + + Endpoint(s) - - Selected policies are executed when the stage is submitted to validate the data. + + Update Endpoint - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - Log the currently pending user in. + + Create Endpoint - - Session duration + + RAC is in preview. - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + Update RAC Provider - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + Endpoints - - See here. + + General settings - - Stay signed in offset + + RDP settings - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Ignore server certificate + + + Enable wallpaper + + + Enable font-smoothing + + + Enable full window dragging Network binding @@ -3878,593 +6087,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +6203,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +6224,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/fr.xlf b/web/xliff/fr.xlf index fec56a943..3ca62e1a1 100644 --- a/web/xliff/fr.xlf +++ b/web/xliff/fr.xlf @@ -1,2519 +1,8150 @@ - - - - - - Admin - - - Open API drawer - - - Open Notification drawer - - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - - - Restart task - - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - - - Add provider - - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + + + + + English + Anglais + + + + French + Français + + + + Turkish + Turque + + + + Spanish + Espagnol + + + + Polish + Polonais + + + + Taiwanese Mandarin + Mandarin taïwanais + + + + Chinese (simplified) + Chinois (simplifié) + + + + Chinese (traditional) + Chinois (traditionnel) + + + + German + Allemand + + + + Loading... + Chargement en cours... + + + + Application + Application + + + + Logins + Connexions + + + + Show less + Montrer moins + + + + Show more + Montrer plus + + + + UID + UID + + + + Name + Nom + + + + App + App + + + + Model Name + Nom du modèle + + + + Message + Message + + + + Subject + Sujet + + + + From + De + + + + To + À + + + + Context + Contexte + + + + User + Utilisateur + + + + Affected model: + Modèle affecté : + + + + Authorized application: + Application autorisée : + + + + Using flow + Utilisation du flux + + + + Email info: + Information courriel : + + + + Secret: + Secret : + + + + Open issue on GitHub... + Ouvrir un ticket sur GitHub... + + + + Exception + Exception + + + + Expression + Expression + + + + Binding + Liaison + + + + Request + Requête + + + + Object + Objet + + + + Result + Résultat + + + + Passing + Réussite + + + + Messages + Messages + + + + Using source + Utilisation de la source + + + + Attempted to log in as + Tentative de connexion en tant que + + + + + No additional data available. + Aucune donnée additionnelle disponible. + + + + Click to change value + Cliquer pour changer la valeur + + + + Select an object. + Sélectionnez un objet. + + + + Loading options... + Chargement des options... + + + + Connection error, reconnecting... + Erreur de connexion, nouvelle tentative... + + + + Login + Connexion + + + + Failed login + Échec de la connexion + + + + Logout + Déconnexion + + + + User was written to + L'utilisateur a été écrit vers + + + + Suspicious request + Requête suspecte + + + + Password set + Mot de passe défini + + + + Secret was viewed + Le secret a été vu + + + + Secret was rotated + Rotation du secret effectuée + + + + Invitation used + Invitation utilisée + + + + Application authorized + Application autorisé + + + + Source linked + Source liée + + + + Impersonation started + Début de l'appropriation utilisateur + + + + Impersonation ended + Fin de l'appropriation utilisateur + + + + Flow execution + Exécution du flux + + + + Policy execution + Exécution de politique + + + + Policy exception + Exception de politique + + + + Property Mapping exception + Erreur de mappage de propriété + + + + System task execution + Exécution de tâche système + + + + System task exception + Erreur de tâche système + + + + General system exception + Exception générale du systèm + + + + Configuration error + Erreur de configuration + + + + Model created + Modèle créé + + + + Model updated + Modèle mis à jour + + + + Model deleted + Modèle supprimé + + + + Email sent + Courriel envoyé + + + + Update available + Mise à jour disponibl + + + + Unknown severity + Sévérité inconnue + + + + Alert + Alerte + + + + Notice + Note + + + + Warning + Avertissement + + + + no tabs defined + aucun onglet défini + + + + - of + + - + sur + + + + + Go to previous page + Aller à la page précédente + + + + Go to next page + Aller à la page suivante + + + + Search... + Rechercher... + + + + Loading + Chargement en cours + + + + No objects found. + Aucun objet trouvé. + + + + Failed to fetch objects. + Impossible de récupérer les objets. + + + + Refresh + Rafraîchir + + + + Select all rows + Sélectionner toutes les lignes + + + + Action + Action + + + + Creation Date + Date de création + + + + Client IP + Adresse IP client + + + + Recent events + Événements récents + + + + On behalf of + Au nom de + + + + + - + - + + + + No Events found. + Aucun événement trouvé. + + + + No matching events could be found. + Aucun événement correspondant n'a été trouvé. + + + + Embedded outpost is not configured correctly. + L'avant poste intégré n'est pas configuré correctement + + + + Check outposts. + Vérifier les avant-postes. + + + + HTTPS is not detected correctly + HTTP n'est pas détecté correctement + + + + Server and client are further than 5 seconds apart. + Le serveur et le client sont distants de plus de 5 secondes + + + + OK + OK + + + + Everything is ok. + Tout va bien. + + + + System status + Statut du système + + + + Based on + Basé sur + + + + + is available! + + est disponible ! + + + + Up-to-date! + À jour ! + + + + Version + Version + + + + Workers + Workers + + + + No workers connected. Background tasks will not run. + Aucun worker connecté. Les tâches de fond ne tourneront pas. + + + + hour(s) ago + +Il y a heure(s) + + + + day(s) ago + +Il y a jour(s) + + + + Authorizations + Autorisations + + + + Failed Logins + Connexions échouées + + + + Successful Logins + Connexions réussies + + + + : + + : + + + + + Cancel + Annuler + + + + LDAP Source + Source LDAP + + + + SCIM Provider + Fournisseur SCIM + + + + Healthy + Sain + + + + Healthy outposts + Avant-postes sains + + + + Admin + Administrateur + + + + Not found + Pas trouvé + + + + The URL "" was not found. + L'URL " + " n'a pas été trouvée. + + + + Return home + Retourner à l’accueil + + + + General system status + État général du système + + + + Welcome, . + Bienvenue, + . + + + + Quick actions + Actions rapides + + + + Create a new application + Créer une nouvelle application + + + + Check the logs + Vérifiez les journaux + + + + Explore integrations + Explorer les intégrations + + + + Manage users + Gérer les utilisateurs + + + + Outpost status + Statut de l'avant-poste + + + + Sync status + Synchroniser les statuts + + + + Logins and authorizations over the last week (per 8 hours) + Connexions et autorisations au cours de la dernière semaine (par 8 heures) + + + + Apps with most usage + Apps les plus utilisées + + + + days ago + + il y a jours + + + + Objects created + Objets créés + + + + Users created per day in the last month + Utilisateurs créés par jour durant le mois dernier + + + + Logins per day in the last month + Connections par jour le mois dernier + + + + Failed Logins per day in the last month + Connexions échouées par jour au cours du dernier mois + + + + Clear search + Vider la recherche + + + + System Tasks + Tâches du système + + + + Long-running operations which authentik executes in the background. + Opérations de longue durée qu'authentik exécute en arrière-plan. + + + + Identifier + Identifiant + + + + Description + Description + + + + Last run + Dernière exécution + + + + Status + Statut + + + + Actions + Actions + + + + Successful + Réussite + + + + Error + Erreur + + + + Unknown + Inconnu + + + + Duration + Durée + + + + seconds + + secondes + + + + Authentication + Authentification + + + + Authorization + Authorisation + + + + Enrollment + Inscription + + + + Invalidation + Invalidation + + + + Recovery + Récupération + + + + Stage Configuration + Configuration de l'étape + + + + Unenrollment + Désinscription + + + + Unknown designation + Désignation inconnue + + + + Stacked + Empilé + + + + Content left + Contenu gauche + + + + Content right + Contenu droit + + + + Sidebar left + Sidebar gauche + + + + Sidebar right + Sidebar droite + + + + Unknown layout + Disposition inconnue + + + + Successfully updated provider. + Fournisseur mis à jour avec succès + + + + Successfully created provider. + Fournisseur créé avec succès + + + + Bind flow + Lier un flux + + + + Flow used for users to authenticate. + Flux utilisé pour que les utilisateurs s'authentifient + + + + Search group + Rechercher un groupe + + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + Les utilisateurs de ce groupe peuvent effectuer des recherches. Si aucun groupe n'est sélectionné, aucune recherche LDAP n'est autorisée. + + + + Bind mode + Lier un mode + + + + Cached binding + Liaison en cache + + + + Flow is executed and session is cached in memory. Flow is executed when session expires + Le flux est exécuté et la session est mise en cache en mémoire. Le flux est exécuté lorsque la session expire + + + + Direct binding + Liaison directe + + + + Always execute the configured bind flow to authenticate the user + Toujours exécuter la liaison de flux configurée pour authentifier l'utilisateur + + + + Configure how the outpost authenticates requests. + Configure comment les avant-postes authentifient les requêtes. + + + + Search mode + Mode de Recherche + + + + Cached querying + Requête en cache + + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + L'avant-poste conserve tous les utilisateurs et groupes en mémoire et se rafraîchira toutes les 5 minutes. + + + + Direct querying + Requête directe + + + + Always returns the latest data, but slower than cached querying + Fournit toujours les données les plus récentes, mais plus lent que les recherches en cache. + + + + Configure how the outpost queries the core authentik server's users. + Configure comment les avant-postes requêtent les utilisateurs du serveur cœur d’authentik. + + + + Protocol settings + Paramètres du protocole + + + + Base DN + DN racine + + + + LDAP DN under which bind requests and search requests can be made. + DN LDAP avec lequel les connexions et recherches sont effectuées. + + + + Certificate + Certificat + + + + UID start number + Numéro de départ d'UID + + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + Ce nombre est ajouté au nombre généré à partir de user.Pk pour s'assurer que ceux-ci ne sont pas trop bas pour les utilisateurs POSIX. La valeur par défaut est 2000 pour éviter des collisions avec les uidNumber des utilisateurs locaux. + + + + GID start number + Numéro de départ du GID + + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + Ce nombre est ajouté au nombre généré à partir de group.Pk pour s'assurer que ceux-ci ne sont pas trop bas pour les groupes POSIX. La valeur par défaut est 4000 pour éviter des collisions avec les groupes locaux ou les groupes primaires. + + + + (Format: hours=-1;minutes=-2;seconds=-3). + (Format : hours=-1;minutes=-2;seconds=-3). + + + + (Format: hours=1;minutes=2;seconds=3). + (Format : hours=1;minutes=2;seconds=3). + + + + The following keywords are supported: + Les mots clés suivants sont supportés : + + + + Authentication flow + Flux d'authentification + + + + Flow used when a user access this provider and is not authenticated. + Flux utilisé lorsqu'un utilisateur accède à ce fournisseur et n'est pas authentifié. + + + + Authorization flow + Flux d'autorisation + + + + Flow used when authorizing this provider. + Flux utilisé lors de l'autorisation de ce fournisseur. + + + + Client type + Type du client + + + + Confidential + Confidentiel + + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + Les clients confidentiels sont capables de préserver la confidentialité de leurs données d'identification, telles que les secrets du client. + + + + Public + Public + + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + Les clients publics sont incapables de maintenir la confidentialité et devraient utiliser des méthodes comme le PKCE. + + + + Client ID + ID client + + + + Client Secret + Secret du client + + + + Redirect URIs/Origins (RegEx) + URI/Origines de redirection (RegEx) + + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + URLs de redirection autorisées après un flux d'autorisation réussi. Indiquez également toute origine ici pour les flux implicites. + + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + Si aucune URI de redirection explicite n'est spécifiée, la première URI de redirection utilisée avec succès sera enregistrée. + + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + Pour permettre n'importe quelle URI de redirection, définissez cette valeur sur ".*". Soyez conscient des possibles implications de sécurité que cela peut avoir. + + + + Signing Key + Clé de signature + + + + Key used to sign the tokens. + Clé utilisée pour signer les jetons. + + + + Advanced protocol settings + Paramètres avancés du protocole + + + + Access code validity + Validité du code d'accès + + + + Configure how long access codes are valid for. + Configure la durée de validité des codes d'accès. + + + + Access Token validity + Validité du jeton d'accès + + + + Configure how long access tokens are valid for. + Configure la durée de validité des jetons d'accès. + + + + Refresh Token validity + Validité du jeton de rafraîchissement + + + + Configure how long refresh tokens are valid for. + Configurer la durée de validité des jetons de rafraîchissement. + + + + Scopes + Portées + + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + Sélectionnez les portées utilisables par le client. Le client doit toujours spécifier la portée pour accéder aux données. + + + + Hold control/command to select multiple items. + Garder ctrl/command enfoncé pour sélectionner de multiples éléments + + + + Subject mode + Mode subject + + + + Based on the User's hashed ID + Basé sur l'identifiant haché de l'utilisateur + + + + Based on the User's ID + Basé sur l'identifiant de l'utilisateur + + + + Based on the User's UUID + Basé sur l'UUID de l'utilisateur + + + + Based on the User's username + Basé sur le nom d'utilisateur + + + + Based on the User's Email + Basé sur l'adresse courriel de l'utilisateur + + + + This is recommended over the UPN mode. + Ceci est recommandé par rapport au mode UPN. + + + + Based on the User's UPN + Basé sur l'UPN de l'utilisateur. + + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + Cela exige que l'utilisateur possède un attribut 'UPN' défini, sinon en dernier recours il utilise l'ID haché de l'utilisateur. Utilisez ce mode seulement si vous avez un domaine courriel différent de l'UPN. + + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + Configure quelle donnée utiliser pour l'identifiant unique utilisateur. La valeur par défaut devrait être correcte dans la plupart des cas. + + + + Include claims in id_token + Include les demandes utilisateurs dans id_token + + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Inclure depuis la portée les demandes utilisateurs dans id_token, pour les applications qui n'accèdent pas au point de terminaison userinfo. + + + + Issuer mode + Mode de l'émetteur + + + + Each provider has a different issuer, based on the application slug + Chaque fournisseur a un émetteur différent, basé sur le slug de l'application. + + + + Same identifier is used for all providers + Le même identifiant est utilisé pour tous les fournisseurs + + + + Configure how the issuer field of the ID Token should be filled. + Configure comment le champ émetteur du jeton ID sera rempli. + + + + Machine-to-Machine authentication settings + Paramètres d'authentification machine à machine + + + + Trusted OIDC Sources + Sources OIDC de confiance + + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + Les JWT signés par des certificats configurés par les sources sélectionnées peuvent être utilisés pour s'authentifier auprès de ce fournisseur. + + + + HTTP-Basic Username Key + Clé de l'utilisateur HTTP-Basic + + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + Attribut d'utilisateur/groupe utilisé pour le champ utilisateur de l'en-tête HTTP-Basic. S'il n'est pas défini, le courriel de l'utilisateur est utilisée. + + + + HTTP-Basic Password Key + Clé du mot de passe HTTP-Basic + + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + Attribut d'utilisateur/groupe utilisé pour la champ mot de passe de l'en-tête HTTP-Basic. + + + + Proxy + Proxy + + + + Forward auth (single application) + Transférer l'authentification (application unique) + + + + Forward auth (domain level) + Transférer l'authentification (niveau domaine) + + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + Ce fournisseur se comporte comme un reverse-proxy transparent, sauf que les demandes doivent être authentifiées. Si votre application en amont utilise HTTPS, assurez-vous de vous connecter à l'avant-poste en utilisant également HTTPS. + + + + External host + Hôte externe + + + + The external URL you'll access the application at. Include any non-standard port. + L'URL externe par laquelle vous accéderez à l'application. Incluez un port non-standard si besoin. + + + + Internal host + Hôte interne + + + + Upstream host that the requests are forwarded to. + Hôte amont où transférer les requêtes. + + + + Internal host SSL Validation + Validation SSL de l'hôte interne + + + + Validate SSL Certificates of upstream servers. + Valider les certificats SSL des serveurs amonts. + + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + Utilisez ce fournisseur avec auth_request de nginx ou forwardAuth de traefik. Un seul fournisseur est nécessaire par domaine racine. Vous ne pouvez pas faire d'autorisation par application, mais vous n'avez pas besoin de créer un fournisseur pour chaque application. + + + + An example setup can look like this: + Un exemple de configuration peut ressembler à ceci : + + + + authentik running on auth.example.com + authentik en cours d'exécution sur auth.example.com + + + + app1 running on app1.example.com + app1 en cours d'exécution sur app1.example.com + + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + Dans ce cas, vous devez définir l'URL d'authentification sur auth.example.com et le domaine des cookies sur example.com. + + + + Authentication URL + URL d'authentification + + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + L'URL externe à laquelle vous allez vous authentifier. Le serveur authentik core devrait être accessible à cette URL. + + + + Cookie domain + Domaine des cookies + + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + Définissez ceci sur le domaine pour lequel vous souhaitez que l'authentification soit valide. Il doit être un domaine parent de l'URL ci-dessus. Si vous exécutez des applications sous app1.domain.tld, app2.domain.tld, définissez ceci sur 'domain.tld'. + + + + Unknown proxy mode + Mode proxy inconnu + + + + Token validity + Validité du jeton + + + + Configure how long tokens are valid for. + Configure la durée de validité des jetons d'accès. + + + + Additional scopes + Portées additionnelles + + + + Additional scope mappings, which are passed to the proxy. + Mappages de portée additionnelle, qui sont passés au proxy. + + + + Unauthenticated URLs + URLs non-authentifiés + + + + Unauthenticated Paths + Chemins non-authentifiés + + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + Expressions régulières pour lesquelles l'authentification n'est pas requise. Chaque ligne est interprétée comme une nouvelle expression. + + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + Lors de l'utilisation du mode proxy ou de l'authentification directe (application unique), le chemin d'accès à l'URL demandée est vérifié par rapport aux expressions régulières. Lors de l'utilisation de l'authentification directe (mode domaine), l'URL complète et le schéma est demandée et l'hôte est comparée aux expressions régulières. + + + + Authentication settings + Paramètres d'authentification + + + + Intercept header authentication + Intercepter l'en-tête d'authentification + + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + Lorsque cette option est activée, authentik intercepte l'en-tête Authorization pour authentifier la demande. + + + + Send HTTP-Basic Authentication + Envoyer l'authentification HTTP-Basic + + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + Envoyer un en-tête d'authentification HTTP-Basic personnalisé basé sur les valeurs de authentik. + + + + ACS URL + ACS URL + + + + Issuer + Émetteur + + + + Also known as EntityID. + Également appelé EntityID. + + + + Service Provider Binding + Liaison du fournisseur de services + + + + Redirect + Redirection + + + + Post + Appliquer + + + + Determines how authentik sends the response back to the Service Provider. + Détermine comment authentik renvoie la réponse au fournisseur de services. + + + + Audience + Audience + + + + Signing Certificate + Certificat de signature + + + + Certificate used to sign outgoing Responses going to the Service Provider. + Certificat utilisé pour signer les réponses sortantes vers le Service Provider. + + + + Verification Certificate + Certificat de validation + + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + Si activée, les signatures des assertions entrantes seront validées par rapport à ce certificat. Pour autoriser les requêtes non signées, laissez la valeur par défaut. + + + + Property mappings + Mappages de propriété + + + + NameID Property Mapping + Mappage de la propriété NameID + + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + Configure la façon dont NameID sera créé. Si vide, la politique NameIDPolicy de la requête entrante sera appliquée. + + + + Assertion valid not before + Assertion non valide avant + + + + Configure the maximum allowed time drift for an assertion. + Configurer la durée maximale autorisée pour une assertion. + + + + Assertion valid not on or after + Assertion non valide le ou après + + + + Assertion not valid on or after current time + this value. + Assertion non valide à partir de l'heure actuelle + cette valeur. + + + + Session valid not on or after + Session non valide à partir de + + + + Session not valid on or after current time + this value. + Session non valide à partir de l'heure actuelle + cette valeur. + + + + Digest algorithm + Algorithme d'empreinte + + + + Signature algorithm + Algorithme de signature + + + + Successfully imported provider. + Fournisseur importé avec succès + + + + Metadata + Métadonnées + + + + Apply changes + Appliquer les changements + + + + Close + Fermer + + + + Finish + Terminer + + + + Back + Retour + + + + No form found + Aucun formulaire trouvé + + + + Form didn't return a promise for submitting + Le formulaire n'a pas retourné de promesse de soumission + + + + Select type + Sélectionnez le type + + + + Try the new application wizard + Essayez le nouvel l'assistant d'application + + + + The new application wizard greatly simplifies the steps required to create applications and providers. + Le nouvel assistant d'application simplifie grandement les étapes nécessaires à la création d'applications et de fournisseurs. + + + + Try it now + Essayer maintenant + + + + Create + Créer + + + + New provider + Nouveau fournisseur + + + + Create a new provider. + Créer un nouveau fournisseur. + + + + Create + Créer + + + + + Shared secret + Secret partagé + + + + Client Networks + Réseaux du client + + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + Liste des CIDRs (séparés par des virgules) à partir desquels les clients peuvent se connecter. Un CIDR plus spécifique sera pris en compte avant un CIDR plus général. Les clients se connectant à partir d'un CIDR non spécifié seront refusés. + + + URL + URL + + + + SCIM base url, usually ends in /v2. + URL de base SCIM, se termine généralement par /v2. + + + + Token + Jeton + + + + Token to authenticate with. Currently only bearer authentication is supported. + Jeton d'authentification à utiliser. Actuellement, seule l'authentification "bearer authentication" est prise en charge. + + + + User filtering + Filtrage utilisateurs + + + + Exclude service accounts + Exclure les comptes de service + + + + Group + Group + + + + Only sync users within the selected group. + Synchroniser uniquement les utilisateurs appartenant au groupe sélectionné. + + + + Attribute mapping + Mappage des attributs + + + + User Property Mappings + Mappage des propriétés utilisateur + + + + Property mappings used to user mapping. + Mappages de propriété utilisés pour la correspondance des utilisateurs. + + + + Group Property Mappings + Mappage des propriétés de groupe + + + + Property mappings used to group creation. + Mappages de propriétés utilisés lors de la création des groupe + + + + Not used by any other object. + Pas utilisé par un autre objet. + + + + object will be DELETED + l'objet sera SUPPRIMÉ + + + + connection will be deleted + la connexion sera supprimée + + + + reference will be reset to default value + la référence sera réinitialisée à sa valeur par défaut + + + + reference will be set to an empty value + la référence sera réinitialisée à une valeur vide + + + + () + + ( + ) + + + + ID + ID + + + + Successfully deleted + Réussite de la suppression + + + Failed to delete : + Échec de la suppression + : + + + + + Delete + Supprimer + + + + + Are you sure you want to delete ? + Êtes-vous sûr de vouloir supprimer ? + + + Delete + Supprimer + + + + Providers + Fournisseurs + + + + Provide support for protocols like SAML and OAuth to assigned applications. + Assure la prise en charge de protocoles tels que SAML et OAuth aux applications attribuées. + + + + Type + Type + + + + Provider(s) + Fournisseur(s) + + + + Assigned to application + Assigné à l'application + + + + Assigned to application (backchannel) + Assigné à l'application (backchannel). + + + + Warning: Provider not assigned to any application. + Avertissement : le fournisseur n'est assigné à aucune application. + + + + Update + Mettre à jour + + + + Update + Mettre à jour + + + + + Select providers to add to application + Sélectionnez les fournisseurs à ajouter à l'application. + + + + Add + Ajouter + + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Entrez une URL complète, un chemin relatif ou utilisez 'fa://fa-test' pour utiliser l'icône Font Awesome "fa-test". + + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + Modèle de chemin pour les utilisateurs créés. Utilisez des espaces réservés comme `%(slug)s` pour insérer le slug de la source. + + + + Successfully updated application. + Application mise à jour avec succès + + + + Successfully created application. + Application créée avec succès + + + + Application's display Name. + Nom d'affichage de l'application + + + + Slug + Slug + + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + Optionnellement, entrez un nom de groupe. Les applications avec les mêmes groupes seront affichées ensemble. + + + + Provider + Fournisseur + + + + Select a provider that this application should use. + Sélectionnez un fournisseur que cette application doit utiliser. + + + + Select backchannel providers which augment the functionality of the main provider. + Sélectionner des fournisseurs backchannel qui augmentent la fonctionnalité du fournisseur principal. + + + + Policy engine mode + Mode d'application des politiques + + + + Any policy must match to grant access + N'importe quelle politique doit correspondre pour accorder l'accès + + + + All policies must match to grant access + Toutes les politiques doivent correspondre pour accorder l'accès + + + + UI settings + Paramètres d'UI + + + + Launch URL + URL de lancement + + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + Si laissé vide, authentik essaiera d'extraire l'URL de lancement en se basant sur le fournisseur sélectionné. + + + + Open in new tab + Ouvrir dans un nouvel onglet + + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + Si cette case est cochée, l'URL de lancement s'ouvrira dans un nouvel onglet ou une nouvelle fenêtre du navigateur à partir de la bibliothèque d'applications de l'utilisateur. + + + + Icon + Icône + + + + Currently set to: + Actuellement fixé à : + + + + Clear icon + Supprimer l'icône + + + + Publisher + Éditeur + + + + Create Application + Créer une application + + + + Overview + Vue d'ensemble + + + + Changelog + Journal des modification + + + + Warning: Provider is not used by any Outpost. + Attention : ce fournisseur n’est utilisé par aucun avant-poste. + + + + Assigned to application + Assigné à l'application + + + + Update LDAP Provider + Mettre à jour le fournisseur LDAP + + + + Edit + Éditer + + + + How to connect + Comment se connecter + + + + Connect to the LDAP Server on port 389: + Se connecter au serveur LDAP sur le port 389 : + + + + Check the IP of the Kubernetes service, or + Vérifier l'IP du service Kubernetes, ou + + + + The Host IP of the docker host + L'IP de l'hôte de docker + + + + Bind DN + Bind DN + + + + Bind Password + Mot de passe + + + + Search base + Base de recherche + + + + Preview + Prévisualisation + + + + Warning: Provider is not used by an Application. + Avertissement : Le fournisseur n'est pas utilisé par une application. + + + + Redirect URIs + URIs de redirection + + + + Update OAuth2 Provider + Mettre à jour le fournisseur OAuth2 + + + + OpenID Configuration URL + URL de configuration OpenID + + + + OpenID Configuration Issuer + Émetteur de la configuration OpenID + + + + Authorize URL + URL d'authorisation + + + + Token URL + URL du jeton + + + + Userinfo URL + URL Userinfo + + + + Logout URL + URL de déconnexion + + + + JWKS URL + URL JWKS + + + + Example JWT payload (for currently authenticated user) + Exemple de charge utile JWT (pour l'utilisateur actuellement authentifié) + + + + Forward auth (domain-level) + Transférer l'authentification (niveau domaine) + + + + Nginx (Ingress) + Nginx (Ingress) + + + + Nginx (Proxy Manager) + Nginx (Proxy Manager) + + + + Nginx (standalone) + Nginx (standalone) + + + + Traefik (Ingress) + Traefik (Ingress) + + + + Traefik (Compose) + Traefik (Compose) + + + + Traefik (Standalone) + Traefik (Standalone) + + + + Caddy (Standalone) + Caddy (Standalone) + + + + Internal Host + Hôte interne + + + + External Host + Hôte externe + + + + Basic-Auth + Basic-Auth + + + + Yes + Oui + + + + Mode + Mode + + + + Update Proxy Provider + Mettre à jour le fournisseur de Proxy + + + + Protocol Settings + Paramètres du protocole + + + + Allowed Redirect URIs + URIs de redirection autorisés + + + + Setup + Configuration + + + + No additional setup is required. + Aucune configuration supplémentaire n'est nécessaire. + + + + Update Radius Provider + Mettre à jour le fournisseur Radius + + + + Download + Télécharger + + + + Copy download URL + Copier l'URL de téléchargement + + + + Download signing certificate + Télécharger le certificat de signature + + + + Related objects + Objets apparentés + + + + Update SAML Provider + Mettre à jour le fournisseur SAML + + + + SAML Configuration + Configuration SAML + + + + EntityID/Issuer + EntitéID/Émetteur + + + + SSO URL (Post) + URL SSO (Post) + + + + SSO URL (Redirect) + URL SSO (Redirect) + + + + SSO URL (IdP-initiated Login) + URL SSO (IdP-initiated Login) + + + + SLO URL (Post) + URL SLO (Post) + + + + SLO URL (Redirect) + URL SLO (Redirect) + + + + SAML Metadata + Métadonnée SAML + + + + Example SAML attributes + Exemple d'attributs SAML + + + + NameID attribute + Attribut NameID + + + + Warning: Provider is not assigned to an application as backchannel provider. + Avertissement : Le fournisseur n'est pas assigné à une application en tant que fournisseur backchannel. + + + + Update SCIM Provider + Mettre à jour le fournisseur SCIM + + + + Run sync again + Relancer la synchro + + + + Modern applications, APIs and Single-page applications. + Applications modernes, API et applications à page unique. + + + + LDAP + LDAP + + + + Provide an LDAP interface for applications and users to authenticate against. + Fournir une interface LDAP permettant aux applications et aux utilisateurs de s'authentifier. + + + + New application + Nouvelle application + + + + Applications + Applications + + + + Provider Type + Type de fournisseur + + + + Application(s) + Application(s) + + + + Application Icon + Icône d'application + + + + Update Application + Mettre à jour l'application + + + + Successfully sent test-request. + Requête-test envoyée avec succès + + + + Log messages + Messages de Journal + + + + No log messages. + Aucun message de journal. + + + + Active + Actif + + + + Last login + Dernière connexion + + + + Select users to add + Sélectionnez les utilisateurs à ajouter + + + + Successfully updated group. + Groupe mis à jour avec succès + + + + Successfully created group. + Groupe créé avec succès + + + + Is superuser + Est superutilisateur + + + + Users added to this group will be superusers. + Les utilisateurs ajoutés à ce groupe seront des super-utilisateurs. + + + + Parent + Parent + + + + Attributes + Attributs + + + + Set custom attributes using YAML or JSON. + Définissez des attributs personnalisés via YAML ou JSON. + + + + Successfully updated binding. + Liaison mise à jour avec succès + + + + Successfully created binding. + Liaison créée avec succès + + + + Policy + Politique + + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + Les mappages de groupes ne peuvent être vérifiés que si un utilisateur est déjà connecté lorsqu'il essaie d'accéder à cette source. + + + + User mappings can only be checked if a user is already logged in when trying to access this source. + Les mappages d'utilisateurs ne peuvent être vérifiés que si un utilisateur est déjà connecté lorsqu'il essaie d'accéder à cette source. + + + + Enabled + Activé + + + + Negate result + Inverser le résultat + + + + Negates the outcome of the binding. Messages are unaffected. + Inverse le résultat de la liaison. Les messages ne sont pas affectés. + + + + Order + Tri + + + + Timeout + Timeout + + + + Successfully updated policy. + Politique mise à jour avec succès + + + + Successfully created policy. + Politique créée avec succès + + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + Une politique utilisée pour les tests. Retourne toujours la même valeur telle qu'indiquée ci-dessous après une attente aléatoire. + + + + Execution logging + Journalisation de l'exécution + + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + Si activée, toutes les exécutions de cette politique seront enregistrées. Par défaut, seules les erreurs d'exécution sont consignées. + + + + Policy-specific settings + Paramètres spécifiques à la politique + + + + Pass policy? + Réussir la politique ? + + + + Wait (min) + Attente (min) + + + + The policy takes a random time to execute. This controls the minimum time it will take. + La politique prend un certain temps à s'exécuter. Ceci contrôle la durée minimale. + + + + Wait (max) + Attente (max) + + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + Fait correspondre un évènement à un certain nombre de critères. Si une des valeur configurée correspond, la politique réussit. + + + + Match created events with this action type. When left empty, all action types will be matched. + Inclure les événements créés avec ce type d'action. S'il est laissé vide, tous les types d'action seront inclus. + + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + Inclure l'adresse IP du client de l'évènement (correspondante stricte, pour un correspondance sur le réseau utiliser une politique d'expression) + + + + Match events created by selected application. When left empty, all applications are matched. + Inclure les évènements créés par cette application. S'il est laissé vide, toutes les applications seront incluses. + + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + Vérifie si le mot de passe de l'usager a été changé dans les X derniers jours et refuse l'accès en fonction du paramétrage. + + + + Maximum age (in days) + Âge maximum (en jours) + + + + Only fail the policy, don't invalidate user's password + Seulement faire échouer la politique, ne pas invalider le mot de passe de l'utilisateur. + + + + Executes the python snippet to determine whether to allow or deny a request. + Exécute le fragment de code python pour décider d'autoriser ou non la demande. + + + + Expression using Python. + Expression en python + + + + See documentation for a list of all variables. + Consultez la documentation pour la liste de toutes les variables. + + + + Static rules + Règles Statiques + + + + Minimum length + Longueur minimale + + + + Minimum amount of Uppercase Characters + Nombre minimum de caractères majuscules + + + + Minimum amount of Lowercase Characters + Nombre minimum de caractères minuscules + + + + Minimum amount of Digits + Nombre minimum de chiffres + + + + Minimum amount of Symbols Characters + Nombre minimum de symboles + + + + Error message + Message d'erreur + + + + Symbol charset + Set de symboles + + + + Characters which are considered as symbols. + Caractères considérés comme des symboles. + + + + HaveIBeenPwned settings + Paramètres de HaveIBeenPwned + + + + Allowed count + Total autorisé + + + + Allow up to N occurrences in the HIBP database. + Autoriser jusqu'à N occurrences dans la base de données HIBP + + + + zxcvbn settings + Paramètres de zxcvbn + + + + Score threshold + Seuil du score + + + + If the password's score is less than or equal this value, the policy will fail. + Si le score du mot de passe est inférieur ou égal à cette valeur, la politique échoue. + + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + Vérifie la valeur de la requête via plusieurs règles, principalement utilisé pour s'assurer de la robustesse des mots de passe. + + + + Password field + Champ mot de passe + + + + Field key to check, field keys defined in Prompt stages are available. + Clé de champ à vérifier ; les clés de champ définies dans les étapes de d'invite sont disponibles. + + + + Check static rules + Vérifier les règles statiques + + + + Check haveibeenpwned.com + Vérifier haveibeenpwned.com + + + + For more info see: + Pour plus d'informations, voir : + + + + Check zxcvbn + Vérifier zxcvbn + + + + Password strength estimator created by Dropbox, see: + Estimateur de force de mot de passe créé par Dropbox, voir : + + + + Allows/denys requests based on the users and/or the IPs reputation. + Autorise/bloque les requêtes selon la réputation de l'utilisateur et/ou de l'adresse IP + + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + Les tentatives de connexion invalides diminuent d'une unité le score de l'IP du client et du nom d'utilisateur sous lequel il tente de se connecter. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + La politique est acceptée lorsque le score de réputation est inférieur au seuil, et n'est pas acceptée lorsque les deux options sélectionnées sont égales ou supérieures au seuil. + + + Check IP + Vérifier l'adresse IP + + + + Check Username + Vérifier le nom d'utilisateur + + + + Threshold + Seuil + + + + New policy + Nouvelle politique + + + + Create a new policy. + Créer une nouvelle politique. + + + + Create Binding + Créer une liaison + + + + Superuser + Super-utilisateur + + + + Members + Membres + + + + Select groups to add user to + Sélectionnez les groupes à ajouter à l'utilisateur + + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + Attention : L'ajout de l'utilisateur au(x) groupe(s) sélectionné(s) lui confère des droits de superutilisateur. + + + + Successfully updated user. + Utilisateur mis à jour avec succès + + + + Successfully created user. + Utilisateur créé avec succès + + + + Username + Nom d'utilisateur + + + + User's primary identifier. 150 characters or fewer. + Identifiant principal de l'utilisateur. 150 caractères ou moins. + + + + User's display name. + Nom d'affichage de l'utilisateur + + + + Email + Courriel + + + + Is active + Est actif + + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + Indique si cet utilisateur doit être traité comme actif. Désélectionnez cette option au lieu de supprimer les comptes. + + + + Path + Chemin + + + + Policy / User / Group + Politique / Utilisateur / Groupe + + + + Policy + Politique + + + + + Group + Groupe + + + + + User + Utilisateur + + + + + Edit Policy + Éditer la politique + + + + Update Group + Mettre à jour le groupe + + + + Edit Group + Éditer le groupe + + + + Update User + Mettre à jour l'utilisateur + + + + Edit User + Éditer l'utilisateur + + + + Policy binding(s) + Liaison(s) de politique + + + + Update Binding + Mettre à jour la liaison + + + + Edit Binding + Éditer la liaison + + + + No Policies bound. + Aucune politique liée. + + + + No policies are currently bound to this object. + Aucune politique n'est actuellement lié à cet objet. + + + + Bind existing policy + Lier une politique existante + + + + Warning: Application is not used by any Outpost. + Attention : cette application n’est utilisée par aucun avant-poste. + + + + Related + Lié + + + + Backchannel Providers + Fournisseurs backchannel + + + + Check access + Vérifier l'accès + + + + Check + Vérifier + + + + Check Application access + Vérifier l'accès de l'application + + + + Test + Test + + + + Launch + Lancer + + + + Logins over the last week (per 8 hours) + Connexions au cours de la semaine écoulée (par tranche de 8 heures) + + + + Policy / Group / User Bindings + Politique / Groupe / Liaisons utilisateur + + + + These policies control which users can access this application. + Ces politiques contrôlent les autorisations d'accès des utilisateurs à cette application. + + + + Successfully updated source. + Source mise à jour avec succès + + + + Successfully created source. + Source créée avec succès + + + + Sync users + Synchroniser les utilisateurs + + + + User password writeback + Réécriture du mot de passe utilisateur + + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + Le mot de passe de connexion est synchronisé depuis LDAP vers authentik automatiquement. Activez cette option seulement pour enregistrer les changements de mots de passe dans authentik jusqu'au LDAP. + + + + Sync groups + Synchroniser les groupes + + + + Connection settings + Paramètres de connexion + + + + Server URI + URI du serveur + + + + Specify multiple server URIs by separating them with a comma. + Spécifiez plusieurs URIs de serveurs en les séparant par une virgule. + + + + Enable StartTLS + Activer StartTLS + + + + To use SSL instead, use 'ldaps://' and disable this option. + Pour utiliser SSL à la base, utilisez "ldaps://" et désactviez cette option. + + + + TLS Verification Certificate + Certificat de vérification TLS + + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + Lors de la connexion avec un serveur LDAP avec TLS, les certificats ne sont pas vérifiés par défaut. Spécifiez une paire de clés pour vérifier le certificat distant. + + + + Bind CN + Bind DN + + + + LDAP Attribute mapping + Mappage des attributs LDAP + + + + Property mappings used to user creation. + Mappages de propriété utilisés lors de la création d'utilisateurs + + + + Additional settings + Paramètres additionnels + + + + Parent group for all the groups imported from LDAP. + Groupe parent pour tous les groupes LDAP + + + + User path + Chemin utilisateur + + + + Addition User DN + Préfixe DN utilisateurs + + + + Additional user DN, prepended to the Base DN. + DN à préfixer au DN de base pour les utilisateurs + + + + Addition Group DN + Préfixe DN groupes + + + + Additional group DN, prepended to the Base DN. + DN à préfixer au DN de base pour les groupes + + + + User object filter + Filtre des objets utilisateur + + + + Consider Objects matching this filter to be Users. + Les objets appliqués à ce filtre seront des utilisateurs. + + + + Group object filter + Filtre d'objets de groupe + + + + Consider Objects matching this filter to be Groups. + Les objets appliqués à ce filtre seront des groupes. + + + + Group membership field + Champ d'appartenance au groupe + + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Champ qui contient les membres d'un groupe. Si vous utilisez le champ "memberUid", la valeur est censée contenir un nom distinctif relatif, par exemple 'memberUid=un-utilisateur' au lieu de 'memberUid=cn=un-utilisateur,ou=groups,...' + + + + Object uniqueness field + Champ d'unicité de l'objet + + + + Field which contains a unique Identifier. + Champ qui contient un identifiant unique. + + + + Link users on unique identifier + Lier les utilisateurs sur base d'un identifiant unique + + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + Lier à un utilisateur avec la même adresse courriel. Peut avoir des implications de sécurité lorsqu'une source ne valide pas les adresses courriel. + + + + Use the user's email address, but deny enrollment when the email address already exists + Utiliser l'adresse courriel de l'utilisateur, mais refuser l'inscription si l'adresse courriel existe déjà. + + + + Link to a user with identical username. Can have security implications when a username is used with another source + Lien vers un utilisateur ayant un nom d'utilisateur identique. Cela peut avoir des implications en termes de sécurité lorsqu'un nom d'utilisateur est utilisé avec une autre source. + + + + Use the user's username, but deny enrollment when the username already exists + Utiliser le nom d'utilisateur de l'utilisateur, mais refuser l'inscription si le nom d'utilisateur existe déjà. + + + + Unknown user matching mode + Mode de correspondance d'utilisateur inconnu + + + + URL settings + Paramètres d'URL + + + + Authorization URL + URL d'autorisation + + + + URL the user is redirect to to consent the authorization. + URL vers laquelle l'utilisateur est redirigé pour consentir l'autorisation. + + + + Access token URL + URL du jeton d'accès + + + + URL used by authentik to retrieve tokens. + URL utilisée par authentik pour récupérer les jetons. + + + + Profile URL + URL de profil + + + + URL used by authentik to get user information. + URL utilisée par authentik pour obtenir des informations sur l'utilisateur. + + + + Request token URL + URL du jeton de requête + + + + URL used to request the initial token. This URL is only required for OAuth 1. + URL utilisée pour demander le jeton initial. Cette URL est uniquement requise pour OAuth 1. + + + + OIDC Well-known URL + OIDC Well-known URL + + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + URL de configuration well-known de OIDC. Peut être utilisé pour configurer automatiquement les URL ci-dessus. + + + + OIDC JWKS URL + OIDC JWKS URL + + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + URL de la clé Web JSON. Les clés de l'URL seront utilisées pour valider les JWTs de cette source. + + + + OIDC JWKS + OIDC JWKS + + + + Raw JWKS data. + Données JWKS brutes. + + + + User matching mode + Mode de correspondance utilisateur + + + + Delete currently set icon. + Supprimer l'icône actuellement définie + + + + Consumer key + Clé consumer + + + + Consumer secret + Secret consumer + + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + Champs supplémentaires à transmettre au fournisseur OAuth, séparés par des espaces. Pour remplacer les champs existants, préfixez-les par *. + + + + Flow settings + Paramètres du flux + + + + Flow to use when authenticating existing users. + Flux à utiliser pour authentifier les utilisateurs existants. + + + + Enrollment flow + Flux d'inscription + + + + Flow to use when enrolling new users. + Flux à utiliser pour inscrire les nouveaux utilisateurs. + + + + Load servers + Charger les serveurs + + + + Re-authenticate with plex + Se ré-authentifier avec Plex + + + + Allow friends to authenticate via Plex, even if you don't share any servers + Autoriser les amis à s'authentifier via Plex, même si vous ne partagez aucun serveur + + + + Allowed servers + Serveurs autorisés + + + + Select which server a user has to be a member of to be allowed to authenticate. + Sélectionnez de quel serveur un utilisateur doit être un membre pour être autorisé à s'authentifier. + + + + SSO URL + URL SSO + + + + URL that the initial Login request is sent to. + URL de destination de la requête initiale de login. + + + + SLO URL + URL SLO + + + + Optional URL if the IDP supports Single-Logout. + URL optionnelle si le fournisseur d'identité supporte Single-Logout. + + + + Also known as Entity ID. Defaults the Metadata URL. + Aussi appelé Entity ID. URL de métadonnée par défaut. + + + + Binding Type + Type de liaison + + + + Redirect binding + Redirection + + + + Post-auto binding + Liaison Post-automatique + + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + Liaison Post mais la demande est automatiquement envoyée et l'utilisateur n'a pas à confirmer. + + + + Post binding + Post + + + + Signing keypair + Paire de clés de signature + + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + Paire de clés utilisée pour signer le requêtes sortantes. Laisser vide pour désactiver la signature. + + + + Allow IDP-initiated logins + Autoriser les connexions initiées par IDP + + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + Autoriser les flux d'authentification initiés par l'IdP. Cela peut présenter un risque de sécurité, aucune validation de l'ID de la requête n'est effectuée. + + + + NameID Policy + Politique NameID + + + + Persistent + Persistant + + + + Email address + Adresse courriel + + + + Windows + Fenêtres + + + + X509 Subject + Sujet X509 + + + + Transient + Transitoire + + + + Delete temporary users after + Supprimer les utilisateurs temporaires après + + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + Moment où les utilisateurs temporaires doivent être supprimés. Cela ne s'applique que si votre IDP utilise le format NameID "transient" et que l'utilisateur ne se déconnecte pas manuellement. + + + + Pre-authentication flow + Flux de pré-authentification + + + + Flow used before authentication. + Flux à utiliser avant authentification. + + + + New source + Nouvelle source + + + + Create a new source. + Créer une nouvelle source. + + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Sources d'identités, qui peuvent soit être synchronisées dans la base de données d'authentik, soit être utilisées par les utilisateurs pour s'authentifier et s'inscrire. + + + + Source(s) + Source(s) + + + + Disabled + Désactivé + + + + Built-in + Intégré + + + + Update LDAP Source + Mettre à jour la source LDAP + + + + Not synced yet. + Pas encore synchronisé. + + + + Task finished with warnings + Tâche terminée avec avertissements + + + + Task finished with errors + Tâche terminée avec erreurs + + + + Last sync: + Dernière synchro : + + + + + OAuth Source + Source OAuth + + + + + Generic OpenID Connect + Connection OpenID Générique + + + + Unknown provider type + Type de fournisseur inconnu + + + + Details + Détails + + + + Callback URL + URL de rappel + + + + Access Key + Clé d'accès + + + + Update OAuth Source + Mettre à jour la source OAuth + + + + Diagram + Diagramme + + + + Policy Bindings + Liaisons des politiques + + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + Ces liaisons contrôlent les utilisateurs qui peuvent accéder à cette source. + Vous ne pouvez utiliser que des politiques ici, car l'accès est vérifié avant que l'utilisateur ne soit authentifié. + + + Update Plex Source + Mettre à jour la source Plex + + + + Update SAML Source + Mettre à jour la source SAML + + + + Successfully updated mapping. + Mappage mis à jour avec succès. + + + + Successfully created mapping. + Mappage créé avec succès + + + + Object field + Champ d'objet + + + + Field of the user object this value is written to. + Champ de l'objet utilisateur dans lequel cette valeur est écrite. + + + + SAML Attribute Name + Nom d'attribut SAML + + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + Nom de l'attribut utilisé pour les assertions SAML. Peut être un OID URN, une référence à un schéma ou tout autre valeur. Si ce mappage de propriété est utilisé pour la propriété NameID, cette valeur est ignorée. + + + + Friendly Name + Nom amical + + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + Indiquer la valeur "FriendlyName" de l'attribut d'assertion (optionnel) + + + + Scope name + Nom de la portée + + + + Scope which the client can specify to access these properties. + Portée que le client peut spécifier pour accéder à ces propriétés. + + + + Description shown to the user when consenting. If left empty, the user won't be informed. + Description montrée à l'utilisateur lors de l'approbation. Aucune information présentée à l'utilisateur si laissé vide. + + + + Example context data + Exemple contextuel de données + + + + Active Directory User + Utilisateur Active Directory + + + + Active Directory Group + Groupe Active Directory + + + + New property mapping + Nouveau mappage de propriété + + + + Create a new property mapping. + Créer un nouveau mappage de propriétés. + + + + Property Mappings + Mappages de propriété + + + + Control how authentik exposes and interprets information. + Contrôle comment authentik expose et interprète les informations + + + + Property Mapping(s) + Mappage(s) de propriété + + + + Test Property Mapping + Tester le mappage de propriété + + + + Hide managed mappings + Cacher les mappages gérés + + + + Successfully updated token. + Jeton mis à jour avec succès + + + + Successfully created token. + Jeton créé avec succès + + + + Unique identifier the token is referenced by. + Identifiant unique par lequel le jeton est référencé. + + + + Intent + Intention + + + + API Token + Jeton API + + + + Used to access the API programmatically + Utilisé pour accéder à l'API de manière programmatique + + + + App password. + Mot de passe de l'application. + + + + Used to login using a flow executor + Utilisé pour se connecter à l'aide d'un exécuteur de flux + + + + Expiring + Expiration + + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + Si cette option est sélectionnée, le jeton expirera. À son expiration, le jeton fera l'objet d'une rotation. + + + + Expires on + Expire le + + + + API Access + Accès à l'API + + + + App password + Mot de passe de l'App + + + + Verification + Vérification + + + + Unknown intent + Intention inconnue + + + + Tokens + Jetons + + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Les jetons sont utilisés dans authentik pour les étapes de validation des courriels, les clés de récupération et l'accès aux API. + + + + Expires? + Expire ? + + + + Expiry date + Date d'expiration + + + + Token(s) + Jeton(s) + + + + Create Token + Créer un jeton + + + + Token is managed by authentik. + Jeton géré par authentik + + + + Update Token + Mettre à jour le jeton + + + + Domain + Domaine + + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + La correspondante est effectuée sur le suffixe du domaine ; si vous entrez domain.tld, foo.domain.tld sera également inclus. + + + + Default + Par défaut + + + + Branding settings + Paramètres de marque + + + + Title + Titre + + + + Branding shown in page title and several other places. + Image de marque utilisée dans le titre de la page et dans d'autres endroits + + + + Logo + Logo + + + + Icon shown in sidebar/header and flow executor. + Icône affichée dans la barre latérale, l'en-tête et dans l'exécuteur de flux. + + + + Favicon + Favicon + + + + Icon shown in the browser tab. + Icône affichée dans l'onglet du navigateur. + + + + Default flows + Flux par défaut + + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + Flux utilisé pour authentifier les utilisateurs. S'il est laissé vide, le premier flux applicable trié par le slug est utilisé. + + + + Invalidation flow + Flux d'invalidation + + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + Flux utilisé pour la déconnexion. S'il est laissé vide, le premier flux applicable trié par le slug est utilisé. + + + + Recovery flow + Flux de récupération + + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + Flux de récupération. Si laissé vide, le premier flux applicable trié par slug sera utilisé. + + + + Unenrollment flow + Flux de désinscription + + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + Si défini, les utilisateurs peuvent se désinscrire à l'aide de ce flux. Si aucun flux n'est défini, l'option n'est pas affichée. + + + + User settings flow + Flux de paramètres utilisateur + + + + If set, users are able to configure details of their profile. + Si défini, les utilisateurs sont capables de modifier les informations de leur profil. + + + + Device code flow + Flux de code de l'appareil + + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + S'il est activé, le profil OAuth Device Code peut être utilisé et le flux sélectionné sera utilisé pour saisir le code. + + + + Other global settings + Autres paramètres globaux + + + + Web Certificate + Certificat Web + + + + Event retention + Rétention d'évènement + + + + Duration after which events will be deleted from the database. + Expiration des évènements à l'issue de laquelle ils seront supprimés de la base de donnée. + + + + When using an external logging solution for archiving, this can be set to "minutes=5". + En cas d'utilisation d'une solution de journalisation externe pour l'archivage, cette valeur peut être fixée à "minutes=5". + + + + This setting only affects new Events, as the expiration is saved per-event. + Ce paramètre n'affecte que les nouveaux événements, l'expiration étant enregistrée pour chaque événement. + + + + Configure visual settings and defaults for different domains. + Configure le paramètres visuels et par défaut des différents domaines. + + + + Default? + Par défaut ? + + + + Policies + Politiques + + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + Permettre aux usagers l'utilisation d'applications sur la base de leurs propriétés, appliquer les critères de robustesse des mots de passe et sélectionner les flux applicables. + + + + Assigned to object(s). + Assigné à + objet(s). + + + + Warning: Policy is not assigned. + Avertissement : la politique n'est pas assignée. + + + + Test Policy + Tester la politique + + + + Policy / Policies + Politique/s + + + + Successfully cleared policy cache + Cache de politique vidé avec succès + + + + Failed to delete policy cache + Impossible de vider le cache de politique + + + + Clear cache + Vider le cache + + + + Clear Policy cache + Vider le cache de politique + + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + Êtes-vous sûr de vouloir vider le cache des politiques ? Cela entraînera la réévaluation de toutes les politiques lors de leur prochaine utilisation. + + + Reputation scores + Scores de Réputation + + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + Réputations pour chaque IP et identifiant utilisateur. Les scores sont décrémentés à chaque connexion échouée et incrémentés pour chaque connexion réussie. + + + + IP + IP + + + + Score + Note + + + + Updated + Mis à Jour + + + + Reputation + Réputation + + + + Groups + Groupes + + + + Group users together and give them permissions based on the membership. + Regroupez les utilisateurs et donnez-leur des autorisations en fonction de leur appartenance. + + + + Superuser privileges? + Privilèges de super-utilisateur ? + + + + Group(s) + Groupe(s) + + + + Create Group + Créer un groupe + + + + Create group + Créer un groupe + + + + Enabling this toggle will create a group named after the user, with the user as member. + Activer cette option va créer un groupe du même nom que l'utilisateur dont il sera membre. + + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + Utilisez le nom d'utilisateur et le mot de passe ci-dessous pour vous authentifier. Le mot de passe peut être récupéré plus tard sur la page Jetons. + + + + Password + Mot de passe + + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + Valide pendant 360 jours, après quoi le mot de passe sera alterné automatiquement. Vous pouvez copier le mot de passe depuis la liste des jetons. + + + + The following objects use + The following objects use + + + + + connecting object will be deleted + L'objet connecté sera supprimé + + + + Successfully updated + Mise à jour effectuée avec succès + + + Failed to update : + Échec de la mise à jour + : + + + + + Are you sure you want to update ""? + Êtes-vous sûr de vouloir mettre à jour + " + " ? + + + + Successfully updated password. + Le mot de passe a été mis à jour avec succès. + + + + Successfully sent email. + Courriel envoyé avec succès + + + + Email stage + Étape courriel + + + + Successfully added user(s). + L'ajout d'utilisateur(s) a été effectué avec succès. + + + + Users to add + Utilisateurs à ajouter + + + + User(s) + Utilisateur(s) + + + + Remove Users(s) + Retirer le/les utilisateur(s) + + + + Are you sure you want to remove the selected users from the group ? + Êtes-vous sûr de vouloir supprimer les utilisateurs sélectionnés du groupe + ? + + + + Remove + Retirer + + + + Impersonate + Se faire passer pour + + + + User status + Statut utilisateur + + + + Change status + Changer le statut + + + + Deactivate + Désactiver + + + + Update password + Mettre à Jour le mot de passe + + + + Set password + Définir le mot de passe + + + + Successfully generated recovery link + Lien de récupération généré avec succès + + + + No recovery flow is configured. + Aucun flux de récupération n'est configuré. + + + + Copy recovery link + Copier le lien de récupération + + + + Send link + Envoyer un lien + + + + Send recovery link to user + Envoyer le lien de récupération à l'utilisateur + + + + Email recovery link + Lien de récupération courriel + + + + Recovery link cannot be emailed, user has no email address saved. + Le lien de récupération ne peut pas être envoyé par courriel, l'utilisateur n'a aucune adresse courriel enregistrée. + + + + Add User + Ajouter un utilisateur + + + + Warning: This group is configured with superuser access. Added users will have superuser access. + Avertissement : Ce groupe est configuré avec un accès superutilisateur. Les utilisateurs ajoutés auront un accès superutilisateur. + + + + Add existing user + Ajouter un utilisateur existant + + + + Create user + Créer un utilisateur + + + + Create User + Créer un utilisateur + + + + Create Service account + Créer un compte de service + + + + Hide service-accounts + Cacher les comptes de service + + + + Group Info + Informations de Groupe + + + + Notes + Notes + + + + Edit the notes attribute of this group to add notes here. + Modifiez l'attribut notes de ce groupe pour ajouter des notes ici. + + + + Users + Utilisateurs + + + + Root + Racine + + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + Avertissement : Vous êtes sur le point de supprimer l'utilisateur sous lequel vous êtes connecté ( + ). Poursuivez à vos propres risques. + + + + Hide deactivated user + Cacher l'utilisateur désactivé + + + + User folders + Dossiers utilisateurs + + + + Successfully added user to group(s). + L'utilisateur a été ajouté avec succès au(x) groupe(s). + + + + Groups to add + Groupes à ajouter + + + + Remove from Group(s) + Retirer du/des Groupe(s) + + + + Are you sure you want to remove user from the following groups? + Êtes-vous sûr de vouloir retirer l'utilisateur + des groupes suivants ? + + + + Add Group + Ajouter un groupe + + + + Add to existing group + Ajouter à un groupe existant + + + + Add new group + Ajouter un nouveau groupe + + + + Application authorizations + Autorisations de l'application + + + + Revoked? + Révoqué ? + + + + Expires + Expire + + + + ID Token + ID du jeton + + + + Refresh Tokens(s) + Rafraîchir le(s) jeton(s) + + + + Last IP + Dernière IP + + + + Session(s) + Session(s) + + + + Expiry + Expiration + + + + (Current session) + (Session actuelle) + + + + Permissions + Permissions + + + + Consent(s) + Approbation(s) + + + + Successfully updated device. + Appareil mis à jour avec succès + + + + Static tokens + Jetons statiques + + + + TOTP Device + Appareil TOTP + + + + Enroll + S'inscrire + + + + Device(s) + Appareil(s) + + + + Update Device + Mettre à Jour l'Appareil + + + + Confirmed + Confirmé + + + + User Info + Info utilisateur + + + + Actions over the last week (per 8 hours) + Actions au cours de la semaine écoulée (par tranche de 8 heures) + + + + Edit the notes attribute of this user to add notes here. + Éditer l'attribut notes de cet utilisateur pour ajouter des notes ici. + + + + Sessions + Sessions + + + + User events + Événements de l'utilisateur + + + + Explicit Consent + Approbation explicite + + + + OAuth Refresh Tokens + Jetons de rafraîchissement OAuth + + + + MFA Authenticators + Authentificateurs MFA + + + + Successfully updated invitation. + Invitation mise à jour avec succès + + + + Successfully created invitation. + Invitation créée avec succès + + + + Flow + Flux + + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + Si sélectionné, l'invitation ne sera utilisable que dans ce flux. Par défaut l'invitation est acceptée sur tous les flux avec des étapes d'invitation. + + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + Données optionnelles chargées dans la variable contextuelle 'prompt_data' du flux. YAML ou JSON. + + + + Single use + Usage unique + + + + When enabled, the invitation will be deleted after usage. + Si activée, l'invitation sera supprimée après utilisation. + + + + Select an enrollment flow + Sélectionnez un flux d'inscription + + + + Link to use the invitation. + Lien pour utiliser l'invitation. + + + + Invitations + Invitations + + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Créer des liens d'invitation pour inscrire des utilisateurs et éventuellement imposer certains attributs de leurs compte. + + + + Created by + Créé par + + + + Invitation(s) + Invitation(s) + + + + Invitation not limited to any flow, and can be used with any enrollment flow. + L'invitation n'est limitée à aucun flux, et peut être utilisée avec n'importe quel flux d'inscription. + + + + Update Invitation + Mettre à Jour l'invitation + + + + Create Invitation + Créer une invitation + + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + Attention : aucune étape d’invitation n’a été ajoutée à aucun flux. Les invitations ne fonctionneront pas comme attendu. + + + + Auto-detect (based on your browser) + Détection automatique (basée sur votre navigateur) + + + + Required. + Obligatoire. + + + + Continue + Continuer + + + + Successfully updated prompt. + Invite mise à jour avec succès. + + + + Successfully created prompt. + Invite créée avec succès. + + + + Text: Simple Text input + Texte : simple champ texte + + + + Text Area: Multiline text input + Zone de Texte : Entrée de Texte multiligne + + + + Text (read-only): Simple Text input, but cannot be edited. + Texte (lecture seule) : Texte Simple, mais ne peut être édité. + + + + Text Area (read-only): Multiline text input, but cannot be edited. + Zone de Texte (lecture seule) : Entrée de Texte multiligne, mais ne peut pas être édité. + + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + Nom d'utilisateur : Identique à la saisie de texte, mais vérifie et empêche les noms d'utilisateur en double. + + + + Email: Text field with Email type. + Courriel : champ texte de type adresse courriel + + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + Mot de Passe : Entrée masquée, plusieurs entrées de ce type sur une même page odivent être identiques. + + + + Number + Nombre + + + + Checkbox + Case à cocher + + + + Radio Button Group (fixed choice) + Group de boutons radio (choix fixe) + + + + Dropdown (fixed choice) + Menu déroulant (choix fixe) + + + + Date + Date + + + + Date Time + Date et heure + + + + File + Fichier + + + + Separator: Static Separator Line + Séparateur : Ligne de séparation statique + + + + Hidden: Hidden field, can be used to insert data into form. + Caché : champ caché, peut être utilisé pour insérer des données dans le formulaire. + + + + Static: Static value, displayed as-is. + Statique : valeur statique, affichée comme telle. + + + + authentik: Locale: Displays a list of locales authentik supports. + authentik: Locales: Affiche la liste des locales supportées par authentik. + + + + Preview errors + Prévisualisation des erreurs + + + + Data preview + Prévisualisation des données + + + + Unique name of this field, used for selecting fields in prompt stages. + Nom unique de ce champ, utilisé pour sélectionner les champs dans les étapes de demande + + + + Field Key + Clé du champ + + + + Name of the form field, also used to store the value. + Nom du champ de formulaire utilisé pour enregistrer la valeur + + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + Lorsqu’utilisé avec une étape Écriture Utilisateur, utilise attributes.foo pour écrire les attributs. + + + + Label + Libellé + + + + Label shown next to/above the prompt. + Libellé affiché à côté/au-dessus du champ. + + + + Required + Obligatoire + + + + Interpret placeholder as expression + Interpréter le placeholder comme une expression + + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + Lorsque sélectionné, le placeholder sera évalué de la même manière qu'un mappage de propriété. + Si l'évaluation échoue, le placeholder sera retourné. + + + Placeholder + Par défaut + + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + Founir en option une courte aide qui décrit l'entrée attendue. + Lors de la création d'un champ à choix fixe, active l'interprétation comme expressions et retourne une + une liste de choix multiples. + + + Interpret initial value as expression + Interpréter la valeur initiale comme une expression + + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + Lorsque sélectrionné, la valeur initiale sera évaluée de la même manière qu'un mappage de propriété. + Si l'évaluation échoue, la valeur initiale sera retournée. + + + Initial value + Valeur initiale + + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + Éventuellement remplir le champ avec une valeur initiale. + Lors de la création d'un champ à choix fixes, activer l'interprétation en tant qu'expression et + renvoyer une liste des choix par défaut. + + + Help text + Texte d'aide + + + + Any HTML can be used. + N'importe quel HTML peut être utilisé. + + + + Prompts + Invites + + + + Single Prompts that can be used for Prompt Stages. + Invites simples qui peuvent être utilisés pour les étapes d'invite. + + + + Field + Champ + + + + Stages + Étapes + + + + Prompt(s) + Invite(s) + + + + Update Prompt + Mettre à jour l'invite + + + + Create Prompt + Créer une invite + + + + Target + Cible + + + + Stage + Étape + + + + Evaluate when flow is planned + Évaluer quand le flux est planifié + + + + Evaluate policies during the Flow planning process. + Évaluer les politiques pendant le processus de planification du flux + + + + Evaluate when stage is run + Évaluer quand l'étape est exécutée + + + + Evaluate policies before the Stage is present to the user. + Évaluer les politiques avant la présentation de l'étape à l'utilisateur + + + + Invalid response behavior + Comportement de réponse invalide + + + + Returns the error message and a similar challenge to the executor + Retourne le message d'erreur et un défi similaire à l'exécuteur + + + + Restarts the flow from the beginning + Redémarre le flux depuis le début + + + + Restarts the flow from the beginning, while keeping the flow context + Redémarre le flux depuis le début, en gardant le contexte du flux + + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + Configurer comment l'exécuteur de flux doit gérer une réponse invalide à un défi donné par cette étape d'assignation + + + + Successfully updated stage. + Étape mise à jour avec succès + + + + Successfully created stage. + Étape créée avec succès + + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Étape de configuration d'un authentificateur Duo. Cette étape devrait être utilisée en flux de configuration. + + + + Authenticator type name + Nom du type d'authentificateur + + + + Display name of this authenticator, used by users when they enroll an authenticator. + Affiche le nom de cet authentificateur, utilisé par les utilisateurs quand ils inscrivent un authentificateur. + + + + API Hostname + Nom d'hôte de l'API + + + + Duo Auth API + API d'Authentification Duo + + + + Integration key + Clé d'intégration + + + + Secret key + Clé secrète + + + + Duo Admin API (optional) + API Administrateur Duo (optionnel) + + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + Lors de l'utilisation d'un abonnement Duo MFA, Access ou Beyond, une application pour l'Admin API peut être créée. + Cela permettra à authentik d'importer les appareils automatiquement. + + + Stage-specific settings + Paramètres propres à l'étape + + + + Configuration flow + Flux de configuration + + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + Flux utilisé par un utilisateur authentifié pour configurer cette étape. S'il est vide, l'utilisateur ne sera pas en mesure de le configurer. + + + + Twilio Account SID + SID de Compte Twilio + + + + Get this value from https://console.twilio.com + Obtenez cette valeur depuis https://console.twilio.com + + + + Twilio Auth Token + Jeton d'Authentification Twilio + + + + Authentication Type + Type d'authentification + + + + Basic Auth + Authentification Basique + + + + Bearer Token + Bearer Token + + + + External API URL + URL d'API externe + + + + This is the full endpoint to send POST requests to. + Ceci est le point de terminaison complet vers lequel il faut envoyer des requêtes POST + + + + API Auth Username + Nom d'utilisateur de l'API d'Authentification + + + + This is the username to be used with basic auth or the token when used with bearer token + Ceci est le nom d'utilisateur à utiliser pour de l'authentification basique ou le token à utiliser en avec Bearer token + + + + API Auth password + Mot de passe de l'API d'Authentification + + + + This is the password to be used with basic auth + Ceci est le mot de passe à utiliser pour l'authentification basique + + + + Mapping + Mappage + + + + Modify the payload sent to the custom provider. + Modifier le contenu envoyé aux fournisseurs personnalisés. + + + + Stage used to configure an SMS-based TOTP authenticator. + Étape utilisée pour configurer un authentificateur TOTP par SMS. + + + + Twilio + Twilio + + + + Generic + Générique + + + + From number + Numéro Expéditeur + + + + Number the SMS will be sent from. + Numéro depuis lequel le SMS sera envoyé. + + + + Hash phone number + Hacher le numéro de téléphone + + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + Si activé, seul un hash du numéro de téléphone sera sauvegarder. Cela peut être fait pour des raisons de protection des données personnelles. Les appareils créés depuis une étape ayant cette option activée ne peuvent pas être utilisés avec l'étape de validation d'authentificateur. + + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Étape de configuration d'un authentificateur statique (jetons statiques). Cette étape devrait être utilisée en flux de configuration. + + + + Token count + Compteur jeton + + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Étape utilisée pour configurer un authentificateur TOTP (comme Authy ou Google Authenticator).L + + + + Digits + Chiffres + + + + 6 digits, widely compatible + 6 chiffres, largement compatible + + + + 8 digits, not compatible with apps like Google Authenticator + 8 chiffres, incompatible avec certaines applications telles que Google Authenticator + + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Étape utilisée pour valider tout type d'authentificateur. Cette étape devrait être utilisée en flux d'authentification ou d'autorisation. + + + + Device classes + Classes d'équipement + + + + Static Tokens + Jetons statiques + + + + TOTP Authenticators + Authentificateur TOTP + + + + WebAuthn Authenticators + Authentificateurs WebAuthn + + + + Duo Authenticators + Authentificateurs Duo + + + + SMS-based Authenticators + Authenticatificateurs basé sur SMS + + + + Device classes which can be used to authenticate. + Classe d'équipement qui peut être utilisé pour s'authentifier + + + + Last validation threshold + Seuil de dernière validation + + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + Si l’utilisateur a utilisé n’importe lequel des appareils du type sélectionné ci-dessus pendant cette période, cette étape sera ignorée. + + + + Not configured action + Action non configurée + + + + Force the user to configure an authenticator + Obliger l'utilisateur à configurer un authentificateur + + + + Deny the user access + Refuser l'accès à l'utilisateur + + + + WebAuthn User verification + Vérification Utilisateur WebAuthn + + + + User verification must occur. + La vérification utilisateur doit avoir lieu. + + + + User verification is preferred if available, but not required. + La vérification utilisateur est préférée si disponible, mais non obligatoire. + + + + User verification should not occur. + La vérification utilisateur ne doit pas avoir lieu. + + + + Configuration stages + Étapes de Configuration + + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + Étapes utilisées pour configurer Authentifcateur (Authenticator) lorsque l’utilisateur n’a pas d’appareil compatible. Une fois cette étape passée, l’utilisateur ne sera pas sollicité de nouveau. + + + + When multiple stages are selected, the user can choose which one they want to enroll. + Lorsque plusieurs étapes sont sélectionnées, les utilisateurs peuvent choisir celle qu’ils souhaient utiliser pour s’enrôler. + + + + User verification + Vérification Utilisateur + + + + Resident key requirement + Exigence de clé résidente + + + + Authenticator Attachment + Lien à l'authentificateur + + + + No preference is sent + Aucune préférence n'est envoyée + + + + A non-removable authenticator, like TouchID or Windows Hello + Un authentificateur inamovible, comme TouchID ou Windows Hello + + + + A "roaming" authenticator, like a YubiKey + Un authentificateur "itinérant", comme une YubiKey + + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + Cette étape vérifie la session actuelle de l'utilisateur sur le service reCaptcha de Google (ou service compatible). + + + + Public Key + Clé publique + + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Clé publique, obtenue depuis https://www.google.com/recaptcha/intro/v3.html. + + + + Private Key + Clé privée + + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Clé privée, acquise auprès de https://www.google.com/recaptcha/intro/v3.html. + + + + Advanced settings + Paramètres avancés + + + + JS URL + URL du JS + + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + URL où télécharger le JavaScript, recaptcha par défaut. Peut être remplacé par une alternative compatible. + + + + API URL + URL d'API + + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + URL utilisée pour valider la réponse captcha, recaptcha par défault. Peut être remplacé par une alternative compatible. + + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + Demander le consentement de l'utilisateur. Celui-ci peut être permanent ou expirer dans un délai défini. + + + + Always require consent + Toujours exiger l'approbation + + + + Consent given last indefinitely + L'approbation dure indéfiniment + + + + Consent expires. + L'approbation expire. + + + + Consent expires in + L'approbation expire dans + + + + Offset after which consent expires. + Décalage après lequel le consentement expire. + + + + Dummy stage used for testing. Shows a simple continue button and always passes. + Étape factice utilisée pour les tests. Montre un simple bouton continuer et réussit toujours. + + + + Throw error? + Renvoyer une erreur ? + + + + SMTP Host + Hôte SMTP + + + + SMTP Port + Port SMTP + + + + SMTP Username + Utilisateur SMTP + + + + SMTP Password + Mot de passe SMTP + + + + Use TLS + Utiliser TLS + + + + Use SSL + Utiliser SSL + + + + From address + Adresse d'origine + + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + Vérifier le courriel de l'utilisateur en lui envoyant un lien à usage unique. Peut également être utilisé lors de la récupération afin de vérifier l'authenticité de l'utilisateur. + + + + Activate pending user on success + Activer l'utilisateur en attente en cas de réussite + + + + When a user returns from the email successfully, their account will be activated. + Lorsqu'un utilisateur revient du courriel avec succès, son compte sera activé. + + + + Use global settings + Utiliser les paramètres globaux + + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + Si activé, les paramètres globaux de connexion courriel seront utilisés et les paramètres de connexion ci-dessous seront ignorés. + + + + Token expiry + Expiration du jeton + + + + Time in minutes the token sent is valid. + Temps en minutes durant lequel le jeton envoyé est valide. + + + + Template + Modèle + + + + Let the user identify themselves with their username or Email address. + Laisser l'utilisateur s'identifier lui-même avec son nom d'utilisateur ou son adresse courriel. + + + + User fields + Champs de l'utilisateur + + + + UPN + UPN + + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + Champs avec lesquels un utilisateur peut s'identifier. Si aucun champ n'est sélectionné, l'utilisateur ne pourra utiliser que des sources. + + + + Password stage + Étape de mot de passe + + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + Si activée, un champ de mot de passe est affiché sur la même page au lieu d'une page séparée. Cela permet d'éviter les attaques par énumération de noms d'utilisateur. + + + + Case insensitive matching + Correspondance insensible à la casse + + + + When enabled, user fields are matched regardless of their casing. + Si activé, les champs de l'utilisateur sont mis en correspondance en ignorant leur casse. + + + + Show matched user + Afficher l'utilisateur correspondant + + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + Lorsqu'un nom d'utilisateur/adresse courriel valide a été saisi, et si cette option est active, le nom d'utilisateur et l'avatar de l'utilisateur seront affichés. Sinon, le texte que l'utilisateur a saisi sera affiché. + + + + Source settings + Paramètres de la source + + + + Sources + Sources + + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + Sélectionnez les sources à afficher aux utilisateurs pour s'authentifier. Cela affecte uniquement les sources web, pas LDAP. + + + + Show sources' labels + Afficher les étiquettes des sources + + + + By default, only icons are shown for sources. Enable this to show their full names. + Par défaut, seuls les icônes sont affichés pour les sources, activez cette option pour afficher leur nom complet. + + + + Passwordless flow + Flux sans mot de passe + + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + Flux sans mot de passe facultatif, qui sera accessible en bas de page. Lorsque configuré, les utilisateurs peuvent utiliser ce flux pour s'authentifier avec un authentificateur WebAuthn, sans entrer de détails. + + + + Optional enrollment flow, which is linked at the bottom of the page. + Flux d'inscription facultatif, qui sera accessible en bas de page. + + + + Optional recovery flow, which is linked at the bottom of the page. + Flux de récupération facultatif, qui sera accessible en bas de page. + + + + This stage can be included in enrollment flows to accept invitations. + Cette étape peut être incluse dans les flux d'inscription pour accepter les invitations. + + + + Continue flow without invitation + Continuer le flux sans invitation + + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + Si activé, cette étape passera à l'étape suivante si aucune invitation n'est donnée. Par défaut, cette étape annule le flux en l'absence d'invitation. + + + + Validate the user's password against the selected backend(s). + Valider le mot de passe de l'utilisateur sur le(s) backend(s) sélectionné(s). + + + + Backends + Backends + + + + User database + standard password + Base de données utilisateurs + mots de passe standards + + + + User database + app passwords + Base de données utilisateurs + mots de passes applicatifs + + + + User database + LDAP password + Base de données utilisateurs + mot de passe LDAP + + + + Selection of backends to test the password against. + Sélection de backends pour tester le mot de passe. + + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + Flux utilisé par un utilisateur authentifié pour configurer son mot de passe. S'il est vide, l'utilisateur ne sera pas en mesure de changer son mot de passe. + + + + Failed attempts before cancel + Échecs avant annulation + + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + Nombre de tentatives dont dispose un utilisateur avant que le flux ne soit annulé. Pour verrouiller l'utilisateur, utilisez une politique de réputation et une étape user_write. + + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + Afficher des champs de saisie arbitraires à l'utilisateur, par exemple pendant l'inscription. Les données sont enregistrées dans le contexte du flux sous la variable "prompt_data". + + + + Fields + Champs + + + + ("", of type ) + + (" + ", de type + ) + + + + Validation Policies + Politiques de validation + + + + Selected policies are executed when the stage is submitted to validate the data. + Les politiques sélectionnées sont exécutées lorsque l'étape est soumise pour valider les données. + + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + Supprimer l'utilisateur en attente. ATTENTION, cette étape ne demande aucune confirmation. Utiliser une étape d'approbation pour s'assurer que l'utilisateur ait conscience de ses actions. + + + Log the currently pending user in. + Ouvre la session de l'utilisateur courant. + + + + Session duration + Durée de la session + + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + Détermine la durée de la session. La valeur par défaut de 0 seconde signifie que la session dure jusqu'à la fermeture du navigateur. + + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + Différents navigateurs gèrent les cookies de session différemment et peuvent ne pas les supprimer même lorsque le navigateur est fermé. + + + + See here. + Voir ici. + + + + Stay signed in offset + Rester connecté en décalage + + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + Si défini à une durée supérieure à 0, l'utilisateur aura la possibilité de choisir de "rester connecté", ce qui prolongera sa session jusqu'à la durée spécifiée ici. + + + + Terminate other sessions + Terminer les autres sessions + + + + When enabled, all previous sessions of the user will be terminated. + Lorsqu'activé, toutes les sessions précédentes de l'utilisateur seront terminées. + + + + Remove the user from the current session. + Supprimer l'utilisateur de la session actuelle. + + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + Écrit toute donnée provenant du contexte du flux 'prompt_data' à l'utilisateur en attente. Si aucun utilisateur + n'est en attente, un nouvel utilisateur est créé avec ces données. + + + Never create users + Ne jamais créer d'utilisateurs + + + + When no user is present in the flow context, the stage will fail. + Si aucun utilisateur n'est présent dans le contexte du flux, l'étape va échouer. + + + + Create users when required + Créer des utilisateurs si nécessaire + + + + When no user is present in the the flow context, a new user is created. + Si aucun utilisateur n'est présent dans le contexte du flux, un nouvel utilisateur est créé. + + + + Always create new users + Toujours créer de nouveaux utilisateurs + + + + Create a new user even if a user is in the flow context. + Créer un nouvel utilisateur même si un utilisateur est déjà présent dans le contexte du flux. + + + + Create users as inactive + Créer des utilisateurs inactifs + + + + Mark newly created users as inactive. + Marquer les utilisateurs nouvellements créés comme inactifs. + + + + User path template + Modèle de chemin des utilisateurs + + + + Path new users will be created under. If left blank, the default path will be used. + Chemin sous lequel les nouveaux utilisateurs seront créés. Si laissé vide, le chemin par défaut sera utilisé. + + + + Newly created users are added to this group, if a group is selected. + Les utilisateurs nouvellement créés sont ajoutés à ce groupe, si un groupe est sélectionné. + + + + New stage + Nouvelle étape + + + + Create a new stage. + Créer une nouvelle étape. + + + + Successfully imported device. + Appareil importé avec succès. + + + + The user in authentik this device will be assigned to. + L'utilistateur authentik auquel cet appareil sera assigné. + + + + Duo User ID + ID Utilisateur Duo + + + + The user ID in Duo, can be found in the URL after clicking on a user. + L'ID utilisateur Duo, peut être trouvé dans l'URL en cliquant sur un utilisateur, + + + + Automatic import + Importation automatique + + + + Successfully imported devices. + Import réussi de + appareils. + + + + Start automatic import + Démarrer l'importation automatique + + + + Or manually import + Ou importer manuellement + + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + Les étapes sont des étapes simples d'un flux au travers duquel un utilisateur est guidé. Une étape peut être uniquement exécutée à l'intérieur d'un flux. + + + + Flows + Flux + + + + Stage(s) + Étape(s) + + + + Import + Importer + + + + Import Duo device + Importer un appareil Duo + + + + Successfully updated flow. + Flux mis à jour avec succès + + + + Successfully created flow. + Flux créé avec succès + + + + Shown as the Title in Flow pages. + Afficher comme Titre dans les pages de Flux. + + + + Visible in the URL. + Visible dans l'URL + + + + Designation + Désignation + + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + Détermine l'usage de ce flux. Par exemple, un flux d'authentification est la destination d'un visiteur d'authentik non authentifié. + + + + No requirement + Aucun prérequis + + + + Require authentication + Requiert une authentification + + + + Require no authentication. + Requiert l'absence d'authentification + + + + Require superuser. + Requiert un super-utilisateur + + + + Required authentication level for this flow. + Niveau d'authentification requis pour ce flux. + + + + Behavior settings + Paramètres de comportement + + + + Compatibility mode + Mode de compatibilité + + + + Increases compatibility with password managers and mobile devices. + Augmente la compatibilité avec les gestionnaires de mots de passe et les appareils mobiles + + + + Denied action + Action refusée + + + + Will follow the ?next parameter if set, otherwise show a message + Suivra le paramètre ?next si défini, sinon affichera un message + + + + Will either follow the ?next parameter or redirect to the default interface + Suivra le paramètre ?next ou redirigera vers l'interface par défaut + + + + Will notify the user the flow isn't applicable + Notifiera l'utilisateur que le flux ne s'applique pas + + + + Decides the response when a policy denies access to this flow for a user. + Décider de la réponse quand une politique refuse l'accès à ce flux pour un utilisateur. + + + + Appearance settings + Paramètres d'apparence + + + + Layout + Organisation + + + + Background + Arrière-plan + + + + Background shown during execution. + Arrière-plan utilisé durant l'exécution. + + + + Clear background + Fond vide + + + + Delete currently set background image. + Supprimer l'arrière plan actuellement défini + + + + Successfully imported flow. + Flux importé avec succès + + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + Fichiers .yaml, qui peuvent être trouvés sur goauthentik.io et exportés par authentik. + + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + Les flux décrivent une succession d'étapes pour authentifier, inscrire ou récupérer un utilisateur. Les étapes sont choisies en fonction des politiques qui leur sont appliquées. + + + + Flow(s) + Flux + + + + Update Flow + Mettre à jour le flux + + + + Create Flow + Créer un flux + + + + Import Flow + Importer un flux + + + + Successfully cleared flow cache + Cache de flux vidé avec succès + + + + Failed to delete flow cache + Impossible de vider le cache de flux + + + + Clear Flow cache + Vider le cache de flux + + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + Êtes-vous sûr de vouloir vider le cache des flux ? + Cela va forcer une ré-évaluation de tous les flux lors de leur prochaine utilisation. + + + Stage binding(s) + Liaison(s) de l'étape + + + + Stage type + Type d'étape + + + + Edit Stage + Éditer l'étape + + + + Update Stage binding + Mettre à jour la liaison de l'étape + + + + These bindings control if this stage will be applied to the flow. + Ces liaisons contrôlent si cette étape sera appliquée au flux. + + + + No Stages bound + Aucune étape liée + + + + No stages are currently bound to this flow. + Aucune étape n'est actuellement liée à ce flux. + + + + Create Stage binding + Créer une liaison d'étap + + + + Bind stage + Lier une étape + + + + Bind existing stage + Lier une étape existante + + + + Flow Overview + Aperçu du flux + + + + Related actions + Actions apparentées + + + + Execute flow + Exécuter le flux + + + + Normal + Normal + + + + with current user + avec l'utilisateur actuel + + + + with inspector + avec inspecteur + + + + Export flow + Exporter le flux + + + + Export + Exporter + + + + Stage Bindings + Liaisons de l'étape + + + + These bindings control which users can access this flow. + Ces liaisons contrôlent les utilisateurs qui peuvent accéder à ce flux. + + + + Event Log + Journal d'évènements + + + + Event + Évènement + + + + + Event info + Information d'évèvement + + + + Created + Créé + + + + Successfully updated transport. + Transport mis à jour avec succès + + + + Successfully created transport. + Transport créé avec succès + + + + Local (notifications will be created within authentik) + Local (les notifications seront créées dans authentik) + + + + Webhook (generic) + Webhook (générique) + + + + Webhook (Slack/Discord) + Webhook (Slack/Discord) + + + + Webhook URL + URL Webhoo + + + + Webhook Mapping + Mappage de Webhook + + + + Send once + Envoyer une seule fois + + + + Only send notification once, for example when sending a webhook into a chat channel. + Envoyer une seule fois la notification, par exemple lors de l'envoi d'un webhook dans un canal de discussion. + + + + Notification Transports + Transports de notification + + + + Define how notifications are sent to users, like Email or Webhook. + Définit les méthodes d'envoi des notifications aux utilisateurs, telles que courriel ou webhook. + + + + Notification transport(s) + Transport(s) de notification + + + + Update Notification Transport + Mettre à jour le transport de notification + + + + Create Notification Transport + Créer une notification de transport + + + + Successfully updated rule. + Règle mise à jour avec succès + + + + Successfully created rule. + Règle créée avec succès + + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + Sélectionner le groupe d'utilisateurs à qui les alertes seront envoyées. Si aucun groupe n'est sélectionné, cette règle est désactivée. + + + + Transports + Transports + + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + Sélectionnez les transports à utiliser pour notifier l'utilisateur. À défaut, la notification sera simplement affichée dans l'interface utilisateur authentik. + + + + Severity + Sévérité + + + + Notification Rules + Règles de notification + + + + Send notifications whenever a specific Event is created and matched by policies. + Envoyez des notifications chaque fois qu'un événement spécifique est créé et correspond à des politiques. + + + + Sent to group + Envoyé au groupe + + + + Notification rule(s) + Règle(s) de notification + + + + None (rule disabled) + Aucun (règle désactivée) + + + + Update Notification Rule + Mettre à jour la règle de notification + + + + Create Notification Rule + Créer une règles de notification + + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + Ces liaisons contrôlent les événements sur lesquels cette règle se déclenche. +Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'utilisateur de l'événement. + + + Outpost Deployment Info + Info de déploiement de l'avant-poste + + + + View deployment documentation + Voir la documentation de déploiement + + + + Click to copy token + Cliquer pour copier le jeton + + + + If your authentik Instance is using a self-signed certificate, set this value. + Activer cette option si votre instance authentik utilise un certificat auto-signé. + + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + Ajouter cette option si le paramètre authentik_host ne correspond pas à l'URL sur laquelle vous voulez ouvrir une session. + + + + Successfully updated outpost. + Avant-poste mis à jour avec succès + + + + Successfully created outpost. + Avant-poste créé avec succès + + + + Radius + Rayon + + + + Integration + Intégration + + + + Selecting an integration enables the management of the outpost by authentik. + La sélection d'une intégration permet la gestion de l'avant-poste par authentik. + + + + You can only select providers that match the type of the outpost. + Vous pouvez uniquement sélectionner des fournisseurs qui correspondent au type d'avant-poste. + + + + Configuration + Configuration + + + + See more here: + Voir plus ici: + + + + Documentation + Documentation + + + + Last seen + Vu pour la dernière fois + + + + , should be + + , devrait être + + + + + Hostname + Nom d'hôte + + + + Not available + Indisponible + + + + Last seen: + Vu pour la dernière fois : + + + + + Unknown type + Type inconnu + + + + Outposts + Avant-postes + + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Les avant-postes sont des déploiements de composants authentik pour supporter différents environnements et protocoles, comme des reverse proxies. + + + + Health and Version + État et version + + + + Warning: authentik Domain is not configured, authentication will not work. + Avertissement : le domaine d'authentik n'est pas configuré, l'authentification ne fonctionnera pas. + + + + Logging in via . + Connexion avec + . + + + + No integration active + Aucune intégration active + + + + Update Outpost + Mettre à jour l'avant-poste + + + + View Deployment Info + Afficher les informations de déploiement + + + + Detailed health (one instance per column, data is cached so may be out of date) + État détaillé (une instance par colonne, les données sont mises en cache et peuvent donc être périmées) + + + + Outpost(s) + Avant-poste(s) + + + + Create Outpost + Créer un avant-poste + + + + Successfully updated integration. + Intégration mise à jour avec succès + + + + Successfully created integration. + Intégration créé avec succès + + + + Local + Local + + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + Si activé, utiliser la connexion locale. Intégration Docker socket/Kubernetes requise. + + + + Docker URL + URL Docker + + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + Peut être au format "unix://" pour une connexion à un service docker local, "ssh://" pour une connexion via SSH, ou "https://:2376" pour une connexion à un système distant. + + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + AC auprès de laquelle le certificat du terminal est vérifié. Peut être laissé vide en l'absence de validation. + + + + TLS Authentication Certificate/SSH Keypair + Certificat TLS d'authentification/Pair de clé SSH + + + + Certificate/Key used for authentication. Can be left empty for no authentication. + Certificat et clé utilisés pour l'authentification. Peut être laissé vide si pas d'authentification. + + + + When connecting via SSH, this keypair is used for authentication. + Lors de la connexion SSH, cette paire de clé sera utilisée pour s'authentifier. + + + + Kubeconfig + Kubeconfig + + + + Verify Kubernetes API SSL Certificate + Vérifier le certificat SSL de l'API Kubernetes + + + + New outpost integration + Nouvelle intégration d’avant-poste + + + + Create a new outpost integration. + Créer une nouvelle intégration d’avant-poste. + + + + State + État + + + + Unhealthy + Malade + + + + Outpost integration(s) + Intégration(s) d'avant-postes + + + + Successfully generated certificate-key pair. + Paire clé/certificat générée avec succès. + + + + Common Name + Nom Commun + + + + Subject-alt name + Nom alternatif subject + + + + Optional, comma-separated SubjectAlt Names. + Liste optionnelle de noms alternatifs (SubjetAlt Names), séparés par des virgules. + + + + Validity days + Jours de validité + + + + Successfully updated certificate-key pair. + Paire clé/certificat mise à jour avec succès. + + + + Successfully created certificate-key pair. + Paire clé/certificat créée avec succès. + + + + PEM-encoded Certificate data. + Données du certificat au format PEM + + + + Optional Private Key. If this is set, you can use this keypair for encryption. + Clé privée optionnelle. Si définie, vous pouvez utiliser pour le chiffrement. + + + + Certificate-Key Pairs + Paires de clé/certificat + + + + Import certificates of external providers or create certificates to sign requests with. + Importer les certificats des fournisseurs externes ou créer des certificats pour signer les demandes. + + + + Private key available? + Clé privée disponible ? + + + + Certificate-Key Pair(s) + Paire(s) de clé/certificat + + + + Managed by authentik + Géré par authentik + + + + Managed by authentik (Discovered) + Géré par authentik (Découvert) + + + + Yes () + Oui ( + ) + + + + No + Non + + + + Update Certificate-Key Pair + Mettre à jour la paire clé/certificat + + + + Certificate Fingerprint (SHA1) + Empreinte du certificat (SHA1) + + + + Certificate Fingerprint (SHA256) + Empreinte du certificat (SHA256) + + + + Certificate Subject + Sujet du certificat + + + + Download Certificate + Télécharger le certificat + + + + Download Private key + Télécharger la clé privée + + + + Create Certificate-Key Pair + Créer une paire clé/certificat + + + + Generate + Générer + + + + Generate Certificate-Key Pair + Générer une paire clé/certificat + + + + Successfully updated instance. + Instance mise à jour avec succès. + + + + Successfully created instance. + Instance créée avec succès. + + + + Disabled blueprints are never applied. + Les plans désactivés ne sont jamais appliqués. + + + + Local path + Chemin local + + + + OCI Registry + Registre OCI + + + + Internal + Interne + + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + URL OCI, au format oci://registry.domain.tld/path/to/manifest. + + + + See more about OCI support here: + Voir plus à propos du support OCI ici : + + + + Blueprint + Plan + + + + Configure the blueprint context, used for templating. + Configurer le contexte du plan, utilisé pour modéliser. + + + + Orphaned + Orphelin + + + + Blueprints + Plans + + + + Automate and template configuration within authentik. + Automatiser et modéliser la configuration au sein d'authentik. + + + + Last applied + Dernière application + + + + Blueprint(s) + Plan(s) + + + + Update Blueprint + Mettre à jour le plan + + + + Create Blueprint Instance + Créer une instance du plan + + + + API Requests + Requêtes d'API + + + + Open API Browser + Ouvrir le navigateur API + + + + Notifications + Notifications + + + + unread + + non-lu + + + + Successfully cleared notifications + Notifications effacées avec succès + + + + Clear all + Tout vider + + + + A newer version of the frontend is available. + Une nouvelle version de l'interface est disponible. + + + + You're currently impersonating . Click to stop. + Vous vous faites actuellement passer pour + . Cliquer pour arrêter. + + + + User interface + Interface utilisateur + + + + Dashboards + Tableaux de bord + + + + Events + Évènements + + + + Logs + Logs + + + + Customisation + Personalisation + + + + Directory + Répertoire + + + + System + Système + + + + Certificates + Certificats + + + + Outpost Integrations + Intégration d’avant-postes + + + + API request failed + Requête d'API échouée + + + + User's avatar + Avatar de l'utilisateu + + + + Something went wrong! Please try again later. + Une erreur s'est produite ! Veuillez réessayer plus tard. + + + + Request ID + ID de requête + + + + You may close this page now. + Vous pouvez maintenant fermer cette page. + + + + You're about to be redirect to the following URL. + Vous allez être redirigé vers l'URL suivante. + + + + Follow redirect + Suivre la redirection + + + + Request has been denied. + La requête a été refusée. + + + + Not you? + Pas vous ? + + + + Need an account? + Besoin d'un compte ? + + + + Sign up. + S'enregistrer. + + + + Forgot username or password? + Mot de passe ou nom d'utilisateur oublié ? + + + + Select one of the sources below to login. + Sélectionnez l'une des sources ci-dessous pour se connecter. + + + + Or + Ou + + + + Use a security key + Utiliser une clé de sécurité + + + + Login to continue to . + Connectez-vous pour continuer sur + . + + + + Please enter your password + Veuillez saisir votre mot de passe + + + + Forgot password? + Mot de passe oublié ? + + + + Application requires following permissions: + Cette application requiert les permissions suivantes : + + + + Application already has access to the following permissions: + L’application a déjà accès aux permissions suivantes : + + + + Application requires following new permissions: + Cette application requiert de nouvelles permissions : + + + + Check your Inbox for a verification email. + Vérifiez votre boite de réception pour un courriel de vérification. + + + + Send Email again. + Renvoyer le courriel. + + + + Successfully copied TOTP Config. + Configuration TOTP copiée avec succès + + + + Copy + Copier + + + + Code + Code + + + + Please enter your TOTP Code + Veuillez saisir votre code TOTP + + + + Duo activation QR code + Code QR d'activation Duo + + + + Alternatively, if your current device has Duo installed, click on this link: + Sinon, si Duo est installé sur cet appareil, cliquez sur ce lien : + + + + Duo activation + Activation Duo + + + + Check status + Vérifier le statut + + + + Make sure to keep these tokens in a safe place. + Veuillez à conserver ces jetons dans un endroit sûr. + + + + Phone number + Numéro de téléphone + + + + Please enter your Phone number. + Veuillez entrer votre numéro de téléphone + + + + Please enter the code you received via SMS + Veuillez entrer le code que vous avez reçu par SMS + + + + A code has been sent to you via SMS. + Un code vous a été envoyé par SMS. + + + + Open your two-factor authenticator app to view your authentication code. + Ouvrez votre application d'authentification à deux facteurs pour afficher votre code d'authentification. + + + + Static token + Jeton statique + + + + Authentication code + Code d'authentification + + + + Please enter your code + Veuillez saisir votre code + + + + Return to device picker + Retourner à la sélection d'appareil + + + + Sending Duo push notification + Envoi de notifications push Duo + + + + Assertions is empty + L'assertion est vide + + + + Error when creating credential: + Erreur lors de la création des identifiants : + + + + + Error when validating assertion on server: + Erreur lors de la validation de l'assertion sur le serveur : + + + + + Retry authentication + Réessayer l'authentification + + + + Duo push-notifications + Notification push Duo + + + + Receive a push notification on your device. + Recevoir une notification push sur votre appareil. + + + + Authenticator + Authentificateur + + + + Use a security key to prove your identity. + Utilisez une clé de sécurité pour prouver votre identité. + + + + Traditional authenticator + Authentificateur traditionnel + + + + Use a code-based authenticator. + Utiliser un authentifieur à code. + + + + Recovery keys + Clés de récupération + + + + In case you can't access any other method. + Au cas où aucune autre méthode ne soit disponible. + + + + SMS + SMS + + + + Tokens sent via SMS. + Jeton envoyé par SMS + + + + Select an authentication method. + Sélectionnez une méthode d'authentification + + + + Stay signed in? + Rester connecté ? + + + + Select Yes to reduce the number of times you're asked to sign in. + Sélectionnez Oui pour réduire le nombre de fois où l'on vous demande de vous connecter. + + + + Authenticating with Plex... + Authentification avec Plex... + + + + Waiting for authentication... + En attente de l'authentification... + + + + If no Plex popup opens, click the button below. + Si aucune fenêtre contextuelle Plex ne s'ouvre, cliquez sur le bouton ci-dessous. + + + + Open login + Ouvrir la connexion + + + + Authenticating with Apple... + Authentification avec Apple... + + + + Retry + Recommencer + + + + Enter the code shown on your device. + Saisissez le code indiqué sur votre appareil. + + + + Please enter your Code + Veuillez entrer votre code + + + + You've successfully authenticated your device. + Vous avez authentifié votre appareil avec succès. + + + + Flow inspector + Inspecteur de flux + + + + Next stage + Étape suivante + + + + Stage name + Nom de l'étape + + + + Stage kind + Type d'étap + + + + Stage object + Objet étap + + + + This flow is completed. + Ce flux est terminé. + + + + Plan history + Historique du plan + + + + Current plan context + Contexte du plan courant + + + + Session ID + ID de session + + + + Powered by authentik + Propulsé par authentik + + + + Background image + Image d'arrière-plan + + + + Error creating credential: + Erreur lors de la création des identifiants : + + + + + Server validation of credential failed: + Erreur lors de la validation des identifiants par le serveur : + + + + + Register device + Enregistrer un appareil + + + + Refer to documentation + Référez-vous à la documentation + + + No Applications available. + Aucune Application disponible. + + + + Either no applications are defined, or you don’t have access to any. + Soit aucune application n'est définie, soit vous n'en avez accès à aucune. + + + My Applications + Mes Applications + + + + My applications + Mes applications + + + + Change your password + Changer votre mot de passe + + + + Change password + Changer le mot de passe + + + + + + + + + + + Save + Enregistrer + + + + Delete account + Supprimer le compte + + + + Successfully updated details + Détails mis à jour avec succès + + + + Open settings + Ouvrir les paramètres + + + + No settings flow configured. + Aucun flux de paramètres n'est configuré. + + + + Update details + Détails de la mise à jour + + + + Successfully disconnected source + Source déconnectée avec succès + + + + Failed to disconnected source: + Erreur de la déconnexion source : + + + + + Disconnect + Déconnecter + + + + Connect + Connecter + + + + Error: unsupported source settings: + Erreur : configuration de la source non-supportée : + + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Connectez votre compte aux service listés ci-dessous, cela vous permettra de les utiliser pour vous connecter au lieu des identifiants traditionnels. + + + + No services available. + Aucun service disponible + + + + Create App password + Créer un mot de passe App + + + + User details + Détails de l'utilisateur + + + + Consent + Approbation + + + + MFA Devices + Appareils de MFA + + + + Connected services + Services connectés + + + + Tokens and App passwords + Jetons et mots de passe d'application + + + + Unread notifications + Notifications non lues + + + + Admin interface + Interface d'administration + + + + Stop impersonation + Arrêter l'appropriation utilisateu + + + + Avatar image + Image d'avatar + + + + Failed + Échoué + + + + Unsynced / N/A + Non synchronisé / N/A + + + + Outdated outposts + Avant-postes périmés + + + + Unhealthy outposts + Avant-postes malades + + + + Next + Suivant + + + + Inactive + Inactif + + + + Regular user + Utilisateur normal + + + + Activate + Activer + + + + Use Server URI for SNI verification + Utiliser l'URI du serveur pour la vérification SNI + + + Required for servers using TLS 1.3+ + Requis pour les serveurs utilisant TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + Certificat client pour authentifier auprès du certificat du serveur LDAP. The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate + Certificat pour le DN de base configuré ci-dessus. Sinon, le fournisseur utilise un certificat auto-signé. TLS Server name + Nom TLS du serveur - - UID start number + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + Nom DNS pour lequel le certificat configuré ci-dessus doit être utilisé. Le certificat ne peut pas être détecté à partir du DN de base, car la négociation SSL/TLS a lieu avant que cette donnée ne soit échangée. - - GID start number + + TLS Client authentication certificate + Certificat TLS d'authentification client - - Successfully updated provider. + + Model + Modèle - - Successfully created provider. + + Match events created by selected model. When left empty, all models are matched. + Inclure les évènements créés par ce modèle. S'il est laissé vide, tous les modèles seront inclus. - - (Format: hours=-1;minutes=-2;seconds=-3). + + Code-based MFA Support + Support du MFA basé sur un code - - (Format: hours=1;minutes=2;seconds=3). + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + Lorsqu'elle est activée, l'authentification multifactorielle basée sur un code peut être utilisée en ajoutant un point-virgule et le code TOTP au mot de passe. Cette option ne doit être activée que si tous les utilisateurs qui se lieront à ce fournisseur ont un dispositif TOTP configuré, faute de quoi un mot de passe peut être rejeté à tort s'il contient un point-virgule. - - The following keywords are supported: + + User type + Type utilisateur - - Confidential + + Successfully updated license. + Licence téléversée avec succès. - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + Successfully created license. + Licence créée avec succès. - - Public + + Install ID + ID de l'installation - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + License key + Clé de licence - - Based on the User's hashed ID + + Licenses + Licences - - Based on the User's ID + + License(s) + Licence(s) - - Based on the User's UUID + + Enterprise is in preview. + Entreprise est en aperçu, - - Based on the User's username + + Cumulative license expiry + Expiration des licences cumulative - - Based on the User's Email + + Update License + Mettre à jour la licence - - This is recommended over the UPN mode. + + Warning: The current user count has exceeded the configured licenses. + Avertissement : le nombre d'utilisateurs actuel a dépassé les licences configurées. - - Based on the User's UPN + + Click here for more info. + Cliquez ici pour plus d'informations. - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + Enterprise + Entreprise - - Each provider has a different issuer, based on the application slug + + Manage enterprise licenses + Gérer les licences entreprise - - Same identifier is used for all providers + + No licenses found. + Aucune licence trouvée. - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + + Send us feedback! + Envoyez-nous vos commentaires ! - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + + Get a license + Obtenir une licence - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + Go to Customer Portal + Aller au Portail Client - - Authentication flow + + Forecast internal users + Prévision des utilisateurs internes - - Flow used when a user access this provider and is not authenticated. + + Estimated user count one year from now based on current internal users and forecasted internal users. + Nombre d'utilisateurs estimés d'ici un an basé sur utilisateurs internes actuels and utilisateurs internes prévus. - - Authorization flow + + Forecast external users + Prévision des utilisateurs externes - - Flow used when authorizing this provider. + + Estimated user count one year from now based on current external users and forecasted external users. + Nombre d'utilisateurs estimés d'ici un an basé sur utilisateurs externes actuels and utilisateurs externes prévus. - - Client type + + Install + Installer - - Client ID + + Install License + Installer une licence - - Client Secret + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + Les utilisateurs internes peuvent être des employées de l'entreprise, qui auront accès à l'ensemble des fonctionnalités entreprise. - - Redirect URIs/Origins (RegEx) + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + Les utilisateurs externes peuvent être des consultants externes ou des clients B2C (business to customers). Ces utilisateurs n'ont pas accès aux fonctionnalités entreprise. - - Signing Key + + Service accounts should be used for machine-to-machine authentication or other automations. + Les comptes de services devraient être utilisés pour de l'authentification machine-to-machine ou autres automatisations. - - Key used to sign the tokens. + + Less details + Moins de détails - - Advanced protocol settings + + More details + Plus de détails - - Access code validity + + Remove item + Supprimer l'élément - - Configure how long access codes are valid for. + + Open API drawer + Ouvrir le tiroir API - - Access Token validity + + Open Notification drawer + Ouvrir le menu de notifications - - Configure how long access tokens are valid for. + + Restart task + Redémarrer la tâche - - Refresh Token validity + + Add provider + Ajouter un fournisseur - - Configure how long refresh tokens are valid for. + + Open + Ouvrir - - Scopes + + Copy token + Copier le jeton - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. + + Add users + Ajouter des utilisateurs - - Hold control/command to select multiple items. + + Add group + Ajouter un groupe - - Subject mode + + Import devices + Importer des appareils - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + + Execute + Exécuter - - Include claims in id_token + + Show details + Afficher les détails - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + + Apply + Appliquer - - Issuer mode + + Settings + Paramètres - - Configure how the issuer field of the ID Token should be filled. + + Sign out + Se déconnecter - - Machine-to-Machine authentication settings + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. + Le nombre de jetons générés lorsque cette étape est utilisée. Chaque jeton généré par exécution de l'étape sera rattaché à un seul appareil statique. - - Trusted OIDC Sources + + Token length + Longueur du jeton - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + The length of the individual generated tokens. Can be increased to improve security. + La taille d'un des jetons généré. Peut être augmenté pour améliorer la sécurité. - - Configure OAuth2/OpenId Provider + + Internal: + Interne: - - HTTP-Basic Username Key + + External: + Externe: - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + Refuser statiquement le flux. Pour utiliser cette étape efficacement, désactivez *Évaluer en planification* dans la liaison applicable. - - HTTP-Basic Password Key + + Create and bind Policy + Créer et lier une Politique - - User/Group Attribute used for the password part of the HTTP-Basic Header. + + Federation and Social login + Fédération & Connection Sociale - - Configure Proxy Provider + + Create and bind Stage + Créer et lier une étape - - Token validity + + Flows and Stages + Flux et Étapes - - Configure how long tokens are valid for. + + New version available + Nouvelle version disponible - - AdditionalScopes + + Failure result + Résultat échoué - - Additional scope mappings, which are passed to the proxy. + + Pass + Réussir - - Unauthenticated URLs + + Don't pass + Échouer - - Unauthenticated Paths + + Result used when policy execution fails. + Résultat si l'éxecution de la politique échoue. - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + + Required: User verification must occur. + Requis : la vérification de l'utilisateur doit être présente. - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + + Preferred: User verification is preferred if available, but not required. + Préféré : la vérification de l'utilisateur est préférable si disponible, mais n'est pas obligatoire. - - Authentication settings + + Discouraged: User verification should not occur. + Non recommandé : la vérification de l'utilisateur ne devrait pas être présente. - - Intercept header authentication + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur + Requis: L'authentificateur DOIT créer un identifiant dédié. S'il ne peut pas, le RP est préparé à ce qu'une erreur se produise - - When enabled, authentik will intercept the Authorization header to authenticate the request. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too + Préféré : l'authentificateur peut créer et stocker un identifiant dédié, mais si ce n'est pas le cas, ce n'est pas grave - - Send HTTP-Basic Authentication + + Discouraged: The authenticator should not create a dedicated credential + Non recommandé : l'authentificateur ne devrait pas créer des identifiants dédiés - - Send a custom HTTP-Basic Authentication header based on values from authentik. + + Lock the user out of this system + Verrouiller l'utilisateur hors de ce système - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + + Allow the user to log in and use this system + Autoriser l'utilisateur à se connecter et à utiliser ce système - - An example setup can look like this: + + Temporarily assume the identity of this user + Temporairement se faire passer pour cet utilisateur - - authentik running on auth.example.com + + Enter a new password for this user + Entrer un nouveaux mot de passe pour cet utilisateur - - app1 running on app1.example.com + + Create a link for this user to reset their password + Créer un lien pour que cet utilisateur réinitialise son mot de passe - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + + WebAuthn requires this page to be accessed via HTTPS. + WebAuthn requirt que cette page soit accessible via HTTPS. - - External host + + WebAuthn not supported by browser. + WebAuthn n'est pas supporté pas ce navigateur. - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + Utilisez ce fournisseur avec l'option "auth_request" de Nginx ou "forwardAuth" de Traefik. Chaque application/domaine a besoin de son propre fournisseur. De plus, sur chaque domaine, "/outpost.goauthentik.io" doit être routé vers le poste avancé (lorsque vous utilisez un poste avancé géré, cela est fait pour vous). - - Cookie domain + + Default relay state + Relay state par défaut - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + + When using IDP-initiated logins, the relay state will be set to this value. + Lors de l'utilisation de connexions initiées par l'IdP, le relay state sera défini à cette valeur. - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + + Flow Info + Informations du flux - - The external URL you'll access the application at. Include any non-standard port. + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). + Étape de configuration d'un authentificateur WebAuthn (Yubikey, FaceID/Windows Hello). - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. +<<<<<<< HEAD + + Internal application name used in URLs. + Nom de l'application interne utilisé dans les URLs. + + + Submit + Soumettre + + + UI Settings + Paramètres d'UI + + + Transparent Reverse Proxy + Reverse Proxy Transparent + + + For transparent reverse proxies with required authentication + Pour les reverses proxy transparents avec authentification requise + + + Configure SAML provider manually + Configurer le fournisseur SAML manuellement + + + Configure RADIUS provider manually + Configurer le fournisseur RADIUS manuellement + + + Configure SCIM provider manually + Configurer le fournisseur SCIM manuellement + + + Saving Application... + Enregistrement de l'application... + + + Authentik was unable to save this application: + authentik n'a pas pu sauvegarder cette application : + + + Your application has been saved + L'application a été sauvegardée + + + Method's display Name. + Nom d'affichage de la méthode. Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + Utiliser ce fournisseur avec nginx auth_request ou traefik + forwardAuth. Chaque application/domaine a besoin de son fournisseur. + De plus, sur chaque domaine, /outpost.goauthentik.io doit être + routé vers l'avant-post (lors de l'utilisation d'un avant-poste managé, cela est fait automatiquement). - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application + + Custom attributes + Attributs personnalisés Don't show this message again. + Ne plus montrer ce message. - - One hint, 'New Application Wizard', is currently hidden + + Failed to fetch + Erreur de récupération - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application + + Failed to fetch data. + Erreur de récupération des données. Successfully assigned permission. + Les permissions ont été assignées avec succès. Role + Rôle Assign + Assigner Assign permission to role + Assigner une permission à un rôle Assign to new role - - - Permission(s) - - - Permission + Assigner à un nouveau rôle Directly assigned + Assigné directement Assign permission to user + Assigner une permission à un utilisateur Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! + Assigner à un nouvel utilisateur User Object Permissions + Permissions de l'objet utilisateur Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - - - Open - - - Successfully sent test-request. - - - Log messages - - - No log messages. - - - Active - - - Last login - - - Select users to add - - - Successfully updated group. - - - Successfully created group. - - - Is superuser - - - Users added to this group will be superusers. - - - Parent + Permission de l'objet rôle Roles + Rôles Select roles to grant this groups' users' permissions from the selected roles. - - - Attributes - - - Set custom attributes using YAML or JSON. - - - Successfully updated binding. - - - Successfully created binding. - - - Policy - - - Group mappings can only be checked if a user is already logged in when trying to access this source. - - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout - - - Failure result - - - Pass - - - Don't pass - - - Result used when policy execution fails. - - - Successfully updated policy. - - - Successfully created policy. - - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. - - - Execution logging - - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. - - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. + Sélectionner les roles depuis lesquels assigner les permissions des utilisateurs de ce groupe depuis les rôles sélectionnés. Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token + Mettre à jour les permissions Editing is disabled for managed tokens + L'édition est désactivée pour les jetons gérés - - Copy token + + Select permissions to grant + Sélectionner les permissions à attribuer + + + Permissions to add + Permissions à ajouter + + + Select permissions + Sélectionner les permissions + + + Assign permission + Assigner les permissions + + + Permission(s) + Permission(s) + + + Permission + Permission + + + User doesn't have view permission so description cannot be retrieved. + L'utilisateur n'a pas les permissions de lecture, la description ne peut donc pas être récupérée. + + + Assigned permissions + Permissions assignées + + + Assigned global permissions + Permissions globales assignées + + + Assigned object permissions + Permissions d'objet assignées + + + Successfully updated role. + Rôle mis à jour avec succès. + + + Successfully created role. + Rôle créé avec succès. + + + Manage roles which grant permissions to objects within authentik. + Gérer les rôles qui attribuent des permissions sur les objets au sein d'authentik. + + + Role(s) + Role(s) + + + Update Role + Mettre à jour le rôle + + + Create Role + Créer un rôle + + + Role doesn't have view permission so description cannot be retrieved. + Le rôle n'a pas les permissions de lecture, la description ne peut donc pas être récupérée. + + + Role + Rôle + + + Role Info + Informations du rôle + + + Pseudolocale (for testing) + Pseudolocale (pour tests) + + + Create With Wizard + Créer avec l'assistant + + + One hint, 'New Application Wizard', is currently hidden + Un indice, l'assistant nouvelle application est actuellement caché + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + Applications externes qui utilisent authentik comme fournisseur d'identité, en utilisant des protocoles comme OAuth2 et SAML. Toutes les applications sont affichées ici, même celles auxquelles vous n'avez pas accès. + + + Deny message + Message de refus + + + Message shown when this stage is run. + Message affiché lorsque cette étape est exécutée. + + + Open Wizard + Lancer l'assistant + + + Demo Wizard + Assistant de démo + + + Run the demo wizard + Lancer l'assistant de démo + + + OAuth2/OIDC (Open Authorization/OpenID Connect) + OAuth2/OIDC (Open Authorization/OpenID Connect) + + + LDAP (Lightweight Directory Access Protocol) + LDAP (Lightweight Directory Access Protocol) + + + Forward Auth (Single Application) + Transférer l'authentification (application unique) + + + Forward Auth (Domain Level) + Transférer l'authentification (niveau domaine) + + + SAML (Security Assertion Markup Language) + SAML (Security Assertion Markup Language) + + + RADIUS (Remote Authentication Dial-In User Service) + RADIUS (Remote Authentication Dial-In User Service) + + + SCIM (System for Cross-domain Identity Management) + SCIM (System for Cross-domain Identity Management) + + + The token has been copied to your clipboard + Le jeton a été copié dans le presse-paper + + + The token was displayed because authentik does not have permission to write to the clipboard + Le jeton a été affiché car authentik n'a pas la permission d'écrire dans le presse-papier + + + A copy of this recovery link has been placed in your clipboard + Une copie de ce lien de récupération a été placée dans le presse-papier + + + Create recovery link + Créer un lien de récupération + + + Create Recovery Link + Créer un lien de récupération + + + External + Externe + + + Service account + Compte de service + + + Service account (internal) + Compte de service (interne) + + + Check the release notes + Voir les notes de version + + + User Statistics + Statistiques Utilisateur + + + <No name set> + <No name set> + + + For nginx's auth_request or traefik's forwardAuth + Pour nginx auth_request ou traefik forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + Pour nginx auth_request ou traefik forwardAuth par domaine racine + + + RBAC is in preview. + RBAC est en aperçu. + + + User type used for newly created users. + Type d'utilisateur pour les utilisateurs nouvellement créés. + + + Users created + Utilisateurs créés + + + Failed logins + Connexions échouées + + + Also known as Client ID. + Également appelé Client ID. + + + Also known as Client Secret. + Également appelé Client Secret. + + + Global status + État global + + + Vendor + Fournisseur + + + No sync status. + Pas d'état de synchronisation. + + + Sync currently running. + Synchronisation en cours. + + + Connectivity + Connectivité + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + 0: Trop prévisible: mot de passe risqué. (essais &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + 1: Très prévisible: protection contre les attaques en ligne limitées. (essais &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + 2: Quelque peu prévisible: protection contre les attaques en ligne non limitées. (essais &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + 3: Sûrement imprévisible: protection modérée contre les attaques de hash-lent hors ligne. (essais &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + 4: Très imprévisible: forte protection control les attaques de hash-lent hors ligne. (essais &gt;= 10^10) + + + Successfully created user and added to group + Utilisateur créé et ajouté au groupe avec succès + + + This user will be added to the group "". + Cet utilisateur sera ajouté au groupe &quot;&quot;. + + + Pretend user exists + Faire comme si l'utilisateur existe + + + When enabled, the stage will always accept the given user identifier and continue. + Lorsqu'activé, l'étape acceptera toujours l'identifiant utilisateur donné et continuera. + + + There was an error in the application. + Une erreur a été rencontrée dans l'application. + + + Review the application. + Passer en revue l'application. + + + There was an error in the provider. + Une erreur a été rencontrée dans le fournisseur. + + + Review the provider. + Passer en revue le fournisseur. + + + There was an error + Il y a eu une erreur + + + There was an error creating the application, but no error message was sent. Please review the server logs. + Il y a eu une erreur lors de la création de l'application, mais aucun message d'erreur n'a été envoyé. Veuillez consulter les logs du serveur. + + + Configure LDAP Provider + Configurer le fournisseur LDAP + + + Configure OAuth2/OpenId Provider + Configurer le fournisseur OAuth2/OpenID + + + Configure Proxy Provider + Configurer le fournisseur Proxy + + + AdditionalScopes + Scopes additionels + + + Configure Radius Provider + Configurer le fournisseur Radius + + + Configure SAML Provider + Configurer le fournisseur SAML + + + Property mappings used for user mapping. + Mappages de propriété utilisés pour la correspondance des utilisateurs. + + + Configure SCIM Provider + Configurer le fournisseur SCIM + + + Property mappings used for group creation. + Mappages de propriétés utilisés lors de la création des groupe + + + Event volume + Volume d'événements + + + Require Outpost (flow can only be executed from an outpost). + Forcer l'utilisation d'un avant-poste (le flux ne pourrait être exécuter que depuis un outpost). + + + Connection settings. + Paramètres de connexion. + + + Successfully updated endpoint. + Point de terminaison mis à jour avec succès. + + + Successfully created endpoint. + Point de terminaison créé avec succès. + + + Protocol + Protocole + + + RDP + RDP + + + SSH + SSH + + + VNC + VNC + + + Host + Hôte + + + Hostname/IP to connect to. + Nom d'hôte/IP à laquelle se connecter. + + + Endpoint(s) + Point(s) de terminaison + + + Update Endpoint + Mettre à jour le point de terminaison + + + These bindings control which users will have access to this endpoint. Users must also have access to the application. + Ces liaisons controllent quels utilisateurs auront accès à ce point de terminaison. Les utilisateurs doivent également avoir accès à l'application. + + + Create Endpoint + Créer un point de terminaison + + + RAC is in preview. + RAC est en aperçu. + + + Update RAC Provider + Mettre à jour le fournisseur RAC + + + Endpoints + Points de terminaison + + + General settings + Paramètres généraux + + + RDP settings + Paramètres RDP + + + Ignore server certificate + Ignorer le certificat serveur + + + Enable wallpaper + Activer le fond d'écran + + + Enable font-smoothing + Activer le lissage des polices d'écriture + + + Enable full window dragging + Activer le déplacement dans toute la fenêtre + + + Network binding + Liaison réseau + + + No binding + Pas de liaison + + + Bind ASN + Lier l'ASN + + + Bind ASN and Network + Lier l'ASN et le réseau + + + Bind ASN, Network and IP + Lier l'ASN, le réseau et l'IP + + + Configure if sessions created by this stage should be bound to the Networks they were created in. + Configurer si les sessions créer par cette étape doivent être liées aux réseaux depuis lesquelles elle ont été créées. + + + GeoIP binding + Liaison GeoIP + + + Bind Continent + Lier le continent + + + Bind Continent and Country + Lier le continent et le pays + + + Bind Continent, Country and City + Lier le continent, pays et ville + + + Configure if sessions created by this stage should be bound to their GeoIP-based location + Configurer si les sessions créer par cette étape doivent être liées à la localisation GeoIP depuis lesquelles elle ont été créées. + + + RAC + RAC + + + Connection failed after attempts. + Connexion échouée après essais. + + + Re-connecting in second(s). + Re-connexion dans seconde(s). + + + Connecting... + Connexion... + + + Select endpoint to connect to + Sélectionner le point de terminaison auquel se connecter + + + Connection expiry + Expiration de la connection + + + Determines how long a session lasts before being disconnected and requiring re-authorization. + Détermine combien de temps une session dure avant déconnexion et ré-authorisation. + + + Brand Successfully updated brand. @@ -2521,93 +8152,15 @@ doesn't pass when either or both of the selected options are equal or above the Successfully created brand. - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - Use this brand for each domain that doesn't have a dedicated brand. - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. Brands - - Configure visual settings and defaults for different domains. - - - Default? - Brand(s) @@ -2617,1855 +8170,12 @@ doesn't pass when either or both of the selected options are equal or above the Create Brand - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - The current brand must have a recovery flow configured to use a recovery link - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info - - - Lock the user out of this system - - - Allow the user to log in and use this system - - - Temporarily assume the identity of this user - - - Enter a new password for this user - - - Create a link for this user to reset their password - - - Create Recovery Link - - - Actions over the last week (per 8 hours) - - - Edit the notes attribute of this user to add notes here. - - - Sessions - - - User events - - - Explicit Consent - - - OAuth Refresh Tokens - - - MFA Authenticators - - - Assigned permissions - - - Assigned global permissions - - - Assigned object permissions - - - Successfully updated role. - - - Successfully created role. - - - Manage roles which grant permissions to objects within authentik. - - - Role(s) - - - Update Role - - - Create Role - - - Role doesn't have view permission so description cannot be retrieved. - - - Role - - - Role Info - - - Successfully updated invitation. - - - Successfully created invitation. - - - Flow - - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - - Deny message - - - Message shown when this stage is run. - - - Dummy stage used for testing. Shows a simple continue button and always passes. - - - Throw error? - - - SMTP Host - - - SMTP Port - - - SMTP Username - - - SMTP Password - - - Use TLS - - - Use SSL - - - From address - - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. - - - Activate pending user on success - - - When a user returns from the email successfully, their account will be activated. - - - Use global settings - - - When enabled, global Email connection settings will be used and connection settings below will be ignored. - - - Token expiry - - - Time in minutes the token sent is valid. - - - Template - - - Let the user identify themselves with their username or Email address. - - - User fields - - - UPN - - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. - - - Password stage - - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. - - - Case insensitive matching - - - When enabled, user fields are matched regardless of their casing. - - - Pretend user exists - - - When enabled, the stage will always accept the given user identifier and continue. - - - Show matched user - - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. - - - Source settings - - - Sources - - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. - - - Show sources' labels - - - By default, only icons are shown for sources. Enable this to show their full names. - - - Passwordless flow - - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. - - - Optional enrollment flow, which is linked at the bottom of the page. - - - Optional recovery flow, which is linked at the bottom of the page. - - - This stage can be included in enrollment flows to accept invitations. - - - Continue flow without invitation - - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. - - - Validate the user's password against the selected backend(s). - - - Backends - - - User database + standard password - - - User database + app passwords - - - User database + LDAP password - - - Selection of backends to test the password against. - - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. - - - Failed attempts before cancel - - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. - - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. - - - Fields - - - ("", of type ) - - - Validation Policies - - - Selected policies are executed when the stage is submitted to validate the data. - - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. - - - Log the currently pending user in. - - - Session duration - - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. - - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. - - - See here. - - - Stay signed in offset - - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. - - - Network binding - - - No binding - - - Bind ASN - - - Bind ASN and Network - - - Bind ASN, Network and IP - - - Configure if sessions created by this stage should be bound to the Networks they were created in. - - - GeoIP binding - - - Bind Continent - - - Bind Continent and Country - - - Bind Continent, Country and City - - - Configure if sessions created by this stage should be bound to their GeoIP-based location - - - Terminate other sessions - - - When enabled, all previous sessions of the user will be terminated. - - - Remove the user from the current session. - - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. - - - Never create users - - - When no user is present in the flow context, the stage will fail. - - - Create users when required - - - When no user is present in the the flow context, a new user is created. - - - Always create new users - - - Create a new user even if a user is in the flow context. - - - Create users as inactive - - - Mark newly created users as inactive. - - - User path template - - - User type used for newly created users. - - - Path new users will be created under. If left blank, the default path will be used. - - - Newly created users are added to this group, if a group is selected. - - - New stage - - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair - Successfully updated settings. @@ -4528,18 +8238,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +8259,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/pl.xlf b/web/xliff/pl.xlf index aa9983509..1c63dc4f2 100644 --- a/web/xliff/pl.xlf +++ b/web/xliff/pl.xlf @@ -1,9 +1,5706 @@ - + - - - - Admin + + + + English + Angielski + + + French + Francuski + + + Turkish + Turecki + + + Spanish + Hiszpański + + + Polish + Polski + + + Taiwanese Mandarin + Tajwański mandaryński + + + Chinese (simplified) + Chiński (uproszczony) + + + Chinese (traditional) + Chiński (tradycyjny) + + + German + Niemiecki + + + Loading... + Ładowanie... + + + Application + Aplikacja + + + Logins + Logowania + + + Show less + Pokaż mniej + + + Show more + Pokaż więcej + + + UID + UID + + + Name + Nazwa + + + App + Aplikacja + + + Model Name + Nazwa modelu + + + Message + Wiadomość + + + Subject + Przedmiot + + + From + Z + + + To + Do + + + Context + Kontekst + + + User + Użytkownik + + + Affected model: + Model, którego dotyczy problem: + + + Authorized application: + Autoryzowana aplikacja: + + + Using flow + Używanie przepływu + + + Email info: + Informacje e-mail: + + + Secret: + Sekret: + + + Open issue on GitHub... + Otwórz problem w serwisie GitHub... + + + Exception + Wyjątek + + + Expression + Expression  + + + Binding + Wiązanie + + + Request + Żądanie + + + Object + Obiekt + + + Result + Wynik + + + Passing + Przechodzący + + + Messages + Wiadomości + + + Using source + Używając źródła + + + Attempted to log in as + Próbowano zalogować się jako + + + + No additional data available. + Brak dodatkowych danych. + + + Click to change value + Kliknij, aby zmienić wartość + + + Select an object. + Wybierz obiekt. + + + Loading options... + Ładowanie opcji... + + + Connection error, reconnecting... + Błąd połączenia, ponowne łączenie... + + + Login + Logowanie + + + Failed login + Nieudane logowanie + + + Logout + Wyloguj + + + User was written to + Użytkownik zapisał do + + + Suspicious request + Podejrzane zapytanie + + + Password set + Hasło ustawione + + + Secret was viewed + Sekret został wyświetlony + + + Secret was rotated + Sekret został obrócony + + + Invitation used + Wykorzystano zaproszenie + + + Application authorized + Aplikacja autoryzowana + + + Source linked + Źródło połączone + + + Impersonation started + Rozpoczęto podszywanie się + + + Impersonation ended + Podszywanie się zostało zakończone + + + Flow execution + Wykonanie przepływu + + + Policy execution + Wykonanie zasad + + + Policy exception + Wyjątek zasad + + + Property Mapping exception + Wyjątek mapowania właściwości + + + System task execution + Wykonywanie zadań systemowych + + + System task exception + Wyjątek zadania systemowego + + + General system exception + Ogólny wyjątek systemowy + + + Configuration error + Błąd konfiguracji + + + Model created + Utworzono model + + + Model updated + Zaktualizowano model + + + Model deleted + Model usunięty + + + Email sent + Email wysłany + + + Update available + Dostępna aktualizacja + + + Unknown severity + + + Alert + Alert + + + Notice + Uwaga + + + Warning + Ostrzeżenie + + + no tabs defined + bez zdefiniowanych kart + + + - of + + - + z + + + + Go to previous page + Wróć do poprzedniej strony + + + Go to next page + Przejdź do następnej strony + + + Search... + Szukaj... + + + Loading + Ładowanie + + + No objects found. + Nie znaleziono żadnych obiektów. + + + Failed to fetch objects. + Nie udało się wczytać obiektów. + + + Refresh + Odśwież + + + Select all rows + Zaznacz wszystkie wiersze + + + Action + Akcja + + + Creation Date + Data utworzenia + + + Client IP + IP klienta + + + Recent events + + + On behalf of + W imieniu + + + + - + - + + + No Events found. + Nie znaleziono wydarzeń. + + + No matching events could be found. + Nie znaleziono pasujących zdarzeń. + + + Embedded outpost is not configured correctly. + Wbudowana placówka nie jest poprawnie skonfigurowana. + + + Check outposts. + Sprawdź placówki. + + + HTTPS is not detected correctly + HTTPS nie jest poprawnie wykrywany + + + Server and client are further than 5 seconds apart. + Czas serwer i klienta różnią się o więcej niż 5 sekund. + + + OK + OK + + + Everything is ok. + Wszystko w porządku. + + + System status + Status systemu + + + Based on + + + is available! + + jest dostępny! + + + Up-to-date! + Aktualny! + + + Version + Wersja + + + Workers + Workerów + + + No workers connected. Background tasks will not run. + Brak połączonych workerów. Zadania w tle nie będą działać. + + + hour(s) ago + + + day(s) ago + + + Authorizations + Autoryzacje + + + Failed Logins + Nieudane logowania + + + Successful Logins + Pomyślne logowania + + + : + + : + + + + Cancel + Anuluj + + + LDAP Source + Źródło LDAP + + + SCIM Provider + + + Healthy + + + Healthy outposts + Zdrowe placówki + + + Admin + Admin + + + Not found + Nie znaleziono + + + The URL "" was not found. + Nie znaleziono adresu URL „ + ”. + + + Return home + Powrót do strony głównej + + + General system status + Ogólny stan systemu + + + Welcome, . + Witaj, + . + + + Quick actions + Szybkie akcje + + + Create a new application + Utwórz nową aplikację + + + Check the logs + Sprawdź dzienniki + + + Explore integrations + Przeglądaj integracje + + + Manage users + + + Outpost status + Status placówki + + + Sync status + Status synchronizacji + + + Logins and authorizations over the last week (per 8 hours) + + + Apps with most usage + Najczęściej używane aplikacje + + + days ago + + dni temu + + + Objects created + Utworzone obiekty + + + Users created per day in the last month + Użytkownicy stworzeni dziennie w ciągu ostatniego miesiąca + + + Logins per day in the last month + Logowania dziennie w ciągu ostatniego miesiąca + + + Failed Logins per day in the last month + Nieudane logowania dziennie w ciągu ostatniego miesiąca + + + Clear search + Wyczyść wyszukiwanie + + + System Tasks + Zadania systemowe + + + Long-running operations which authentik executes in the background. + Długotrwałe operacje, które authentik wykonuje w tle. + + + Identifier + Identyfikator + + + Description + Opis + + + Last run + Ostatnio uruchomiono + + + Status + Status + + + Actions + Działania + + + Successful + Pomyślny + + + Error + Błąd + + + Unknown + Nieznany + + + Duration + + + seconds + + + Authentication + Uwierzytelnianie + + + Authorization + Autoryzacja + + + Enrollment + Rejestracja + + + Invalidation + Unieważnienie + + + Recovery + Odzyskiwanie + + + Stage Configuration + Etap konfiguracji + + + Unenrollment + Wypisanie się + + + Unknown designation + + + Stacked + Ułożone + + + Content left + Zawartość lewa + + + Content right + Zawartość prawa + + + Sidebar left + Lewy pasek boczny + + + Sidebar right + Prawy pasek boczny + + + Unknown layout + + + Successfully updated provider. + Pomyślnie zaktualizowano dostawcę. + + + Successfully created provider. + Pomyślnie utworzono dostawcę. + + + Bind flow + Powiąż przepływ + + + Flow used for users to authenticate. + + + Search group + Grupa wyszukiwania + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + Użytkownicy w wybranej grupie mogą wykonywać zapytania wyszukiwania. Jeśli nie wybrano żadnej grupy, nie są dozwolone żadne wyszukiwania LDAP. + + + Bind mode + Tryb powiązania + + + Cached binding + + + Flow is executed and session is cached in memory. Flow is executed when session expires + Przepływ jest wykonywany, a sesja zapisywana w pamięci podręcznej. Przepływ jest wykonywany po wygaśnięciu sesji + + + Direct binding + + + Always execute the configured bind flow to authenticate the user + + + Configure how the outpost authenticates requests. + Skonfiguruj sposób, w jaki placówka uwierzytelnia żądania. + + + Search mode + Tryb szukania + + + Cached querying + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + + + Direct querying + + + Always returns the latest data, but slower than cached querying + Zawsze zwraca najnowsze dane, ale wolniej niż zapytania z pamięci podręcznej + + + Configure how the outpost queries the core authentik server's users. + Skonfiguruj sposób, w jaki placówka wysyła zapytania do użytkowników podstawowego serwera authentik. + + + Protocol settings + Ustawienia protokołu + + + Base DN + Base DN + + + LDAP DN under which bind requests and search requests can be made. + LDAP DN, w ramach którego można tworzyć żądania powiązania i żądania wyszukiwania. + + + Certificate + Certyfikat + + + UID start number + Numer początkowy UID + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + Początek dla uidNumbers, ten numer jest dodawany do user.Pk, aby upewnić się, że liczby nie są zbyt niskie dla użytkowników POSIX. Wartość domyślna to 2000, aby zapewnić, że nie kolidujemy z lokalnymi użytkownikami uidNumber + + + GID start number + Numer startowy GID + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + Początek gidNumbers, liczba ta jest dodawana do liczby wygenerowanej z group.Pk, aby upewnić się, że liczby nie są zbyt niskie dla grup POSIX. Wartość domyślna to 4000, aby upewnić się, że nie kolidujemy z lokalnymi grupami lub użytkownikami podstawowymi grupami gidNumber + + + (Format: hours=-1;minutes=-2;seconds=-3). + (Format: hours=-1;minutes=-2;seconds=-3). + + + (Format: hours=1;minutes=2;seconds=3). + (Format: hours=1;minutes=2;seconds=3). + + + The following keywords are supported: + Obsługiwane są następujące słowa kluczowe: + + + Authentication flow + Przepływ uwierzytelniania + + + Flow used when a user access this provider and is not authenticated. + + + Authorization flow + Przepływ autoryzacji + + + Flow used when authorizing this provider. + Przepływ używany podczas autoryzacji tego dostawcy. + + + Client type + Client type + + + Confidential + Poufny + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + + Public + Publiczny + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + + Client ID + Client ID + + + Client Secret + Client Secret + + + Redirect URIs/Origins (RegEx) + URIs/Origins przekierowania (RegEx) + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + Prawidłowe adresy URL przekierowania po pomyślnym przebiegu autoryzacji. Określ również wszelkie źródła tutaj dla przepływów niejawnych. + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + Jeśli nie zostaną określone żadne jawne identyfikatory URI przekierowania, zostanie zapisany pierwszy pomyślnie użyty identyfikator URI przekierowania. + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + Aby zezwolić na dowolny URI przekierowania, ustaw tę wartość na „.*”. Bądź świadomy możliwych konsekwencji dla bezpieczeństwa, jakie może to mieć. + + + Signing Key + Klucz podpisujący + + + Key used to sign the tokens. + Klucz używany do podpisywania tokenów. + + + Advanced protocol settings + Zaawansowane ustawienia protokołu + + + Access code validity + Ważność kodu dostępu + + + Configure how long access codes are valid for. + Skonfiguruj czas ważności kodów dostępu. + + + Access Token validity + + + Configure how long access tokens are valid for. + Skonfiguruj, jak długo tokeny dostępu są ważne. + + + Refresh Token validity + + + Configure how long refresh tokens are valid for. + + + Scopes + Zakresy + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + Wybierz zakresy, których może używać klient. Klient nadal musi określić zakres dostępu do danych. + + + Hold control/command to select multiple items. + Przytrzymaj Control/Command, aby wybrać wiele elementów. + + + Subject mode + Tryb przedmiotu + + + Based on the User's hashed ID + + + Based on the User's ID + + + Based on the User's UUID + + + Based on the User's username + + + Based on the User's Email + + + This is recommended over the UPN mode. + + + Based on the User's UPN + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + Skonfiguruj, jakie dane mają być używane jako unikalny identyfikator użytkownika. W większości przypadków wartość domyślna powinna być w porządku. + + + Include claims in id_token + Uwzględnij roszczenia w id_token + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Uwzględnij oświadczenia użytkownika z zakresów w id_token dla aplikacji, które nie uzyskują dostępu do punktu końcowego informacji o użytkowniku. + + + Issuer mode + Tryb wystawcy + + + Each provider has a different issuer, based on the application slug + Każdy dostawca ma innego wystawcę, w zależności od slug (ślimaka) aplikacji + + + Same identifier is used for all providers + Ten sam identyfikator jest używany dla wszystkich dostawców + + + Configure how the issuer field of the ID Token should be filled. + Skonfiguruj jak pole wystawcy tokena ID powinien być wypełniony. + + + Machine-to-Machine authentication settings + Ustawienia uwierzytelniania typu maszyna-maszyna + + + Trusted OIDC Sources + Zaufane źródła OIDC + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + JWT podpisane przez certyfikaty skonfigurowane w wybranych źródłach mogą służyć do uwierzytelniania u tego dostawcy. + + + HTTP-Basic Username Key + Klucz nazwy użytkownika HTTP-Basic + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + Atrybut użytkownika/grupy używany w części użytkownika nagłówka HTTP-Basic. Jeśli nie jest ustawiony, używany jest adres e-mail użytkownika. + + + HTTP-Basic Password Key + Klucz hasła HTTP-Basic + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + Atrybut użytkownika/grupy używany w części hasła nagłówka HTTP-Basic. + + + Proxy + Proxy + + + Forward auth (single application) + Forward auth (pojedyncza aplikacja) + + + Forward auth (domain level) + Forward auth (na poziomie domeny) + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + Ten dostawca będzie zachowywał się jak przezroczysty odwrotny serwer proxy, z wyjątkiem tego, że żądania muszą być uwierzytelnione. Jeśli Twoja aplikacja nadrzędna korzysta z protokołu HTTPS, upewnij się, że łączysz się z placówką również za pomocą protokołu HTTPS. + + + External host + Zewnętrzny host + + + The external URL you'll access the application at. Include any non-standard port. + Zewnętrzny adres URL, pod którym uzyskasz dostęp do aplikacji. Uwzględnij dowolny niestandardowy port. + + + Internal host + Wewnętrzny host + + + Upstream host that the requests are forwarded to. + Host nadrzędny, do którego przekazywane są żądania. + + + Internal host SSL Validation + Weryfikacja SSL hosta wewnętrznego + + + Validate SSL Certificates of upstream servers. + Sprawdź poprawność certyfikatów SSL serwerów nadrzędnych. + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + Użyj tego dostawcy z auth_request nginx lub forwardAuth traefik. Tylko jeden dostawca jest wymagany na domenę główną. Nie możesz wykonać autoryzacji dla aplikacji, ale nie musisz tworzyć dostawcy dla każdej aplikacji. + + + An example setup can look like this: + Przykładowa konfiguracja może wyglądać tak: + + + authentik running on auth.example.com + authentik działa na auth.example.com + + + app1 running on app1.example.com + app1 działająca na app1.example.com + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + W takim przypadku ustawisz adres URL uwierzytelniania na auth.example.com, a domenę plików cookie na example.com. + + + Authentication URL + URL uwierzytelniania + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + Zewnętrzny adres URL, pod którym będziesz się uwierzytelniać. Jądro serwera authentik powinien być dostępny pod tym adresem URL. + + + Cookie domain + Domena plików cookie + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + Ustaw to na domenę, dla której chcesz, aby uwierzytelnianie było ważne. Musi być domeną nadrzędną powyższego adresu URL. Jeśli używasz aplikacji jako app1.domain.tld, app2.domain.tld, ustaw to na „domain.tld”. + + + Unknown proxy mode + Nieznany tryb proxy + + + Token validity + Ważność tokena + + + Configure how long tokens are valid for. + Skonfiguruj, jak długo tokeny są ważne. + + + Additional scopes + + + Additional scope mappings, which are passed to the proxy. + Dodatkowe mapowania zakresu, które są przekazywane do serwera proxy. + + + Unauthenticated URLs + Nieuwierzytelnione adresy URL + + + Unauthenticated Paths + Nieuwierzytelnione ścieżki + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + Wyrażenia regularne, dla których uwierzytelnianie nie jest wymagane. Każda nowa linia jest interpretowana jako nowe wyrażenie. + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + Podczas korzystania z trybu proxy lub uwierzytelniania do przodu (pojedyncza aplikacja) żądana ścieżka URL jest porównywana z wyrażeniami regularnymi. Podczas korzystania z uwierzytelniania do przodu (tryb domeny) pełny żądany adres URL, w tym schemat i host, jest dopasowywany do wyrażeń regularnych. + + + Authentication settings + + + Intercept header authentication + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + + + Send HTTP-Basic Authentication + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + + + ACS URL + ACS URL + + + Issuer + Wystawca + + + Also known as EntityID. + Znany również jako EntityID. + + + Service Provider Binding + Wiązanie usługodawcy + + + Redirect + Przekierowanie + + + Post + Post + + + Determines how authentik sends the response back to the Service Provider. + Określa, w jaki sposób authentik przesyła odpowiedź z powrotem do Usługodawcy. + + + Audience + Odbiorcy + + + Signing Certificate + Certyfikat podpisujący + + + Certificate used to sign outgoing Responses going to the Service Provider. + Certyfikat używany do podpisywania Odpowiedzi wychodzących kierowanych do Usługodawcy. + + + Verification Certificate + Certyfikat weryfikacji + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + Po wybraniu, przychodzące podpisy asercji będą sprawdzane względem tego certyfikatu. Aby zezwolić na niepodpisane żądania, pozostaw domyślnie. + + + Property mappings + Mapowanie właściwości + + + NameID Property Mapping + Mapowanie właściwości NameID + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + Skonfiguruj sposób tworzenia wartości NameID. Gdy puste, NameIDPolicy przychodzącego żądania będzie przestrzegany. + + + Assertion valid not before + Asercja ważna nie wcześniej + + + Configure the maximum allowed time drift for an assertion. + Skonfiguruj maksymalny dozwolony dryft czasu dla asercji. + + + Assertion valid not on or after + Asercja ważna nie w lub później + + + Assertion not valid on or after current time + this value. + Asercja nieważna w bieżącym czasie lub później + ta wartość. + + + Session valid not on or after + Sesja ważna nie w lub później + + + Session not valid on or after current time + this value. + Sesja nieważna w bieżącym czasie lub później + ta wartość. + + + Digest algorithm + Algorytm skrótu + + + Signature algorithm + Algorytm sygnatury + + + Successfully imported provider. + Pomyślnie zaimportowano dostawcę. + + + Metadata + Metadane + + + Apply changes + Zastosuj zmiany + + + Close + Zamknij + + + Finish + Zakończ + + + Back + Wstecz + + + No form found + Nie znaleziono formularza + + + Form didn't return a promise for submitting + Formularz nie zwrócił obietnicy do przesłania + + + Select type + Wybierz rodzaj + + + Try the new application wizard + Wypróbuj nowy kreator aplikacji + + + The new application wizard greatly simplifies the steps required to create applications and providers. + Nowy kreator aplikacji znacznie upraszcza kroki wymagane do tworzenia aplikacji i dostawców. + + + Try it now + Spróbuj teraz + + + Create + Utwórz + + + New provider + Nowy dostawca + + + Create a new provider. + Utwórz nowego dostawcę. + + + Create + Utwórz + + + + Shared secret + + + Client Networks + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + + + URL + URL + + + SCIM base url, usually ends in /v2. + + + Token + Token + + + Token to authenticate with. Currently only bearer authentication is supported. + + + User filtering + + + Exclude service accounts + + + Group + Grupa + + + Only sync users within the selected group. + + + Attribute mapping + + + User Property Mappings + Mapowania właściwości użytkownika + + + Property mappings used to user mapping. + + + Group Property Mappings + Mapowanie właściwości grupy + + + Property mappings used to group creation. + Mapowania właściwości używane do tworzenia grup. + + + Not used by any other object. + Nie używany przez żaden inny obiekt. + + + object will be DELETED + obiekt zostanie USUNIĘTY + + + connection will be deleted + połączenie zostanie usunięte + + + reference will be reset to default value + odniesienie zostanie zresetowane do wartości domyślnej + + + reference will be set to an empty value + referencja zostanie ustawiona na pustą wartość + + + () + + ( + ) + + + ID + ID + + + Successfully deleted + + + Failed to delete : + Nie udało się usunąć + : + + + + Delete + Usuń + + + + Are you sure you want to delete ? + + + Delete + Usuń + + + Providers + Dostawcy + + + Provide support for protocols like SAML and OAuth to assigned applications. + Zapewniają obsługę protokołów takich jak SAML i OAuth przypisanym aplikacjom. + + + Type + Typ + + + Provider(s) + Dostawca(y) + + + Assigned to application + Przypisany do aplikacji + + + Assigned to application (backchannel) + + + Warning: Provider not assigned to any application. + Ostrzeżenie: dostawca nie jest przypisany do żadnej aplikacji. + + + Update + Aktualizuj + + + Update + Zaktualizuj + + + + Select providers to add to application + + + Add + Dodaj + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Wprowadź pełny adres URL, ścieżkę względną lub użyj „fa://fa-test”, aby użyć ikony Font Awesome „fa-test”. + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + + + Successfully updated application. + Pomyślnie zaktualizowano aplikację. + + + Successfully created application. + Pomyślnie utworzono aplikacje. + + + Application's display Name. + Wyświetlana nazwa aplikacji. + + + Slug + Ślimak + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + Opcjonalnie wprowadź nazwę grupy. Aplikacje z identycznymi grupami są wyświetlane razem. + + + Provider + Dostawca + + + Select a provider that this application should use. + + + Select backchannel providers which augment the functionality of the main provider. + + + Policy engine mode + Tryb silnika zasad + + + Any policy must match to grant access + + + All policies must match to grant access + + + UI settings + Ustawienia interfejsu użytkownika + + + Launch URL + URL uruchamiania + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + Jeśli pozostawione puste, authentik spróbuje wyodrębnić URL uruchamiania na podstawie wybranego dostawcy. + + + Open in new tab + Otwórz w nowej karcie + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + Jeśli zaznaczone, adres URL uruchamiania otworzy się w nowej karcie przeglądarki lub oknie z biblioteki aplikacji użytkownika. + + + Icon + Ikona + + + Currently set to: + Obecnie ustawiony na: + + + Clear icon + Wyczyść ikonę + + + Publisher + Wydawca + + + Create Application + Utwórz aplikację + + + Overview + Przegląd + + + Changelog + Lista zmian + + + Warning: Provider is not used by any Outpost. + Ostrzeżenie: Dostawca nie jest używany przez żadną placówkę. + + + Assigned to application + Przypisany do aplikacji + + + Update LDAP Provider + Aktualizuj dostawcę LDAP + + + Edit + Edytuj + + + How to connect + Jak się połączyć + + + Connect to the LDAP Server on port 389: + Połącz się z serwerem LDAP na porcie 389: + + + Check the IP of the Kubernetes service, or + Sprawdź adres IP usługi Kubernetes lub + + + The Host IP of the docker host + Adres IP hosta dockera + + + Bind DN + Bind DN + + + Bind Password + Powiąż hasło + + + Search base + Baza wyszukiwania + + + Preview + Podgląd + + + Warning: Provider is not used by an Application. + Ostrzeżenie: Dostawca nie jest używany przez aplikację. + + + Redirect URIs + URI przekierowania + + + Update OAuth2 Provider + Aktualizuj dostawcę OAuth2 + + + OpenID Configuration URL + URL konfiguracji OpenID + + + OpenID Configuration Issuer + Wystawca konfiguracji OpenID + + + Authorize URL + URL autoryzacji + + + Token URL + URL tokena + + + Userinfo URL + URL Userinfo + + + Logout URL + URL wylogowania + + + JWKS URL + URL JWKS + + + Example JWT payload (for currently authenticated user) + Przykładowy ładunek JWT (dla aktualnie uwierzytelnionego użytkownika) + + + Forward auth (domain-level) + Forward auth (na poziomie domeny) + + + Nginx (Ingress) + Nginx (Ingress) + + + Nginx (Proxy Manager) + Nginx (Proxy Manager) + + + Nginx (standalone) + Nginx (standalone) + + + Traefik (Ingress) + Traefik (Ingress) + + + Traefik (Compose) + Traefik (Compose) + + + Traefik (Standalone) + Traefik (Standalone) + + + Caddy (Standalone) + Caddy (Standalone) + + + Internal Host + Wewnętrzny host + + + External Host + Zewnętrzny host + + + Basic-Auth + Basic-Auth + + + Yes + Tak + + + Mode + Tryb + + + Update Proxy Provider + Aktualizuj dostawcę proxy + + + Protocol Settings + Ustawienia protokołu + + + Allowed Redirect URIs + Dozwolone URI przekierowania + + + Setup + Instalacja + + + No additional setup is required. + Nie jest wymagana żadna dodatkowa konfiguracja. + + + Update Radius Provider + + + Download + Pobierz + + + Copy download URL + Skopiuj URL pobierania + + + Download signing certificate + Pobierz certyfikat podpisywania + + + Related objects + Powiązane obiekty + + + Update SAML Provider + Aktualizuj dostawcę SAML + + + SAML Configuration + Konfiguracja SAML + + + EntityID/Issuer + EntityID/Issuer + + + SSO URL (Post) + + + SSO URL (Redirect) + URL SSO (przekierowanie) + + + SSO URL (IdP-initiated Login) + + + SLO URL (Post) + URL SLO (POST) + + + SLO URL (Redirect) + URL SLO (Przekierowanie) + + + SAML Metadata + Metadane SAML + + + Example SAML attributes + Przykładowe atrybuty SAML + + + NameID attribute + Atrybut NameID + + + Warning: Provider is not assigned to an application as backchannel provider. + + + Update SCIM Provider + + + Run sync again + Uruchom ponownie synchronizację + + + Modern applications, APIs and Single-page applications. + Nowoczesne aplikacje, API i aplikacje jednostronicowe. + + + LDAP + LDAP + + + Provide an LDAP interface for applications and users to authenticate against. + + + New application + Nowa aplikacja + + + Applications + Aplikacje + + + Provider Type + Typ dostawcy + + + Application(s) + Aplikacja(e) + + + Application Icon + Ikona aplikacji + + + Update Application + Aktualizuj aplikację + + + Successfully sent test-request. + Pomyślnie wysłano zapytanie testowe. + + + Log messages + Dziennik wiadomości + + + No log messages. + Brak dziennika wiadomości + + + Active + Aktywny + + + Last login + Ostatnie logowanie + + + Select users to add + Wybierz użytkowników do dodania + + + Successfully updated group. + Pomyślnie zaktualizowano grupę. + + + Successfully created group. + Pomyślnie utworzono grupę. + + + Is superuser + Czy jest superużytkownikiem + + + Users added to this group will be superusers. + Użytkownicy dodani do tej grupy będą superużytkownikami. + + + Parent + Rodzic + + + Attributes + Atrybuty + + + Set custom attributes using YAML or JSON. + Ustaw atrybuty niestandardowe za pomocą YAML lub JSON. + + + Successfully updated binding. + Pomyślnie zaktualizowano powiązanie. + + + Successfully created binding. + Pomyślnie utworzono powiązanie. + + + Policy + Zasada + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + Mapowania grup można sprawdzić tylko wtedy, gdy użytkownik jest już zalogowany podczas próby uzyskania dostępu do tego źródła. + + + User mappings can only be checked if a user is already logged in when trying to access this source. + Mapowania użytkowników można sprawdzić tylko wtedy, gdy użytkownik jest już zalogowany podczas próby uzyskania dostępu do tego źródła. + + + Enabled + Włączony + + + Negate result + Neguj wynik + + + Negates the outcome of the binding. Messages are unaffected. + Neguje wynik wiązania. Wiadomości pozostają nienaruszone. + + + Order + Kolejność + + + Timeout + Limit czasu + + + Successfully updated policy. + Pomyślnie zaktualizowano zasadę. + + + Successfully created policy. + Pomyślnie utworzono zasadę. + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + Zasada używana do testowania. Zawsze zwraca ten sam wynik, jak określono poniżej, po odczekaniu losowego czasu trwania. + + + Execution logging + Rejestrowanie wykonania + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + Gdy ta opcja jest włączona, wszystkie wykonania tej zasady będą rejestrowane. Domyślnie rejestrowane są tylko błędy wykonania. + + + Policy-specific settings + Ustawienia specyficzne zasady + + + Pass policy? + Przechodzi zasadę? + + + Wait (min) + Czekaj (min) + + + The policy takes a random time to execute. This controls the minimum time it will take. + Wykonanie zasady zajmuje losowy czas. Kontroluje to minimalny czas, jaki zajmie. + + + Wait (max) + Czekaj (max) + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + Dopasowuje zdarzenie do zestawu kryteriów. Jeśli którakolwiek ze skonfigurowanych wartości jest zgodna, zasada przechodzi. + + + Match created events with this action type. When left empty, all action types will be matched. + Dopasuj utworzone zdarzenia do tego typu akcji. Jeśli pozostawisz to puste, wszystkie typy akcji zostaną dopasowane. + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + Dopasowuje adres IP klienta zdarzenia (ścisłe dopasowanie, do dopasowywania sieci należy użyć zasady wyrażeń. + + + Match events created by selected application. When left empty, all applications are matched. + Dopasuj wydarzenia utworzone przez wybraną aplikację. Jeśli pozostanie pusty, wszystkie aplikacje zostaną dopasowane. + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + Sprawdza, czy żądanego użytkownika hasło zostało zmienione w ciągu ostatnich x dni, i odmawia na podstawie ustawień. + + + Maximum age (in days) + Maksymalny wiek (w dniach) + + + Only fail the policy, don't invalidate user's password + + + Executes the python snippet to determine whether to allow or deny a request. + Wykonuje fragment kodu Pythona, aby określić, czy zezwolić, czy odrzucić żądanie. + + + Expression using Python. + Wyrażenie za pomocą Pythona. + + + See documentation for a list of all variables. + Zobacz dokumentację, aby zobaczyć listę wszystkich zmiennych. + + + Static rules + Reguły statyczne + + + Minimum length + Minimalna długość + + + Minimum amount of Uppercase Characters + Minimalna liczba wielkich liter + + + Minimum amount of Lowercase Characters + Minimalna liczba małych liter + + + Minimum amount of Digits + Minimalna ilość cyfr + + + Minimum amount of Symbols Characters + Minimalna liczba symboli + + + Error message + Komunikat o błędzie + + + Symbol charset + Zestaw znaków symboli + + + Characters which are considered as symbols. + Znaki uważane za symbole. + + + HaveIBeenPwned settings + Ustawienia HaveIBeenPwned + + + Allowed count + Dozwolona liczba + + + Allow up to N occurrences in the HIBP database. + Dopuść do N wystąpień w bazie danych HIBP. + + + zxcvbn settings + ustawienia zxcvbn + + + Score threshold + + + If the password's score is less than or equal this value, the policy will fail. + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + Sprawdza wartość z żądania zasad pod kątem kilku reguł, używanych głównie w celu zapewnienia siły hasła. + + + Password field + Pole hasła + + + Field key to check, field keys defined in Prompt stages are available. + Klucz pola do sprawdzenia, dostępne są klucze pola zdefiniowane w etapach monitu. + + + Check static rules + Sprawdź reguły statyczne + + + Check haveibeenpwned.com + Sprawdź haveibeenpwned.com + + + For more info see: + Aby uzyskać więcej informacji, zobacz: + + + Check zxcvbn + Sprawdź zxcvbn + + + Password strength estimator created by Dropbox, see: + Narzędzie do szacowania siły hasła stworzone przez Dropbox, zobacz: + + + Allows/denys requests based on the users and/or the IPs reputation. + Zezwala/odrzuca żądania na podstawie reputacji użytkowników i/lub adresów IP. + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + + + Check IP + Sprawdź IP + + + Check Username + Sprawdź nazwę użytkownika + + + Threshold + Próg + + + New policy + Nowa zasady + + + Create a new policy. + Utwórz nową zasadę. + + + Create Binding + Utwórz powiązanie + + + Superuser + Superużytkownik + + + Members + Członkowie + + + Select groups to add user to + Wybierz grupy, do których chcesz dodać użytkownika + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + + + Successfully updated user. + Pomyślnie zaktualizowano użytkownika. + + + Successfully created user. + Pomyślnie utworzono użytkownika. + + + Username + Nazwa użytkownika + + + User's primary identifier. 150 characters or fewer. + Podstawowy identyfikator użytkownika. 150 znaków lub mniej. + + + User's display name. + Wyświetlana nazwa użytkownika. + + + Email + E-mail + + + Is active + Jest aktywny + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + Określa, czy ten użytkownik powinien być traktowany jako aktywny. Odznacz to zamiast usuwać konta. + + + Path + Ścieżka + + + Policy / User / Group + Zasada / Użytkownik / Grupa + + + Policy + Zasada + + + + Group + Grupa + + + + User + Użytkownik + + + + Edit Policy + Edytuj zasady + + + Update Group + Aktualizuj grupę + + + Edit Group + Edytuj grupę + + + Update User + Zaktualizuj użytkownika + + + Edit User + Edytuj użytkownika + + + Policy binding(s) + Wiązanie(a) zasady + + + Update Binding + Zaktualizuj wiązanie + + + Edit Binding + Edytuj powiązanie + + + No Policies bound. + Żadne zasady nie są związane. + + + No policies are currently bound to this object. + Żadne zasady nie są obecnie powiązane z tym obiektem. + + + Bind existing policy + + + Warning: Application is not used by any Outpost. + Ostrzeżenie: Aplikacja nie jest używana przez żadną Placówkę. + + + Related + Związane z + + + Backchannel Providers + + + Check access + Sprawdź dostęp + + + Check + Sprawdź + + + Check Application access + Sprawdź dostęp do aplikacji + + + Test + Test + + + Launch + Uruchom + + + Logins over the last week (per 8 hours) + + + Policy / Group / User Bindings + Zasada / Grupa / Wiązania użytkownika + + + These policies control which users can access this application. + Te zasady kontrolują, którzy użytkownicy mogą uzyskać dostęp do tej aplikacji. + + + Successfully updated source. + Pomyślnie zaktualizowano źródło. + + + Successfully created source. + Pomyślnie utworzono źródło. + + + Sync users + Synchronizuj użytkowników + + + User password writeback + Zapis zwrotny hasła użytkownika + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + Hasło logowania jest automatycznie synchronizowane z LDAP do authentik. Włącz tę opcję tylko w celu zapisania zmian hasła w authentik z powrotem do LDAP. + + + Sync groups + Synchronizuj grupy + + + Connection settings + Ustawienia połączenia + + + Server URI + URI serwera + + + Specify multiple server URIs by separating them with a comma. + Określ wiele identyfikatorów URI serwera, oddzielając je przecinkami. + + + Enable StartTLS + Włącz StartTLS + + + To use SSL instead, use 'ldaps://' and disable this option. + Aby zamiast tego używać SSL, użyj „ldaps://” i wyłącz tę opcję. + + + TLS Verification Certificate + Certyfikat weryfikacji TLS + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + Podczas łączenia się z serwerem LDAP za pomocą TLS, certyfikaty nie są domyślnie sprawdzane. Określ parę kluczy, aby zweryfikować certyfikat zdalny. + + + Bind CN + Bind CN + + + LDAP Attribute mapping + Mapowanie atrybutów LDAP + + + Property mappings used to user creation. + Mapowania właściwości używane do tworzenia użytkowników. + + + Additional settings + Dodatkowe ustawienia + + + Parent group for all the groups imported from LDAP. + Grupa nadrzędna dla wszystkich grup importowanych z LDAP. + + + User path + Ścieżka użytkownika + + + Addition User DN + Dodatkowa nazwa wyróżniająca użytkownika + + + Additional user DN, prepended to the Base DN. + Dodatkowa nazwa wyróżniająca użytkownika poprzedzona podstawową nazwą wyróżniającą. + + + Addition Group DN + DN grupy dodawania + + + Additional group DN, prepended to the Base DN. + Dodatkowa DN grupy, poprzedzona podstawową DN. + + + User object filter + Filtr obiektów użytkownika + + + Consider Objects matching this filter to be Users. + Rozważ obiekty pasujące do tego filtra jako Użytkownicy. + + + Group object filter + Filtr obiektów grupowych + + + Consider Objects matching this filter to be Groups. + Rozważ obiekty pasujące do tego filtra jako grupy. + + + Group membership field + Pole członkostwa w grupie + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Pole zawierające członków grupy. Należy zauważyć, że w przypadku korzystania z pola „memberUid” zakłada się, że wartość zawiera względną nazwę wyróżniającą. np. 'memberUid=jakiś-użytkownik' zamiast 'memberUid=cn=jakiś-użytkownik,ou=grupy,...' + + + Object uniqueness field + Pole unikatowości obiektu + + + Field which contains a unique Identifier. + Pole zawierające unikalny identyfikator. + + + Link users on unique identifier + Łącz użytkowników za pomocą unikalnego identyfikatora + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + Łącz użytkownika z identycznym adresem e-mail. Może mieć wpływ na bezpieczeństwo, gdy źródło nie weryfikuje adresów e-mail + + + Use the user's email address, but deny enrollment when the email address already exists + + + Link to a user with identical username. Can have security implications when a username is used with another source + Połącz z użytkownikiem o identycznej nazwie użytkownika. Może mieć wpływ na bezpieczeństwo, gdy nazwa użytkownika jest używana z innym źródłem + + + Use the user's username, but deny enrollment when the username already exists + + + Unknown user matching mode + Nieznany tryb dopasowania użytkownika + + + URL settings + Ustawienia URL + + + Authorization URL + URL autoryzacji + + + URL the user is redirect to to consent the authorization. + URL, do którego użytkownik jest przekierowywany, aby wyrazić zgodę na autoryzację. + + + Access token URL + URL tokena dostępu + + + URL used by authentik to retrieve tokens. + URL używany przez authentik do pobierania tokenów. + + + Profile URL + URL profilu + + + URL used by authentik to get user information. + URL używany przez authentik do uzyskania informacji o użytkowniku. + + + Request token URL + URL żądania tokena + + + URL used to request the initial token. This URL is only required for OAuth 1. + URL używany do żądania początkowego tokena. Ten adres URL jest wymagany tylko w przypadku protokołu OAuth 1. + + + OIDC Well-known URL + OIDC Well-known URL + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + OIDC well-known configuration URL. Może służyć do automatycznej konfiguracji powyższych adresów URL. + + + OIDC JWKS URL + OIDC JWKS URL + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + JSON Web Key URL. Klucze z adresu URL będą używane do walidacji tokenów JWT z tego źródła. + + + OIDC JWKS + OIDC JWKS + + + Raw JWKS data. + Surowe dane JWKS. + + + User matching mode + Tryb dopasowania użytkownika + + + Delete currently set icon. + Usuń aktualnie ustawioną ikonę. + + + Consumer key + Klucz klienta + + + Consumer secret + Sekret klienta + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + + + Flow settings + Ustawienia przepływu + + + Flow to use when authenticating existing users. + Przepływ używany podczas uwierzytelniania istniejących użytkowników. + + + Enrollment flow + Przepływ rejestracji + + + Flow to use when enrolling new users. + Przepływ do wykorzystania podczas rejestrowania nowych użytkowników. + + + Load servers + Załaduj serwery + + + Re-authenticate with plex + Ponowne uwierzytelnienie za pomocą plex + + + Allow friends to authenticate via Plex, even if you don't share any servers + Zezwalaj znajomym na uwierzytelnianie przez Plex, nawet jeśli nie udostępniasz żadnych serwerów + + + Allowed servers + Dozwolone serwery + + + Select which server a user has to be a member of to be allowed to authenticate. + Wybierz serwer, którego członkiem musi być użytkownik, aby mógł się uwierzytelniać. + + + SSO URL + SSO URL + + + URL that the initial Login request is sent to. + URL, do którego wysyłane jest początkowe żądanie logowania. + + + SLO URL + SLO URL + + + Optional URL if the IDP supports Single-Logout. + Opcjonalny URL, jeśli dostawca tożsamości obsługuje pojedyncze wylogowanie. + + + Also known as Entity ID. Defaults the Metadata URL. + Znany również jako Entity ID. Domyślny adres URL metadanych. + + + Binding Type + Typ wiązania + + + Redirect binding + Wiązanie przekierowania + + + Post-auto binding + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + + + Post binding + Post binding + + + Signing keypair + Podpisująca pary kluczy + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + Para kluczy służąca do podpisywania żądań wychodzących. Pozostaw puste, aby wyłączyć podpisywanie. + + + Allow IDP-initiated logins + Zezwalaj na logowanie inicjowane przez IDP + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + Umożliwia przepływy uwierzytelniania zainicjowane przez dostawcę tożsamości. Może to stanowić zagrożenie bezpieczeństwa, ponieważ nie przeprowadza się weryfikacji identyfikatora żądania. + + + NameID Policy + Zasada NameID + + + Persistent + Trwały + + + Email address + Adres e-mail + + + Windows + Windows + + + X509 Subject + Temat X509 + + + Transient + przejściowy + + + Delete temporary users after + Usuń tymczasowych użytkowników po + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + Przesunięcie czasowe, kiedy użytkownicy tymczasowi powinni zostać usunięci. Ma to zastosowanie tylko wtedy, gdy IDP używa „przejściowego” formatu NameID, a użytkownik nie wylogowuje się ręcznie. + + + Pre-authentication flow + Przepływ wstępnego uwierzytelniania + + + Flow used before authentication. + Przepływ używany przed uwierzytelnieniem. + + + New source + Nowe źródło + + + Create a new source. + Utwórz nowe źródło. + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Źródła tożsamości, które mogą być zsynchronizowane z bazą danych authentik lub mogą być używane przez użytkowników do uwierzytelniania i rejestracji. + + + Source(s) + Źródło(a) + + + Disabled + Wyłączone + + + Built-in + Wbudowany + + + Update LDAP Source + Aktualizuj źródło LDAP + + + Not synced yet. + Jeszcze nie zsynchronizowano. + + + Task finished with warnings + Zadanie zakończone z ostrzeżeniami + + + Task finished with errors + Zadanie zakończone z błędami + + + Last sync: + Ostatnia synchronizacja: + + + + OAuth Source + Źródło OAuth + + + + Generic OpenID Connect + Ogólny OpenID Connect + + + Unknown provider type + Nieznany typ dostawcy + + + Details + Szczegóły + + + Callback URL + URL wywołania zwrotnego + + + Access Key + Klucz dostępu + + + Update OAuth Source + Aktualizuj źródło OAuth + + + Diagram + Diagram + + + Policy Bindings + Wiązania zasady + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + + + Update Plex Source + Aktualizuj źródło Plex + + + Update SAML Source + Aktualizuj źródło SAML + + + Successfully updated mapping. + Pomyślnie zaktualizowano mapowanie. + + + Successfully created mapping. + Pomyślnie utworzono mapowanie. + + + Object field + Pole obiektu + + + Field of the user object this value is written to. + Pole obiektu użytkownika, w którym zapisywana jest ta wartość. + + + SAML Attribute Name + Nazwa atrybutu SAML + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + Nazwa atrybutu używana w asercjach SAML. Może być identyfikatorem URN OID, odwołaniem do schematu lub dowolnym innym ciągiem. Jeśli to mapowanie właściwości jest używane dla właściwości NameID, to te pole jest odrzucane. + + + Friendly Name + Przyjazna nazwa + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + Opcjonalnie ustaw wartość „FriendlyName” atrybutu asercji. + + + Scope name + Nazwa zakresu + + + Scope which the client can specify to access these properties. + Zakres, który klient może określić, aby uzyskać dostęp do tych właściwości. + + + Description shown to the user when consenting. If left empty, the user won't be informed. + Opis wyświetlany użytkownikowi podczas wyrażania zgody. Jeśli pozostanie pusty, użytkownik nie zostanie o tym poinformowany. + + + Example context data + + + Active Directory User + + + Active Directory Group + + + New property mapping + Nowe mapowanie własności + + + Create a new property mapping. + Utwórz nowe mapowanie właściwości. + + + Property Mappings + Mapowanie właściwości + + + Control how authentik exposes and interprets information. + Kontroluj sposób, w jaki authentik ujawnia i interpretuje informacje. + + + Property Mapping(s) + Mapowanie(a) właściwości + + + Test Property Mapping + Testuj mapowanie właściwości + + + Hide managed mappings + Ukryj zarządzane mapowania + + + Successfully updated token. + Pomyślnie zaktualizowano token. + + + Successfully created token. + Pomyślnie utworzono token. + + + Unique identifier the token is referenced by. + Unikalny identyfikator, do którego odwołuje się token. + + + Intent + Przeznaczenie + + + API Token + Token API + + + Used to access the API programmatically + Służy do programistycznego dostępu do interfejsu API + + + App password. + + + Used to login using a flow executor + Służy do logowania przy użyciu executora przepływu + + + Expiring + Wygasa + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + Jeśli ta opcja zostanie wybrana, token wygaśnie. Po wygaśnięciu token będzie podlegał rotacji. + + + Expires on + Wygasa dnia + + + API Access + Dostęp API + + + App password + Hasło aplikacji + + + Verification + Weryfikacja + + + Unknown intent + + + Tokens + Tokeny + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Tokeny są używane przez authentik do etapów weryfikacji poczty e-mail, kluczy odzyskiwania i dostępu do interfejsu API. + + + Expires? + Wygasa? + + + Expiry date + Data wygaśnięcia + + + Token(s) + Token(y) + + + Create Token + Utwórz token + + + Token is managed by authentik. + Token jest zarządzany przez authentik. + + + Update Token + Aktualizuj token + + + Domain + Domena + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + Dopasowanie odbywa się na podstawie sufiksu domeny, więc jeśli wpiszesz domain.tld, foo.domain.tld nadal będzie pasować. + + + Default + Domyślny + + + Branding settings + Ustawienia brandingowe + + + Title + Tytuł + + + Branding shown in page title and several other places. + Branding widoczny w tytule strony i kilku innych miejscach. + + + Logo + Logo + + + Icon shown in sidebar/header and flow executor. + Ikona pokazana na pasku bocznym/nagłówku i executorze przepływu. + + + Favicon + Favicon + + + Icon shown in the browser tab. + Ikona pokazana w karcie przeglądarki. + + + Default flows + Domyślny przepływ + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + Przepływ używany do uwierzytelniania użytkowników. Jeśli pozostanie pusty, używany jest pierwszy odpowiedni przepływ posortowany według ślimaka. + + + Invalidation flow + Przepływ unieważnienia + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + Przepływ używany do wylogowania. Jeśli pozostanie pusty, używany jest pierwszy odpowiedni przepływ posortowany według ślimaka. + + + Recovery flow + Przepływ odzyskiwania + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + Przepływ odzyskiwania. Jeśli pozostanie pusty, używany jest pierwszy odpowiedni przepływ posortowany według ślimaka. + + + Unenrollment flow + Przepływ wypisywania się + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + Jeśli ta opcja jest ustawiona, użytkownicy mogą się wyrejestrować za pomocą tego przepływu. Jeśli nie ustawiono przepływu, opcja nie jest wyświetlana. + + + User settings flow + Przepływ ustawień użytkownika + + + If set, users are able to configure details of their profile. + Jeśli ta opcja jest ustawiona, użytkownicy mogą konfigurować szczegóły swojego profilu. + + + Device code flow + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + Jeśli jest ustawiony, można użyć profilu kodu urządzenia OAuth, a wybrany przepływ zostanie użyty do wprowadzenia kodu. + + + Other global settings + Inne ustawienia globalne + + + Web Certificate + Certyfikat sieciowy + + + Event retention + Przechowywanie zdarzeń + + + Duration after which events will be deleted from the database. + Czas, po którym zdarzenia zostaną usunięte z bazy danych. + + + When using an external logging solution for archiving, this can be set to "minutes=5". + W przypadku korzystania z zewnętrznego rozwiązania rejestrującego do archiwizacji można to ustawić na „minuty=5”. + + + This setting only affects new Events, as the expiration is saved per-event. + To ustawienie ma wpływ tylko na nowe zdarzenia, ponieważ data wygaśnięcia jest zapisywana dla każdego zdarzenia. + + + Configure visual settings and defaults for different domains. + Skonfiguruj ustawienia wizualne i domyślne dla różnych domen. + + + Default? + Domyślny? + + + Policies + Zasady + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + Zezwalaj użytkownikom na korzystanie z aplikacji na podstawie właściwości, wymuszaj kryteria haseł i selektywnie stosuj etapy. + + + Assigned to object(s). + Przypisany do + obiektu(ów). + + + Warning: Policy is not assigned. + Ostrzeżenie: zasada nie jest przypisana. + + + Test Policy + Testuj zasadę + + + Policy / Policies + Zasada / Zasady + + + Successfully cleared policy cache + Pamięć podręczna zasad została wyczyszczona + + + Failed to delete policy cache + Nie udało się usunąć pamięci podręcznej zasad + + + Clear cache + Wyczyść pamięć podręczną + + + Clear Policy cache + Wyczyść pamięć podręczną zasad + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + + + Reputation scores + Punkty reputacji + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + Reputacja dla adresów IP i użytkowników. Wyniki są zmniejszane za każde nieudane logowanie i zwiększane za każde udane logowanie. + + + IP + IP + + + Score + Punkty + + + Updated + Zaktualizowano + + + Reputation + Reputacja + + + Groups + Grupy + + + Group users together and give them permissions based on the membership. + Grupuj użytkowników i nadaj im uprawnienia na podstawie członkostwa. + + + Superuser privileges? + Uprawnienia superużytkownika? + + + Group(s) + Grupa(y) + + + Create Group + Utwórz grupę + + + Create group + Utwórz grupę + + + Enabling this toggle will create a group named after the user, with the user as member. + Włączenie tego przełącznika spowoduje utworzenie grupy nazwanej jak użytkownik, z użytkownikiem jako członkiem. + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + Użyj poniższej nazwy użytkownika i hasła do uwierzytelnienia. Hasło można później odzyskać na stronie Tokeny. + + + Password + Hasło + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + Ważne przez 360 dni, po czym hasło zostanie automatycznie zmienione. Możesz skopiować hasło z listy tokenów. + + + The following objects use + Następujące obiekty używają + + + + connecting object will be deleted + obiekt łączący zostanie usunięty + + + Successfully updated + + + Failed to update : + Nie udało się zaktualizować + : + + + + Are you sure you want to update ""? + Czy na pewno chcesz zaktualizować + " + ”? + + + Successfully updated password. + Pomyślnie zaktualizowano hasło. + + + Successfully sent email. + Pomyślnie wysłano e-mail. + + + Email stage + Etap e-mail + + + Successfully added user(s). + Pomyślnie dodano użytkownika(ów). + + + Users to add + Użytkownicy do dodania + + + User(s) + Użytkownik(cy) + + + Remove Users(s) + Usuń użytkownika(ów) + + + Are you sure you want to remove the selected users from the group ? + Czy na pewno chcesz usunąć wybranych użytkowników z grupy + ? + + + Remove + Usuń + + + Impersonate + Podszywaj się + + + User status + Status użytkownika + + + Change status + Zmień status + + + Deactivate + Dezaktywuj + + + Update password + Zaktualizuj hasło + + + Set password + Ustaw hasło + + + Successfully generated recovery link + Pomyślnie wygenerowano link odzyskiwania + + + No recovery flow is configured. + Nie skonfigurowano przepływu odzyskiwania. + + + Copy recovery link + Skopiuj link odzyskiwania + + + Send link + Wyślij link + + + Send recovery link to user + Wyślij link odzyskiwania do użytkownika + + + Email recovery link + Wyślij link odzyskiwania + + + Recovery link cannot be emailed, user has no email address saved. + Nie można wysłać linku odzyskiwania, użytkownik nie ma zapisanego adresu e-mail. + + + Add User + Dodaj użytkownika + + + Warning: This group is configured with superuser access. Added users will have superuser access. + + + Add existing user + Dodaj istniejącego użytkownika + + + Create user + Utwórz użytkownika + + + Create User + Utwórz użytkownika + + + Create Service account + Utwórz konto usługi + + + Hide service-accounts + Ukryj konta serwisowe + + + Group Info + Informacje o grupie + + + Notes + + + Edit the notes attribute of this group to add notes here. + + + Users + Użytkownicy + + + Root + Korzeń + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + Ostrzeżenie: masz zamiar usunąć użytkownika, na którym jesteś zalogowany jako ( + ). Kontynuuj na własne ryzyko. + + + Hide deactivated user + + + User folders + Foldery użytkownika + + + Successfully added user to group(s). + Pomyślnie dodano użytkownika do grup. + + + Groups to add + Grupy do dodania + + + Remove from Group(s) + Usuń z grup(y) + + + Are you sure you want to remove user from the following groups? + Czy na pewno chcesz usunąć użytkownika + z następujących grup? + + + Add Group + Dodaj grupę + + + Add to existing group + Dodaj do istniejącej grupy + + + Add new group + Dodaj nową grupę + + + Application authorizations + Autoryzacje aplikacji + + + Revoked? + Unieważniono? + + + Expires + Wygasa + + + ID Token + ID Token + + + Refresh Tokens(s) + + + Last IP + Ostatni adres IP + + + Session(s) + Sesja(e) + + + Expiry + Wygasa + + + (Current session) + + + Permissions + Uprawnienia + + + Consent(s) + Zgoda(y) + + + Successfully updated device. + Pomyślnie zaktualizowano urządzenie. + + + Static tokens + Tokeny statyczne + + + TOTP Device + Urządzenie TOTP + + + Enroll + Dodaj + + + Device(s) + Urządzenie(a) + + + Update Device + Aktualizuj urządzenie + + + Confirmed + Potwierdzono + + + User Info + Informacje użytkownika + + + Actions over the last week (per 8 hours) + + + Edit the notes attribute of this user to add notes here. + + + Sessions + Sesje + + + User events + Zdarzenia użytkownika + + + Explicit Consent + Wyraźna zgoda + + + OAuth Refresh Tokens + + + MFA Authenticators + Uwierzytelniacze MFA + + + Successfully updated invitation. + Pomyślnie zaktualizowano zaproszenie. + + + Successfully created invitation. + Pomyślnie utworzono zaproszenie. + + + Flow + Przepływ + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + Opcjonalne dane, które są ładowane do zmiennej kontekstowej „prompt_data” przepływu. YAML lub JSON. + + + Single use + Jednorazowego użytku + + + When enabled, the invitation will be deleted after usage. + Po włączeniu zaproszenie zostanie usunięte po użyciu. + + + Select an enrollment flow + Wybierz przepływ rejestracji + + + Link to use the invitation. + Link do korzystania z zaproszenia. + + + Invitations + Zaproszenia + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Utwórz Linki Zaproszeniowe, aby zarejestrować Użytkowników i opcjonalnie wymusić określone atrybuty ich konta. + + + Created by + Utworzono przez + + + Invitation(s) + Zaproszenie(a) + + + Invitation not limited to any flow, and can be used with any enrollment flow. + + + Update Invitation + Zaktualizuj zaproszenie + + + Create Invitation + Utwórz zaproszenie + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + Ostrzeżenie: żaden etap zaproszenia nie jest powiązany z żadnym przepływem. Zaproszenia nie będą działać zgodnie z oczekiwaniami. + + + Auto-detect (based on your browser) + Automatycznie wykryj (na podstawie Twojej przeglądarki) + + + Required. + Wymagany. + + + Continue + Kontynuuj + + + Successfully updated prompt. + Pomyślnie zaktualizowano monit. + + + Successfully created prompt. + Pomyślnie utworzono monit. + + + Text: Simple Text input + Tekst: proste wprowadzanie tekstu + + + Text Area: Multiline text input + + + Text (read-only): Simple Text input, but cannot be edited. + Tekst (tylko do odczytu): Proste wprowadzanie tekstu, ale nie można go edytować. + + + Text Area (read-only): Multiline text input, but cannot be edited. + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + Nazwa użytkownika: to samo, co wprowadzanie tekstu, ale sprawdza i zapobiega duplikowaniu nazw użytkowników. + + + Email: Text field with Email type. + Email: Pole tekstowe z typem Email. + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + + Number + Numer + + + Checkbox + Pole wyboru + + + Radio Button Group (fixed choice) + + + Dropdown (fixed choice) + + + Date + Data + + + Date Time + Data Czas + + + File + Plik + + + Separator: Static Separator Line + Separator: Statyczna linia separatora + + + Hidden: Hidden field, can be used to insert data into form. + Ukryte: Ukryte pole, może służyć do wstawiania danych do formularza. + + + Static: Static value, displayed as-is. + Statyczny: wartość statyczna, wyświetlana w stanie, w jakim jest. + + + authentik: Locale: Displays a list of locales authentik supports. + authentik: Języki: Wyświetla listę języków obsługiwanych przez authentik. + + + Preview errors + + + Data preview + + + Unique name of this field, used for selecting fields in prompt stages. + + + Field Key + Klucz pola + + + Name of the form field, also used to store the value. + Nazwa pola formularza, używana również do przechowywania wartości. + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + W przypadku użycia w połączeniu z etapem zapisu użytkownika, użyj attribute.foo do zapisania atrybutów. + + + Label + Etykieta + + + Label shown next to/above the prompt. + Etykieta pokazana obok/nad monitem. + + + Required + Wymagany + + + Interpret placeholder as expression + Interpretuj symbol zastępczy jako wyrażenie + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + + + Placeholder + Symbol zastępczy + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + + + Interpret initial value as expression + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + + + Initial value + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + + + Help text + Tekst pomocy + + + Any HTML can be used. + Można użyć dowolnego kodu HTML. + + + Prompts + Monity + + + Single Prompts that can be used for Prompt Stages. + Pojedyncze monity, których można używać dla etapów monitów. + + + Field + Pole + + + Stages + Etapy + + + Prompt(s) + Monit(y) + + + Update Prompt + Aktualizuj monit + + + Create Prompt + Utwórz monit + + + Target + Cel + + + Stage + Etap + + + Evaluate when flow is planned + + + Evaluate policies during the Flow planning process. + + + Evaluate when stage is run + + + Evaluate policies before the Stage is present to the user. + Oceń zasady, zanim etap jest obecny dla użytkownika. + + + Invalid response behavior + Nieprawidłowe zachowanie odpowiedzi + + + Returns the error message and a similar challenge to the executor + Zwraca komunikat o błędzie i podobne wezwanie do executora + + + Restarts the flow from the beginning + Ponownie uruchamia przepływ od początku + + + Restarts the flow from the beginning, while keeping the flow context + Ponownie uruchamia przepływ od początku, zachowując kontekst przepływu + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + + + Successfully updated stage. + Pomyślnie zaktualizowano etap. + + + Successfully created stage. + Pomyślnie utworzono etap. + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Etap używany do konfiguracji uwierzytelniania opartego na duo. Ten etap powinien być używany do przepływów konfiguracji. + + + Authenticator type name + + + Display name of this authenticator, used by users when they enroll an authenticator. + + + API Hostname + API Hostname + + + Duo Auth API + Duo Auth API + + + Integration key + Klucz integracji + + + Secret key + Sekretny klucz + + + Duo Admin API (optional) + Duo Admin API (opcjonalnie) + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + + + Stage-specific settings + Ustawienia specyficzne dla etapu + + + Configuration flow + Przepływ konfiguracji + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + Przepływ używany przez uwierzytelnionego użytkownika do konfigurowania tego etapu. Jeśli jest pusty, użytkownik nie będzie mógł skonfigurować tego etapu. + + + Twilio Account SID + Twilio Account SID + + + Get this value from https://console.twilio.com + Pobierz tę wartość z https://console.twilio.com + + + Twilio Auth Token + Twilio Auth Token + + + Authentication Type + Typ uwierzytelnienia + + + Basic Auth + Basic Auth + + + Bearer Token + Bearer Token + + + External API URL + URL zewnętrznego API + + + This is the full endpoint to send POST requests to. + To jest pełny punkt końcowy, do którego wysyłane są żądania POST. + + + API Auth Username + API Auth Username + + + This is the username to be used with basic auth or the token when used with bearer token + To jest nazwa użytkownika, która ma być używana z podstawowym uwierzytelnianiem lub tokenem, gdy jest używany z tokenem okaziciela + + + API Auth password + API Auth password + + + This is the password to be used with basic auth + To jest hasło używane z podstawowym uwierzytelnianiem + + + Mapping + Mapowanie + + + Modify the payload sent to the custom provider. + Zmodyfikuj payload wysłany do niestandardowego dostawcy. + + + Stage used to configure an SMS-based TOTP authenticator. + Etap używany do konfigurowania uwierzytelniania opartego na wiadomościach SMS TOTP. + + + Twilio + Twilio + + + Generic + Ogólny + + + From number + Z numeru + + + Number the SMS will be sent from. + Numer, z którego zostanie wysłana wiadomość SMS. + + + Hash phone number + Zahaszuj numer telefonu + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Stage używany do konfigurowania statycznego tokena uwierzytelniającego (tj. statycznych tokenów). Ten etap powinien być używany do przepływów konfiguracji. + + + Token count + Liczba tokenów + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Etap używany do konfiguracji tokena uwierzytelniającego TOTP (tj. Authy/Google Authenticator). + + + Digits + Cyfry + + + 6 digits, widely compatible + 6 cyfr, szeroko kompatybilne + + + 8 digits, not compatible with apps like Google Authenticator + 8 cyfr, niekompatybilne z aplikacjami takimi jak Google Authenticator + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Etap używany do walidacji dowolnego uwierzytelniacza. Ten etap powinien być używany podczas przepływów uwierzytelniania lub autoryzacji. + + + Device classes + Klasy urządzeń + + + Static Tokens + Tokeny statyczne + + + TOTP Authenticators + Uwierzytelniacze TOTP + + + WebAuthn Authenticators + Uwierzytelniacze WebAuthn + + + Duo Authenticators + Uwierzytelniacze Duo + + + SMS-based Authenticators + Uwierzytelniacze oparte na SMS + + + Device classes which can be used to authenticate. + Klasy urządzeń, których można użyć do uwierzytelniania. + + + Last validation threshold + Próg ostatniej walidacji + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + Jeśli którekolwiek z urządzeń wybranych powyżej typów zostało użyte w tym czasie, ten etap zostanie pominięty. + + + Not configured action + Nie skonfigurowana akcja + + + Force the user to configure an authenticator + Zmuś użytkownika do skonfigurowania uwierzytelniacza + + + Deny the user access + Odmów użytkownikowi dostępu + + + WebAuthn User verification + Weryfikacja użytkownika WebAuthn + + + User verification must occur. + Musi nastąpić weryfikacja użytkownika. + + + User verification is preferred if available, but not required. + Preferowana jest weryfikacja użytkownika, jeśli jest dostępna, ale nie jest wymagana. + + + User verification should not occur. + Weryfikacja użytkownika nie powinna nastąpić. + + + Configuration stages + Etapy konfiguracji + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + Etapy używany do konfiguracji uwierzytelniacza, gdy użytkownik nie ma żadnych kompatybilnych urządzeń. Po zakończeniu tego etapu konfiguracji użytkownik nie jest ponownie pytany. + + + When multiple stages are selected, the user can choose which one they want to enroll. + W przypadku wybrania wielu etapów użytkownik może wybrać, na który chce się zapisać. + + + User verification + Weryfikacja użytkownika + + + Resident key requirement + Wymagania dotyczące klucza rezydenta + + + Authenticator Attachment + Załącznik uwierzytelniający + + + No preference is sent + Żadne preferencje nie są wysyłane + + + A non-removable authenticator, like TouchID or Windows Hello + Nieusuwalny token uwierzytelniający, taki jak TouchID lub Windows Hello + + + A "roaming" authenticator, like a YubiKey + „Mobilne” uwierzytelniacz, taki jak YubiKey + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + + + Public Key + Klucz publiczny + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Klucz publiczny uzyskany z https://www.google.com/recaptcha/intro/v3.html. + + + Private Key + Klucz prywatny + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Klucz prywatny uzyskany z https://www.google.com/recaptcha/intro/v3.html. + + + Advanced settings + Zaawansowane ustawienia + + + JS URL + URL JS + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + + + API URL + URL API + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + Pytaj o zgodę użytkownika. Zgoda może być trwała lub wygasać w określonym czasie. + + + Always require consent + Zawsze wymagaj zgody + + + Consent given last indefinitely + Zgoda udzielona na czas nieokreślony + + + Consent expires. + Zgoda wygasa. + + + Consent expires in + Zgoda wygasa + + + Offset after which consent expires. + Przesunięcie, po którym zgoda wygasa. + + + Dummy stage used for testing. Shows a simple continue button and always passes. + Atrapa etapu używana do testowania. Pokazuje prosty przycisk kontynuuj i zawsze przechodzi. + + + Throw error? + Wyrzucić błąd? + + + SMTP Host + Host SMTP + + + SMTP Port + Port SMTP + + + SMTP Username + Nazwa użytkownika SMTP + + + SMTP Password + Hasło SMTP + + + Use TLS + Użyj TLS + + + Use SSL + Użyj SSL + + + From address + Z adresu + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + Zweryfikuj adres e-mail użytkownika, wysyłając mu jednorazowy link. Może być również używany do odzyskiwania w celu weryfikacji autentyczności użytkownika. + + + Activate pending user on success + Aktywuj oczekującego użytkownika po sukcesie + + + When a user returns from the email successfully, their account will be activated. + Gdy użytkownik pomyślnie wróci z wiadomości e-mail, jego konto zostanie aktywowane. + + + Use global settings + Użyj ustawień globalnych + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + Po włączeniu będą używane globalne ustawienia połączenia poczty e-mail, a poniższe ustawienia połączenia będą ignorowane. + + + Token expiry + Token wygasa + + + Time in minutes the token sent is valid. + Czas w minutach, w którym wysłany token jest ważny. + + + Template + Szablon + + + Let the user identify themselves with their username or Email address. + Pozwól użytkownikowi identyfikować się za pomocą swojej nazwy użytkownika lub adresu e-mail. + + + User fields + Pola użytkownika + + + UPN + UPN + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + Pola, z którymi użytkownik może się identyfikować. Jeśli żadne pola nie zostaną wybrane, użytkownik będzie mógł korzystać tylko ze źródeł. + + + Password stage + Etap hasła + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + Po wybraniu pole hasła jest wyświetlane na tej samej stronie zamiast na osobnej stronie. Zapobiega to atakom polegającym na wyliczaniu nazw użytkowników. + + + Case insensitive matching + Bez rozróżniania wielkości liter + + + When enabled, user fields are matched regardless of their casing. + Po włączeniu pola użytkownika są dopasowywane niezależnie od wielkości liter. + + + Show matched user + Pokaż dopasowanego użytkownika + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + Po wprowadzeniu prawidłowej nazwy użytkownika/adresu e-mail i włączeniu tej opcji zostanie wyświetlona nazwa użytkownika i awatar użytkownika. W przeciwnym razie zostanie wyświetlony tekst wprowadzony przez użytkownika. + + + Source settings + Ustawienia źródła + + + Sources + Źródła + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + Powinny być wyświetlane wybrane źródła, za pomocą których użytkownicy mogą się uwierzytelniać. Dotyczy to tylko źródeł internetowych, a nie LDAP. + + + Show sources' labels + Pokaż etykiety źródeł + + + By default, only icons are shown for sources. Enable this to show their full names. + Domyślnie dla źródeł wyświetlane są tylko ikony. Włącz tę opcję, aby wyświetlić ich pełne nazwy. + + + Passwordless flow + Przepływ bezhasłowy + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + Opcjonalny przepływ bez hasła, do którego link znajduje się na dole strony. Po skonfigurowaniu użytkownicy mogą używać tego przepływu do uwierzytelniania za pomocą modułu uwierzytelniającego WebAuthn bez wprowadzania żadnych szczegółów. + + + Optional enrollment flow, which is linked at the bottom of the page. + Opcjonalny przepływ rejestracji, do którego link będzie znajdował się na dole strony. + + + Optional recovery flow, which is linked at the bottom of the page. + Opcjonalny przepływ odzyskiwania, do którego link znajduje się na dole strony. + + + This stage can be included in enrollment flows to accept invitations. + Ten etap można uwzględnić w przepływach rejestracji, aby akceptować zaproszenia. + + + Continue flow without invitation + Kontynuuj przepływ bez zaproszenia + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + Jeśli ta flaga jest ustawiona, ten etap przejdzie do następnego etapu, gdy nie zostanie wysłane żadne zaproszenie. Domyślnie ten etap anuluje przepływ, gdy nie zostanie wysłane żadne zaproszenie. + + + Validate the user's password against the selected backend(s). + Zweryfikuj hasło użytkownika w wybranych backendach. + + + Backends + back-end + + + User database + standard password + Baza użytkowników + standardowe hasło + + + User database + app passwords + Baza użytkowników + hasła aplikacji + + + User database + LDAP password + Baza użytkowników + hasło LDAP + + + Selection of backends to test the password against. + Wybór backendów do testowania hasła. + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + Przepływ używany przez uwierzytelnionego użytkownika do konfigurowania jego hasła. Jeśli jest pusty, użytkownik nie będzie mógł skonfigurować zmiany hasła. + + + Failed attempts before cancel + Nieudane próby przed anulowaniem + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + Ile prób ma użytkownik przed anulowaniem przepływu. Aby zablokować użytkownika, użyj zasad reputacji i etapu user_write. + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + Pokaż użytkownikowi dowolne pola wejściowe, na przykład podczas rejestracji. Dane są zapisywane w kontekście przepływu pod zmienną „prompt_data”. + + + Fields + Pola + + + ("", of type ) + + („ + ”, typu + ) + + + Validation Policies + Zasady weryfikacji + + + Selected policies are executed when the stage is submitted to validate the data. + Wybrane zasady są wykonywane po przesłaniu etapu w celu weryfikacji danych. + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + + Log the currently pending user in. + Loguj aktualnie oczekującego użytkownika. + + + Session duration + Długość sesji + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + Określa, jak długo trwa sesja. Domyślna wartość 0 sekund oznacza, że sesje trwają do zamknięcia przeglądarki. + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + + See here. + + + Stay signed in offset + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + + Terminate other sessions + + + When enabled, all previous sessions of the user will be terminated. + + + Remove the user from the current session. + Usuń użytkownika z bieżącej sesji. + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + + + Never create users + Nigdy nie twórz użytkowników + + + When no user is present in the flow context, the stage will fail. + + + Create users when required + Twórz użytkowników, gdy jest to wymagane + + + When no user is present in the the flow context, a new user is created. + + + Always create new users + Zawsze twórz nowych użytkowników + + + Create a new user even if a user is in the flow context. + + + Create users as inactive + Utwórz użytkowników jako nieaktywnych + + + Mark newly created users as inactive. + Oznacz nowo utworzonych użytkowników jako nieaktywnych. + + + User path template + Szablon ścieżki użytkownika + + + Path new users will be created under. If left blank, the default path will be used. + Ścieżka, w której zostaną utworzeni nowi użytkownicy. Jeśli pozostawisz puste, zostanie użyta ścieżka domyślna. + + + Newly created users are added to this group, if a group is selected. + Nowo utworzeni użytkownicy są dodawani do tej grupy, jeśli grupa jest zaznaczona. + + + New stage + Nowy etap + + + Create a new stage. + Utwórz nowy etap. + + + Successfully imported device. + Pomyślnie zaimportowano urządzenie. + + + The user in authentik this device will be assigned to. + Użytkownik w authentik, do którego zostanie przypisane to urządzenie. + + + Duo User ID + Duo User ID + + + The user ID in Duo, can be found in the URL after clicking on a user. + + + Automatic import + Automatyczne importowanie + + + Successfully imported devices. + Pomyślnie zaimportowano + urządzenia. + + + Start automatic import + Rozpocznij automatyczny import + + + Or manually import + Lub ręcznie importuj + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + Etapy to pojedyncze kroki przepływu, przez które prowadzony jest użytkownik. Etap można wykonać tylko z przepływu. + + + Flows + Przepływ(y) + + + Stage(s) + Etap(y) + + + Import + Importuj + + + Import Duo device + Importuj urządzenie Duo + + + Successfully updated flow. + Pomyślnie zaktualizowano przepływ. + + + Successfully created flow. + Pomyślnie utworzono przepływ. + + + Shown as the Title in Flow pages. + Wyświetlany jako tytuł na stronach przepływu. + + + Visible in the URL. + Widoczne w adresie URL. + + + Designation + Przeznaczenie + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + Decyduje, do czego służy ten przepływ. Na przykład przepływ uwierzytelniania służy do przekierowania nieuwierzytelnionego użytkownika który odwiedza authentik. + + + No requirement + + + Require authentication + Wymagaj uwierzytelnienia + + + Require no authentication. + Nie wymagaj uwierzytelnienia. + + + Require superuser. + Wymagaj superużytkownika. + + + Required authentication level for this flow. + Wymagany poziom uwierzytelniania dla tego przepływu. + + + Behavior settings + Ustawienia zachowania + + + Compatibility mode + Tryb zgodności + + + Increases compatibility with password managers and mobile devices. + Zwiększa kompatybilność z menedżerami haseł i urządzeniami mobilnymi. + + + Denied action + + + Will follow the ?next parameter if set, otherwise show a message + + + Will either follow the ?next parameter or redirect to the default interface + + + Will notify the user the flow isn't applicable + + + Decides the response when a policy denies access to this flow for a user. + + + Appearance settings + Ustawienia wyglądu + + + Layout + Układ + + + Background + Tło + + + Background shown during execution. + Tło pokazywane podczas wykonywania. + + + Clear background + + + Delete currently set background image. + Usuń aktualnie ustawiony obraz tła. + + + Successfully imported flow. + Pomyślnie zaimportowano przepływ. + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + Pliki .yaml, które można znaleźć na goauthentik.io i mogą być wyeksportowane przez authentik. + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + Przepływy opisują łańcuch etapów do uwierzytelniania, rejestracji lub odzyskiwania użytkownika. Etapy są wybierane na podstawie stosowanych do nich zasad. + + + Flow(s) + Przepływ(y) + + + Update Flow + Aktualizuj przepływ + + + Create Flow + Utwórz przepływ + + + Import Flow + Importuj przepływ + + + Successfully cleared flow cache + Pamięć podręczna przepływu została wyczyszczona + + + Failed to delete flow cache + Nie udało się usunąć pamięci podręcznej przepływu + + + Clear Flow cache + Wyczyść pamięć podręczną przepływu + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + + + Stage binding(s) + Wiązania(a) etapu + + + Stage type + Typ etapu + + + Edit Stage + Edytuj etap + + + Update Stage binding + Zaktualizuj powiązanie etapu + + + These bindings control if this stage will be applied to the flow. + Te powiązania kontrolują, czy ten etap zostanie zastosowany do przepływu. + + + No Stages bound + Żadne etapy nie są związane. + + + No stages are currently bound to this flow. + Żadne etapy nie są obecnie związane z tym przepływem. + + + Create Stage binding + Utwórz wiązanie etapu + + + Bind stage + Powiąż etap + + + Bind existing stage + + + Flow Overview + Przegląd przepływu + + + Related actions + + + Execute flow + Wykonaj przepływ + + + Normal + Normalny + + + with current user + z obecnym użytkownikiem + + + with inspector + z inspektorem + + + Export flow + Eksportuj przepływ + + + Export + Eksportuj + + + Stage Bindings + Wiązania etapu + + + These bindings control which users can access this flow. + Te powiązania kontrolują, którzy użytkownicy mogą uzyskać dostęp do tego przepływu. + + + Event Log + Dziennik zdarzeń + + + Event + Zdarzenie + + + + Event info + Informacje o zdarzeniu + + + Created + + + Successfully updated transport. + Pomyślnie zaktualizowano transport. + + + Successfully created transport. + Pomyślnie utworzono transport. + + + Local (notifications will be created within authentik) + Lokalny (powiadomienia będą tworzone w ramach authentik) + + + Webhook (generic) + Webhook (ogólny) + + + Webhook (Slack/Discord) + Webhook (Slack/Discord) + + + Webhook URL + URL webhooka + + + Webhook Mapping + Mapowanie webhooka + + + Send once + Wyślij raz + + + Only send notification once, for example when sending a webhook into a chat channel. + Wyślij powiadomienie tylko raz, na przykład podczas wysyłania webhooka na kanał czatu. + + + Notification Transports + Transporty powiadomień + + + Define how notifications are sent to users, like Email or Webhook. + Określ sposób wysyłania powiadomień do użytkowników, takich jak e-mail lub webhook. + + + Notification transport(s) + Transport(y) powiadomień + + + Update Notification Transport + Zaktualizuj transport powiadomień + + + Create Notification Transport + Utwórz transport powiadomień + + + Successfully updated rule. + Pomyślnie zaktualizowano regułę. + + + Successfully created rule. + Pomyślnie utworzono regułę. + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + + + Transports + Transporty + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + Wybierz transporty, które mają być używane do powiadamiania użytkownika. Jeśli nie wybierzesz żadnego, powiadomienie będzie wyświetlane tylko w interfejsie użytkownika authentik. + + + Severity + Poziom błędu + + + Notification Rules + Zasady powiadamiania + + + Send notifications whenever a specific Event is created and matched by policies. + Wysyłaj powiadomienia za każdym razem, gdy określone zdarzenie zostanie utworzone i dopasowane do zasad. + + + Sent to group + Wysłane do grup + + + Notification rule(s) + Reguła(y) powiadamiania + + + None (rule disabled) + Brak (reguła wyłączona) + + + Update Notification Rule + Zaktualizuj regułę powiadamiania + + + Create Notification Rule + Utwórz regułę powiadomień + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + + + Outpost Deployment Info + Informacje o wdrożeniu placówki + + + View deployment documentation + Wyświetl dokumentację wdrożenia + + + Click to copy token + Kliknij, aby skopiować token + + + If your authentik Instance is using a self-signed certificate, set this value. + Jeśli twoja instancja authentik korzysta z certyfikatu z podpisem własnym, ustaw tę wartość. + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + Jeśli ustawienie authentik_host nie odpowiada adresowi URL, pod którym chcesz się zalogować, dodaj to ustawienie. + + + Successfully updated outpost. + Pomyślnie zaktualizowano placówkę. + + + Successfully created outpost. + Pomyślnie utworzono placówkę. + + + Radius + + + Integration + Integracja + + + Selecting an integration enables the management of the outpost by authentik. + Wybranie integracji umożliwia zarządzanie placówką przez authentik. + + + You can only select providers that match the type of the outpost. + Możesz wybrać tylko tych dostawców, którzy pasują do typu placówki. + + + Configuration + Konfiguracja + + + See more here: + Zobacz więcej tutaj: + + + Documentation + Dokumentacja + + + Last seen + Ostatnio widziany + + + , should be + + , powinno być + + + + Hostname + Hostname + + + Not available + Niedostępny + + + Last seen: + Ostatnio widziany: + + + + Unknown type + Nieznany typ + + + Outposts + Placówki + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Placówki (Outposts) to wdrożenia komponentów uwierzytelniających do obsługi różnych środowisk i protokołów, takich jak odwrotne serwery proxy. + + + Health and Version + Zdrowie i wersja + + + Warning: authentik Domain is not configured, authentication will not work. + Ostrzeżenie: domena authentik nie jest skonfigurowana, uwierzytelnianie nie będzie działać. + + + Logging in via . + Logowanie przez + . + + + No integration active + Brak aktywnej integracji + + + Update Outpost + Zaktualizuj placówkę + + + View Deployment Info + Wyświetl informacje o wdrożeniu + + + Detailed health (one instance per column, data is cached so may be out of date) + + + Outpost(s) + Placówka(i) + + + Create Outpost + Utwórz placówkę + + + Successfully updated integration. + Pomyślnie zaktualizowano integrację. + + + Successfully created integration. + Pomyślnie utworzono integracje. + + + Local + Lokalny + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + Jeśli jest włączone, użyj połączenia lokalnego. Wymagane socket Docker/Integracja Kubernetes. + + + Docker URL + URL Dockera + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + Może mieć format „unix://” podczas łączenia się z lokalnym demonem dockera, używając „ssh://” do łączenia się przez SSH lub „https://:2376” podczas łączenia się z systemem zdalnym. + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + CA względem którego weryfikowany jest certyfikat. Można pozostawić puste, aby nie sprawdzać poprawności. + + + TLS Authentication Certificate/SSH Keypair + Certyfikat uwierzytelniania TLS/para kluczy SSH + + + Certificate/Key used for authentication. Can be left empty for no authentication. + Certyfikat/klucz używany do uwierzytelniania. Można pozostawić puste, aby nie uwierzytelniać. + + + When connecting via SSH, this keypair is used for authentication. + Podczas łączenia przez SSH ta para kluczy jest używana do uwierzytelniania. + + + Kubeconfig + Kubeconfig + + + Verify Kubernetes API SSL Certificate + + + New outpost integration + Nowa integracja z placówką + + + Create a new outpost integration. + Utwórz nową integrację z placówką. + + + State + Stan + + + Unhealthy + Niezdrowy + + + Outpost integration(s) + Integracja(e) z placówkami + + + Successfully generated certificate-key pair. + Pomyślnie wygenerowana para certyfikat-klucz. + + + Common Name + Nazwa pospolita + + + Subject-alt name + Alternatywna nazwa tematu + + + Optional, comma-separated SubjectAlt Names. + Opcjonalne, rozdzielone przecinkami nazwy SubjectAlt. + + + Validity days + Dni ważności + + + Successfully updated certificate-key pair. + Pomyślnie zaktualizowano parę certyfikat-klucz. + + + Successfully created certificate-key pair. + Pomyślnie utworzono parę certyfikat-klucz. + + + PEM-encoded Certificate data. + Dane certyfikatu zakodowane w formacie PEM. + + + Optional Private Key. If this is set, you can use this keypair for encryption. + Opcjonalny klucz prywatny. Jeśli to jest ustawione, możesz użyć tej pary kluczy do szyfrowania. + + + Certificate-Key Pairs + Pary certyfikat-klucz + + + Import certificates of external providers or create certificates to sign requests with. + Importuj certyfikaty zewnętrznych dostawców lub twórz certyfikaty do podpisywania żądań. + + + Private key available? + Dostępny klucz prywatny? + + + Certificate-Key Pair(s) + Para(y) certyfikat-klucz + + + Managed by authentik + Zarządzane przez authentik + + + Managed by authentik (Discovered) + Zarządzane przez authentik (odkryte) + + + Yes () + Tak ( + ) + + + No + Nie + + + Update Certificate-Key Pair + Aktualizuj parę certyfikat-klucz + + + Certificate Fingerprint (SHA1) + Odcisk cyfrowy certyfikatu (SHA1) + + + Certificate Fingerprint (SHA256) + Odcisk cyfrowy certyfikatu (SHA256) + + + Certificate Subject + Temat certyfikatu + + + Download Certificate + Pobierz certyfikat + + + Download Private key + Pobierz klucz prywatny + + + Create Certificate-Key Pair + Utwórz parę certyfikat-klucz + + + Generate + Generuj + + + Generate Certificate-Key Pair + Wygeneruj parę certyfikat-klucz + + + Successfully updated instance. + Pomyślnie zaktualizowano instancję. + + + Successfully created instance. + Pomyślnie utworzono instancję. + + + Disabled blueprints are never applied. + Wyłączone schematy nigdy nie są stosowane. + + + Local path + Ścieżka lokalna + + + OCI Registry + Rejestr OCI + + + Internal + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + Adres URL OCI w formacie oci://registry.domain.tld/path/to/manifest. + + + See more about OCI support here: + Zobacz więcej o wsparciu OCI tutaj: + + + Blueprint + + + Configure the blueprint context, used for templating. + + + Orphaned + + + Blueprints + Schematy + + + Automate and template configuration within authentik. + Zautomatyzuj i szablonuj konfigurację w authentik. + + + Last applied + Ostatnio zastosowano + + + Blueprint(s) + Schemat(y) + + + Update Blueprint + Aktualizuj schemat + + + Create Blueprint Instance + Utwórz instancję schematu + + + API Requests + Żądania API + + + Open API Browser + Otwórz przeglądarkę API + + + Notifications + Powiadomienia + + + unread + + nieprzeczytane + + + Successfully cleared notifications + Pomyślnie wyczyszczono powiadomienia + + + Clear all + Wyczyść wszystko + + + A newer version of the frontend is available. + Dostępna jest nowsza wersja frontendu. + + + You're currently impersonating . Click to stop. + Obecnie podszywasz się pod + . Kliknij, aby zatrzymać. + + + User interface + Interfejs użytkownika + + + Dashboards + Pulpity + + + Events + Zdarzenia + + + Logs + Logi + + + Customisation + Dostosowywanie + + + Directory + Katalog + + + System + System + + + Certificates + Certyfikaty + + + Outpost Integrations + Integracje z placówkami + + + API request failed + Żądanie API nie powiodło się + + + User's avatar + Awatar użytkownika + + + Something went wrong! Please try again later. + Coś poszło nie tak! Spróbuj ponownie później. + + + Request ID + Identyfikator żądania + + + You may close this page now. + + + You're about to be redirect to the following URL. + Wkrótce nastąpi przekierowanie do następującego adresu URL. + + + Follow redirect + Śledź przekierowanie + + + Request has been denied. + Żądanie zostało odrzucone. + + + Not you? + Nie ty? + + + Need an account? + Potrzebujesz konta? + + + Sign up. + Zapisz się. + + + Forgot username or password? + Zapomniałeś nazwy użytkownika lub hasła? + + + Select one of the sources below to login. + Wybierz jedno z poniższych źródeł, aby się zalogować. + + + Or + Lub + + + Use a security key + Użyj klucza bezpieczeństwa + + + Login to continue to . + Zaloguj się, aby przejść do + . + + + Please enter your password + Wprowadź hasło + + + Forgot password? + Zapomniałeś hasła? + + + Application requires following permissions: + Aplikacja wymaga następujących uprawnień: + + + Application already has access to the following permissions: + Aplikacja ma już dostęp do następujących uprawnień: + + + Application requires following new permissions: + Aplikacja wymaga następujących nowych uprawnień: + + + Check your Inbox for a verification email. + Sprawdź swoją skrzynkę odbiorczą pod kątem e-maila weryfikacyjnego. + + + Send Email again. + Wyślij e-mail ponownie. + + + Successfully copied TOTP Config. + Pomyślnie skopiowano konfigurację TOTP. + + + Copy + Kopiuj + + + Code + Kod + + + Please enter your TOTP Code + Wprowadź swój kod TOTP + + + Duo activation QR code + + + Alternatively, if your current device has Duo installed, click on this link: + Alternatywnie, jeśli na Twoim obecnym urządzeniu jest zainstalowany Duo, kliknij ten link: + + + Duo activation + Aktywacja Duo + + + Check status + Sprawdź status + + + Make sure to keep these tokens in a safe place. + Upewnij się, że przechowujesz te tokeny w bezpiecznym miejscu. + + + Phone number + Numer telefonu + + + Please enter your Phone number. + Podaj swój numer telefonu. + + + Please enter the code you received via SMS + Wprowadź kod otrzymany SMS-em + + + A code has been sent to you via SMS. + Kod został wysłany do Ciebie SMS-em. + + + Open your two-factor authenticator app to view your authentication code. + + + Static token + Token statyczny + + + Authentication code + + + Please enter your code + + + Return to device picker + Wróć do wyboru urządzeń + + + Sending Duo push notification + Wysyłam powiadomienie push Duo + + + Assertions is empty + Asercja jest pusta + + + Error when creating credential: + Błąd podczas tworzenia poświadczeń: + + + + Error when validating assertion on server: + Błąd podczas walidacji asercji na serwerze: + + + + Retry authentication + Ponów uwierzytelnianie + + + Duo push-notifications + Powiadomienia push Duo + + + Receive a push notification on your device. + Otrzymuj powiadomienia push na swoje urządzenie. + + + Authenticator + Uwierzytelniacz + + + Use a security key to prove your identity. + Użyj klucza bezpieczeństwa, aby potwierdzić swoją tożsamość. + + + Traditional authenticator + Tradycyjny uwierzytelniacz + + + Use a code-based authenticator. + Użyj uwierzytelniacza opartego na kodzie. + + + Recovery keys + Klucze odzyskiwania + + + In case you can't access any other method. + Na wypadek, gdybyś nie miał dostępu do żadnej innej metody. + + + SMS + SMS + + + Tokens sent via SMS. + Tokeny wysyłane SMS-em. + + + Select an authentication method. + Wybierz metodę uwierzytelniania. + + + Stay signed in? + + + Select Yes to reduce the number of times you're asked to sign in. + + + Authenticating with Plex... + Uwierzytelnianie z Plex... + + + Waiting for authentication... + Oczekiwanie na uwierzytelnienie... + + + If no Plex popup opens, click the button below. + Jeśli nie otworzy się wyskakujące okienko Plex, kliknij przycisk poniżej. + + + Open login + Otwórz logowanie + + + Authenticating with Apple... + Uwierzytelnianie z Apple... + + + Retry + Ponów + + + Enter the code shown on your device. + Wpisz kod widoczny na Twoim urządzeniu. + + + Please enter your Code + Wprowadź swój kod + + + You've successfully authenticated your device. + Pomyślnie uwierzytelniłeś swoje urządzenie. + + + Flow inspector + Inspektor przepływu + + + Next stage + Następny etap + + + Stage name + Nazwa etapu + + + Stage kind + Rodzaj etapu + + + Stage object + Obiekt etapu + + + This flow is completed. + Ten przepływ jest zakończony. + + + Plan history + Historia planu + + + Current plan context + Aktualny kontekst planu + + + Session ID + ID sesji + + + Powered by authentik + Napędzane przez authentik + + + Background image + Obraz tła + + + Error creating credential: + Błąd podczas tworzenia poświadczenia: + + + + Server validation of credential failed: + Weryfikacja poświadczeń serwera nie powiodła się: + + + + Register device + Zarejestruj urządzenie + + + Refer to documentation + + + No Applications available. + Brak dostępnych aplikacji. + + + Either no applications are defined, or you don’t have access to any. + + + My Applications + Moje aplikacje + + + My applications + Moje aplikacje + + + Change your password + Zmień swoje hasło + + + Change password + Zmień hasło + + + + + + + + + Save + Zapisz + + + Delete account + Usuń konto + + + Successfully updated details + Pomyślnie zaktualizowano szczegóły + + + Open settings + Otwórz ustawienia + + + No settings flow configured. + Nie skonfigurowano przepływu ustawień. + + + Update details + Zaktualizuj szczegóły + + + Successfully disconnected source + Pomyślnie odłączono źródło + + + Failed to disconnected source: + Nie udało się odłączyć źródła: + + + + Disconnect + Rozłącz + + + Connect + Połącz + + + Error: unsupported source settings: + Błąd: nieobsługiwane ustawienia źródła: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Połącz swoje konto użytkownika z usługami wymienionymi poniżej, aby umożliwić logowanie za pomocą usługi zamiast tradycyjnych poświadczeń. + + + No services available. + Brak dostępnych usług. + + + Create App password + Utwórz hasło aplikacji + + + User details + Szczegóły użytkownika + + + Consent + Zgody + + + MFA Devices + Urządzenia MFA + + + Connected services + Połączone usługi + + + Tokens and App passwords + Tokeny i hasła aplikacji + + + Unread notifications + Nieprzeczytane powiadomienia + + + Admin interface + Interfejs administratora + + + Stop impersonation + Zatrzymaj podszywanie się + + + Avatar image + Obraz awatara + + + Failed + + + Unsynced / N/A + + + Outdated outposts + Nieaktualne placówki + + + Unhealthy outposts + Niezdrowe placówki + + + Next + Dalej + + + Inactive + Nieaktywny + + + Regular user + Zwykły użytkownik + + + Activate + Aktywuj + + + Use Server URI for SNI verification + + + Required for servers using TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + + + TLS Server name + + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + + + TLS Client authentication certificate + + + Model + + + Match events created by selected model. When left empty, all models are matched. + + + Code-based MFA Support + + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + + + User type + + + Successfully updated license. + + + Successfully created license. + + + Install ID + + + License key + + + Licenses + + + License(s) + + + Enterprise is in preview. + + + Cumulative license expiry + + + Update License + + + Warning: The current user count has exceeded the configured licenses. + + + Click here for more info. + + + Enterprise + + + Manage enterprise licenses + + + No licenses found. + + + Send us feedback! + + + Get a license + + + Go to Customer Portal + + + Forecast internal users + + + Estimated user count one year from now based on current internal users and forecasted internal users. + + + Forecast external users + + + Estimated user count one year from now based on current external users and forecasted external users. + + + Install + + + Install License + + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + + + Service accounts should be used for machine-to-machine authentication or other automations. + + + Less details + + + More details + + + Remove item Open API drawer @@ -11,1702 +5708,74 @@ Open Notification drawer - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - Restart task - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - Add provider - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber - - - The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate - - - TLS Server name - - - UID start number - - - GID start number - - - Successfully updated provider. - - - Successfully created provider. - - - (Format: hours=-1;minutes=-2;seconds=-3). - - - (Format: hours=1;minutes=2;seconds=3). - - - The following keywords are supported: - - - Confidential - - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets - - - Public - - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. - - - Based on the User's hashed ID - - - Based on the User's ID - - - Based on the User's UUID - - - Based on the User's username - - - Based on the User's Email - - - This is recommended over the UPN mode. - - - Based on the User's UPN - - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. - - - Each provider has a different issuer, based on the application slug - - - Same identifier is used for all providers - - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. - - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. - - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - - - Authentication flow - - - Flow used when a user access this provider and is not authenticated. - - - Authorization flow - - - Flow used when authorizing this provider. - - - Client type - - - Client ID - - - Client Secret - - - Redirect URIs/Origins (RegEx) - - - Signing Key - - - Key used to sign the tokens. - - - Advanced protocol settings - - - Access code validity - - - Configure how long access codes are valid for. - - - Access Token validity - - - Configure how long access tokens are valid for. - - - Refresh Token validity - - - Configure how long refresh tokens are valid for. - - - Scopes - - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. - - - Hold control/command to select multiple items. - - - Subject mode - - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - - - Include claims in id_token - - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. - - - Issuer mode - - - Configure how the issuer field of the ID Token should be filled. - - - Machine-to-Machine authentication settings - - - Trusted OIDC Sources - - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. - - - Configure OAuth2/OpenId Provider - - - HTTP-Basic Username Key - - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. - - - HTTP-Basic Password Key - - - User/Group Attribute used for the password part of the HTTP-Basic Header. - - - Configure Proxy Provider - - - Token validity - - - Configure how long tokens are valid for. - - - AdditionalScopes - - - Additional scope mappings, which are passed to the proxy. - - - Unauthenticated URLs - - - Unauthenticated Paths - - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. - - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. - - - Authentication settings - - - Intercept header authentication - - - When enabled, authentik will intercept the Authorization header to authenticate the request. - - - Send HTTP-Basic Authentication - - - Send a custom HTTP-Basic Authentication header based on values from authentik. - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. - - - An example setup can look like this: - - - authentik running on auth.example.com - - - app1 running on app1.example.com - - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. - - - External host - - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. - - - Cookie domain - - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. - - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. - - - The external URL you'll access the application at. Include any non-standard port. - - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. - - - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application - - - Don't show this message again. - - - One hint, 'New Application Wizard', is currently hidden - - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - Open - - Successfully sent test-request. + + Copy token - - Log messages + + Add users - - No log messages. + + Add group - - Active + + Import devices - - Last login + + Execute - - Select users to add + + Show details - - Successfully updated group. + + Apply - - Successfully created group. + + Settings - - Is superuser + + Sign out - - Users added to this group will be superusers. + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - Parent + + Token length - - Roles + + The length of the individual generated tokens. Can be increased to improve security. - - Select roles to grant this groups' users' permissions from the selected roles. + + Internal: - - Attributes + + External: - - Set custom attributes using YAML or JSON. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - Successfully updated binding. + + Create and bind Policy - - Successfully created binding. + + Federation and Social login - - Policy + + Create and bind Stage - - Group mappings can only be checked if a user is already logged in when trying to access this source. + + Flows and Stages - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout + + New version available Failure result @@ -1720,1346 +5789,23 @@ Result used when policy execution fails. - - Successfully updated policy. + + Required: User verification must occur. - - Successfully created policy. + + Preferred: User verification is preferred if available, but not required. - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + Discouraged: User verification should not occur. - - Execution logging + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info + + Discouraged: The authenticator should not create a dedicated credential Lock the user out of this system @@ -3076,29 +5822,144 @@ doesn't pass when either or both of the selected options are equal or above the Create a link for this user to reset their password - - Create Recovery Link + + WebAuthn requires this page to be accessed via HTTPS. - - Actions over the last week (per 8 hours) + + WebAuthn not supported by browser. - - Edit the notes attribute of this user to add notes here. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - Sessions + + Default relay state - - User events + + When using IDP-initiated logins, the relay state will be set to this value. - - Explicit Consent + + Flow Info - - OAuth Refresh Tokens + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - MFA Authenticators +<<<<<<< HEAD + + Internal application name used in URLs. + + + Submit + + + UI Settings + + + Transparent Reverse Proxy + + + For transparent reverse proxies with required authentication + + + Configure SAML provider manually + + + Configure RADIUS provider manually + + + Configure SCIM provider manually + + + Saving Application... + + + Authentik was unable to save this application: + + + Your application has been saved + + + Method's display Name. + + + Use this provider with nginx's auth_request or traefik's + forwardAuth. Each application/domain needs its own provider. + Additionally, on each domain, /outpost.goauthentik.io must be + routed to the outpost (when using a managed outpost, this is done for you). + + + Custom attributes + + + Don't show this message again. + + + Failed to fetch + + + Failed to fetch data. + + + Successfully assigned permission. + + + Role + + + Assign + + + Assign permission to role + + + Assign to new role + + + Directly assigned + + + Assign permission to user + + + Assign to new user + + + User Object Permissions + + + Role Object Permissions + + + Roles + + + Select roles to grant this groups' users' permissions from the selected roles. + + + Update Permissions + + + Editing is disabled for managed tokens + + + Select permissions to grant + + + Permissions to add + + + Select permissions + + + Assign permission + + + Permission(s) + + + Permission + + + User doesn't have view permission so description cannot be retrieved. Assigned permissions @@ -3136,519 +5997,17 @@ doesn't pass when either or both of the selected options are equal or above the Role Info - - Successfully updated invitation. + + Pseudolocale (for testing) - - Successfully created invitation. + + Create With Wizard - - Flow + + One hint, 'New Application Wizard', is currently hidden - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Deny message @@ -3656,80 +6015,128 @@ doesn't pass when either or both of the selected options are equal or above the Message shown when this stage is run. - - Dummy stage used for testing. Shows a simple continue button and always passes. + + Open Wizard - - Throw error? + + Demo Wizard - - SMTP Host + + Run the demo wizard - - SMTP Port + + OAuth2/OIDC (Open Authorization/OpenID Connect) - - SMTP Username + + LDAP (Lightweight Directory Access Protocol) - - SMTP Password + + Forward Auth (Single Application) - - Use TLS + + Forward Auth (Domain Level) - - Use SSL + + SAML (Security Assertion Markup Language) - - From address + + RADIUS (Remote Authentication Dial-In User Service) - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + SCIM (System for Cross-domain Identity Management) - - Activate pending user on success + + The token has been copied to your clipboard - - When a user returns from the email successfully, their account will be activated. + + The token was displayed because authentik does not have permission to write to the clipboard - - Use global settings + + A copy of this recovery link has been placed in your clipboard - - When enabled, global Email connection settings will be used and connection settings below will be ignored. + + Create recovery link - - Token expiry + + Create Recovery Link - - Time in minutes the token sent is valid. + + External - - Template + + Service account - - Let the user identify themselves with their username or Email address. + + Service account (internal) - - User fields + + Check the release notes - - UPN + + User Statistics - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + <No name set> - - Password stage + + For nginx's auth_request or traefik's forwardAuth - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + For nginx's auth_request or traefik's forwardAuth per root domain - - Case insensitive matching + + RBAC is in preview. - - When enabled, user fields are matched regardless of their casing. + + User type used for newly created users. + + + Users created + + + Failed logins + + + Also known as Client ID. + + + Also known as Client Secret. + + + Global status + + + Vendor + + + No sync status. + + + Sync currently running. + + + Connectivity + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + + + Successfully created user and added to group + + + This user will be added to the group "". Pretend user exists @@ -3737,113 +6144,122 @@ doesn't pass when either or both of the selected options are equal or above the When enabled, the stage will always accept the given user identifier and continue. - - Show matched user + + There was an error in the application. - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + Review the application. - - Source settings + + There was an error in the provider. - - Sources + + Review the provider. - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + There was an error - - Show sources' labels + + There was an error creating the application, but no error message was sent. Please review the server logs. - - By default, only icons are shown for sources. Enable this to show their full names. + + Configure LDAP Provider - - Passwordless flow + + Configure OAuth2/OpenId Provider - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + Configure Proxy Provider - - Optional enrollment flow, which is linked at the bottom of the page. + + AdditionalScopes - - Optional recovery flow, which is linked at the bottom of the page. + + Configure Radius Provider - - This stage can be included in enrollment flows to accept invitations. + + Configure SAML Provider - - Continue flow without invitation + + Property mappings used for user mapping. - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + Configure SCIM Provider - - Validate the user's password against the selected backend(s). + + Property mappings used for group creation. - - Backends + + Event volume - - User database + standard password + + Require Outpost (flow can only be executed from an outpost). - - User database + app passwords + + Connection settings. - - User database + LDAP password + + Successfully updated endpoint. - - Selection of backends to test the password against. + + Successfully created endpoint. - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + Protocol - - Failed attempts before cancel + + RDP - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + SSH - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + VNC - - Fields + + Host - - ("", of type ) + + Hostname/IP to connect to. - - Validation Policies + + Endpoint(s) - - Selected policies are executed when the stage is submitted to validate the data. + + Update Endpoint - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - Log the currently pending user in. + + Create Endpoint - - Session duration + + RAC is in preview. - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + Update RAC Provider - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + Endpoints - - See here. + + General settings - - Stay signed in offset + + RDP settings - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Ignore server certificate + + + Enable wallpaper + + + Enable font-smoothing + + + Enable full window dragging Network binding @@ -3878,593 +6294,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +6410,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +6431,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/pseudo-LOCALE.xlf b/web/xliff/pseudo-LOCALE.xlf index 0b0e8a01e..c870f2288 100644 --- a/web/xliff/pseudo-LOCALE.xlf +++ b/web/xliff/pseudo-LOCALE.xlf @@ -1,3849 +1,7990 @@ - + - - - - Admin - - - Open API drawer - - - Open Notification drawer - - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - + + + + English + Ēńĝĺĩśĥ + + + + French + Ƒŕēńćĥ + + + + Turkish + Ţũŕķĩśĥ + + + + Spanish + Śƥàńĩśĥ + + + + Polish + Ƥōĺĩśĥ + + + + Taiwanese Mandarin + Ţàĩŵàńēśē Màńďàŕĩń + + + + Chinese (simplified) + Ćĥĩńēśē (śĩmƥĺĩƒĩēď) + + + + Chinese (traditional) + Ćĥĩńēśē (ţŕàďĩţĩōńàĺ) + + + + German + Ĝēŕmàń + + + + Loading... + Ĺōàďĩńĝ... + + + + Application + Àƥƥĺĩćàţĩōń + + + + Logins + Ĺōĝĩńś + + + + Show less + Śĥōŵ ĺēśś + + + + Show more + Śĥōŵ mōŕē + + + + UID + ŨĨĎ + + + + Name + Ńàmē + + + + App + Àƥƥ + + + + Model Name + Mōďēĺ Ńàmē + + + + Message + Mēśśàĝē + + + + Subject + ŚũƀĴēćţ + + + + From + Ƒŕōm + + + + To + Ţō + + + + Context + Ćōńţēxţ + + + + User + Ũśēŕ + + + + Affected model: + Àƒƒēćţēď mōďēĺ: + + + + Authorized application: + Àũţĥōŕĩźēď àƥƥĺĩćàţĩōń: + + + + Using flow + Ũśĩńĝ ƒĺōŵ + + + + Email info: + Ēmàĩĺ ĩńƒō: + + + + Secret: + Śēćŕēţ: + + + + Open issue on GitHub... + Ōƥēń ĩśśũē ōń ĜĩţĤũƀ... + + + + Exception + Ēxćēƥţĩōń + + + + Expression + Ēxƥŕēśśĩōń + + + + Binding + ßĩńďĩńĝ + + + + Request + Ŕēǫũēśţ + + + + Object + ŌƀĴēćţ + + + + Result + Ŕēśũĺţ + + + + Passing + Ƥàśśĩńĝ + + + + Messages + Mēśśàĝēś + + + + Using source + Ũśĩńĝ śōũŕćē + + + + Attempted to log in as + Àţţēmƥţēď ţō ĺōĝ ĩń àś + + + + No additional data available. + Ńō àďďĩţĩōńàĺ ďàţà àvàĩĺàƀĺē. + + + + Click to change value + Ćĺĩćķ ţō ćĥàńĝē vàĺũē + + + + Select an object. + Śēĺēćţ àń ōƀĴēćţ. + + + + Loading options... + Ĺōàďĩńĝ ōƥţĩōńś... + + + + Connection error, reconnecting... + Ćōńńēćţĩōń ēŕŕōŕ, ŕēćōńńēćţĩńĝ... + + + + Login + Ĺōĝĩń + + + + Failed login + Ƒàĩĺēď ĺōĝĩń + + + + Logout + Ĺōĝōũţ + + + + User was written to + Ũśēŕ ŵàś ŵŕĩţţēń ţō + + + + Suspicious request + Śũśƥĩćĩōũś ŕēǫũēśţ + + + + Password set + Ƥàśśŵōŕď śēţ + + + + Secret was viewed + Śēćŕēţ ŵàś vĩēŵēď + + + + Secret was rotated + Śēćŕēţ ŵàś ŕōţàţēď + + + + Invitation used + Ĩńvĩţàţĩōń ũśēď + + + + Application authorized + Àƥƥĺĩćàţĩōń àũţĥōŕĩźēď + + + + Source linked + Śōũŕćē ĺĩńķēď + + + + Impersonation started + Ĩmƥēŕśōńàţĩōń śţàŕţēď + + + + Impersonation ended + Ĩmƥēŕśōńàţĩōń ēńďēď + + + + Flow execution + Ƒĺōŵ ēxēćũţĩōń + + + + Policy execution + Ƥōĺĩćŷ ēxēćũţĩōń + + + + Policy exception + Ƥōĺĩćŷ ēxćēƥţĩōń + + + + Property Mapping exception + Ƥŕōƥēŕţŷ Màƥƥĩńĝ ēxćēƥţĩōń + + + + System task execution + Śŷśţēm ţàśķ ēxēćũţĩōń + + + + System task exception + Śŷśţēm ţàśķ ēxćēƥţĩōń + + + + General system exception + Ĝēńēŕàĺ śŷśţēm ēxćēƥţĩōń + + + + Configuration error + Ćōńƒĩĝũŕàţĩōń ēŕŕōŕ + + + + Model created + Mōďēĺ ćŕēàţēď + + + + Model updated + Mōďēĺ ũƥďàţēď + + + + Model deleted + Mōďēĺ ďēĺēţēď + + + + Email sent + Ēmàĩĺ śēńţ + + + + Update available + Ũƥďàţē àvàĩĺàƀĺē + + + + Unknown severity + Ũńķńōŵń śēvēŕĩţŷ + + + + Alert + Àĺēŕţ + + + + Notice + Ńōţĩćē + + + + Warning + Ŵàŕńĩńĝ + + + + no tabs defined + ńō ţàƀś ďēƒĩńēď + + + + - of + - ōƒ + + + + Go to previous page + Ĝō ţō ƥŕēvĩōũś ƥàĝē + + + + Go to next page + Ĝō ţō ńēxţ ƥàĝē + + + + Search... + Śēàŕćĥ... + + + + Loading + Ĺōàďĩńĝ + + + + No objects found. + Ńō ōƀĴēćţś ƒōũńď. + + + + Failed to fetch objects. + Ƒàĩĺēď ţō ƒēţćĥ ōƀĴēćţś. + + + + Refresh + Ŕēƒŕēśĥ + + + + Select all rows + Śēĺēćţ àĺĺ ŕōŵś + + + + Action + Àćţĩōń + + + + Creation Date + Ćŕēàţĩōń Ďàţē + + + + Client IP + Ćĺĩēńţ ĨƤ + + + + Recent events + Ŕēćēńţ ēvēńţś + + + + On behalf of + Ōń ƀēĥàĺƒ ōƒ + + + + - + - + + + + No Events found. + Ńō Ēvēńţś ƒōũńď. + + + + No matching events could be found. + Ńō màţćĥĩńĝ ēvēńţś ćōũĺď ƀē ƒōũńď. + + + + Embedded outpost is not configured correctly. + Ēmƀēďďēď ōũţƥōśţ ĩś ńōţ ćōńƒĩĝũŕēď ćōŕŕēćţĺŷ. + + + + Check outposts. + Ćĥēćķ ōũţƥōśţś. + + + + HTTPS is not detected correctly + ĤŢŢƤŚ ĩś ńōţ ďēţēćţēď ćōŕŕēćţĺŷ + + + + Server and client are further than 5 seconds apart. + Śēŕvēŕ àńď ćĺĩēńţ àŕē ƒũŕţĥēŕ ţĥàń 5 śēćōńďś àƥàŕţ. + + + + OK + ŌĶ + + + + Everything is ok. + Ēvēŕŷţĥĩńĝ ĩś ōķ. + + + + System status + Śŷśţēm śţàţũś + + + + Based on + ßàśēď ōń + + + + is available! + ĩś àvàĩĺàƀĺē! + + + + Up-to-date! + Ũƥ-ţō-ďàţē! + + + + Version + Vēŕśĩōń + + + + Workers + Ŵōŕķēŕś + + + + No workers connected. Background tasks will not run. + Ńō ŵōŕķēŕś ćōńńēćţēď. ßàćķĝŕōũńď ţàśķś ŵĩĺĺ ńōţ ŕũń. + + + + hour(s) ago + ĥōũŕ(ś) àĝō + + + + day(s) ago + ďàŷ(ś) àĝō + + + + Authorizations + Àũţĥōŕĩźàţĩōńś + + + + Failed Logins + Ƒàĩĺēď Ĺōĝĩńś + + + + Successful Logins + Śũććēśśƒũĺ Ĺōĝĩńś + + + + : + : + + + + Cancel + Ćàńćēĺ + + + + LDAP Source + ĹĎÀƤ Śōũŕćē + + + + SCIM Provider + ŚĆĨM Ƥŕōvĩďēŕ + + + + Healthy + Ĥēàĺţĥŷ + + + + Healthy outposts + Ĥēàĺţĥŷ ōũţƥōśţś + + + + Admin + Àďmĩń + + + + Not found + Ńōţ ƒōũńď + + + + The URL "" was not found. + Ţĥē ŨŔĹ "" ŵàś ńōţ ƒōũńď. + + + + Return home + Ŕēţũŕń ĥōmē + + + + General system status + Ĝēńēŕàĺ śŷśţēm śţàţũś + + + + Welcome, . + Ŵēĺćōmē, . + + + + Quick actions + Ǫũĩćķ àćţĩōńś + + + + Create a new application + Ćŕēàţē à ńēŵ àƥƥĺĩćàţĩōń + + + + Check the logs + Ćĥēćķ ţĥē ĺōĝś + + + + Explore integrations + Ēxƥĺōŕē ĩńţēĝŕàţĩōńś + + + + Manage users + Màńàĝē ũśēŕś + + + + Outpost status + Ōũţƥōśţ śţàţũś + + + + Sync status + Śŷńć śţàţũś + + + + Logins and authorizations over the last week (per 8 hours) + Ĺōĝĩńś àńď àũţĥōŕĩźàţĩōńś ōvēŕ ţĥē ĺàśţ ŵēēķ (ƥēŕ 8 ĥōũŕś) + + + + Apps with most usage + Àƥƥś ŵĩţĥ mōśţ ũśàĝē + + + + days ago + ďàŷś àĝō + + + + Objects created + ŌƀĴēćţś ćŕēàţēď + + + + Users created per day in the last month + Ũśēŕś ćŕēàţēď ƥēŕ ďàŷ ĩń ţĥē ĺàśţ mōńţĥ + + + + Logins per day in the last month + Ĺōĝĩńś ƥēŕ ďàŷ ĩń ţĥē ĺàśţ mōńţĥ + + + + Failed Logins per day in the last month + Ƒàĩĺēď Ĺōĝĩńś ƥēŕ ďàŷ ĩń ţĥē ĺàśţ mōńţĥ + + + + Clear search + Ćĺēàŕ śēàŕćĥ + + + + System Tasks + Śŷśţēm Ţàśķś + + + + Long-running operations which authentik executes in the background. + Ĺōńĝ-ŕũńńĩńĝ ōƥēŕàţĩōńś ŵĥĩćĥ àũţĥēńţĩķ ēxēćũţēś ĩń ţĥē ƀàćķĝŕōũńď. + + + + Identifier + Ĩďēńţĩƒĩēŕ + + + + Description + Ďēśćŕĩƥţĩōń + + + + Last run + Ĺàśţ ŕũń + + + + Status + Śţàţũś + + + + Actions + Àćţĩōńś + + + + Successful + Śũććēśśƒũĺ + + + + Error + Ēŕŕōŕ + + + + Unknown + Ũńķńōŵń + + + + Duration + Ďũŕàţĩōń + + + + seconds + śēćōńďś + + + + Authentication + Àũţĥēńţĩćàţĩōń + + + + Authorization + Àũţĥōŕĩźàţĩōń + + + + Enrollment + Ēńŕōĺĺmēńţ + + + + Invalidation + Ĩńvàĺĩďàţĩōń + + + + Recovery + Ŕēćōvēŕŷ + + + + Stage Configuration + Śţàĝē Ćōńƒĩĝũŕàţĩōń + + + + Unenrollment + Ũńēńŕōĺĺmēńţ + + + + Unknown designation + Ũńķńōŵń ďēśĩĝńàţĩōń + + + + Stacked + Śţàćķēď + + + + Content left + Ćōńţēńţ ĺēƒţ + + + + Content right + Ćōńţēńţ ŕĩĝĥţ + + + + Sidebar left + Śĩďēƀàŕ ĺēƒţ + + + + Sidebar right + Śĩďēƀàŕ ŕĩĝĥţ + + + + Unknown layout + Ũńķńōŵń ĺàŷōũţ + + + + Successfully updated provider. + Śũććēśśƒũĺĺŷ ũƥďàţēď ƥŕōvĩďēŕ. + + + + Successfully created provider. + Śũććēśśƒũĺĺŷ ćŕēàţēď ƥŕōvĩďēŕ. + + + + Bind flow + ßĩńď ƒĺōŵ + + + + Flow used for users to authenticate. + Ƒĺōŵ ũśēď ƒōŕ ũśēŕś ţō àũţĥēńţĩćàţē. + + + + Search group + Śēàŕćĥ ĝŕōũƥ + + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + Ũśēŕś ĩń ţĥē śēĺēćţēď ĝŕōũƥ ćàń ďō śēàŕćĥ ǫũēŕĩēś. Ĩƒ ńō ĝŕōũƥ ĩś śēĺēćţēď, ńō ĹĎÀƤ Śēàŕćĥēś àŕē àĺĺōŵēď. + + + + Bind mode + ßĩńď mōďē + + + + Cached binding + Ćàćĥēď ƀĩńďĩńĝ + + + + Flow is executed and session is cached in memory. Flow is executed when session expires + Ƒĺōŵ ĩś ēxēćũţēď àńď śēśśĩōń ĩś ćàćĥēď ĩń mēmōŕŷ. Ƒĺōŵ ĩś ēxēćũţēď ŵĥēń śēśśĩōń ēxƥĩŕēś + + + + Direct binding + Ďĩŕēćţ ƀĩńďĩńĝ + + + + Always execute the configured bind flow to authenticate the user + Àĺŵàŷś ēxēćũţē ţĥē ćōńƒĩĝũŕēď ƀĩńď ƒĺōŵ ţō àũţĥēńţĩćàţē ţĥē ũśēŕ + + + + Configure how the outpost authenticates requests. + Ćōńƒĩĝũŕē ĥōŵ ţĥē ōũţƥōśţ àũţĥēńţĩćàţēś ŕēǫũēśţś. + + + + Search mode + Śēàŕćĥ mōďē + + + + Cached querying + Ćàćĥēď ǫũēŕŷĩńĝ + + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + Ţĥē ōũţƥōśţ ĥōĺďś àĺĺ ũśēŕś àńď ĝŕōũƥś ĩń-mēmōŕŷ àńď ŵĩĺĺ ŕēƒŕēśĥ ēvēŕŷ 5 Mĩńũţēś + + + + Direct querying + Ďĩŕēćţ ǫũēŕŷĩńĝ + + + + Always returns the latest data, but slower than cached querying + Àĺŵàŷś ŕēţũŕńś ţĥē ĺàţēśţ ďàţà, ƀũţ śĺōŵēŕ ţĥàń ćàćĥēď ǫũēŕŷĩńĝ + + + + Configure how the outpost queries the core authentik server's users. + Ćōńƒĩĝũŕē ĥōŵ ţĥē ōũţƥōśţ ǫũēŕĩēś ţĥē ćōŕē àũţĥēńţĩķ śēŕvēŕ'ś ũśēŕś. + + + + Protocol settings + Ƥŕōţōćōĺ śēţţĩńĝś + + + + Base DN + ßàśē ĎŃ + + + + LDAP DN under which bind requests and search requests can be made. + ĹĎÀƤ ĎŃ ũńďēŕ ŵĥĩćĥ ƀĩńď ŕēǫũēśţś àńď śēàŕćĥ ŕēǫũēśţś ćàń ƀē màďē. + + + + Certificate + Ćēŕţĩƒĩćàţē + + + + UID start number + ŨĨĎ śţàŕţ ńũmƀēŕ + + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + Ţĥē śţàŕţ ƒōŕ ũĩďŃũmƀēŕś, ţĥĩś ńũmƀēŕ ĩś àďďēď ţō ţĥē ũśēŕ.Ƥķ ţō màķē śũŕē ţĥàţ ţĥē ńũmƀēŕś àŕēń'ţ ţōō ĺōŵ ƒōŕ ƤŌŚĨX ũśēŕś. Ďēƒàũĺţ ĩś 2000 ţō ēńśũŕē ţĥàţ ŵē ďōń'ţ ćōĺĺĩďē ŵĩţĥ ĺōćàĺ ũśēŕś ũĩďŃũmƀēŕ + + + + GID start number + ĜĨĎ śţàŕţ ńũmƀēŕ + + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + Ţĥē śţàŕţ ƒōŕ ĝĩďŃũmƀēŕś, ţĥĩś ńũmƀēŕ ĩś àďďēď ţō à ńũmƀēŕ ĝēńēŕàţēď ƒŕōm ţĥē ĝŕōũƥ.Ƥķ ţō màķē śũŕē ţĥàţ ţĥē ńũmƀēŕś àŕēń'ţ ţōō ĺōŵ ƒōŕ ƤŌŚĨX ĝŕōũƥś. Ďēƒàũĺţ ĩś 4000 ţō ēńśũŕē ţĥàţ ŵē ďōń'ţ ćōĺĺĩďē ŵĩţĥ ĺōćàĺ ĝŕōũƥś ōŕ ũśēŕś ƥŕĩmàŕŷ ĝŕōũƥś ĝĩďŃũmƀēŕ + + + + (Format: hours=-1;minutes=-2;seconds=-3). + (Ƒōŕmàţ: ĥōũŕś=-1;mĩńũţēś=-2;śēćōńďś=-3). + + + + (Format: hours=1;minutes=2;seconds=3). + (Ƒōŕmàţ: ĥōũŕś=1;mĩńũţēś=2;śēćōńďś=3). + + + + The following keywords are supported: + Ţĥē ƒōĺĺōŵĩńĝ ķēŷŵōŕďś àŕē śũƥƥōŕţēď: + + + + Authentication flow + Àũţĥēńţĩćàţĩōń ƒĺōŵ + + + + Flow used when a user access this provider and is not authenticated. + Ƒĺōŵ ũśēď ŵĥēń à ũśēŕ àććēśś ţĥĩś ƥŕōvĩďēŕ àńď ĩś ńōţ àũţĥēńţĩćàţēď. + + + + Authorization flow + Àũţĥōŕĩźàţĩōń ƒĺōŵ + + + + Flow used when authorizing this provider. + Ƒĺōŵ ũśēď ŵĥēń àũţĥōŕĩźĩńĝ ţĥĩś ƥŕōvĩďēŕ. + + + + Client type + Ćĺĩēńţ ţŷƥē + + + + Confidential + Ćōńƒĩďēńţĩàĺ + + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + Ćōńƒĩďēńţĩàĺ ćĺĩēńţś àŕē ćàƥàƀĺē ōƒ màĩńţàĩńĩńĝ ţĥē ćōńƒĩďēńţĩàĺĩţŷ ōƒ ţĥēĩŕ ćŕēďēńţĩàĺś śũćĥ àś ćĺĩēńţ śēćŕēţś + + + + Public + Ƥũƀĺĩć + + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + Ƥũƀĺĩć ćĺĩēńţś àŕē ĩńćàƥàƀĺē ōƒ màĩńţàĩńĩńĝ ţĥē ćōńƒĩďēńţĩàĺĩţŷ àńď śĥōũĺď ũśē mēţĥōďś ĺĩķē ƤĶĆĒ. + + + + Client ID + Ćĺĩēńţ ĨĎ + + + + Client Secret + Ćĺĩēńţ Śēćŕēţ + + + + Redirect URIs/Origins (RegEx) + Ŕēďĩŕēćţ ŨŔĨś/Ōŕĩĝĩńś (ŔēĝĒx) + + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + Vàĺĩď ŕēďĩŕēćţ ŨŔĹś àƒţēŕ à śũććēśśƒũĺ àũţĥōŕĩźàţĩōń ƒĺōŵ. Àĺśō śƥēćĩƒŷ àńŷ ōŕĩĝĩńś ĥēŕē ƒōŕ Ĩmƥĺĩćĩţ ƒĺōŵś. + + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + Ĩƒ ńō ēxƥĺĩćĩţ ŕēďĩŕēćţ ŨŔĨś àŕē śƥēćĩƒĩēď, ţĥē ƒĩŕśţ śũććēśśƒũĺĺŷ ũśēď ŕēďĩŕēćţ ŨŔĨ ŵĩĺĺ ƀē śàvēď. + + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + Ţō àĺĺōŵ àńŷ ŕēďĩŕēćţ ŨŔĨ, śēţ ţĥĩś vàĺũē ţō ".*". ßē àŵàŕē ōƒ ţĥē ƥōśśĩƀĺē śēćũŕĩţŷ ĩmƥĺĩćàţĩōńś ţĥĩś ćàń ĥàvē. + + + + Signing Key + Śĩĝńĩńĝ Ķēŷ + + + + Key used to sign the tokens. + Ķēŷ ũśēď ţō śĩĝń ţĥē ţōķēńś. + + + + Advanced protocol settings + Àďvàńćēď ƥŕōţōćōĺ śēţţĩńĝś + + + + Access code validity + Àććēśś ćōďē vàĺĩďĩţŷ + + + + Configure how long access codes are valid for. + Ćōńƒĩĝũŕē ĥōŵ ĺōńĝ àććēśś ćōďēś àŕē vàĺĩď ƒōŕ. + + + + Access Token validity + Àććēśś Ţōķēń vàĺĩďĩţŷ + + + + Configure how long access tokens are valid for. + Ćōńƒĩĝũŕē ĥōŵ ĺōńĝ àććēśś ţōķēńś àŕē vàĺĩď ƒōŕ. + + + + Refresh Token validity + Ŕēƒŕēśĥ Ţōķēń vàĺĩďĩţŷ + + + + Configure how long refresh tokens are valid for. + Ćōńƒĩĝũŕē ĥōŵ ĺōńĝ ŕēƒŕēśĥ ţōķēńś àŕē vàĺĩď ƒōŕ. + + + + Scopes + Śćōƥēś + + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + Śēĺēćţ ŵĥĩćĥ śćōƥēś ćàń ƀē ũśēď ƀŷ ţĥē ćĺĩēńţ. Ţĥē ćĺĩēńţ śţĩĺĺ ĥàś ţō śƥēćĩƒŷ ţĥē śćōƥē ţō àććēśś ţĥē ďàţà. + + + + Hold control/command to select multiple items. + Ĥōĺď ćōńţŕōĺ/ćōmmàńď ţō śēĺēćţ mũĺţĩƥĺē ĩţēmś. + + + + Subject mode + ŚũƀĴēćţ mōďē + + + + Based on the User's hashed ID + ßàśēď ōń ţĥē Ũśēŕ'ś ĥàśĥēď ĨĎ + + + + Based on the User's ID + ßàśēď ōń ţĥē Ũśēŕ'ś ĨĎ + + + + Based on the User's UUID + ßàśēď ōń ţĥē Ũśēŕ'ś ŨŨĨĎ + + + + Based on the User's username + ßàśēď ōń ţĥē Ũśēŕ'ś ũśēŕńàmē + + + + Based on the User's Email + ßàśēď ōń ţĥē Ũśēŕ'ś Ēmàĩĺ + + + + This is recommended over the UPN mode. + Ţĥĩś ĩś ŕēćōmmēńďēď ōvēŕ ţĥē ŨƤŃ mōďē. + + + + Based on the User's UPN + ßàśēď ōń ţĥē Ũśēŕ'ś ŨƤŃ + + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + Ŕēǫũĩŕēś ţĥē ũśēŕ ţō ĥàvē à 'ũƥń' àţţŕĩƀũţē śēţ, àńď ƒàĺĺś ƀàćķ ţō ĥàśĥēď ũśēŕ ĨĎ. Ũśē ţĥĩś mōďē ōńĺŷ ĩƒ ŷōũ ĥàvē ďĩƒƒēŕēńţ ŨƤŃ àńď Màĩĺ ďōmàĩńś. + + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + Ćōńƒĩĝũŕē ŵĥàţ ďàţà śĥōũĺď ƀē ũśēď àś ũńĩǫũē Ũśēŕ Ĩďēńţĩƒĩēŕ. Ƒōŕ mōśţ ćàśēś, ţĥē ďēƒàũĺţ śĥōũĺď ƀē ƒĩńē. + + + + Include claims in id_token + Ĩńćĺũďē ćĺàĩmś ĩń ĩď_ţōķēń + + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Ĩńćĺũďē Ũśēŕ ćĺàĩmś ƒŕōm śćōƥēś ĩń ţĥē ĩď_ţōķēń, ƒōŕ àƥƥĺĩćàţĩōńś ţĥàţ ďōń'ţ àććēśś ţĥē ũśēŕĩńƒō ēńďƥōĩńţ. + + + + Issuer mode + Ĩśśũēŕ mōďē + + + + Each provider has a different issuer, based on the application slug + Ēàćĥ ƥŕōvĩďēŕ ĥàś à ďĩƒƒēŕēńţ ĩśśũēŕ, ƀàśēď ōń ţĥē àƥƥĺĩćàţĩōń śĺũĝ + + + + Same identifier is used for all providers + Śàmē ĩďēńţĩƒĩēŕ ĩś ũśēď ƒōŕ àĺĺ ƥŕōvĩďēŕś + + + + Configure how the issuer field of the ID Token should be filled. + Ćōńƒĩĝũŕē ĥōŵ ţĥē ĩśśũēŕ ƒĩēĺď ōƒ ţĥē ĨĎ Ţōķēń śĥōũĺď ƀē ƒĩĺĺēď. + + + + Machine-to-Machine authentication settings + Màćĥĩńē-ţō-Màćĥĩńē àũţĥēńţĩćàţĩōń śēţţĩńĝś + + + + Trusted OIDC Sources + Ţŕũśţēď ŌĨĎĆ Śōũŕćēś + + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + ĵŴŢś śĩĝńēď ƀŷ ćēŕţĩƒĩćàţēś ćōńƒĩĝũŕēď ĩń ţĥē śēĺēćţēď śōũŕćēś ćàń ƀē ũśēď ţō àũţĥēńţĩćàţē ţō ţĥĩś ƥŕōvĩďēŕ. + + + + HTTP-Basic Username Key + ĤŢŢƤ-ßàśĩć Ũśēŕńàmē Ķēŷ + + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + Ũśēŕ/Ĝŕōũƥ Àţţŕĩƀũţē ũśēď ƒōŕ ţĥē ũśēŕ ƥàŕţ ōƒ ţĥē ĤŢŢƤ-ßàśĩć Ĥēàďēŕ. Ĩƒ ńōţ śēţ, ţĥē ũśēŕ'ś Ēmàĩĺ àďďŕēśś ĩś ũśēď. + + + + HTTP-Basic Password Key + ĤŢŢƤ-ßàśĩć Ƥàśśŵōŕď Ķēŷ + + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + Ũśēŕ/Ĝŕōũƥ Àţţŕĩƀũţē ũśēď ƒōŕ ţĥē ƥàśśŵōŕď ƥàŕţ ōƒ ţĥē ĤŢŢƤ-ßàśĩć Ĥēàďēŕ. + + + + Proxy + Ƥŕōxŷ + + + + Forward auth (single application) + Ƒōŕŵàŕď àũţĥ (śĩńĝĺē àƥƥĺĩćàţĩōń) + + + + Forward auth (domain level) + Ƒōŕŵàŕď àũţĥ (ďōmàĩń ĺēvēĺ) + + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + Ţĥĩś ƥŕōvĩďēŕ ŵĩĺĺ ƀēĥàvē ĺĩķē à ţŕàńśƥàŕēńţ ŕēvēŕśē-ƥŕōxŷ, ēxćēƥţ ŕēǫũēśţś mũśţ ƀē àũţĥēńţĩćàţēď. Ĩƒ ŷōũŕ ũƥśţŕēàm àƥƥĺĩćàţĩōń ũśēś ĤŢŢƤŚ, màķē śũŕē ţō ćōńńēćţ ţō ţĥē ōũţƥōśţ ũśĩńĝ ĤŢŢƤŚ àś ŵēĺĺ. + + + + External host + Ēxţēŕńàĺ ĥōśţ + + + + The external URL you'll access the application at. Include any non-standard port. + Ţĥē ēxţēŕńàĺ ŨŔĹ ŷōũ'ĺĺ àććēśś ţĥē àƥƥĺĩćàţĩōń àţ. Ĩńćĺũďē àńŷ ńōń-śţàńďàŕď ƥōŕţ. + + + + Internal host + Ĩńţēŕńàĺ ĥōśţ + + + + Upstream host that the requests are forwarded to. + Ũƥśţŕēàm ĥōśţ ţĥàţ ţĥē ŕēǫũēśţś àŕē ƒōŕŵàŕďēď ţō. + + + + Internal host SSL Validation + Ĩńţēŕńàĺ ĥōśţ ŚŚĹ Vàĺĩďàţĩōń + + + + Validate SSL Certificates of upstream servers. + Vàĺĩďàţē ŚŚĹ Ćēŕţĩƒĩćàţēś ōƒ ũƥśţŕēàm śēŕvēŕś. + + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + Ũśē ţĥĩś ƥŕōvĩďēŕ ŵĩţĥ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś ƒōŕŵàŕďÀũţĥ. Ōńĺŷ à śĩńĝĺē ƥŕōvĩďēŕ ĩś ŕēǫũĩŕēď ƥēŕ ŕōōţ ďōmàĩń. Ŷōũ ćàń'ţ ďō ƥēŕ-àƥƥĺĩćàţĩōń àũţĥōŕĩźàţĩōń, ƀũţ ŷōũ ďōń'ţ ĥàvē ţō ćŕēàţē à ƥŕōvĩďēŕ ƒōŕ ēàćĥ àƥƥĺĩćàţĩōń. + + + + An example setup can look like this: + Àń ēxàmƥĺē śēţũƥ ćàń ĺōōķ ĺĩķē ţĥĩś: + + + + authentik running on auth.example.com + àũţĥēńţĩķ ŕũńńĩńĝ ōń àũţĥ.ēxàmƥĺē.ćōm + + + + app1 running on app1.example.com + àƥƥ1 ŕũńńĩńĝ ōń àƥƥ1.ēxàmƥĺē.ćōm + + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + Ĩń ţĥĩś ćàśē, ŷōũ'ď śēţ ţĥē Àũţĥēńţĩćàţĩōń ŨŔĹ ţō àũţĥ.ēxàmƥĺē.ćōm àńď Ćōōķĩē ďōmàĩń ţō ēxàmƥĺē.ćōm. + + + + Authentication URL + Àũţĥēńţĩćàţĩōń ŨŔĹ + + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + Ţĥē ēxţēŕńàĺ ŨŔĹ ŷōũ'ĺĺ àũţĥēńţĩćàţē àţ. Ţĥē àũţĥēńţĩķ ćōŕē śēŕvēŕ śĥōũĺď ƀē ŕēàćĥàƀĺē ũńďēŕ ţĥĩś ŨŔĹ. + + + + Cookie domain + Ćōōķĩē ďōmàĩń + + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + Śēţ ţĥĩś ţō ţĥē ďōmàĩń ŷōũ ŵĩśĥ ţĥē àũţĥēńţĩćàţĩōń ţō ƀē vàĺĩď ƒōŕ. Mũśţ ƀē à ƥàŕēńţ ďōmàĩń ōƒ ţĥē ŨŔĹ àƀōvē. Ĩƒ ŷōũ'ŕē ŕũńńĩńĝ àƥƥĺĩćàţĩōńś àś àƥƥ1.ďōmàĩń.ţĺď, àƥƥ2.ďōmàĩń.ţĺď, śēţ ţĥĩś ţō 'ďōmàĩń.ţĺď'. + + + + Unknown proxy mode + Ũńķńōŵń ƥŕōxŷ mōďē + + + + Token validity + Ţōķēń vàĺĩďĩţŷ + + + + Configure how long tokens are valid for. + Ćōńƒĩĝũŕē ĥōŵ ĺōńĝ ţōķēńś àŕē vàĺĩď ƒōŕ. + + + + Additional scopes + Àďďĩţĩōńàĺ śćōƥēś + + + + Additional scope mappings, which are passed to the proxy. + Àďďĩţĩōńàĺ śćōƥē màƥƥĩńĝś, ŵĥĩćĥ àŕē ƥàśśēď ţō ţĥē ƥŕōxŷ. + + + + Unauthenticated URLs + Ũńàũţĥēńţĩćàţēď ŨŔĹś + + + + Unauthenticated Paths + Ũńàũţĥēńţĩćàţēď Ƥàţĥś + + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + Ŕēĝũĺàŕ ēxƥŕēśśĩōńś ƒōŕ ŵĥĩćĥ àũţĥēńţĩćàţĩōń ĩś ńōţ ŕēǫũĩŕēď. Ēàćĥ ńēŵ ĺĩńē ĩś ĩńţēŕƥŕēţēď àś à ńēŵ ēxƥŕēśśĩōń. + + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + Ŵĥēń ũśĩńĝ ƥŕōxŷ ōŕ ƒōŕŵàŕď àũţĥ (śĩńĝĺē àƥƥĺĩćàţĩōń) mōďē, ţĥē ŕēǫũēśţēď ŨŔĹ Ƥàţĥ ĩś ćĥēćķēď àĝàĩńśţ ţĥē ŕēĝũĺàŕ ēxƥŕēśśĩōńś. Ŵĥēń ũśĩńĝ ƒōŕŵàŕď àũţĥ (ďōmàĩń mōďē), ţĥē ƒũĺĺ ŕēǫũēśţēď ŨŔĹ ĩńćĺũďĩńĝ śćĥēmē àńď ĥōśţ ĩś màţćĥēď àĝàĩńśţ ţĥē ŕēĝũĺàŕ ēxƥŕēśśĩōńś. + + + + Authentication settings + Àũţĥēńţĩćàţĩōń śēţţĩńĝś + + + + Intercept header authentication + Ĩńţēŕćēƥţ ĥēàďēŕ àũţĥēńţĩćàţĩōń + + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + Ŵĥēń ēńàƀĺēď, àũţĥēńţĩķ ŵĩĺĺ ĩńţēŕćēƥţ ţĥē Àũţĥōŕĩźàţĩōń ĥēàďēŕ ţō àũţĥēńţĩćàţē ţĥē ŕēǫũēśţ. + + + + Send HTTP-Basic Authentication + Śēńď ĤŢŢƤ-ßàśĩć Àũţĥēńţĩćàţĩōń + + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + Śēńď à ćũśţōm ĤŢŢƤ-ßàśĩć Àũţĥēńţĩćàţĩōń ĥēàďēŕ ƀàśēď ōń vàĺũēś ƒŕōm àũţĥēńţĩķ. + + + + ACS URL + ÀĆŚ ŨŔĹ + + + + Issuer + Ĩśśũēŕ + + + + Also known as EntityID. + Àĺśō ķńōŵń àś ĒńţĩţŷĨĎ. + + + + Service Provider Binding + Śēŕvĩćē Ƥŕōvĩďēŕ ßĩńďĩńĝ + + + + Redirect + Ŕēďĩŕēćţ + + + + Post + Ƥōśţ + + + + Determines how authentik sends the response back to the Service Provider. + Ďēţēŕmĩńēś ĥōŵ àũţĥēńţĩķ śēńďś ţĥē ŕēśƥōńśē ƀàćķ ţō ţĥē Śēŕvĩćē Ƥŕōvĩďēŕ. + + + + Audience + Àũďĩēńćē + + + + Signing Certificate + Śĩĝńĩńĝ Ćēŕţĩƒĩćàţē + + + + Certificate used to sign outgoing Responses going to the Service Provider. + Ćēŕţĩƒĩćàţē ũśēď ţō śĩĝń ōũţĝōĩńĝ Ŕēśƥōńśēś ĝōĩńĝ ţō ţĥē Śēŕvĩćē Ƥŕōvĩďēŕ. + + + + Verification Certificate + Vēŕĩƒĩćàţĩōń Ćēŕţĩƒĩćàţē + + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + Ŵĥēń śēĺēćţēď, ĩńćōmĩńĝ àśśēŕţĩōń'ś Śĩĝńàţũŕēś ŵĩĺĺ ƀē vàĺĩďàţēď àĝàĩńśţ ţĥĩś ćēŕţĩƒĩćàţē. Ţō àĺĺōŵ ũńśĩĝńēď Ŕēǫũēśţś, ĺēàvē ōń ďēƒàũĺţ. + + + + Property mappings + Ƥŕōƥēŕţŷ màƥƥĩńĝś + + + + NameID Property Mapping + ŃàmēĨĎ Ƥŕōƥēŕţŷ Màƥƥĩńĝ + + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + Ćōńƒĩĝũŕē ĥōŵ ţĥē ŃàmēĨĎ vàĺũē ŵĩĺĺ ƀē ćŕēàţēď. Ŵĥēń ĺēƒţ ēmƥţŷ, ţĥē ŃàmēĨĎƤōĺĩćŷ ōƒ ţĥē ĩńćōmĩńĝ ŕēǫũēśţ ŵĩĺĺ ƀē ŕēśƥēćţēď. + + + + Assertion valid not before + Àśśēŕţĩōń vàĺĩď ńōţ ƀēƒōŕē + + + + Configure the maximum allowed time drift for an assertion. + Ćōńƒĩĝũŕē ţĥē màxĩmũm àĺĺōŵēď ţĩmē ďŕĩƒţ ƒōŕ àń àśśēŕţĩōń. + + + + Assertion valid not on or after + Àśśēŕţĩōń vàĺĩď ńōţ ōń ōŕ àƒţēŕ + + + + Assertion not valid on or after current time + this value. + Àśśēŕţĩōń ńōţ vàĺĩď ōń ōŕ àƒţēŕ ćũŕŕēńţ ţĩmē + ţĥĩś vàĺũē. + + + + Session valid not on or after + Śēśśĩōń vàĺĩď ńōţ ōń ōŕ àƒţēŕ + + + + Session not valid on or after current time + this value. + Śēśśĩōń ńōţ vàĺĩď ōń ōŕ àƒţēŕ ćũŕŕēńţ ţĩmē + ţĥĩś vàĺũē. + + + + Digest algorithm + Ďĩĝēśţ àĺĝōŕĩţĥm + + + + Signature algorithm + Śĩĝńàţũŕē àĺĝōŕĩţĥm + + + + Successfully imported provider. + Śũććēśśƒũĺĺŷ ĩmƥōŕţēď ƥŕōvĩďēŕ. + + + + Metadata + Mēţàďàţà + + + + Apply changes + Àƥƥĺŷ ćĥàńĝēś + + + + Close + Ćĺōśē + + + + Finish + Ƒĩńĩśĥ + + + + Back + ßàćķ + + + + No form found + Ńō ƒōŕm ƒōũńď + + + + Form didn't return a promise for submitting + Ƒōŕm ďĩďń'ţ ŕēţũŕń à ƥŕōmĩśē ƒōŕ śũƀmĩţţĩńĝ + + + + Select type + Śēĺēćţ ţŷƥē + + + + Try the new application wizard + Ţŕŷ ţĥē ńēŵ àƥƥĺĩćàţĩōń ŵĩźàŕď + + + + The new application wizard greatly simplifies the steps required to create applications and providers. + Ţĥē ńēŵ àƥƥĺĩćàţĩōń ŵĩźàŕď ĝŕēàţĺŷ śĩmƥĺĩƒĩēś ţĥē śţēƥś ŕēǫũĩŕēď ţō ćŕēàţē àƥƥĺĩćàţĩōńś àńď ƥŕōvĩďēŕś. + + + + Try it now + Ţŕŷ ĩţ ńōŵ + + + + Create + Ćŕēàţē + + + + New provider + Ńēŵ ƥŕōvĩďēŕ + + + + Create a new provider. + Ćŕēàţē à ńēŵ ƥŕōvĩďēŕ. + + + + Create + Ćŕēàţē + + + + Shared secret + Śĥàŕēď śēćŕēţ + + + + Client Networks + Ćĺĩēńţ Ńēţŵōŕķś + + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + Ĺĩśţ ōƒ ĆĨĎŔś (ćōmmà-śēƥēŕàţēď) ţĥàţ ćĺĩēńţś ćàń ćōńńēćţ ƒŕōm. À mōŕē śƥēćĩƒĩć + ĆĨĎŔ ŵĩĺĺ màţćĥ ƀēƒōŕē à ĺōōśēŕ ōńē. Ćĺĩēńţś ćōńńēćţĩńĝ ƒŕōm à ńōń-śƥēćĩƒĩēď ĆĨĎŔ + ŵĩĺĺ ƀē ďŕōƥƥēď. + + + URL + ŨŔĹ + + + + SCIM base url, usually ends in /v2. + ŚĆĨM ƀàśē ũŕĺ, ũśũàĺĺŷ ēńďś ĩń /v2. + + + + Token + Ţōķēń + + + + Token to authenticate with. Currently only bearer authentication is supported. + Ţōķēń ţō àũţĥēńţĩćàţē ŵĩţĥ. Ćũŕŕēńţĺŷ ōńĺŷ ƀēàŕēŕ àũţĥēńţĩćàţĩōń ĩś śũƥƥōŕţēď. + + + + User filtering + Ũśēŕ ƒĩĺţēŕĩńĝ + + + + Exclude service accounts + Ēxćĺũďē śēŕvĩćē àććōũńţś + + + + Group + Ĝŕōũƥ + + + + Only sync users within the selected group. + Ōńĺŷ śŷńć ũśēŕś ŵĩţĥĩń ţĥē śēĺēćţēď ĝŕōũƥ. + + + + Attribute mapping + Àţţŕĩƀũţē màƥƥĩńĝ + + + + User Property Mappings + Ũśēŕ Ƥŕōƥēŕţŷ Màƥƥĩńĝś + + + + Property mappings used to user mapping. + Ƥŕōƥēŕţŷ màƥƥĩńĝś ũśēď ţō ũśēŕ màƥƥĩńĝ. + + + + Group Property Mappings + Ĝŕōũƥ Ƥŕōƥēŕţŷ Màƥƥĩńĝś + + + + Property mappings used to group creation. + Ƥŕōƥēŕţŷ màƥƥĩńĝś ũśēď ţō ĝŕōũƥ ćŕēàţĩōń. + + + + Not used by any other object. + Ńōţ ũśēď ƀŷ àńŷ ōţĥēŕ ōƀĴēćţ. + + + + object will be DELETED + ōƀĴēćţ ŵĩĺĺ ƀē ĎĒĹĒŢĒĎ + + + + connection will be deleted + ćōńńēćţĩōń ŵĩĺĺ ƀē ďēĺēţēď + + + + reference will be reset to default value + ŕēƒēŕēńćē ŵĩĺĺ ƀē ŕēśēţ ţō ďēƒàũĺţ vàĺũē + + + + reference will be set to an empty value + ŕēƒēŕēńćē ŵĩĺĺ ƀē śēţ ţō àń ēmƥţŷ vàĺũē + + + + () + () + + + + ID + ĨĎ + + + + Successfully deleted + Śũććēśśƒũĺĺŷ ďēĺēţēď + + + Failed to delete : + Ƒàĩĺēď ţō ďēĺēţē : + + + + Delete + Ďēĺēţē + + + + Are you sure you want to delete ? + Àŕē ŷōũ śũŕē ŷōũ ŵàńţ ţō ďēĺēţē ? + + + Delete + Ďēĺēţē + + + + Providers + Ƥŕōvĩďēŕś + + + + Provide support for protocols like SAML and OAuth to assigned applications. + Ƥŕōvĩďē śũƥƥōŕţ ƒōŕ ƥŕōţōćōĺś ĺĩķē ŚÀMĹ àńď ŌÀũţĥ ţō àśśĩĝńēď àƥƥĺĩćàţĩōńś. + + + + Type + Ţŷƥē + + + + Provider(s) + Ƥŕōvĩďēŕ(ś) + + + + Assigned to application + Àśśĩĝńēď ţō àƥƥĺĩćàţĩōń + + + + Assigned to application (backchannel) + Àśśĩĝńēď ţō àƥƥĺĩćàţĩōń (ƀàćķćĥàńńēĺ) + + + + Warning: Provider not assigned to any application. + Ŵàŕńĩńĝ: Ƥŕōvĩďēŕ ńōţ àśśĩĝńēď ţō àńŷ àƥƥĺĩćàţĩōń. + + + + Update + Ũƥďàţē + + + + Update + Ũƥďàţē + + + + Select providers to add to application + Śēĺēćţ ƥŕōvĩďēŕś ţō àďď ţō àƥƥĺĩćàţĩōń + + + + Add + Àďď + + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Ēĩţĥēŕ ĩńƥũţ à ƒũĺĺ ŨŔĹ, à ŕēĺàţĩvē ƥàţĥ, ōŕ ũśē 'ƒà://ƒà-ţēśţ' ţō ũśē ţĥē Ƒōńţ Àŵēśōmē ĩćōń "ƒà-ţēśţ". + + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + Ƥàţĥ ţēmƥĺàţē ƒōŕ ũśēŕś ćŕēàţēď. Ũśē ƥĺàćēĥōĺďēŕś ĺĩķē `%(śĺũĝ)ś` ţō ĩńśēŕţ ţĥē śōũŕćē śĺũĝ. + + + + Successfully updated application. + Śũććēśśƒũĺĺŷ ũƥďàţēď àƥƥĺĩćàţĩōń. + + + + Successfully created application. + Śũććēśśƒũĺĺŷ ćŕēàţēď àƥƥĺĩćàţĩōń. + + + + Application's display Name. + Àƥƥĺĩćàţĩōń'ś ďĩśƥĺàŷ Ńàmē. + + + + Slug + Śĺũĝ + + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + Ōƥţĩōńàĺĺŷ ēńţēŕ à ĝŕōũƥ ńàmē. Àƥƥĺĩćàţĩōńś ŵĩţĥ ĩďēńţĩćàĺ ĝŕōũƥś àŕē śĥōŵń ĝŕōũƥēď ţōĝēţĥēŕ. + + + + Provider + Ƥŕōvĩďēŕ + + + + Select a provider that this application should use. + Śēĺēćţ à ƥŕōvĩďēŕ ţĥàţ ţĥĩś àƥƥĺĩćàţĩōń śĥōũĺď ũśē. + + + + Select backchannel providers which augment the functionality of the main provider. + Śēĺēćţ ƀàćķćĥàńńēĺ ƥŕōvĩďēŕś ŵĥĩćĥ àũĝmēńţ ţĥē ƒũńćţĩōńàĺĩţŷ ōƒ ţĥē màĩń ƥŕōvĩďēŕ. + + + + Policy engine mode + Ƥōĺĩćŷ ēńĝĩńē mōďē + + + + Any policy must match to grant access + Àńŷ ƥōĺĩćŷ mũśţ màţćĥ ţō ĝŕàńţ àććēśś + + + + All policies must match to grant access + Àĺĺ ƥōĺĩćĩēś mũśţ màţćĥ ţō ĝŕàńţ àććēśś + + + + UI settings + ŨĨ śēţţĩńĝś + + + + Launch URL + Ĺàũńćĥ ŨŔĹ + + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + Ĩƒ ĺēƒţ ēmƥţŷ, àũţĥēńţĩķ ŵĩĺĺ ţŕŷ ţō ēxţŕàćţ ţĥē ĺàũńćĥ ŨŔĹ ƀàśēď ōń ţĥē śēĺēćţēď ƥŕōvĩďēŕ. + + + + Open in new tab + Ōƥēń ĩń ńēŵ ţàƀ + + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + Ĩƒ ćĥēćķēď, ţĥē ĺàũńćĥ ŨŔĹ ŵĩĺĺ ōƥēń ĩń à ńēŵ ƀŕōŵśēŕ ţàƀ ōŕ ŵĩńďōŵ ƒŕōm ţĥē ũśēŕ'ś àƥƥĺĩćàţĩōń ĺĩƀŕàŕŷ. + + + + Icon + Ĩćōń + + + + Currently set to: + Ćũŕŕēńţĺŷ śēţ ţō: + + + + Clear icon + Ćĺēàŕ ĩćōń + + + + Publisher + Ƥũƀĺĩśĥēŕ + + + + Create Application + Ćŕēàţē Àƥƥĺĩćàţĩōń + + + + Overview + Ōvēŕvĩēŵ + + + + Changelog + Ćĥàńĝēĺōĝ + + + + Warning: Provider is not used by any Outpost. + Ŵàŕńĩńĝ: Ƥŕōvĩďēŕ ĩś ńōţ ũśēď ƀŷ àńŷ Ōũţƥōśţ. + + + + Assigned to application + Àśśĩĝńēď ţō àƥƥĺĩćàţĩōń + + + + Update LDAP Provider + Ũƥďàţē ĹĎÀƤ Ƥŕōvĩďēŕ + + + + Edit + Ēďĩţ + + + + How to connect + Ĥōŵ ţō ćōńńēćţ + + + + Connect to the LDAP Server on port 389: + Ćōńńēćţ ţō ţĥē ĹĎÀƤ Śēŕvēŕ ōń ƥōŕţ 389: + + + + Check the IP of the Kubernetes service, or + Ćĥēćķ ţĥē ĨƤ ōƒ ţĥē Ķũƀēŕńēţēś śēŕvĩćē, ōŕ + + + + The Host IP of the docker host + Ţĥē Ĥōśţ ĨƤ ōƒ ţĥē ďōćķēŕ ĥōśţ + + + + Bind DN + ßĩńď ĎŃ + + + + Bind Password + ßĩńď Ƥàśśŵōŕď + + + + Search base + Śēàŕćĥ ƀàśē + + + + Preview + Ƥŕēvĩēŵ + + + + Warning: Provider is not used by an Application. + Ŵàŕńĩńĝ: Ƥŕōvĩďēŕ ĩś ńōţ ũśēď ƀŷ àń Àƥƥĺĩćàţĩōń. + + + + Redirect URIs + Ŕēďĩŕēćţ ŨŔĨś + + + + Update OAuth2 Provider + Ũƥďàţē ŌÀũţĥ2 Ƥŕōvĩďēŕ + + + + OpenID Configuration URL + ŌƥēńĨĎ Ćōńƒĩĝũŕàţĩōń ŨŔĹ + + + + OpenID Configuration Issuer + ŌƥēńĨĎ Ćōńƒĩĝũŕàţĩōń Ĩśśũēŕ + + + + Authorize URL + Àũţĥōŕĩźē ŨŔĹ + + + + Token URL + Ţōķēń ŨŔĹ + + + + Userinfo URL + Ũśēŕĩńƒō ŨŔĹ + + + + Logout URL + Ĺōĝōũţ ŨŔĹ + + + + JWKS URL + ĵŴĶŚ ŨŔĹ + + + + Example JWT payload (for currently authenticated user) + Ēxàmƥĺē ĵŴŢ ƥàŷĺōàď (ƒōŕ ćũŕŕēńţĺŷ àũţĥēńţĩćàţēď ũśēŕ) + + + + Forward auth (domain-level) + Ƒōŕŵàŕď àũţĥ (ďōmàĩń-ĺēvēĺ) + + + + Nginx (Ingress) + Ńĝĩńx (Ĩńĝŕēśś) + + + + Nginx (Proxy Manager) + Ńĝĩńx (Ƥŕōxŷ Màńàĝēŕ) + + + + Nginx (standalone) + Ńĝĩńx (śţàńďàĺōńē) + + + + Traefik (Ingress) + Ţŕàēƒĩķ (Ĩńĝŕēśś) + + + + Traefik (Compose) + Ţŕàēƒĩķ (Ćōmƥōśē) + + + + Traefik (Standalone) + Ţŕàēƒĩķ (Śţàńďàĺōńē) + + + + Caddy (Standalone) + Ćàďďŷ (Śţàńďàĺōńē) + + + + Internal Host + Ĩńţēŕńàĺ Ĥōśţ + + + + External Host + Ēxţēŕńàĺ Ĥōśţ + + + + Basic-Auth + ßàśĩć-Àũţĥ + + + + Yes + Ŷēś + + + + Mode + Mōďē + + + + Update Proxy Provider + Ũƥďàţē Ƥŕōxŷ Ƥŕōvĩďēŕ + + + + Protocol Settings + Ƥŕōţōćōĺ Śēţţĩńĝś + + + + Allowed Redirect URIs + Àĺĺōŵēď Ŕēďĩŕēćţ ŨŔĨś + + + + Setup + Śēţũƥ + + + + No additional setup is required. + Ńō àďďĩţĩōńàĺ śēţũƥ ĩś ŕēǫũĩŕēď. + + + + Update Radius Provider + Ũƥďàţē Ŕàďĩũś Ƥŕōvĩďēŕ + + + + Download + Ďōŵńĺōàď + + + + Copy download URL + Ćōƥŷ ďōŵńĺōàď ŨŔĹ + + + + Download signing certificate + Ďōŵńĺōàď śĩĝńĩńĝ ćēŕţĩƒĩćàţē + + + + Related objects + Ŕēĺàţēď ōƀĴēćţś + + + + Update SAML Provider + Ũƥďàţē ŚÀMĹ Ƥŕōvĩďēŕ + + + + SAML Configuration + ŚÀMĹ Ćōńƒĩĝũŕàţĩōń + + + + EntityID/Issuer + ĒńţĩţŷĨĎ/Ĩśśũēŕ + + + + SSO URL (Post) + ŚŚŌ ŨŔĹ (Ƥōśţ) + + + + SSO URL (Redirect) + ŚŚŌ ŨŔĹ (Ŕēďĩŕēćţ) + + + + SSO URL (IdP-initiated Login) + ŚŚŌ ŨŔĹ (ĨďƤ-ĩńĩţĩàţēď Ĺōĝĩń) + + + + SLO URL (Post) + ŚĹŌ ŨŔĹ (Ƥōśţ) + + + + SLO URL (Redirect) + ŚĹŌ ŨŔĹ (Ŕēďĩŕēćţ) + + + + SAML Metadata + ŚÀMĹ Mēţàďàţà + + + + Example SAML attributes + Ēxàmƥĺē ŚÀMĹ àţţŕĩƀũţēś + + + + NameID attribute + ŃàmēĨĎ àţţŕĩƀũţē + + + Warning: Provider is not assigned to an application as backchannel provider. + Ŵàŕńĩńĝ: Ƥŕōvĩďēŕ ĩś ńōţ àśśĩĝńēď ţō àń àƥƥĺĩćàţĩōń àś ƀàćķćĥàńńēĺ ƥŕōvĩďēŕ. + + + + Update SCIM Provider + Ũƥďàţē ŚĆĨM Ƥŕōvĩďēŕ + + + + Run sync again + Ŕũń śŷńć àĝàĩń + + + + Modern applications, APIs and Single-page applications. + Mōďēŕń àƥƥĺĩćàţĩōńś, ÀƤĨś àńď Śĩńĝĺē-ƥàĝē àƥƥĺĩćàţĩōńś. + + + + LDAP + ĹĎÀƤ + + + + Provide an LDAP interface for applications and users to authenticate against. + Ƥŕōvĩďē àń ĹĎÀƤ ĩńţēŕƒàćē ƒōŕ àƥƥĺĩćàţĩōńś àńď ũśēŕś ţō àũţĥēńţĩćàţē àĝàĩńśţ. + + + + New application + Ńēŵ àƥƥĺĩćàţĩōń + + + + Applications + Àƥƥĺĩćàţĩōńś + + + + Provider Type + Ƥŕōvĩďēŕ Ţŷƥē + + + + Application(s) + Àƥƥĺĩćàţĩōń(ś) + + + + Application Icon + Àƥƥĺĩćàţĩōń Ĩćōń + + + + Update Application + Ũƥďàţē Àƥƥĺĩćàţĩōń + + + + Successfully sent test-request. + Śũććēśśƒũĺĺŷ śēńţ ţēśţ-ŕēǫũēśţ. + + + + Log messages + Ĺōĝ mēśśàĝēś + + + + No log messages. + Ńō ĺōĝ mēśśàĝēś. + + + + Active + Àćţĩvē + + + + Last login + Ĺàśţ ĺōĝĩń + + + + Select users to add + Śēĺēćţ ũśēŕś ţō àďď + + + + Successfully updated group. + Śũććēśśƒũĺĺŷ ũƥďàţēď ĝŕōũƥ. + + + + Successfully created group. + Śũććēśśƒũĺĺŷ ćŕēàţēď ĝŕōũƥ. + + + + Is superuser + Ĩś śũƥēŕũśēŕ + + + + Users added to this group will be superusers. + Ũśēŕś àďďēď ţō ţĥĩś ĝŕōũƥ ŵĩĺĺ ƀē śũƥēŕũśēŕś. + + + + Parent + Ƥàŕēńţ + + + + Attributes + Àţţŕĩƀũţēś + + + + Set custom attributes using YAML or JSON. + Śēţ ćũśţōm àţţŕĩƀũţēś ũśĩńĝ ŶÀMĹ ōŕ ĵŚŌŃ. + + + + Successfully updated binding. + Śũććēśśƒũĺĺŷ ũƥďàţēď ƀĩńďĩńĝ. + + + + Successfully created binding. + Śũććēśśƒũĺĺŷ ćŕēàţēď ƀĩńďĩńĝ. + + + + Policy + Ƥōĺĩćŷ + + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + Ĝŕōũƥ màƥƥĩńĝś ćàń ōńĺŷ ƀē ćĥēćķēď ĩƒ à ũśēŕ ĩś àĺŕēàďŷ ĺōĝĝēď ĩń ŵĥēń ţŕŷĩńĝ ţō àććēśś ţĥĩś śōũŕćē. + + + + User mappings can only be checked if a user is already logged in when trying to access this source. + Ũśēŕ màƥƥĩńĝś ćàń ōńĺŷ ƀē ćĥēćķēď ĩƒ à ũśēŕ ĩś àĺŕēàďŷ ĺōĝĝēď ĩń ŵĥēń ţŕŷĩńĝ ţō àććēśś ţĥĩś śōũŕćē. + + + + Enabled + Ēńàƀĺēď + + + + Negate result + Ńēĝàţē ŕēśũĺţ + + + + Negates the outcome of the binding. Messages are unaffected. + Ńēĝàţēś ţĥē ōũţćōmē ōƒ ţĥē ƀĩńďĩńĝ. Mēśśàĝēś àŕē ũńàƒƒēćţēď. + + + + Order + Ōŕďēŕ + + + + Timeout + Ţĩmēōũţ + + + + Successfully updated policy. + Śũććēśśƒũĺĺŷ ũƥďàţēď ƥōĺĩćŷ. + + + + Successfully created policy. + Śũććēśśƒũĺĺŷ ćŕēàţēď ƥōĺĩćŷ. + + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + À ƥōĺĩćŷ ũśēď ƒōŕ ţēśţĩńĝ. Àĺŵàŷś ŕēţũŕńś ţĥē śàmē ŕēśũĺţ àś śƥēćĩƒĩēď ƀēĺōŵ àƒţēŕ ŵàĩţĩńĝ à ŕàńďōm ďũŕàţĩōń. + + + + Execution logging + Ēxēćũţĩōń ĺōĝĝĩńĝ + + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + Ŵĥēń ţĥĩś ōƥţĩōń ĩś ēńàƀĺēď, àĺĺ ēxēćũţĩōńś ōƒ ţĥĩś ƥōĺĩćŷ ŵĩĺĺ ƀē ĺōĝĝēď. ßŷ ďēƒàũĺţ, ōńĺŷ ēxēćũţĩōń ēŕŕōŕś àŕē ĺōĝĝēď. + + + + Policy-specific settings + Ƥōĺĩćŷ-śƥēćĩƒĩć śēţţĩńĝś + + + + Pass policy? + Ƥàśś ƥōĺĩćŷ? + + + + Wait (min) + Ŵàĩţ (mĩń) + + + + The policy takes a random time to execute. This controls the minimum time it will take. + Ţĥē ƥōĺĩćŷ ţàķēś à ŕàńďōm ţĩmē ţō ēxēćũţē. Ţĥĩś ćōńţŕōĺś ţĥē mĩńĩmũm ţĩmē ĩţ ŵĩĺĺ ţàķē. + + + + Wait (max) + Ŵàĩţ (màx) + + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + Màţćĥēś àń ēvēńţ àĝàĩńśţ à śēţ ōƒ ćŕĩţēŕĩà. Ĩƒ àńŷ ōƒ ţĥē ćōńƒĩĝũŕēď vàĺũēś màţćĥ, ţĥē ƥōĺĩćŷ ƥàśśēś. + + + + Match created events with this action type. When left empty, all action types will be matched. + Màţćĥ ćŕēàţēď ēvēńţś ŵĩţĥ ţĥĩś àćţĩōń ţŷƥē. Ŵĥēń ĺēƒţ ēmƥţŷ, àĺĺ àćţĩōń ţŷƥēś ŵĩĺĺ ƀē màţćĥēď. + + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + Màţćĥēś Ēvēńţ'ś Ćĺĩēńţ ĨƤ (śţŕĩćţ màţćĥĩńĝ, ƒōŕ ńēţŵōŕķ màţćĥĩńĝ ũśē àń Ēxƥŕēśśĩōń Ƥōĺĩćŷ. + + + + Match events created by selected application. When left empty, all applications are matched. + Màţćĥ ēvēńţś ćŕēàţēď ƀŷ śēĺēćţēď àƥƥĺĩćàţĩōń. Ŵĥēń ĺēƒţ ēmƥţŷ, àĺĺ àƥƥĺĩćàţĩōńś àŕē màţćĥēď. + + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + Ćĥēćķś ĩƒ ţĥē ŕēǫũēśţ'ś ũśēŕ'ś ƥàśśŵōŕď ĥàś ƀēēń ćĥàńĝēď ĩń ţĥē ĺàśţ x ďàŷś, àńď ďēńŷś ƀàśēď ōń śēţţĩńĝś. + + + + Maximum age (in days) + Màxĩmũm àĝē (ĩń ďàŷś) + + + + Only fail the policy, don't invalidate user's password + Ōńĺŷ ƒàĩĺ ţĥē ƥōĺĩćŷ, ďōń'ţ ĩńvàĺĩďàţē ũśēŕ'ś ƥàśśŵōŕď + + + + Executes the python snippet to determine whether to allow or deny a request. + Ēxēćũţēś ţĥē ƥŷţĥōń śńĩƥƥēţ ţō ďēţēŕmĩńē ŵĥēţĥēŕ ţō àĺĺōŵ ōŕ ďēńŷ à ŕēǫũēśţ. + + + + Expression using Python. + Ēxƥŕēśśĩōń ũśĩńĝ Ƥŷţĥōń. + + + + See documentation for a list of all variables. + Śēē ďōćũmēńţàţĩōń ƒōŕ à ĺĩśţ ōƒ àĺĺ vàŕĩàƀĺēś. + + + + Static rules + Śţàţĩć ŕũĺēś + + + + Minimum length + Mĩńĩmũm ĺēńĝţĥ + + + + Minimum amount of Uppercase Characters + Mĩńĩmũm àmōũńţ ōƒ Ũƥƥēŕćàśē Ćĥàŕàćţēŕś + + + + Minimum amount of Lowercase Characters + Mĩńĩmũm àmōũńţ ōƒ Ĺōŵēŕćàśē Ćĥàŕàćţēŕś + + + + Minimum amount of Digits + Mĩńĩmũm àmōũńţ ōƒ Ďĩĝĩţś + + + + Minimum amount of Symbols Characters + Mĩńĩmũm àmōũńţ ōƒ Śŷmƀōĺś Ćĥàŕàćţēŕś + + + + Error message + Ēŕŕōŕ mēśśàĝē + + + + Symbol charset + Śŷmƀōĺ ćĥàŕśēţ + + + + Characters which are considered as symbols. + Ćĥàŕàćţēŕś ŵĥĩćĥ àŕē ćōńśĩďēŕēď àś śŷmƀōĺś. + + + + HaveIBeenPwned settings + ĤàvēĨßēēńƤŵńēď śēţţĩńĝś + + + + Allowed count + Àĺĺōŵēď ćōũńţ + + + + Allow up to N occurrences in the HIBP database. + Àĺĺōŵ ũƥ ţō Ń ōććũŕŕēńćēś ĩń ţĥē ĤĨßƤ ďàţàƀàśē. + + + + zxcvbn settings + źxćvƀń śēţţĩńĝś + + + + Score threshold + Śćōŕē ţĥŕēśĥōĺď + + + + If the password's score is less than or equal this value, the policy will fail. + Ĩƒ ţĥē ƥàśśŵōŕď'ś śćōŕē ĩś ĺēśś ţĥàń ōŕ ēǫũàĺ ţĥĩś vàĺũē, ţĥē ƥōĺĩćŷ ŵĩĺĺ ƒàĩĺ. + + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + Ćĥēćķś ţĥē vàĺũē ƒŕōm ţĥē ƥōĺĩćŷ ŕēǫũēśţ àĝàĩńśţ śēvēŕàĺ ŕũĺēś, mōśţĺŷ ũśēď ţō ēńśũŕē ƥàśśŵōŕď śţŕēńĝţĥ. + + + + Password field + Ƥàśśŵōŕď ƒĩēĺď + + + + Field key to check, field keys defined in Prompt stages are available. + Ƒĩēĺď ķēŷ ţō ćĥēćķ, ƒĩēĺď ķēŷś ďēƒĩńēď ĩń Ƥŕōmƥţ śţàĝēś àŕē àvàĩĺàƀĺē. + + + + Check static rules + Ćĥēćķ śţàţĩć ŕũĺēś + + + + Check haveibeenpwned.com + Ćĥēćķ ĥàvēĩƀēēńƥŵńēď.ćōm + + + + For more info see: + Ƒōŕ mōŕē ĩńƒō śēē: + + + + Check zxcvbn + Ćĥēćķ źxćvƀń + + + + Password strength estimator created by Dropbox, see: + Ƥàśśŵōŕď śţŕēńĝţĥ ēśţĩmàţōŕ ćŕēàţēď ƀŷ Ďŕōƥƀōx, śēē: + + + + Allows/denys requests based on the users and/or the IPs reputation. + Àĺĺōŵś/ďēńŷś ŕēǫũēśţś ƀàśēď ōń ţĥē ũśēŕś àńď/ōŕ ţĥē ĨƤś ŕēƥũţàţĩōń. + + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + Ĩńvàĺĩď ĺōĝĩń àţţēmƥţś ŵĩĺĺ ďēćŕēàśē ţĥē śćōŕē ƒōŕ ţĥē ćĺĩēńţ'ś ĨƤ, àńď ţĥē +ũśēŕńàmē ţĥēŷ àŕē àţţēmƥţĩńĝ ţō ĺōĝĩń àś, ƀŷ ōńē. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + Ţĥē ƥōĺĩćŷ ƥàśśēś ŵĥēń ţĥē ŕēƥũţàţĩōń śćōŕē ĩś ƀēĺōŵ ţĥē ţĥŕēśĥōĺď, àńď +ďōēśń'ţ ƥàśś ŵĥēń ēĩţĥēŕ ōŕ ƀōţĥ ōƒ ţĥē śēĺēćţēď ōƥţĩōńś àŕē ēǫũàĺ ōŕ àƀōvē ţĥē ţĥŕēśĥōĺď. + + + Check IP + Ćĥēćķ ĨƤ + + + + Check Username + Ćĥēćķ Ũśēŕńàmē + + + + Threshold + Ţĥŕēśĥōĺď + + + + New policy + Ńēŵ ƥōĺĩćŷ + + + + Create a new policy. + Ćŕēàţē à ńēŵ ƥōĺĩćŷ. + + + + Create Binding + Ćŕēàţē ßĩńďĩńĝ + + + + Superuser + Śũƥēŕũśēŕ + + + + Members + Mēmƀēŕś + + + + Select groups to add user to + Śēĺēćţ ĝŕōũƥś ţō àďď ũśēŕ ţō + + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + Ŵàŕńĩńĝ: Àďďĩńĝ ţĥē ũśēŕ ţō ţĥē śēĺēćţēď ĝŕōũƥ(ś) ŵĩĺĺ ĝĩvē ţĥēm śũƥēŕũśēŕ ƥēŕmĩśśĩōńś. + + + + Successfully updated user. + Śũććēśśƒũĺĺŷ ũƥďàţēď ũśēŕ. + + + + Successfully created user. + Śũććēśśƒũĺĺŷ ćŕēàţēď ũśēŕ. + + + + Username + Ũśēŕńàmē + + + + User's primary identifier. 150 characters or fewer. + Ũśēŕ'ś ƥŕĩmàŕŷ ĩďēńţĩƒĩēŕ. 150 ćĥàŕàćţēŕś ōŕ ƒēŵēŕ. + + + + User's display name. + Ũśēŕ'ś ďĩśƥĺàŷ ńàmē. + + + + Email + Ēmàĩĺ + + + + Is active + Ĩś àćţĩvē + + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + Ďēśĩĝńàţēś ŵĥēţĥēŕ ţĥĩś ũśēŕ śĥōũĺď ƀē ţŕēàţēď àś àćţĩvē. Ũńśēĺēćţ ţĥĩś ĩńśţēàď ōƒ ďēĺēţĩńĝ àććōũńţś. + + + + Path + Ƥàţĥ + + + + Policy / User / Group + Ƥōĺĩćŷ / Ũśēŕ / Ĝŕōũƥ + + + + Policy + Ƥōĺĩćŷ + + + + Group + Ĝŕōũƥ + + + + User + Ũśēŕ + + + + Edit Policy + Ēďĩţ Ƥōĺĩćŷ + + + + Update Group + Ũƥďàţē Ĝŕōũƥ + + + + Edit Group + Ēďĩţ Ĝŕōũƥ + + + + Update User + Ũƥďàţē Ũśēŕ + + + + Edit User + Ēďĩţ Ũśēŕ + + + + Policy binding(s) + Ƥōĺĩćŷ ƀĩńďĩńĝ(ś) + + + + Update Binding + Ũƥďàţē ßĩńďĩńĝ + + + + Edit Binding + Ēďĩţ ßĩńďĩńĝ + + + + No Policies bound. + Ńō Ƥōĺĩćĩēś ƀōũńď. + + + + No policies are currently bound to this object. + Ńō ƥōĺĩćĩēś àŕē ćũŕŕēńţĺŷ ƀōũńď ţō ţĥĩś ōƀĴēćţ. + + + + Bind existing policy + ßĩńď ēxĩśţĩńĝ ƥōĺĩćŷ + + + + Warning: Application is not used by any Outpost. + Ŵàŕńĩńĝ: Àƥƥĺĩćàţĩōń ĩś ńōţ ũśēď ƀŷ àńŷ Ōũţƥōśţ. + + + + Related + Ŕēĺàţēď + + + + Backchannel Providers + ßàćķćĥàńńēĺ Ƥŕōvĩďēŕś + + + + Check access + Ćĥēćķ àććēśś + + + + Check + Ćĥēćķ + + + + Check Application access + Ćĥēćķ Àƥƥĺĩćàţĩōń àććēśś + + + + Test + Ţēśţ + + + + Launch + Ĺàũńćĥ + + + + Logins over the last week (per 8 hours) + Ĺōĝĩńś ōvēŕ ţĥē ĺàśţ ŵēēķ (ƥēŕ 8 ĥōũŕś) + + + + Policy / Group / User Bindings + Ƥōĺĩćŷ / Ĝŕōũƥ / Ũśēŕ ßĩńďĩńĝś + + + + These policies control which users can access this application. + Ţĥēśē ƥōĺĩćĩēś ćōńţŕōĺ ŵĥĩćĥ ũśēŕś ćàń àććēśś ţĥĩś àƥƥĺĩćàţĩōń. + + + + Successfully updated source. + Śũććēśśƒũĺĺŷ ũƥďàţēď śōũŕćē. + + + + Successfully created source. + Śũććēśśƒũĺĺŷ ćŕēàţēď śōũŕćē. + + + + Sync users + Śŷńć ũśēŕś + + + + User password writeback + Ũśēŕ ƥàśśŵōŕď ŵŕĩţēƀàćķ + + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + Ĺōĝĩń ƥàśśŵōŕď ĩś śŷńćēď ƒŕōm ĹĎÀƤ ĩńţō àũţĥēńţĩķ àũţōmàţĩćàĺĺŷ. Ēńàƀĺē ţĥĩś ōƥţĩōń ōńĺŷ ţō ŵŕĩţē ƥàśśŵōŕď ćĥàńĝēś ĩń àũţĥēńţĩķ ƀàćķ ţō ĹĎÀƤ. + + + + Sync groups + Śŷńć ĝŕōũƥś + + + + Connection settings + Ćōńńēćţĩōń śēţţĩńĝś + + + + Server URI + Śēŕvēŕ ŨŔĨ + + + + Specify multiple server URIs by separating them with a comma. + Śƥēćĩƒŷ mũĺţĩƥĺē śēŕvēŕ ŨŔĨś ƀŷ śēƥàŕàţĩńĝ ţĥēm ŵĩţĥ à ćōmmà. + + + + Enable StartTLS + Ēńàƀĺē ŚţàŕţŢĹŚ + + + + To use SSL instead, use 'ldaps://' and disable this option. + Ţō ũśē ŚŚĹ ĩńśţēàď, ũśē 'ĺďàƥś://' àńď ďĩśàƀĺē ţĥĩś ōƥţĩōń. + + + + TLS Verification Certificate + ŢĹŚ Vēŕĩƒĩćàţĩōń Ćēŕţĩƒĩćàţē + + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + Ŵĥēń ćōńńēćţĩńĝ ţō àń ĹĎÀƤ Śēŕvēŕ ŵĩţĥ ŢĹŚ, ćēŕţĩƒĩćàţēś àŕē ńōţ ćĥēćķēď ƀŷ ďēƒàũĺţ. Śƥēćĩƒŷ à ķēŷƥàĩŕ ţō vàĺĩďàţē ţĥē ŕēmōţē ćēŕţĩƒĩćàţē. + + + + Bind CN + ßĩńď ĆŃ + + + + LDAP Attribute mapping + ĹĎÀƤ Àţţŕĩƀũţē màƥƥĩńĝ + + + + Property mappings used to user creation. + Ƥŕōƥēŕţŷ màƥƥĩńĝś ũśēď ţō ũśēŕ ćŕēàţĩōń. + + + + Additional settings + Àďďĩţĩōńàĺ śēţţĩńĝś + + + + Parent group for all the groups imported from LDAP. + Ƥàŕēńţ ĝŕōũƥ ƒōŕ àĺĺ ţĥē ĝŕōũƥś ĩmƥōŕţēď ƒŕōm ĹĎÀƤ. + + + + User path + Ũśēŕ ƥàţĥ + + + + Addition User DN + Àďďĩţĩōń Ũśēŕ ĎŃ + + + + Additional user DN, prepended to the Base DN. + Àďďĩţĩōńàĺ ũśēŕ ĎŃ, ƥŕēƥēńďēď ţō ţĥē ßàśē ĎŃ. + + + + Addition Group DN + Àďďĩţĩōń Ĝŕōũƥ ĎŃ + + + + Additional group DN, prepended to the Base DN. + Àďďĩţĩōńàĺ ĝŕōũƥ ĎŃ, ƥŕēƥēńďēď ţō ţĥē ßàśē ĎŃ. + + + + User object filter + Ũśēŕ ōƀĴēćţ ƒĩĺţēŕ + + + + Consider Objects matching this filter to be Users. + Ćōńśĩďēŕ ŌƀĴēćţś màţćĥĩńĝ ţĥĩś ƒĩĺţēŕ ţō ƀē Ũśēŕś. + + + + Group object filter + Ĝŕōũƥ ōƀĴēćţ ƒĩĺţēŕ + + + + Consider Objects matching this filter to be Groups. + Ćōńśĩďēŕ ŌƀĴēćţś màţćĥĩńĝ ţĥĩś ƒĩĺţēŕ ţō ƀē Ĝŕōũƥś. + + + + Group membership field + Ĝŕōũƥ mēmƀēŕśĥĩƥ ƒĩēĺď + + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Ƒĩēĺď ŵĥĩćĥ ćōńţàĩńś mēmƀēŕś ōƒ à ĝŕōũƥ. Ńōţē ţĥàţ ĩƒ ũśĩńĝ ţĥē "mēmƀēŕŨĩď" ƒĩēĺď, ţĥē vàĺũē ĩś àśśũmēď ţō ćōńţàĩń à ŕēĺàţĩvē ďĩśţĩńĝũĩśĥēď ńàmē. ē.ĝ. 'mēmƀēŕŨĩď=śōmē-ũśēŕ' ĩńśţēàď ōƒ 'mēmƀēŕŨĩď=ćń=śōmē-ũśēŕ,ōũ=ĝŕōũƥś,...' + + + + Object uniqueness field + ŌƀĴēćţ ũńĩǫũēńēśś ƒĩēĺď + + + + Field which contains a unique Identifier. + Ƒĩēĺď ŵĥĩćĥ ćōńţàĩńś à ũńĩǫũē Ĩďēńţĩƒĩēŕ. + + + + Link users on unique identifier + Ĺĩńķ ũśēŕś ōń ũńĩǫũē ĩďēńţĩƒĩēŕ + + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + Ĺĩńķ ţō à ũśēŕ ŵĩţĥ ĩďēńţĩćàĺ ēmàĩĺ àďďŕēśś. Ćàń ĥàvē śēćũŕĩţŷ ĩmƥĺĩćàţĩōńś ŵĥēń à śōũŕćē ďōēśń'ţ vàĺĩďàţē ēmàĩĺ àďďŕēśśēś + + + + Use the user's email address, but deny enrollment when the email address already exists + Ũśē ţĥē ũśēŕ'ś ēmàĩĺ àďďŕēśś, ƀũţ ďēńŷ ēńŕōĺĺmēńţ ŵĥēń ţĥē ēmàĩĺ àďďŕēśś àĺŕēàďŷ ēxĩśţś + + + + Link to a user with identical username. Can have security implications when a username is used with another source + Ĺĩńķ ţō à ũśēŕ ŵĩţĥ ĩďēńţĩćàĺ ũśēŕńàmē. Ćàń ĥàvē śēćũŕĩţŷ ĩmƥĺĩćàţĩōńś ŵĥēń à ũśēŕńàmē ĩś ũśēď ŵĩţĥ àńōţĥēŕ śōũŕćē + + + + Use the user's username, but deny enrollment when the username already exists + Ũśē ţĥē ũśēŕ'ś ũśēŕńàmē, ƀũţ ďēńŷ ēńŕōĺĺmēńţ ŵĥēń ţĥē ũśēŕńàmē àĺŕēàďŷ ēxĩśţś + + + + Unknown user matching mode + Ũńķńōŵń ũśēŕ màţćĥĩńĝ mōďē + + + + URL settings + ŨŔĹ śēţţĩńĝś + + + + Authorization URL + Àũţĥōŕĩźàţĩōń ŨŔĹ + + + + URL the user is redirect to to consent the authorization. + ŨŔĹ ţĥē ũśēŕ ĩś ŕēďĩŕēćţ ţō ţō ćōńśēńţ ţĥē àũţĥōŕĩźàţĩōń. + + + + Access token URL + Àććēśś ţōķēń ŨŔĹ + + + + URL used by authentik to retrieve tokens. + ŨŔĹ ũśēď ƀŷ àũţĥēńţĩķ ţō ŕēţŕĩēvē ţōķēńś. + + + + Profile URL + Ƥŕōƒĩĺē ŨŔĹ + + + + URL used by authentik to get user information. + ŨŔĹ ũśēď ƀŷ àũţĥēńţĩķ ţō ĝēţ ũśēŕ ĩńƒōŕmàţĩōń. + + + + Request token URL + Ŕēǫũēśţ ţōķēń ŨŔĹ + + + + URL used to request the initial token. This URL is only required for OAuth 1. + ŨŔĹ ũśēď ţō ŕēǫũēśţ ţĥē ĩńĩţĩàĺ ţōķēń. Ţĥĩś ŨŔĹ ĩś ōńĺŷ ŕēǫũĩŕēď ƒōŕ ŌÀũţĥ 1. + + + + OIDC Well-known URL + ŌĨĎĆ Ŵēĺĺ-ķńōŵń ŨŔĹ + + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + ŌĨĎĆ ŵēĺĺ-ķńōŵń ćōńƒĩĝũŕàţĩōń ŨŔĹ. Ćàń ƀē ũśēď ţō àũţōmàţĩćàĺĺŷ ćōńƒĩĝũŕē ţĥē ŨŔĹś àƀōvē. + + + + OIDC JWKS URL + ŌĨĎĆ ĵŴĶŚ ŨŔĹ + + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + ĵŚŌŃ Ŵēƀ Ķēŷ ŨŔĹ. Ķēŷś ƒŕōm ţĥē ŨŔĹ ŵĩĺĺ ƀē ũśēď ţō vàĺĩďàţē ĵŴŢś ƒŕōm ţĥĩś śōũŕćē. + + + + OIDC JWKS + ŌĨĎĆ ĵŴĶŚ + + + + Raw JWKS data. + Ŕàŵ ĵŴĶŚ ďàţà. + + + + User matching mode + Ũśēŕ màţćĥĩńĝ mōďē + + + + Delete currently set icon. + Ďēĺēţē ćũŕŕēńţĺŷ śēţ ĩćōń. + + + + Consumer key + Ćōńśũmēŕ ķēŷ + + + + Consumer secret + Ćōńśũmēŕ śēćŕēţ + + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + Àďďĩţĩōńàĺ śćōƥēś ţō ƀē ƥàśśēď ţō ţĥē ŌÀũţĥ Ƥŕōvĩďēŕ, śēƥàŕàţēď ƀŷ śƥàćē. Ţō ŕēƥĺàćē ēxĩśţĩńĝ śćōƥēś, ƥŕēƒĩx ŵĩţĥ *. + + + + Flow settings + Ƒĺōŵ śēţţĩńĝś + + + + Flow to use when authenticating existing users. + Ƒĺōŵ ţō ũśē ŵĥēń àũţĥēńţĩćàţĩńĝ ēxĩśţĩńĝ ũśēŕś. + + + + Enrollment flow + Ēńŕōĺĺmēńţ ƒĺōŵ + + + + Flow to use when enrolling new users. + Ƒĺōŵ ţō ũśē ŵĥēń ēńŕōĺĺĩńĝ ńēŵ ũśēŕś. + + + + Load servers + Ĺōàď śēŕvēŕś + + + + Re-authenticate with plex + Ŕē-àũţĥēńţĩćàţē ŵĩţĥ ƥĺēx + + + + Allow friends to authenticate via Plex, even if you don't share any servers + Àĺĺōŵ ƒŕĩēńďś ţō àũţĥēńţĩćàţē vĩà Ƥĺēx, ēvēń ĩƒ ŷōũ ďōń'ţ śĥàŕē àńŷ śēŕvēŕś + + + + Allowed servers + Àĺĺōŵēď śēŕvēŕś + + + + Select which server a user has to be a member of to be allowed to authenticate. + Śēĺēćţ ŵĥĩćĥ śēŕvēŕ à ũśēŕ ĥàś ţō ƀē à mēmƀēŕ ōƒ ţō ƀē àĺĺōŵēď ţō àũţĥēńţĩćàţē. + + + + SSO URL + ŚŚŌ ŨŔĹ + + + + URL that the initial Login request is sent to. + ŨŔĹ ţĥàţ ţĥē ĩńĩţĩàĺ Ĺōĝĩń ŕēǫũēśţ ĩś śēńţ ţō. + + + + SLO URL + ŚĹŌ ŨŔĹ + + + + Optional URL if the IDP supports Single-Logout. + Ōƥţĩōńàĺ ŨŔĹ ĩƒ ţĥē ĨĎƤ śũƥƥōŕţś Śĩńĝĺē-Ĺōĝōũţ. + + + + Also known as Entity ID. Defaults the Metadata URL. + Àĺśō ķńōŵń àś Ēńţĩţŷ ĨĎ. Ďēƒàũĺţś ţĥē Mēţàďàţà ŨŔĹ. + + + + Binding Type + ßĩńďĩńĝ Ţŷƥē + + + + Redirect binding + Ŕēďĩŕēćţ ƀĩńďĩńĝ + + + + Post-auto binding + Ƥōśţ-àũţō ƀĩńďĩńĝ + + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + Ƥōśţ ƀĩńďĩńĝ ƀũţ ţĥē ŕēǫũēśţ ĩś àũţōmàţĩćàĺĺŷ śēńţ àńď ţĥē ũśēŕ ďōēśń'ţ ĥàvē ţō ćōńƒĩŕm. + + + + Post binding + Ƥōśţ ƀĩńďĩńĝ + + + + Signing keypair + Śĩĝńĩńĝ ķēŷƥàĩŕ + + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + Ķēŷƥàĩŕ ŵĥĩćĥ ĩś ũśēď ţō śĩĝń ōũţĝōĩńĝ ŕēǫũēśţś. Ĺēàvē ēmƥţŷ ţō ďĩśàƀĺē śĩĝńĩńĝ. + + + + Allow IDP-initiated logins + Àĺĺōŵ ĨĎƤ-ĩńĩţĩàţēď ĺōĝĩńś + + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + Àĺĺōŵś àũţĥēńţĩćàţĩōń ƒĺōŵś ĩńĩţĩàţēď ƀŷ ţĥē ĨďƤ. Ţĥĩś ćàń ƀē à śēćũŕĩţŷ ŕĩśķ, àś ńō vàĺĩďàţĩōń ōƒ ţĥē ŕēǫũēśţ ĨĎ ĩś ďōńē. + + + + NameID Policy + ŃàmēĨĎ Ƥōĺĩćŷ + + + + Persistent + Ƥēŕśĩśţēńţ + + + + Email address + Ēmàĩĺ àďďŕēśś + + + + Windows + Ŵĩńďōŵś + + + + X509 Subject + X509 ŚũƀĴēćţ + + + + Transient + Ţŕàńśĩēńţ + + + + Delete temporary users after + Ďēĺēţē ţēmƥōŕàŕŷ ũśēŕś àƒţēŕ + + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + Ţĩmē ōƒƒśēţ ŵĥēń ţēmƥōŕàŕŷ ũśēŕś śĥōũĺď ƀē ďēĺēţēď. Ţĥĩś ōńĺŷ àƥƥĺĩēś ĩƒ ŷōũŕ ĨĎƤ ũśēś ţĥē ŃàmēĨĎ Ƒōŕmàţ 'ţŕàńśĩēńţ', àńď ţĥē ũśēŕ ďōēśń'ţ ĺōĝ ōũţ màńũàĺĺŷ. + + + + Pre-authentication flow + Ƥŕē-àũţĥēńţĩćàţĩōń ƒĺōŵ + + + + Flow used before authentication. + Ƒĺōŵ ũśēď ƀēƒōŕē àũţĥēńţĩćàţĩōń. + + + + New source + Ńēŵ śōũŕćē + + + + Create a new source. + Ćŕēàţē à ńēŵ śōũŕćē. + + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Śōũŕćēś ōƒ ĩďēńţĩţĩēś, ŵĥĩćĥ ćàń ēĩţĥēŕ ƀē śŷńćēď ĩńţō àũţĥēńţĩķ'ś ďàţàƀàśē, ōŕ ćàń ƀē ũśēď ƀŷ ũśēŕś ţō àũţĥēńţĩćàţē àńď ēńŕōĺĺ ţĥēmśēĺvēś. + + + + Source(s) + Śōũŕćē(ś) + + + + Disabled + Ďĩśàƀĺēď + + + + Built-in + ßũĩĺţ-ĩń + + + + Update LDAP Source + Ũƥďàţē ĹĎÀƤ Śōũŕćē + + + + Not synced yet. + Ńōţ śŷńćēď ŷēţ. + + + + Task finished with warnings + Ţàśķ ƒĩńĩśĥēď ŵĩţĥ ŵàŕńĩńĝś + + + + Task finished with errors + Ţàśķ ƒĩńĩśĥēď ŵĩţĥ ēŕŕōŕś + + + + Last sync: + Ĺàśţ śŷńć: + + + + OAuth Source + ŌÀũţĥ Śōũŕćē + + + + Generic OpenID Connect + Ĝēńēŕĩć ŌƥēńĨĎ Ćōńńēćţ + + + + Unknown provider type + Ũńķńōŵń ƥŕōvĩďēŕ ţŷƥē + + + + Details + Ďēţàĩĺś + + + + Callback URL + Ćàĺĺƀàćķ ŨŔĹ + + + + Access Key + Àććēśś Ķēŷ + + + + Update OAuth Source + Ũƥďàţē ŌÀũţĥ Śōũŕćē + + + + Diagram + Ďĩàĝŕàm + + + + Policy Bindings + Ƥōĺĩćŷ ßĩńďĩńĝś + + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + Ţĥēśē ƀĩńďĩńĝś ćōńţŕōĺ ŵĥĩćĥ ũśēŕś ćàń àććēśś ţĥĩś śōũŕćē. + Ŷōũ ćàń ōńĺŷ ũśē ƥōĺĩćĩēś ĥēŕē àś àććēśś ĩś ćĥēćķēď ƀēƒōŕē ţĥē ũśēŕ ĩś àũţĥēńţĩćàţēď. + + + Update Plex Source + Ũƥďàţē Ƥĺēx Śōũŕćē + + + + Update SAML Source + Ũƥďàţē ŚÀMĹ Śōũŕćē + + + + Successfully updated mapping. + Śũććēśśƒũĺĺŷ ũƥďàţēď màƥƥĩńĝ. + + + + Successfully created mapping. + Śũććēśśƒũĺĺŷ ćŕēàţēď màƥƥĩńĝ. + + + + Object field + ŌƀĴēćţ ƒĩēĺď + + + + Field of the user object this value is written to. + Ƒĩēĺď ōƒ ţĥē ũśēŕ ōƀĴēćţ ţĥĩś vàĺũē ĩś ŵŕĩţţēń ţō. + + + + SAML Attribute Name + ŚÀMĹ Àţţŕĩƀũţē Ńàmē + + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + Àţţŕĩƀũţē ńàmē ũśēď ƒōŕ ŚÀMĹ Àśśēŕţĩōńś. Ćàń ƀē à ŨŔŃ ŌĨĎ, à śćĥēmà ŕēƒēŕēńćē, ōŕ à àńŷ ōţĥēŕ śţŕĩńĝ. Ĩƒ ţĥĩś ƥŕōƥēŕţŷ màƥƥĩńĝ ĩś ũśēď ƒōŕ ŃàmēĨĎ Ƥŕōƥēŕţŷ, ţĥĩś ƒĩēĺď ĩś ďĩśćàŕďēď. + + + + Friendly Name + Ƒŕĩēńďĺŷ Ńàmē + + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + Ōƥţĩōńàĺĺŷ śēţ ţĥē 'ƑŕĩēńďĺŷŃàmē' vàĺũē ōƒ ţĥē Àśśēŕţĩōń àţţŕĩƀũţē. + + + + Scope name + Śćōƥē ńàmē + + + + Scope which the client can specify to access these properties. + Śćōƥē ŵĥĩćĥ ţĥē ćĺĩēńţ ćàń śƥēćĩƒŷ ţō àććēśś ţĥēśē ƥŕōƥēŕţĩēś. + + + + Description shown to the user when consenting. If left empty, the user won't be informed. + Ďēśćŕĩƥţĩōń śĥōŵń ţō ţĥē ũśēŕ ŵĥēń ćōńśēńţĩńĝ. Ĩƒ ĺēƒţ ēmƥţŷ, ţĥē ũśēŕ ŵōń'ţ ƀē ĩńƒōŕmēď. + + + + Example context data + Ēxàmƥĺē ćōńţēxţ ďàţà + + + + Active Directory User + Àćţĩvē Ďĩŕēćţōŕŷ Ũśēŕ + + + + Active Directory Group + Àćţĩvē Ďĩŕēćţōŕŷ Ĝŕōũƥ + + + + New property mapping + Ńēŵ ƥŕōƥēŕţŷ màƥƥĩńĝ + + + + Create a new property mapping. + Ćŕēàţē à ńēŵ ƥŕōƥēŕţŷ màƥƥĩńĝ. + + + + Property Mappings + Ƥŕōƥēŕţŷ Màƥƥĩńĝś + + + + Control how authentik exposes and interprets information. + Ćōńţŕōĺ ĥōŵ àũţĥēńţĩķ ēxƥōśēś àńď ĩńţēŕƥŕēţś ĩńƒōŕmàţĩōń. + + + + Property Mapping(s) + Ƥŕōƥēŕţŷ Màƥƥĩńĝ(ś) + + + + Test Property Mapping + Ţēśţ Ƥŕōƥēŕţŷ Màƥƥĩńĝ + + + + Hide managed mappings + Ĥĩďē màńàĝēď màƥƥĩńĝś + + + + Successfully updated token. + Śũććēśśƒũĺĺŷ ũƥďàţēď ţōķēń. + + + + Successfully created token. + Śũććēśśƒũĺĺŷ ćŕēàţēď ţōķēń. + + + + Unique identifier the token is referenced by. + Ũńĩǫũē ĩďēńţĩƒĩēŕ ţĥē ţōķēń ĩś ŕēƒēŕēńćēď ƀŷ. + + + + Intent + Ĩńţēńţ + + + + API Token + ÀƤĨ Ţōķēń + + + + Used to access the API programmatically + Ũśēď ţō àććēśś ţĥē ÀƤĨ ƥŕōĝŕàmmàţĩćàĺĺŷ + + + + App password. + Àƥƥ ƥàśśŵōŕď. + + + + Used to login using a flow executor + Ũśēď ţō ĺōĝĩń ũśĩńĝ à ƒĺōŵ ēxēćũţōŕ + + + + Expiring + Ēxƥĩŕĩńĝ + + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + Ĩƒ ţĥĩś ĩś śēĺēćţēď, ţĥē ţōķēń ŵĩĺĺ ēxƥĩŕē. Ũƥōń ēxƥĩŕàţĩōń, ţĥē ţōķēń ŵĩĺĺ ƀē ŕōţàţēď. + + + + Expires on + Ēxƥĩŕēś ōń + + + + API Access + ÀƤĨ Àććēśś + + + + App password + Àƥƥ ƥàśśŵōŕď + + + + Verification + Vēŕĩƒĩćàţĩōń + + + + Unknown intent + Ũńķńōŵń ĩńţēńţ + + + + Tokens + Ţōķēńś + + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Ţōķēńś àŕē ũśēď ţĥŕōũĝĥōũţ àũţĥēńţĩķ ƒōŕ Ēmàĩĺ vàĺĩďàţĩōń śţàĝēś, Ŕēćōvēŕŷ ķēŷś àńď ÀƤĨ àććēśś. + + + + Expires? + Ēxƥĩŕēś? + + + + Expiry date + Ēxƥĩŕŷ ďàţē + + + + Token(s) + Ţōķēń(ś) + + + + Create Token + Ćŕēàţē Ţōķēń + + + + Token is managed by authentik. + Ţōķēń ĩś màńàĝēď ƀŷ àũţĥēńţĩķ. + + + + Update Token + Ũƥďàţē Ţōķēń + + + + Domain + Ďōmàĩń + + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + Màţćĥĩńĝ ĩś ďōńē ƀàśēď ōń ďōmàĩń śũƒƒĩx, śō ĩƒ ŷōũ ēńţēŕ ďōmàĩń.ţĺď, ƒōō.ďōmàĩń.ţĺď ŵĩĺĺ śţĩĺĺ màţćĥ. + + + + Default + Ďēƒàũĺţ + + + + Branding settings + ßŕàńďĩńĝ śēţţĩńĝś + + + + Title + Ţĩţĺē + + + + Branding shown in page title and several other places. + ßŕàńďĩńĝ śĥōŵń ĩń ƥàĝē ţĩţĺē àńď śēvēŕàĺ ōţĥēŕ ƥĺàćēś. + + + + Logo + Ĺōĝō + + + + Icon shown in sidebar/header and flow executor. + Ĩćōń śĥōŵń ĩń śĩďēƀàŕ/ĥēàďēŕ àńď ƒĺōŵ ēxēćũţōŕ. + + + + Favicon + Ƒàvĩćōń + + + + Icon shown in the browser tab. + Ĩćōń śĥōŵń ĩń ţĥē ƀŕōŵśēŕ ţàƀ. + + + + Default flows + Ďēƒàũĺţ ƒĺōŵś + + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + Ƒĺōŵ ũśēď ţō àũţĥēńţĩćàţē ũśēŕś. Ĩƒ ĺēƒţ ēmƥţŷ, ţĥē ƒĩŕśţ àƥƥĺĩćàƀĺē ƒĺōŵ śōŕţēď ƀŷ ţĥē śĺũĝ ĩś ũśēď. + + + + Invalidation flow + Ĩńvàĺĩďàţĩōń ƒĺōŵ + + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + Ƒĺōŵ ũśēď ţō ĺōĝōũţ. Ĩƒ ĺēƒţ ēmƥţŷ, ţĥē ƒĩŕśţ àƥƥĺĩćàƀĺē ƒĺōŵ śōŕţēď ƀŷ ţĥē śĺũĝ ĩś ũśēď. + + + + Recovery flow + Ŕēćōvēŕŷ ƒĺōŵ + + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + Ŕēćōvēŕŷ ƒĺōŵ. Ĩƒ ĺēƒţ ēmƥţŷ, ţĥē ƒĩŕśţ àƥƥĺĩćàƀĺē ƒĺōŵ śōŕţēď ƀŷ ţĥē śĺũĝ ĩś ũśēď. + + + + Unenrollment flow + Ũńēńŕōĺĺmēńţ ƒĺōŵ + + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + Ĩƒ śēţ, ũśēŕś àŕē àƀĺē ţō ũńēńŕōĺĺ ţĥēmśēĺvēś ũśĩńĝ ţĥĩś ƒĺōŵ. Ĩƒ ńō ƒĺōŵ ĩś śēţ, ōƥţĩōń ĩś ńōţ śĥōŵń. + + + + User settings flow + Ũśēŕ śēţţĩńĝś ƒĺōŵ + + + + If set, users are able to configure details of their profile. + Ĩƒ śēţ, ũśēŕś àŕē àƀĺē ţō ćōńƒĩĝũŕē ďēţàĩĺś ōƒ ţĥēĩŕ ƥŕōƒĩĺē. + + + + Device code flow + Ďēvĩćē ćōďē ƒĺōŵ + + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + Ĩƒ śēţ, ţĥē ŌÀũţĥ Ďēvĩćē Ćōďē ƥŕōƒĩĺē ćàń ƀē ũśēď, àńď ţĥē śēĺēćţēď ƒĺōŵ ŵĩĺĺ ƀē ũśēď ţō ēńţēŕ ţĥē ćōďē. + + + + Other global settings + Ōţĥēŕ ĝĺōƀàĺ śēţţĩńĝś + + + + Web Certificate + Ŵēƀ Ćēŕţĩƒĩćàţē + + + + Event retention + Ēvēńţ ŕēţēńţĩōń + + + + Duration after which events will be deleted from the database. + Ďũŕàţĩōń àƒţēŕ ŵĥĩćĥ ēvēńţś ŵĩĺĺ ƀē ďēĺēţēď ƒŕōm ţĥē ďàţàƀàśē. + + + + When using an external logging solution for archiving, this can be set to "minutes=5". + Ŵĥēń ũśĩńĝ àń ēxţēŕńàĺ ĺōĝĝĩńĝ śōĺũţĩōń ƒōŕ àŕćĥĩvĩńĝ, ţĥĩś ćàń ƀē śēţ ţō "mĩńũţēś=5". + + + + This setting only affects new Events, as the expiration is saved per-event. + Ţĥĩś śēţţĩńĝ ōńĺŷ àƒƒēćţś ńēŵ Ēvēńţś, àś ţĥē ēxƥĩŕàţĩōń ĩś śàvēď ƥēŕ-ēvēńţ. + + + + Configure visual settings and defaults for different domains. + Ćōńƒĩĝũŕē vĩśũàĺ śēţţĩńĝś àńď ďēƒàũĺţś ƒōŕ ďĩƒƒēŕēńţ ďōmàĩńś. + + + + Default? + Ďēƒàũĺţ? + + + + Policies + Ƥōĺĩćĩēś + + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + Àĺĺōŵ ũśēŕś ţō ũśē Àƥƥĺĩćàţĩōńś ƀàśēď ōń ƥŕōƥēŕţĩēś, ēńƒōŕćē Ƥàśśŵōŕď Ćŕĩţēŕĩà àńď śēĺēćţĩvēĺŷ àƥƥĺŷ Śţàĝēś. + + + + Assigned to object(s). + Àśśĩĝńēď ţō ōƀĴēćţ(ś). + + + + Warning: Policy is not assigned. + Ŵàŕńĩńĝ: Ƥōĺĩćŷ ĩś ńōţ àśśĩĝńēď. + + + + Test Policy + Ţēśţ Ƥōĺĩćŷ + + + + Policy / Policies + Ƥōĺĩćŷ / Ƥōĺĩćĩēś + + + + Successfully cleared policy cache + Śũććēśśƒũĺĺŷ ćĺēàŕēď ƥōĺĩćŷ ćàćĥē + + + + Failed to delete policy cache + Ƒàĩĺēď ţō ďēĺēţē ƥōĺĩćŷ ćàćĥē + + + + Clear cache + Ćĺēàŕ ćàćĥē + + + + Clear Policy cache + Ćĺēàŕ Ƥōĺĩćŷ ćàćĥē + + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + Àŕē ŷōũ śũŕē ŷōũ ŵàńţ ţō ćĺēàŕ ţĥē ƥōĺĩćŷ ćàćĥē? Ţĥĩś ŵĩĺĺ ćàũśē àĺĺ ƥōĺĩćĩēś ţō ƀē ŕē-ēvàĺũàţēď ōń ţĥēĩŕ ńēxţ ũśàĝē. + + + Reputation scores + Ŕēƥũţàţĩōń śćōŕēś + + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + Ŕēƥũţàţĩōń ƒōŕ ĨƤ àńď ũśēŕ ĩďēńţĩƒĩēŕś. Śćōŕēś àŕē ďēćŕēàśēď ƒōŕ ēàćĥ ƒàĩĺēď ĺōĝĩń àńď ĩńćŕēàśēď ƒōŕ ēàćĥ śũććēśśƒũĺ ĺōĝĩń. + + + + IP + ĨƤ + + + + Score + Śćōŕē + + + + Updated + Ũƥďàţēď + + + + Reputation + Ŕēƥũţàţĩōń + + + + Groups + Ĝŕōũƥś + + + + Group users together and give them permissions based on the membership. + Ĝŕōũƥ ũśēŕś ţōĝēţĥēŕ àńď ĝĩvē ţĥēm ƥēŕmĩśśĩōńś ƀàśēď ōń ţĥē mēmƀēŕśĥĩƥ. + + + + Superuser privileges? + Śũƥēŕũśēŕ ƥŕĩvĩĺēĝēś? + + + + Group(s) + Ĝŕōũƥ(ś) + + + + Create Group + Ćŕēàţē Ĝŕōũƥ + + + + Create group + Ćŕēàţē ĝŕōũƥ + + + + Enabling this toggle will create a group named after the user, with the user as member. + Ēńàƀĺĩńĝ ţĥĩś ţōĝĝĺē ŵĩĺĺ ćŕēàţē à ĝŕōũƥ ńàmēď àƒţēŕ ţĥē ũśēŕ, ŵĩţĥ ţĥē ũśēŕ àś mēmƀēŕ. + + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + Ũśē ţĥē ũśēŕńàmē àńď ƥàśśŵōŕď ƀēĺōŵ ţō àũţĥēńţĩćàţē. Ţĥē ƥàśśŵōŕď ćàń ƀē ŕēţŕĩēvēď ĺàţēŕ ōń ţĥē Ţōķēńś ƥàĝē. + + + + Password + Ƥàśśŵōŕď + + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + Vàĺĩď ƒōŕ 360 ďàŷś, àƒţēŕ ŵĥĩćĥ ţĥē ƥàśśŵōŕď ŵĩĺĺ àũţōmàţĩćàĺĺŷ ŕōţàţē. Ŷōũ ćàń ćōƥŷ ţĥē ƥàśśŵōŕď ƒŕōm ţĥē Ţōķēń Ĺĩśţ. + + + + The following objects use + Ţĥē ƒōĺĺōŵĩńĝ ōƀĴēćţś ũśē + + + + connecting object will be deleted + ćōńńēćţĩńĝ ōƀĴēćţ ŵĩĺĺ ƀē ďēĺēţēď + + + + Successfully updated + Śũććēśśƒũĺĺŷ ũƥďàţēď + + + Failed to update : + Ƒàĩĺēď ţō ũƥďàţē : + + + + Are you sure you want to update ""? + Àŕē ŷōũ śũŕē ŷōũ ŵàńţ ţō ũƥďàţē ""? + + + + Successfully updated password. + Śũććēśśƒũĺĺŷ ũƥďàţēď ƥàśśŵōŕď. + + + + Successfully sent email. + Śũććēśśƒũĺĺŷ śēńţ ēmàĩĺ. + + + + Email stage + Ēmàĩĺ śţàĝē + + + + Successfully added user(s). + Śũććēśśƒũĺĺŷ àďďēď ũśēŕ(ś). + + + + Users to add + Ũśēŕś ţō àďď + + + + User(s) + Ũśēŕ(ś) + + + + Remove Users(s) + Ŕēmōvē Ũśēŕś(ś) + + + + Are you sure you want to remove the selected users from the group ? + Àŕē ŷōũ śũŕē ŷōũ ŵàńţ ţō ŕēmōvē ţĥē śēĺēćţēď ũśēŕś ƒŕōm ţĥē ĝŕōũƥ ? + + + + Remove + Ŕēmōvē + + + + Impersonate + Ĩmƥēŕśōńàţē + + + + User status + Ũśēŕ śţàţũś + + + + Change status + Ćĥàńĝē śţàţũś + + + + Deactivate + Ďēàćţĩvàţē + + + + Update password + Ũƥďàţē ƥàśśŵōŕď + + + + Set password + Śēţ ƥàśśŵōŕď + + + + Successfully generated recovery link + Śũććēśśƒũĺĺŷ ĝēńēŕàţēď ŕēćōvēŕŷ ĺĩńķ + + + + No recovery flow is configured. + Ńō ŕēćōvēŕŷ ƒĺōŵ ĩś ćōńƒĩĝũŕēď. + + + + Copy recovery link + Ćōƥŷ ŕēćōvēŕŷ ĺĩńķ + + + + Send link + Śēńď ĺĩńķ + + + + Send recovery link to user + Śēńď ŕēćōvēŕŷ ĺĩńķ ţō ũśēŕ + + + + Email recovery link + Ēmàĩĺ ŕēćōvēŕŷ ĺĩńķ + + + + Recovery link cannot be emailed, user has no email address saved. + Ŕēćōvēŕŷ ĺĩńķ ćàńńōţ ƀē ēmàĩĺēď, ũśēŕ ĥàś ńō ēmàĩĺ àďďŕēśś śàvēď. + + + + Add User + Àďď Ũśēŕ + + + + Warning: This group is configured with superuser access. Added users will have superuser access. + Ŵàŕńĩńĝ: Ţĥĩś ĝŕōũƥ ĩś ćōńƒĩĝũŕēď ŵĩţĥ śũƥēŕũśēŕ àććēśś. Àďďēď ũśēŕś ŵĩĺĺ ĥàvē śũƥēŕũśēŕ àććēśś. + + + + Add existing user + Àďď ēxĩśţĩńĝ ũśēŕ + + + + Create user + Ćŕēàţē ũśēŕ + + + + Create User + Ćŕēàţē Ũśēŕ + + + + Create Service account + Ćŕēàţē Śēŕvĩćē àććōũńţ + + + + Hide service-accounts + Ĥĩďē śēŕvĩćē-àććōũńţś + + + + Group Info + Ĝŕōũƥ Ĩńƒō + + + + Notes + Ńōţēś + + + + Edit the notes attribute of this group to add notes here. + Ēďĩţ ţĥē ńōţēś àţţŕĩƀũţē ōƒ ţĥĩś ĝŕōũƥ ţō àďď ńōţēś ĥēŕē. + + + + Users + Ũśēŕś + + + + Root + Ŕōōţ + + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + Ŵàŕńĩńĝ: Ŷōũ'ŕē àƀōũţ ţō ďēĺēţē ţĥē ũśēŕ ŷōũ'ŕē ĺōĝĝēď ĩń àś (). Ƥŕōćēēď àţ ŷōũŕ ōŵń ŕĩśķ. + + + + Hide deactivated user + Ĥĩďē ďēàćţĩvàţēď ũśēŕ + + + + User folders + Ũśēŕ ƒōĺďēŕś + + + + Successfully added user to group(s). + Śũććēśśƒũĺĺŷ àďďēď ũśēŕ ţō ĝŕōũƥ(ś). + + + + Groups to add + Ĝŕōũƥś ţō àďď + + + + Remove from Group(s) + Ŕēmōvē ƒŕōm Ĝŕōũƥ(ś) + + + + Are you sure you want to remove user from the following groups? + Àŕē ŷōũ śũŕē ŷōũ ŵàńţ ţō ŕēmōvē ũśēŕ ƒŕōm ţĥē ƒōĺĺōŵĩńĝ ĝŕōũƥś? + + + + Add Group + Àďď Ĝŕōũƥ + + + + Add to existing group + Àďď ţō ēxĩśţĩńĝ ĝŕōũƥ + + + + Add new group + Àďď ńēŵ ĝŕōũƥ + + + + Application authorizations + Àƥƥĺĩćàţĩōń àũţĥōŕĩźàţĩōńś + + + + Revoked? + Ŕēvōķēď? + + + + Expires + Ēxƥĩŕēś + + + + ID Token + ĨĎ Ţōķēń + + + + Refresh Tokens(s) + Ŕēƒŕēśĥ Ţōķēńś(ś) + + + + Last IP + Ĺàśţ ĨƤ + + + + Session(s) + Śēśśĩōń(ś) + + + + Expiry + Ēxƥĩŕŷ + + + + (Current session) + (Ćũŕŕēńţ śēśśĩōń) + + + + Permissions + Ƥēŕmĩśśĩōńś + + + + Consent(s) + Ćōńśēńţ(ś) + + + + Successfully updated device. + Śũććēśśƒũĺĺŷ ũƥďàţēď ďēvĩćē. + + + + Static tokens + Śţàţĩć ţōķēńś + + + + TOTP Device + ŢŌŢƤ Ďēvĩćē + + + + Enroll + Ēńŕōĺĺ + + + + Device(s) + Ďēvĩćē(ś) + + + + Update Device + Ũƥďàţē Ďēvĩćē + + + + Confirmed + Ćōńƒĩŕmēď + + + + User Info + Ũśēŕ Ĩńƒō + + + + Actions over the last week (per 8 hours) + Àćţĩōńś ōvēŕ ţĥē ĺàśţ ŵēēķ (ƥēŕ 8 ĥōũŕś) + + + + Edit the notes attribute of this user to add notes here. + Ēďĩţ ţĥē ńōţēś àţţŕĩƀũţē ōƒ ţĥĩś ũśēŕ ţō àďď ńōţēś ĥēŕē. + + + + Sessions + Śēśśĩōńś + + + + User events + Ũśēŕ ēvēńţś + + + + Explicit Consent + Ēxƥĺĩćĩţ Ćōńśēńţ + + + + OAuth Refresh Tokens + ŌÀũţĥ Ŕēƒŕēśĥ Ţōķēńś + + + + MFA Authenticators + MƑÀ Àũţĥēńţĩćàţōŕś + + + + Successfully updated invitation. + Śũććēśśƒũĺĺŷ ũƥďàţēď ĩńvĩţàţĩōń. + + + + Successfully created invitation. + Śũććēśśƒũĺĺŷ ćŕēàţēď ĩńvĩţàţĩōń. + + + + Flow + Ƒĺōŵ + + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + Ŵĥēń śēĺēćţēď, ţĥē ĩńvĩţē ŵĩĺĺ ōńĺŷ ƀē ũśàƀĺē ŵĩţĥ ţĥē ƒĺōŵ. ßŷ ďēƒàũĺţ ţĥē ĩńvĩţē ĩś àććēƥţēď ōń àĺĺ ƒĺōŵś ŵĩţĥ ĩńvĩţàţĩōń śţàĝēś. + + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + Ōƥţĩōńàĺ ďàţà ŵĥĩćĥ ĩś ĺōàďēď ĩńţō ţĥē ƒĺōŵ'ś 'ƥŕōmƥţ_ďàţà' ćōńţēxţ vàŕĩàƀĺē. ŶÀMĹ ōŕ ĵŚŌŃ. + + + + Single use + Śĩńĝĺē ũśē + + + + When enabled, the invitation will be deleted after usage. + Ŵĥēń ēńàƀĺēď, ţĥē ĩńvĩţàţĩōń ŵĩĺĺ ƀē ďēĺēţēď àƒţēŕ ũśàĝē. + + + + Select an enrollment flow + Śēĺēćţ àń ēńŕōĺĺmēńţ ƒĺōŵ + + + + Link to use the invitation. + Ĺĩńķ ţō ũśē ţĥē ĩńvĩţàţĩōń. + + + + Invitations + Ĩńvĩţàţĩōńś + + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Ćŕēàţē Ĩńvĩţàţĩōń Ĺĩńķś ţō ēńŕōĺĺ Ũśēŕś, àńď ōƥţĩōńàĺĺŷ ƒōŕćē śƥēćĩƒĩć àţţŕĩƀũţēś ōƒ ţĥēĩŕ àććōũńţ. + + + + Created by + Ćŕēàţēď ƀŷ + + + + Invitation(s) + Ĩńvĩţàţĩōń(ś) + + + + Invitation not limited to any flow, and can be used with any enrollment flow. + Ĩńvĩţàţĩōń ńōţ ĺĩmĩţēď ţō àńŷ ƒĺōŵ, àńď ćàń ƀē ũśēď ŵĩţĥ àńŷ ēńŕōĺĺmēńţ ƒĺōŵ. + + + + Update Invitation + Ũƥďàţē Ĩńvĩţàţĩōń + + + + Create Invitation + Ćŕēàţē Ĩńvĩţàţĩōń + + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + Ŵàŕńĩńĝ: Ńō ĩńvĩţàţĩōń śţàĝē ĩś ƀōũńď ţō àńŷ ƒĺōŵ. Ĩńvĩţàţĩōńś ŵĩĺĺ ńōţ ŵōŕķ àś ēxƥēćţēď. + + + + Auto-detect (based on your browser) + Àũţō-ďēţēćţ (ƀàśēď ōń ŷōũŕ ƀŕōŵśēŕ) + + + + Required. + Ŕēǫũĩŕēď. + + + + Continue + Ćōńţĩńũē + + + + Successfully updated prompt. + Śũććēśśƒũĺĺŷ ũƥďàţēď ƥŕōmƥţ. + + + + Successfully created prompt. + Śũććēśśƒũĺĺŷ ćŕēàţēď ƥŕōmƥţ. + + + + Text: Simple Text input + Ţēxţ: Śĩmƥĺē Ţēxţ ĩńƥũţ + + + + Text Area: Multiline text input + Ţēxţ Àŕēà: Mũĺţĩĺĩńē ţēxţ ĩńƥũţ + + + + Text (read-only): Simple Text input, but cannot be edited. + Ţēxţ (ŕēàď-ōńĺŷ): Śĩmƥĺē Ţēxţ ĩńƥũţ, ƀũţ ćàńńōţ ƀē ēďĩţēď. + + + + Text Area (read-only): Multiline text input, but cannot be edited. + Ţēxţ Àŕēà (ŕēàď-ōńĺŷ): Mũĺţĩĺĩńē ţēxţ ĩńƥũţ, ƀũţ ćàńńōţ ƀē ēďĩţēď. + + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + Ũśēŕńàmē: Śàmē àś Ţēxţ ĩńƥũţ, ƀũţ ćĥēćķś ƒōŕ àńď ƥŕēvēńţś ďũƥĺĩćàţē ũśēŕńàmēś. + + + + Email: Text field with Email type. + Ēmàĩĺ: Ţēxţ ƒĩēĺď ŵĩţĥ Ēmàĩĺ ţŷƥē. + + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + Ƥàśśŵōŕď: Màśķēď ĩńƥũţ, mũĺţĩƥĺē ĩńƥũţś ōƒ ţĥĩś ţŷƥē ōń ţĥē śàmē ƥŕōmƥţ ńēēď ţō ƀē ĩďēńţĩćàĺ. + + + + Number + Ńũmƀēŕ + + + + Checkbox + Ćĥēćķƀōx + + + + Radio Button Group (fixed choice) + Ŕàďĩō ßũţţōń Ĝŕōũƥ (ƒĩxēď ćĥōĩćē) + + + + Dropdown (fixed choice) + Ďŕōƥďōŵń (ƒĩxēď ćĥōĩćē) + + + + Date + Ďàţē + + + + Date Time + Ďàţē Ţĩmē + + + + File + Ƒĩĺē + + + + Separator: Static Separator Line + Śēƥàŕàţōŕ: Śţàţĩć Śēƥàŕàţōŕ Ĺĩńē + + + + Hidden: Hidden field, can be used to insert data into form. + Ĥĩďďēń: Ĥĩďďēń ƒĩēĺď, ćàń ƀē ũśēď ţō ĩńśēŕţ ďàţà ĩńţō ƒōŕm. + + + + Static: Static value, displayed as-is. + Śţàţĩć: Śţàţĩć vàĺũē, ďĩśƥĺàŷēď àś-ĩś. + + + + authentik: Locale: Displays a list of locales authentik supports. + àũţĥēńţĩķ: Ĺōćàĺē: Ďĩśƥĺàŷś à ĺĩśţ ōƒ ĺōćàĺēś àũţĥēńţĩķ śũƥƥōŕţś. + + + + Preview errors + Ƥŕēvĩēŵ ēŕŕōŕś + + + + Data preview + Ďàţà ƥŕēvĩēŵ + + + + Unique name of this field, used for selecting fields in prompt stages. + Ũńĩǫũē ńàmē ōƒ ţĥĩś ƒĩēĺď, ũśēď ƒōŕ śēĺēćţĩńĝ ƒĩēĺďś ĩń ƥŕōmƥţ śţàĝēś. + + + + Field Key + Ƒĩēĺď Ķēŷ + + + + Name of the form field, also used to store the value. + Ńàmē ōƒ ţĥē ƒōŕm ƒĩēĺď, àĺśō ũśēď ţō śţōŕē ţĥē vàĺũē. + + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + Ŵĥēń ũśēď ĩń ćōńĴũńćţĩōń ŵĩţĥ à Ũśēŕ Ŵŕĩţē śţàĝē, ũśē àţţŕĩƀũţēś.ƒōō ţō ŵŕĩţē àţţŕĩƀũţēś. + + + + Label + Ĺàƀēĺ + + + + Label shown next to/above the prompt. + Ĺàƀēĺ śĥōŵń ńēxţ ţō/àƀōvē ţĥē ƥŕōmƥţ. + + + + Required + Ŕēǫũĩŕēď + + + + Interpret placeholder as expression + Ĩńţēŕƥŕēţ ƥĺàćēĥōĺďēŕ àś ēxƥŕēśśĩōń + + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + Ŵĥēń ćĥēćķēď, ţĥē ƥĺàćēĥōĺďēŕ ŵĩĺĺ ƀē ēvàĺũàţēď ĩń ţĥē śàmē ŵàŷ à ƥŕōƥēŕţŷ màƥƥĩńĝ ĩś. + Ĩƒ ţĥē ēvàĺũàţĩōń ƒàĩĺś, ţĥē ƥĺàćēĥōĺďēŕ ĩţśēĺƒ ĩś ŕēţũŕńēď. + + + Placeholder + Ƥĺàćēĥōĺďēŕ + + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + Ōƥţĩōńàĺĺŷ ƥŕōvĩďē à śĥōŕţ ĥĩńţ ţĥàţ ďēśćŕĩƀēś ţĥē ēxƥēćţēď ĩńƥũţ vàĺũē. + Ŵĥēń ćŕēàţĩńĝ à ƒĩxēď ćĥōĩćē ƒĩēĺď, ēńàƀĺē ĩńţēŕƥŕēţĩńĝ àś ēxƥŕēśśĩōń àńď ŕēţũŕń à + ĺĩśţ ţō ŕēţũŕń mũĺţĩƥĺē ćĥōĩćēś. + + + Interpret initial value as expression + Ĩńţēŕƥŕēţ ĩńĩţĩàĺ vàĺũē àś ēxƥŕēśśĩōń + + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + Ŵĥēń ćĥēćķēď, ţĥē ĩńĩţĩàĺ vàĺũē ŵĩĺĺ ƀē ēvàĺũàţēď ĩń ţĥē śàmē ŵàŷ à ƥŕōƥēŕţŷ màƥƥĩńĝ ĩś. + Ĩƒ ţĥē ēvàĺũàţĩōń ƒàĩĺś, ţĥē ĩńĩţĩàĺ vàĺũē ĩţśēĺƒ ĩś ŕēţũŕńēď. + + + Initial value + Ĩńĩţĩàĺ vàĺũē + + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + Ōƥţĩōńàĺĺŷ ƥŕē-ƒĩĺĺ ţĥē ĩńƥũţ ŵĩţĥ àń ĩńĩţĩàĺ vàĺũē. + Ŵĥēń ćŕēàţĩńĝ à ƒĩxēď ćĥōĩćē ƒĩēĺď, ēńàƀĺē ĩńţēŕƥŕēţĩńĝ àś ēxƥŕēśśĩōń àńď + ŕēţũŕń à ĺĩśţ ţō ŕēţũŕń mũĺţĩƥĺē ďēƒàũĺţ ćĥōĩćēś. + + + Help text + Ĥēĺƥ ţēxţ + + + + Any HTML can be used. + Àńŷ ĤŢMĹ ćàń ƀē ũśēď. + + + + Prompts + Ƥŕōmƥţś + + + + Single Prompts that can be used for Prompt Stages. + Śĩńĝĺē Ƥŕōmƥţś ţĥàţ ćàń ƀē ũśēď ƒōŕ Ƥŕōmƥţ Śţàĝēś. + + + + Field + Ƒĩēĺď + + + + Stages + Śţàĝēś + + + + Prompt(s) + Ƥŕōmƥţ(ś) + + + + Update Prompt + Ũƥďàţē Ƥŕōmƥţ + + + + Create Prompt + Ćŕēàţē Ƥŕōmƥţ + + + + Target + Ţàŕĝēţ + + + + Stage + Śţàĝē + + + + Evaluate when flow is planned + Ēvàĺũàţē ŵĥēń ƒĺōŵ ĩś ƥĺàńńēď + + + + Evaluate policies during the Flow planning process. + Ēvàĺũàţē ƥōĺĩćĩēś ďũŕĩńĝ ţĥē Ƒĺōŵ ƥĺàńńĩńĝ ƥŕōćēśś. + + + + Evaluate when stage is run + Ēvàĺũàţē ŵĥēń śţàĝē ĩś ŕũń + + + + Evaluate policies before the Stage is present to the user. + Ēvàĺũàţē ƥōĺĩćĩēś ƀēƒōŕē ţĥē Śţàĝē ĩś ƥŕēśēńţ ţō ţĥē ũśēŕ. + + + + Invalid response behavior + Ĩńvàĺĩď ŕēśƥōńśē ƀēĥàvĩōŕ + + + + Returns the error message and a similar challenge to the executor + Ŕēţũŕńś ţĥē ēŕŕōŕ mēśśàĝē àńď à śĩmĩĺàŕ ćĥàĺĺēńĝē ţō ţĥē ēxēćũţōŕ + + + + Restarts the flow from the beginning + Ŕēśţàŕţś ţĥē ƒĺōŵ ƒŕōm ţĥē ƀēĝĩńńĩńĝ + + + + Restarts the flow from the beginning, while keeping the flow context + Ŕēśţàŕţś ţĥē ƒĺōŵ ƒŕōm ţĥē ƀēĝĩńńĩńĝ, ŵĥĩĺē ķēēƥĩńĝ ţĥē ƒĺōŵ ćōńţēxţ + + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + Ćōńƒĩĝũŕē ĥōŵ ţĥē ƒĺōŵ ēxēćũţōŕ śĥōũĺď ĥàńďĺē àń ĩńvàĺĩď ŕēśƥōńśē ţō à ćĥàĺĺēńĝē ĝĩvēń ƀŷ ţĥĩś ƀōũńď śţàĝē. + + + + Successfully updated stage. + Śũććēśśƒũĺĺŷ ũƥďàţēď śţàĝē. + + + + Successfully created stage. + Śũććēśśƒũĺĺŷ ćŕēàţēď śţàĝē. + + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Śţàĝē ũśēď ţō ćōńƒĩĝũŕē à ďũō-ƀàśēď àũţĥēńţĩćàţōŕ. Ţĥĩś śţàĝē śĥōũĺď ƀē ũśēď ƒōŕ ćōńƒĩĝũŕàţĩōń ƒĺōŵś. + + + + Authenticator type name + Àũţĥēńţĩćàţōŕ ţŷƥē ńàmē + + + + Display name of this authenticator, used by users when they enroll an authenticator. + Ďĩśƥĺàŷ ńàmē ōƒ ţĥĩś àũţĥēńţĩćàţōŕ, ũśēď ƀŷ ũśēŕś ŵĥēń ţĥēŷ ēńŕōĺĺ àń àũţĥēńţĩćàţōŕ. + + + + API Hostname + ÀƤĨ Ĥōśţńàmē + + + + Duo Auth API + Ďũō Àũţĥ ÀƤĨ + + + + Integration key + Ĩńţēĝŕàţĩōń ķēŷ + + + + Secret key + Śēćŕēţ ķēŷ + + + + Duo Admin API (optional) + Ďũō Àďmĩń ÀƤĨ (ōƥţĩōńàĺ) + + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + Ŵĥēń ũśĩńĝ à Ďũō MƑÀ, Àććēśś ōŕ ßēŷōńď ƥĺàń, àń Àďmĩń ÀƤĨ àƥƥĺĩćàţĩōń ćàń ƀē ćŕēàţēď. + Ţĥĩś ŵĩĺĺ àĺĺōŵ àũţĥēńţĩķ ţō ĩmƥōŕţ ďēvĩćēś àũţōmàţĩćàĺĺŷ. + + + Stage-specific settings + Śţàĝē-śƥēćĩƒĩć śēţţĩńĝś + + + + Configuration flow + Ćōńƒĩĝũŕàţĩōń ƒĺōŵ + + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + Ƒĺōŵ ũśēď ƀŷ àń àũţĥēńţĩćàţēď ũśēŕ ţō ćōńƒĩĝũŕē ţĥĩś Śţàĝē. Ĩƒ ēmƥţŷ, ũśēŕ ŵĩĺĺ ńōţ ƀē àƀĺē ţō ćōńƒĩĝũŕē ţĥĩś śţàĝē. + + + + Twilio Account SID + Ţŵĩĺĩō Àććōũńţ ŚĨĎ + + + + Get this value from https://console.twilio.com + Ĝēţ ţĥĩś vàĺũē ƒŕōm ĥţţƥś://ćōńśōĺē.ţŵĩĺĩō.ćōm + + + + Twilio Auth Token + Ţŵĩĺĩō Àũţĥ Ţōķēń + + + + Authentication Type + Àũţĥēńţĩćàţĩōń Ţŷƥē + + + + Basic Auth + ßàśĩć Àũţĥ + + + + Bearer Token + ßēàŕēŕ Ţōķēń + + + + External API URL + Ēxţēŕńàĺ ÀƤĨ ŨŔĹ + + + + This is the full endpoint to send POST requests to. + Ţĥĩś ĩś ţĥē ƒũĺĺ ēńďƥōĩńţ ţō śēńď ƤŌŚŢ ŕēǫũēśţś ţō. + + + + API Auth Username + ÀƤĨ Àũţĥ Ũśēŕńàmē + + + + This is the username to be used with basic auth or the token when used with bearer token + Ţĥĩś ĩś ţĥē ũśēŕńàmē ţō ƀē ũśēď ŵĩţĥ ƀàśĩć àũţĥ ōŕ ţĥē ţōķēń ŵĥēń ũśēď ŵĩţĥ ƀēàŕēŕ ţōķēń + + + + API Auth password + ÀƤĨ Àũţĥ ƥàśśŵōŕď + + + + This is the password to be used with basic auth + Ţĥĩś ĩś ţĥē ƥàśśŵōŕď ţō ƀē ũśēď ŵĩţĥ ƀàśĩć àũţĥ + + + + Mapping + Màƥƥĩńĝ + + + + Modify the payload sent to the custom provider. + Mōďĩƒŷ ţĥē ƥàŷĺōàď śēńţ ţō ţĥē ćũśţōm ƥŕōvĩďēŕ. + + + + Stage used to configure an SMS-based TOTP authenticator. + Śţàĝē ũśēď ţō ćōńƒĩĝũŕē àń ŚMŚ-ƀàśēď ŢŌŢƤ àũţĥēńţĩćàţōŕ. + + + + Twilio + Ţŵĩĺĩō + + + + Generic + Ĝēńēŕĩć + + + + From number + Ƒŕōm ńũmƀēŕ + + + + Number the SMS will be sent from. + Ńũmƀēŕ ţĥē ŚMŚ ŵĩĺĺ ƀē śēńţ ƒŕōm. + + + + Hash phone number + Ĥàśĥ ƥĥōńē ńũmƀēŕ + + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + Ĩƒ ēńàƀĺēď, ōńĺŷ à ĥàśĥ ōƒ ţĥē ƥĥōńē ńũmƀēŕ ŵĩĺĺ ƀē śàvēď. Ţĥĩś ćàń ƀē ďōńē ƒōŕ ďàţà-ƥŕōţēćţĩōń ŕēàśōńś. Ďēvĩćēś ćŕēàţēď ƒŕōm à śţàĝē ŵĩţĥ ţĥĩś ēńàƀĺēď ćàńńōţ ƀē ũśēď ŵĩţĥ ţĥē àũţĥēńţĩćàţōŕ vàĺĩďàţĩōń śţàĝē. + + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Śţàĝē ũśēď ţō ćōńƒĩĝũŕē à śţàţĩć àũţĥēńţĩćàţōŕ (ĩ.ē. śţàţĩć ţōķēńś). Ţĥĩś śţàĝē śĥōũĺď ƀē ũśēď ƒōŕ ćōńƒĩĝũŕàţĩōń ƒĺōŵś. + + + + Token count + Ţōķēń ćōũńţ + + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Śţàĝē ũśēď ţō ćōńƒĩĝũŕē à ŢŌŢƤ àũţĥēńţĩćàţōŕ (ĩ.ē. Àũţĥŷ/Ĝōōĝĺē Àũţĥēńţĩćàţōŕ). + + + + Digits + Ďĩĝĩţś + + + + 6 digits, widely compatible + 6 ďĩĝĩţś, ŵĩďēĺŷ ćōmƥàţĩƀĺē + + + + 8 digits, not compatible with apps like Google Authenticator + 8 ďĩĝĩţś, ńōţ ćōmƥàţĩƀĺē ŵĩţĥ àƥƥś ĺĩķē Ĝōōĝĺē Àũţĥēńţĩćàţōŕ + + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Śţàĝē ũśēď ţō vàĺĩďàţē àńŷ àũţĥēńţĩćàţōŕ. Ţĥĩś śţàĝē śĥōũĺď ƀē ũśēď ďũŕĩńĝ àũţĥēńţĩćàţĩōń ōŕ àũţĥōŕĩźàţĩōń ƒĺōŵś. + + + + Device classes + Ďēvĩćē ćĺàśśēś + + + + Static Tokens + Śţàţĩć Ţōķēńś + + + + TOTP Authenticators + ŢŌŢƤ Àũţĥēńţĩćàţōŕś + + + + WebAuthn Authenticators + ŴēƀÀũţĥń Àũţĥēńţĩćàţōŕś + + + + Duo Authenticators + Ďũō Àũţĥēńţĩćàţōŕś + + + + SMS-based Authenticators + ŚMŚ-ƀàśēď Àũţĥēńţĩćàţōŕś + + + + Device classes which can be used to authenticate. + Ďēvĩćē ćĺàśśēś ŵĥĩćĥ ćàń ƀē ũśēď ţō àũţĥēńţĩćàţē. + + + + Last validation threshold + Ĺàśţ vàĺĩďàţĩōń ţĥŕēśĥōĺď + + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + Ĩƒ àńŷ ōƒ ţĥē ďēvĩćēś ũśēŕ ōƒ ţĥē ţŷƥēś śēĺēćţēď àƀōvē ĥàvē ƀēēń ũśēď ŵĩţĥĩń ţĥĩś ďũŕàţĩōń, ţĥĩś śţàĝē ŵĩĺĺ ƀē śķĩƥƥēď. + + + + Not configured action + Ńōţ ćōńƒĩĝũŕēď àćţĩōń + + + + Force the user to configure an authenticator + Ƒōŕćē ţĥē ũśēŕ ţō ćōńƒĩĝũŕē àń àũţĥēńţĩćàţōŕ + + + + Deny the user access + Ďēńŷ ţĥē ũśēŕ àććēśś + + + + WebAuthn User verification + ŴēƀÀũţĥń Ũśēŕ vēŕĩƒĩćàţĩōń + + + + User verification must occur. + Ũśēŕ vēŕĩƒĩćàţĩōń mũśţ ōććũŕ. + + + + User verification is preferred if available, but not required. + Ũśēŕ vēŕĩƒĩćàţĩōń ĩś ƥŕēƒēŕŕēď ĩƒ àvàĩĺàƀĺē, ƀũţ ńōţ ŕēǫũĩŕēď. + + + + User verification should not occur. + Ũśēŕ vēŕĩƒĩćàţĩōń śĥōũĺď ńōţ ōććũŕ. + + + + Configuration stages + Ćōńƒĩĝũŕàţĩōń śţàĝēś + + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + Śţàĝēś ũśēď ţō ćōńƒĩĝũŕē Àũţĥēńţĩćàţōŕ ŵĥēń ũśēŕ ďōēśń'ţ ĥàvē àńŷ ćōmƥàţĩƀĺē ďēvĩćēś. Àƒţēŕ ţĥĩś ćōńƒĩĝũŕàţĩōń Śţàĝē ƥàśśēś, ţĥē ũśēŕ ĩś ńōţ ƥŕōmƥţēď àĝàĩń. + + + + When multiple stages are selected, the user can choose which one they want to enroll. + Ŵĥēń mũĺţĩƥĺē śţàĝēś àŕē śēĺēćţēď, ţĥē ũśēŕ ćàń ćĥōōśē ŵĥĩćĥ ōńē ţĥēŷ ŵàńţ ţō ēńŕōĺĺ. + + + + User verification + Ũśēŕ vēŕĩƒĩćàţĩōń + + + + Resident key requirement + Ŕēśĩďēńţ ķēŷ ŕēǫũĩŕēmēńţ + + + + Authenticator Attachment + Àũţĥēńţĩćàţōŕ Àţţàćĥmēńţ + + + + No preference is sent + Ńō ƥŕēƒēŕēńćē ĩś śēńţ + + + + A non-removable authenticator, like TouchID or Windows Hello + À ńōń-ŕēmōvàƀĺē àũţĥēńţĩćàţōŕ, ĺĩķē ŢōũćĥĨĎ ōŕ Ŵĩńďōŵś Ĥēĺĺō + + + + A "roaming" authenticator, like a YubiKey + À "ŕōàmĩńĝ" àũţĥēńţĩćàţōŕ, ĺĩķē à ŶũƀĩĶēŷ + + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + Ţĥĩś śţàĝē ćĥēćķś ţĥē ũśēŕ'ś ćũŕŕēńţ śēśśĩōń àĝàĩńśţ ţĥē Ĝōōĝĺē ŕēĆàƥţćĥà (ōŕ ćōmƥàţĩƀĺē) śēŕvĩćē. + + + + Public Key + Ƥũƀĺĩć Ķēŷ + + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Ƥũƀĺĩć ķēŷ, àćǫũĩŕēď ƒŕōm ĥţţƥś://ŵŵŵ.ĝōōĝĺē.ćōm/ŕēćàƥţćĥà/ĩńţŕō/v3.ĥţmĺ. + + + + Private Key + Ƥŕĩvàţē Ķēŷ + + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + Ƥŕĩvàţē ķēŷ, àćǫũĩŕēď ƒŕōm ĥţţƥś://ŵŵŵ.ĝōōĝĺē.ćōm/ŕēćàƥţćĥà/ĩńţŕō/v3.ĥţmĺ. + + + + Advanced settings + Àďvàńćēď śēţţĩńĝś + + + + JS URL + ĵŚ ŨŔĹ + + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + ŨŔĹ ţō ƒēţćĥ ĵàvàŚćŕĩƥţ ƒŕōm, ďēƒàũĺţś ţō ŕēćàƥţćĥà. Ćàń ƀē ŕēƥĺàćēď ŵĩţĥ àńŷ ćōmƥàţĩƀĺē àĺţēŕńàţĩvē. + + + + API URL + ÀƤĨ ŨŔĹ + + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + ŨŔĹ ũśēď ţō vàĺĩďàţē ćàƥţćĥà ŕēśƥōńśē, ďēƒàũĺţś ţō ŕēćàƥţćĥà. Ćàń ƀē ŕēƥĺàćēď ŵĩţĥ àńŷ ćōmƥàţĩƀĺē àĺţēŕńàţĩvē. + + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + Ƥŕōmƥţ ƒōŕ ţĥē ũśēŕ'ś ćōńśēńţ. Ţĥē ćōńśēńţ ćàń ēĩţĥēŕ ƀē ƥēŕmàńēńţ ōŕ ēxƥĩŕē ĩń à ďēƒĩńēď àmōũńţ ōƒ ţĩmē. + + + + Always require consent + Àĺŵàŷś ŕēǫũĩŕē ćōńśēńţ + + + + Consent given last indefinitely + Ćōńśēńţ ĝĩvēń ĺàśţ ĩńďēƒĩńĩţēĺŷ + + + + Consent expires. + Ćōńśēńţ ēxƥĩŕēś. + + + + Consent expires in + Ćōńśēńţ ēxƥĩŕēś ĩń + + + + Offset after which consent expires. + Ōƒƒśēţ àƒţēŕ ŵĥĩćĥ ćōńśēńţ ēxƥĩŕēś. + + + + Dummy stage used for testing. Shows a simple continue button and always passes. + Ďũmmŷ śţàĝē ũśēď ƒōŕ ţēśţĩńĝ. Śĥōŵś à śĩmƥĺē ćōńţĩńũē ƀũţţōń àńď àĺŵàŷś ƥàśśēś. + + + + Throw error? + Ţĥŕōŵ ēŕŕōŕ? + + + + SMTP Host + ŚMŢƤ Ĥōśţ + + + + SMTP Port + ŚMŢƤ Ƥōŕţ + + + + SMTP Username + ŚMŢƤ Ũśēŕńàmē + + + + SMTP Password + ŚMŢƤ Ƥàśśŵōŕď + + + + Use TLS + Ũśē ŢĹŚ + + + + Use SSL + Ũśē ŚŚĹ + + + + From address + Ƒŕōm àďďŕēśś + + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + Vēŕĩƒŷ ţĥē ũśēŕ'ś ēmàĩĺ àďďŕēśś ƀŷ śēńďĩńĝ ţĥēm à ōńē-ţĩmē-ĺĩńķ. Ćàń àĺśō ƀē ũśēď ƒōŕ ŕēćōvēŕŷ ţō vēŕĩƒŷ ţĥē ũśēŕ'ś àũţĥēńţĩćĩţŷ. + + + + Activate pending user on success + Àćţĩvàţē ƥēńďĩńĝ ũśēŕ ōń śũććēśś + + + + When a user returns from the email successfully, their account will be activated. + Ŵĥēń à ũśēŕ ŕēţũŕńś ƒŕōm ţĥē ēmàĩĺ śũććēśśƒũĺĺŷ, ţĥēĩŕ àććōũńţ ŵĩĺĺ ƀē àćţĩvàţēď. + + + + Use global settings + Ũśē ĝĺōƀàĺ śēţţĩńĝś + + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + Ŵĥēń ēńàƀĺēď, ĝĺōƀàĺ Ēmàĩĺ ćōńńēćţĩōń śēţţĩńĝś ŵĩĺĺ ƀē ũśēď àńď ćōńńēćţĩōń śēţţĩńĝś ƀēĺōŵ ŵĩĺĺ ƀē ĩĝńōŕēď. + + + + Token expiry + Ţōķēń ēxƥĩŕŷ + + + + Time in minutes the token sent is valid. + Ţĩmē ĩń mĩńũţēś ţĥē ţōķēń śēńţ ĩś vàĺĩď. + + + + Template + Ţēmƥĺàţē + + + + Let the user identify themselves with their username or Email address. + Ĺēţ ţĥē ũśēŕ ĩďēńţĩƒŷ ţĥēmśēĺvēś ŵĩţĥ ţĥēĩŕ ũśēŕńàmē ōŕ Ēmàĩĺ àďďŕēśś. + + + + User fields + Ũśēŕ ƒĩēĺďś + + + + UPN + ŨƤŃ + + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + Ƒĩēĺďś à ũśēŕ ćàń ĩďēńţĩƒŷ ţĥēmśēĺvēś ŵĩţĥ. Ĩƒ ńō ƒĩēĺďś àŕē śēĺēćţēď, ţĥē ũśēŕ ŵĩĺĺ ōńĺŷ ƀē àƀĺē ţō ũśē śōũŕćēś. + + + + Password stage + Ƥàśśŵōŕď śţàĝē + + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + Ŵĥēń śēĺēćţēď, à ƥàśśŵōŕď ƒĩēĺď ĩś śĥōŵń ōń ţĥē śàmē ƥàĝē ĩńśţēàď ōƒ à śēƥàŕàţē ƥàĝē. Ţĥĩś ƥŕēvēńţś ũśēŕńàmē ēńũmēŕàţĩōń àţţàćķś. + + + + Case insensitive matching + Ćàśē ĩńśēńśĩţĩvē màţćĥĩńĝ + + + + When enabled, user fields are matched regardless of their casing. + Ŵĥēń ēńàƀĺēď, ũśēŕ ƒĩēĺďś àŕē màţćĥēď ŕēĝàŕďĺēśś ōƒ ţĥēĩŕ ćàśĩńĝ. + + + + Show matched user + Śĥōŵ màţćĥēď ũśēŕ + + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + Ŵĥēń à vàĺĩď ũśēŕńàmē/ēmàĩĺ ĥàś ƀēēń ēńţēŕēď, àńď ţĥĩś ōƥţĩōń ĩś ēńàƀĺēď, ţĥē ũśēŕ'ś ũśēŕńàmē àńď àvàţàŕ ŵĩĺĺ ƀē śĥōŵń. Ōţĥēŕŵĩśē, ţĥē ţēxţ ţĥàţ ţĥē ũśēŕ ēńţēŕēď ŵĩĺĺ ƀē śĥōŵń. + + + + Source settings + Śōũŕćē śēţţĩńĝś + + + + Sources + Śōũŕćēś + + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + Śēĺēćţ śōũŕćēś śĥōũĺď ƀē śĥōŵń ƒōŕ ũśēŕś ţō àũţĥēńţĩćàţē ŵĩţĥ. Ţĥĩś ōńĺŷ àƒƒēćţś ŵēƀ-ƀàśēď śōũŕćēś, ńōţ ĹĎÀƤ. + + + + Show sources' labels + Śĥōŵ śōũŕćēś' ĺàƀēĺś + + + + By default, only icons are shown for sources. Enable this to show their full names. + ßŷ ďēƒàũĺţ, ōńĺŷ ĩćōńś àŕē śĥōŵń ƒōŕ śōũŕćēś. Ēńàƀĺē ţĥĩś ţō śĥōŵ ţĥēĩŕ ƒũĺĺ ńàmēś. + + + + Passwordless flow + Ƥàśśŵōŕďĺēśś ƒĺōŵ + + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + Ōƥţĩōńàĺ ƥàśśŵōŕďĺēśś ƒĺōŵ, ŵĥĩćĥ ĩś ĺĩńķēď àţ ţĥē ƀōţţōm ōƒ ţĥē ƥàĝē. Ŵĥēń ćōńƒĩĝũŕēď, ũśēŕś ćàń ũśē ţĥĩś ƒĺōŵ ţō àũţĥēńţĩćàţē ŵĩţĥ à ŴēƀÀũţĥń àũţĥēńţĩćàţōŕ, ŵĩţĥōũţ ēńţēŕĩńĝ àńŷ ďēţàĩĺś. + + + + Optional enrollment flow, which is linked at the bottom of the page. + Ōƥţĩōńàĺ ēńŕōĺĺmēńţ ƒĺōŵ, ŵĥĩćĥ ĩś ĺĩńķēď àţ ţĥē ƀōţţōm ōƒ ţĥē ƥàĝē. + + + + Optional recovery flow, which is linked at the bottom of the page. + Ōƥţĩōńàĺ ŕēćōvēŕŷ ƒĺōŵ, ŵĥĩćĥ ĩś ĺĩńķēď àţ ţĥē ƀōţţōm ōƒ ţĥē ƥàĝē. + + + + This stage can be included in enrollment flows to accept invitations. + Ţĥĩś śţàĝē ćàń ƀē ĩńćĺũďēď ĩń ēńŕōĺĺmēńţ ƒĺōŵś ţō àććēƥţ ĩńvĩţàţĩōńś. + + + + Continue flow without invitation + Ćōńţĩńũē ƒĺōŵ ŵĩţĥōũţ ĩńvĩţàţĩōń + + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + Ĩƒ ţĥĩś ƒĺàĝ ĩś śēţ, ţĥĩś Śţàĝē ŵĩĺĺ Ĵũmƥ ţō ţĥē ńēxţ Śţàĝē ŵĥēń ńō Ĩńvĩţàţĩōń ĩś ĝĩvēń. ßŷ ďēƒàũĺţ ţĥĩś Śţàĝē ŵĩĺĺ ćàńćēĺ ţĥē Ƒĺōŵ ŵĥēń ńō ĩńvĩţàţĩōń ĩś ĝĩvēń. + + + + Validate the user's password against the selected backend(s). + Vàĺĩďàţē ţĥē ũśēŕ'ś ƥàśśŵōŕď àĝàĩńśţ ţĥē śēĺēćţēď ƀàćķēńď(ś). + + + + Backends + ßàćķēńďś + + + + User database + standard password + Ũśēŕ ďàţàƀàśē + śţàńďàŕď ƥàśśŵōŕď + + + + User database + app passwords + Ũśēŕ ďàţàƀàśē + àƥƥ ƥàśśŵōŕďś + + + + User database + LDAP password + Ũśēŕ ďàţàƀàśē + ĹĎÀƤ ƥàśśŵōŕď + + + + Selection of backends to test the password against. + Śēĺēćţĩōń ōƒ ƀàćķēńďś ţō ţēśţ ţĥē ƥàśśŵōŕď àĝàĩńśţ. + + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + Ƒĺōŵ ũśēď ƀŷ àń àũţĥēńţĩćàţēď ũśēŕ ţō ćōńƒĩĝũŕē ţĥēĩŕ ƥàśśŵōŕď. Ĩƒ ēmƥţŷ, ũśēŕ ŵĩĺĺ ńōţ ƀē àƀĺē ţō ćōńƒĩĝũŕē ćĥàńĝē ţĥēĩŕ ƥàśśŵōŕď. + + + + Failed attempts before cancel + Ƒàĩĺēď àţţēmƥţś ƀēƒōŕē ćàńćēĺ + + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + Ĥōŵ màńŷ àţţēmƥţś à ũśēŕ ĥàś ƀēƒōŕē ţĥē ƒĺōŵ ĩś ćàńćēĺēď. Ţō ĺōćķ ţĥē ũśēŕ ōũţ, ũśē à ŕēƥũţàţĩōń ƥōĺĩćŷ àńď à ũśēŕ_ŵŕĩţē śţàĝē. + + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + Śĥōŵ àŕƀĩţŕàŕŷ ĩńƥũţ ƒĩēĺďś ţō ţĥē ũśēŕ, ƒōŕ ēxàmƥĺē ďũŕĩńĝ ēńŕōĺĺmēńţ. Ďàţà ĩś śàvēď ĩń ţĥē ƒĺōŵ ćōńţēxţ ũńďēŕ ţĥē 'ƥŕōmƥţ_ďàţà' vàŕĩàƀĺē. + + + + Fields + Ƒĩēĺďś + + + + ("", of type ) + ("", ōƒ ţŷƥē ) + + + + Validation Policies + Vàĺĩďàţĩōń Ƥōĺĩćĩēś + + + + Selected policies are executed when the stage is submitted to validate the data. + Śēĺēćţēď ƥōĺĩćĩēś àŕē ēxēćũţēď ŵĥēń ţĥē śţàĝē ĩś śũƀmĩţţēď ţō vàĺĩďàţē ţĥē ďàţà. + + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + Ďēĺēţē ţĥē ćũŕŕēńţĺŷ ƥēńďĩńĝ ũśēŕ. ĆÀŨŢĨŌŃ, ţĥĩś śţàĝē ďōēś ńōţ àśķ ƒōŕ ćōńƒĩŕmàţĩōń. Ũśē à ćōńśēńţ śţàĝē ţō ēńśũŕē ţĥē ũśēŕ ĩś àŵàŕē ōƒ ţĥēĩŕ àćţĩōńś. + + + Log the currently pending user in. + Ĺōĝ ţĥē ćũŕŕēńţĺŷ ƥēńďĩńĝ ũśēŕ ĩń. + + + + Session duration + Śēśśĩōń ďũŕàţĩōń + + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + Ďēţēŕmĩńēś ĥōŵ ĺōńĝ à śēśśĩōń ĺàśţś. Ďēƒàũĺţ ōƒ 0 śēćōńďś mēàńś ţĥàţ ţĥē śēśśĩōńś ĺàśţś ũńţĩĺ ţĥē ƀŕōŵśēŕ ĩś ćĺōśēď. + + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + Ďĩƒƒēŕēńţ ƀŕōŵśēŕś ĥàńďĺē śēśśĩōń ćōōķĩēś ďĩƒƒēŕēńţĺŷ, àńď mĩĝĥţ ńōţ ŕēmōvē ţĥēm ēvēń ŵĥēń ţĥē ƀŕōŵśēŕ ĩś ćĺōśēď. + + + + See here. + Śēē ĥēŕē. + + + + Stay signed in offset + Śţàŷ śĩĝńēď ĩń ōƒƒśēţ + + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + Ĩƒ śēţ ţō à ďũŕàţĩōń àƀōvē 0, ţĥē ũśēŕ ŵĩĺĺ ĥàvē ţĥē ōƥţĩōń ţō ćĥōōśē ţō "śţàŷ śĩĝńēď ĩń", ŵĥĩćĥ ŵĩĺĺ ēxţēńď ţĥēĩŕ śēśśĩōń ƀŷ ţĥē ţĩmē śƥēćĩƒĩēď ĥēŕē. + + + + Terminate other sessions + Ţēŕmĩńàţē ōţĥēŕ śēśśĩōńś + + + + When enabled, all previous sessions of the user will be terminated. + Ŵĥēń ēńàƀĺēď, àĺĺ ƥŕēvĩōũś śēśśĩōńś ōƒ ţĥē ũśēŕ ŵĩĺĺ ƀē ţēŕmĩńàţēď. + + + + Remove the user from the current session. + Ŕēmōvē ţĥē ũśēŕ ƒŕōm ţĥē ćũŕŕēńţ śēśśĩōń. + + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + Ŵŕĩţē àńŷ ďàţà ƒŕōm ţĥē ƒĺōŵ'ś ćōńţēxţ'ś 'ƥŕōmƥţ_ďàţà' ţō ţĥē ćũŕŕēńţĺŷ ƥēńďĩńĝ ũśēŕ. Ĩƒ ńō ũśēŕ + ĩś ƥēńďĩńĝ, à ńēŵ ũśēŕ ĩś ćŕēàţēď, àńď ďàţà ĩś ŵŕĩţţēń ţō ţĥēm. + + + Never create users + Ńēvēŕ ćŕēàţē ũśēŕś + + + + When no user is present in the flow context, the stage will fail. + Ŵĥēń ńō ũśēŕ ĩś ƥŕēśēńţ ĩń ţĥē ƒĺōŵ ćōńţēxţ, ţĥē śţàĝē ŵĩĺĺ ƒàĩĺ. + + + + Create users when required + Ćŕēàţē ũśēŕś ŵĥēń ŕēǫũĩŕēď + + + + When no user is present in the the flow context, a new user is created. + Ŵĥēń ńō ũśēŕ ĩś ƥŕēśēńţ ĩń ţĥē ţĥē ƒĺōŵ ćōńţēxţ, à ńēŵ ũśēŕ ĩś ćŕēàţēď. + + + + Always create new users + Àĺŵàŷś ćŕēàţē ńēŵ ũśēŕś + + + + Create a new user even if a user is in the flow context. + Ćŕēàţē à ńēŵ ũśēŕ ēvēń ĩƒ à ũśēŕ ĩś ĩń ţĥē ƒĺōŵ ćōńţēxţ. + + + + Create users as inactive + Ćŕēàţē ũśēŕś àś ĩńàćţĩvē + + + + Mark newly created users as inactive. + Màŕķ ńēŵĺŷ ćŕēàţēď ũśēŕś àś ĩńàćţĩvē. + + + + User path template + Ũśēŕ ƥàţĥ ţēmƥĺàţē + + + + Path new users will be created under. If left blank, the default path will be used. + Ƥàţĥ ńēŵ ũśēŕś ŵĩĺĺ ƀē ćŕēàţēď ũńďēŕ. Ĩƒ ĺēƒţ ƀĺàńķ, ţĥē ďēƒàũĺţ ƥàţĥ ŵĩĺĺ ƀē ũśēď. + + + + Newly created users are added to this group, if a group is selected. + Ńēŵĺŷ ćŕēàţēď ũśēŕś àŕē àďďēď ţō ţĥĩś ĝŕōũƥ, ĩƒ à ĝŕōũƥ ĩś śēĺēćţēď. + + + + New stage + Ńēŵ śţàĝē + + + + Create a new stage. + Ćŕēàţē à ńēŵ śţàĝē. + + + + Successfully imported device. + Śũććēśśƒũĺĺŷ ĩmƥōŕţēď ďēvĩćē. + + + + The user in authentik this device will be assigned to. + Ţĥē ũśēŕ ĩń àũţĥēńţĩķ ţĥĩś ďēvĩćē ŵĩĺĺ ƀē àśśĩĝńēď ţō. + + + + Duo User ID + Ďũō Ũśēŕ ĨĎ + + + + The user ID in Duo, can be found in the URL after clicking on a user. + Ţĥē ũśēŕ ĨĎ ĩń Ďũō, ćàń ƀē ƒōũńď ĩń ţĥē ŨŔĹ àƒţēŕ ćĺĩćķĩńĝ ōń à ũśēŕ. + + + + Automatic import + Àũţōmàţĩć ĩmƥōŕţ + + + + Successfully imported devices. + Śũććēśśƒũĺĺŷ ĩmƥōŕţēď ďēvĩćēś. + + + + Start automatic import + Śţàŕţ àũţōmàţĩć ĩmƥōŕţ + + + + Or manually import + Ōŕ màńũàĺĺŷ ĩmƥōŕţ + + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + Śţàĝēś àŕē śĩńĝĺē śţēƥś ōƒ à Ƒĺōŵ ţĥàţ à ũśēŕ ĩś ĝũĩďēď ţĥŕōũĝĥ. À śţàĝē ćàń ōńĺŷ ƀē ēxēćũţēď ƒŕōm ŵĩţĥĩń à ƒĺōŵ. + + + + Flows + Ƒĺōŵś + + + + Stage(s) + Śţàĝē(ś) + + + + Import + Ĩmƥōŕţ + + + + Import Duo device + Ĩmƥōŕţ Ďũō ďēvĩćē + + + + Successfully updated flow. + Śũććēśśƒũĺĺŷ ũƥďàţēď ƒĺōŵ. + + + + Successfully created flow. + Śũććēśśƒũĺĺŷ ćŕēàţēď ƒĺōŵ. + + + + Shown as the Title in Flow pages. + Śĥōŵń àś ţĥē Ţĩţĺē ĩń Ƒĺōŵ ƥàĝēś. + + + + Visible in the URL. + Vĩśĩƀĺē ĩń ţĥē ŨŔĹ. + + + + Designation + Ďēśĩĝńàţĩōń + + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + Ďēćĩďēś ŵĥàţ ţĥĩś Ƒĺōŵ ĩś ũśēď ƒōŕ. Ƒōŕ ēxàmƥĺē, ţĥē Àũţĥēńţĩćàţĩōń ƒĺōŵ ĩś ŕēďĩŕēćţ ţō ŵĥēń àń ũń-àũţĥēńţĩćàţēď ũśēŕ vĩśĩţś àũţĥēńţĩķ. + + + + No requirement + Ńō ŕēǫũĩŕēmēńţ + + + + Require authentication + Ŕēǫũĩŕē àũţĥēńţĩćàţĩōń + + + + Require no authentication. + Ŕēǫũĩŕē ńō àũţĥēńţĩćàţĩōń. + + + + Require superuser. + Ŕēǫũĩŕē śũƥēŕũśēŕ. + + + + Required authentication level for this flow. + Ŕēǫũĩŕēď àũţĥēńţĩćàţĩōń ĺēvēĺ ƒōŕ ţĥĩś ƒĺōŵ. + + + + Behavior settings + ßēĥàvĩōŕ śēţţĩńĝś + + + + Compatibility mode + Ćōmƥàţĩƀĩĺĩţŷ mōďē + + + + Increases compatibility with password managers and mobile devices. + Ĩńćŕēàśēś ćōmƥàţĩƀĩĺĩţŷ ŵĩţĥ ƥàśśŵōŕď màńàĝēŕś àńď mōƀĩĺē ďēvĩćēś. + + + + Denied action + Ďēńĩēď àćţĩōń + + + + Will follow the ?next parameter if set, otherwise show a message + Ŵĩĺĺ ƒōĺĺōŵ ţĥē ?ńēxţ ƥàŕàmēţēŕ ĩƒ śēţ, ōţĥēŕŵĩśē śĥōŵ à mēśśàĝē + + + + Will either follow the ?next parameter or redirect to the default interface + Ŵĩĺĺ ēĩţĥēŕ ƒōĺĺōŵ ţĥē ?ńēxţ ƥàŕàmēţēŕ ōŕ ŕēďĩŕēćţ ţō ţĥē ďēƒàũĺţ ĩńţēŕƒàćē + + + + Will notify the user the flow isn't applicable + Ŵĩĺĺ ńōţĩƒŷ ţĥē ũśēŕ ţĥē ƒĺōŵ ĩśń'ţ àƥƥĺĩćàƀĺē + + + + Decides the response when a policy denies access to this flow for a user. + Ďēćĩďēś ţĥē ŕēśƥōńśē ŵĥēń à ƥōĺĩćŷ ďēńĩēś àććēśś ţō ţĥĩś ƒĺōŵ ƒōŕ à ũśēŕ. + + + + Appearance settings + Àƥƥēàŕàńćē śēţţĩńĝś + + + + Layout + Ĺàŷōũţ + + + + Background + ßàćķĝŕōũńď + + + + Background shown during execution. + ßàćķĝŕōũńď śĥōŵń ďũŕĩńĝ ēxēćũţĩōń. + + + + Clear background + Ćĺēàŕ ƀàćķĝŕōũńď + + + + Delete currently set background image. + Ďēĺēţē ćũŕŕēńţĺŷ śēţ ƀàćķĝŕōũńď ĩmàĝē. + + + + Successfully imported flow. + Śũććēśśƒũĺĺŷ ĩmƥōŕţēď ƒĺōŵ. + + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + .ŷàmĺ ƒĩĺēś, ŵĥĩćĥ ćàń ƀē ƒōũńď ōń ĝōàũţĥēńţĩķ.ĩō àńď ćàń ƀē ēxƥōŕţēď ƀŷ àũţĥēńţĩķ. + + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + Ƒĺōŵś ďēśćŕĩƀē à ćĥàĩń ōƒ Śţàĝēś ţō àũţĥēńţĩćàţē, ēńŕōĺĺ ōŕ ŕēćōvēŕ à ũśēŕ. Śţàĝēś àŕē ćĥōśēń ƀàśēď ōń ƥōĺĩćĩēś àƥƥĺĩēď ţō ţĥēm. + + + + Flow(s) + Ƒĺōŵ(ś) + + + + Update Flow + Ũƥďàţē Ƒĺōŵ + + + + Create Flow + Ćŕēàţē Ƒĺōŵ + + + + Import Flow + Ĩmƥōŕţ Ƒĺōŵ + + + + Successfully cleared flow cache + Śũććēśśƒũĺĺŷ ćĺēàŕēď ƒĺōŵ ćàćĥē + + + + Failed to delete flow cache + Ƒàĩĺēď ţō ďēĺēţē ƒĺōŵ ćàćĥē + + + + Clear Flow cache + Ćĺēàŕ Ƒĺōŵ ćàćĥē + + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + Àŕē ŷōũ śũŕē ŷōũ ŵàńţ ţō ćĺēàŕ ţĥē ƒĺōŵ ćàćĥē? + Ţĥĩś ŵĩĺĺ ćàũśē àĺĺ ƒĺōŵś ţō ƀē ŕē-ēvàĺũàţēď ōń ţĥēĩŕ ńēxţ ũśàĝē. + + + Stage binding(s) + Śţàĝē ƀĩńďĩńĝ(ś) + + + + Stage type + Śţàĝē ţŷƥē + + + + Edit Stage + Ēďĩţ Śţàĝē + + + + Update Stage binding + Ũƥďàţē Śţàĝē ƀĩńďĩńĝ + + + + These bindings control if this stage will be applied to the flow. + Ţĥēśē ƀĩńďĩńĝś ćōńţŕōĺ ĩƒ ţĥĩś śţàĝē ŵĩĺĺ ƀē àƥƥĺĩēď ţō ţĥē ƒĺōŵ. + + + + No Stages bound + Ńō Śţàĝēś ƀōũńď + + + + No stages are currently bound to this flow. + Ńō śţàĝēś àŕē ćũŕŕēńţĺŷ ƀōũńď ţō ţĥĩś ƒĺōŵ. + + + + Create Stage binding + Ćŕēàţē Śţàĝē ƀĩńďĩńĝ + + + + Bind stage + ßĩńď śţàĝē + + + + Bind existing stage + ßĩńď ēxĩśţĩńĝ śţàĝē + + + + Flow Overview + Ƒĺōŵ Ōvēŕvĩēŵ + + + + Related actions + Ŕēĺàţēď àćţĩōńś + + + + Execute flow + Ēxēćũţē ƒĺōŵ + + + + Normal + Ńōŕmàĺ + + + + with current user + ŵĩţĥ ćũŕŕēńţ ũśēŕ + + + + with inspector + ŵĩţĥ ĩńśƥēćţōŕ + + + + Export flow + Ēxƥōŕţ ƒĺōŵ + + + + Export + Ēxƥōŕţ + + + + Stage Bindings + Śţàĝē ßĩńďĩńĝś + + + + These bindings control which users can access this flow. + Ţĥēśē ƀĩńďĩńĝś ćōńţŕōĺ ŵĥĩćĥ ũśēŕś ćàń àććēśś ţĥĩś ƒĺōŵ. + + + + Event Log + Ēvēńţ Ĺōĝ + + + + Event + Ēvēńţ + + + + Event info + Ēvēńţ ĩńƒō + + + + Created + Ćŕēàţēď + + + + Successfully updated transport. + Śũććēśśƒũĺĺŷ ũƥďàţēď ţŕàńśƥōŕţ. + + + + Successfully created transport. + Śũććēśśƒũĺĺŷ ćŕēàţēď ţŕàńśƥōŕţ. + + + + Local (notifications will be created within authentik) + Ĺōćàĺ (ńōţĩƒĩćàţĩōńś ŵĩĺĺ ƀē ćŕēàţēď ŵĩţĥĩń àũţĥēńţĩķ) + + + + Webhook (generic) + Ŵēƀĥōōķ (ĝēńēŕĩć) + + + + Webhook (Slack/Discord) + Ŵēƀĥōōķ (Śĺàćķ/Ďĩśćōŕď) + + + + Webhook URL + Ŵēƀĥōōķ ŨŔĹ + + + + Webhook Mapping + Ŵēƀĥōōķ Màƥƥĩńĝ + + + + Send once + Śēńď ōńćē + + + + Only send notification once, for example when sending a webhook into a chat channel. + Ōńĺŷ śēńď ńōţĩƒĩćàţĩōń ōńćē, ƒōŕ ēxàmƥĺē ŵĥēń śēńďĩńĝ à ŵēƀĥōōķ ĩńţō à ćĥàţ ćĥàńńēĺ. + + + + Notification Transports + Ńōţĩƒĩćàţĩōń Ţŕàńśƥōŕţś + + + + Define how notifications are sent to users, like Email or Webhook. + Ďēƒĩńē ĥōŵ ńōţĩƒĩćàţĩōńś àŕē śēńţ ţō ũśēŕś, ĺĩķē Ēmàĩĺ ōŕ Ŵēƀĥōōķ. + + + + Notification transport(s) + Ńōţĩƒĩćàţĩōń ţŕàńśƥōŕţ(ś) + + + + Update Notification Transport + Ũƥďàţē Ńōţĩƒĩćàţĩōń Ţŕàńśƥōŕţ + + + + Create Notification Transport + Ćŕēàţē Ńōţĩƒĩćàţĩōń Ţŕàńśƥōŕţ + + + + Successfully updated rule. + Śũććēśśƒũĺĺŷ ũƥďàţēď ŕũĺē. + + + + Successfully created rule. + Śũććēśśƒũĺĺŷ ćŕēàţēď ŕũĺē. + + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + Śēĺēćţ ţĥē ĝŕōũƥ ōƒ ũśēŕś ŵĥĩćĥ ţĥē àĺēŕţś àŕē śēńţ ţō. Ĩƒ ńō ĝŕōũƥ ĩś śēĺēćţēď ţĥē ŕũĺē ĩś ďĩśàƀĺēď. + + + + Transports + Ţŕàńśƥōŕţś + + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + Śēĺēćţ ŵĥĩćĥ ţŕàńśƥōŕţś śĥōũĺď ƀē ũśēď ţō ńōţĩƒŷ ţĥē ũśēŕ. Ĩƒ ńōńē àŕē śēĺēćţēď, ţĥē ńōţĩƒĩćàţĩōń ŵĩĺĺ ōńĺŷ ƀē śĥōŵń ĩń ţĥē àũţĥēńţĩķ ŨĨ. + + + + Severity + Śēvēŕĩţŷ + + + + Notification Rules + Ńōţĩƒĩćàţĩōń Ŕũĺēś + + + + Send notifications whenever a specific Event is created and matched by policies. + Śēńď ńōţĩƒĩćàţĩōńś ŵĥēńēvēŕ à śƥēćĩƒĩć Ēvēńţ ĩś ćŕēàţēď àńď màţćĥēď ƀŷ ƥōĺĩćĩēś. + + + + Sent to group + Śēńţ ţō ĝŕōũƥ + + + + Notification rule(s) + Ńōţĩƒĩćàţĩōń ŕũĺē(ś) + + + + None (rule disabled) + Ńōńē (ŕũĺē ďĩśàƀĺēď) + + + + Update Notification Rule + Ũƥďàţē Ńōţĩƒĩćàţĩōń Ŕũĺē + + + + Create Notification Rule + Ćŕēàţē Ńōţĩƒĩćàţĩōń Ŕũĺē + + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + Ţĥēśē ƀĩńďĩńĝś ćōńţŕōĺ ũƥōń ŵĥĩćĥ ēvēńţś ţĥĩś ŕũĺē ţŕĩĝĝēŕś. +ßĩńďĩńĝś ţō ĝŕōũƥś/ũśēŕś àŕē ćĥēćķēď àĝàĩńśţ ţĥē ũśēŕ ōƒ ţĥē ēvēńţ. + + + Outpost Deployment Info + Ōũţƥōśţ Ďēƥĺōŷmēńţ Ĩńƒō + + + + View deployment documentation + Vĩēŵ ďēƥĺōŷmēńţ ďōćũmēńţàţĩōń + + + + Click to copy token + Ćĺĩćķ ţō ćōƥŷ ţōķēń + + + + If your authentik Instance is using a self-signed certificate, set this value. + Ĩƒ ŷōũŕ àũţĥēńţĩķ Ĩńśţàńćē ĩś ũśĩńĝ à śēĺƒ-śĩĝńēď ćēŕţĩƒĩćàţē, śēţ ţĥĩś vàĺũē. + + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + Ĩƒ ŷōũŕ àũţĥēńţĩķ_ĥōśţ śēţţĩńĝ ďōēś ńōţ màţćĥ ţĥē ŨŔĹ ŷōũ ŵàńţ ţō ĺōĝĩń ŵĩţĥ, àďď ţĥĩś śēţţĩńĝ. + + + + Successfully updated outpost. + Śũććēśśƒũĺĺŷ ũƥďàţēď ōũţƥōśţ. + + + + Successfully created outpost. + Śũććēśśƒũĺĺŷ ćŕēàţēď ōũţƥōśţ. + + + + Radius + Ŕàďĩũś + + + + Integration + Ĩńţēĝŕàţĩōń + + + + Selecting an integration enables the management of the outpost by authentik. + Śēĺēćţĩńĝ àń ĩńţēĝŕàţĩōń ēńàƀĺēś ţĥē màńàĝēmēńţ ōƒ ţĥē ōũţƥōśţ ƀŷ àũţĥēńţĩķ. + + + + You can only select providers that match the type of the outpost. + Ŷōũ ćàń ōńĺŷ śēĺēćţ ƥŕōvĩďēŕś ţĥàţ màţćĥ ţĥē ţŷƥē ōƒ ţĥē ōũţƥōśţ. + + + + Configuration + Ćōńƒĩĝũŕàţĩōń + + + + See more here: + Śēē mōŕē ĥēŕē: + + + + Documentation + Ďōćũmēńţàţĩōń + + + + Last seen + Ĺàśţ śēēń + + + + , should be + , śĥōũĺď ƀē + + + + Hostname + Ĥōśţńàmē + + + + Not available + Ńōţ àvàĩĺàƀĺē + + + + Last seen: + Ĺàśţ śēēń: + + + + Unknown type + Ũńķńōŵń ţŷƥē + + + + Outposts + Ōũţƥōśţś + + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Ōũţƥōśţś àŕē ďēƥĺōŷmēńţś ōƒ àũţĥēńţĩķ ćōmƥōńēńţś ţō śũƥƥōŕţ ďĩƒƒēŕēńţ ēńvĩŕōńmēńţś àńď ƥŕōţōćōĺś, ĺĩķē ŕēvēŕśē ƥŕōxĩēś. + + + + Health and Version + Ĥēàĺţĥ àńď Vēŕśĩōń + + + + Warning: authentik Domain is not configured, authentication will not work. + Ŵàŕńĩńĝ: àũţĥēńţĩķ Ďōmàĩń ĩś ńōţ ćōńƒĩĝũŕēď, àũţĥēńţĩćàţĩōń ŵĩĺĺ ńōţ ŵōŕķ. + + + + Logging in via . + Ĺōĝĝĩńĝ ĩń vĩà . + + + + No integration active + Ńō ĩńţēĝŕàţĩōń àćţĩvē + + + + Update Outpost + Ũƥďàţē Ōũţƥōśţ + + + + View Deployment Info + Vĩēŵ Ďēƥĺōŷmēńţ Ĩńƒō + + + + Detailed health (one instance per column, data is cached so may be out of date) + Ďēţàĩĺēď ĥēàĺţĥ (ōńē ĩńśţàńćē ƥēŕ ćōĺũmń, ďàţà ĩś ćàćĥēď śō màŷ ƀē ōũţ ōƒ ďàţē) + + + + Outpost(s) + Ōũţƥōśţ(ś) + + + + Create Outpost + Ćŕēàţē Ōũţƥōśţ + + + + Successfully updated integration. + Śũććēśśƒũĺĺŷ ũƥďàţēď ĩńţēĝŕàţĩōń. + + + + Successfully created integration. + Śũććēśśƒũĺĺŷ ćŕēàţēď ĩńţēĝŕàţĩōń. + + + + Local + Ĺōćàĺ + + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + Ĩƒ ēńàƀĺēď, ũśē ţĥē ĺōćàĺ ćōńńēćţĩōń. Ŕēǫũĩŕēď Ďōćķēŕ śōćķēţ/Ķũƀēŕńēţēś Ĩńţēĝŕàţĩōń. + + + + Docker URL + Ďōćķēŕ ŨŔĹ + + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + Ćàń ƀē ĩń ţĥē ƒōŕmàţ ōƒ 'ũńĩx://' ŵĥēń ćōńńēćţĩńĝ ţō à ĺōćàĺ ďōćķēŕ ďàēmōń, ũśĩńĝ 'śśĥ://' ţō ćōńńēćţ vĩà ŚŚĤ, ōŕ 'ĥţţƥś://:2376' ŵĥēń ćōńńēćţĩńĝ ţō à ŕēmōţē śŷśţēm. + + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + ĆÀ ŵĥĩćĥ ţĥē ēńďƥōĩńţ'ś Ćēŕţĩƒĩćàţē ĩś vēŕĩƒĩēď àĝàĩńśţ. Ćàń ƀē ĺēƒţ ēmƥţŷ ƒōŕ ńō vàĺĩďàţĩōń. + + + + TLS Authentication Certificate/SSH Keypair + ŢĹŚ Àũţĥēńţĩćàţĩōń Ćēŕţĩƒĩćàţē/ŚŚĤ Ķēŷƥàĩŕ + + + + Certificate/Key used for authentication. Can be left empty for no authentication. + Ćēŕţĩƒĩćàţē/Ķēŷ ũśēď ƒōŕ àũţĥēńţĩćàţĩōń. Ćàń ƀē ĺēƒţ ēmƥţŷ ƒōŕ ńō àũţĥēńţĩćàţĩōń. + + + + When connecting via SSH, this keypair is used for authentication. + Ŵĥēń ćōńńēćţĩńĝ vĩà ŚŚĤ, ţĥĩś ķēŷƥàĩŕ ĩś ũśēď ƒōŕ àũţĥēńţĩćàţĩōń. + + + + Kubeconfig + Ķũƀēćōńƒĩĝ + + + + Verify Kubernetes API SSL Certificate + Vēŕĩƒŷ Ķũƀēŕńēţēś ÀƤĨ ŚŚĹ Ćēŕţĩƒĩćàţē + + + + New outpost integration + Ńēŵ ōũţƥōśţ ĩńţēĝŕàţĩōń + + + + Create a new outpost integration. + Ćŕēàţē à ńēŵ ōũţƥōśţ ĩńţēĝŕàţĩōń. + + + + State + Śţàţē + + + + Unhealthy + Ũńĥēàĺţĥŷ + + + + Outpost integration(s) + Ōũţƥōśţ ĩńţēĝŕàţĩōń(ś) + + + + Successfully generated certificate-key pair. + Śũććēśśƒũĺĺŷ ĝēńēŕàţēď ćēŕţĩƒĩćàţē-ķēŷ ƥàĩŕ. + + + + Common Name + Ćōmmōń Ńàmē + + + + Subject-alt name + ŚũƀĴēćţ-àĺţ ńàmē + + + + Optional, comma-separated SubjectAlt Names. + Ōƥţĩōńàĺ, ćōmmà-śēƥàŕàţēď ŚũƀĴēćţÀĺţ Ńàmēś. + + + + Validity days + Vàĺĩďĩţŷ ďàŷś + + + + Successfully updated certificate-key pair. + Śũććēśśƒũĺĺŷ ũƥďàţēď ćēŕţĩƒĩćàţē-ķēŷ ƥàĩŕ. + + + + Successfully created certificate-key pair. + Śũććēśśƒũĺĺŷ ćŕēàţēď ćēŕţĩƒĩćàţē-ķēŷ ƥàĩŕ. + + + + PEM-encoded Certificate data. + ƤĒM-ēńćōďēď Ćēŕţĩƒĩćàţē ďàţà. + + + + Optional Private Key. If this is set, you can use this keypair for encryption. + Ōƥţĩōńàĺ Ƥŕĩvàţē Ķēŷ. Ĩƒ ţĥĩś ĩś śēţ, ŷōũ ćàń ũśē ţĥĩś ķēŷƥàĩŕ ƒōŕ ēńćŕŷƥţĩōń. + + + + Certificate-Key Pairs + Ćēŕţĩƒĩćàţē-Ķēŷ Ƥàĩŕś + + + + Import certificates of external providers or create certificates to sign requests with. + Ĩmƥōŕţ ćēŕţĩƒĩćàţēś ōƒ ēxţēŕńàĺ ƥŕōvĩďēŕś ōŕ ćŕēàţē ćēŕţĩƒĩćàţēś ţō śĩĝń ŕēǫũēśţś ŵĩţĥ. + + + + Private key available? + Ƥŕĩvàţē ķēŷ àvàĩĺàƀĺē? + + + + Certificate-Key Pair(s) + Ćēŕţĩƒĩćàţē-Ķēŷ Ƥàĩŕ(ś) + + + + Managed by authentik + Màńàĝēď ƀŷ àũţĥēńţĩķ + + + + Managed by authentik (Discovered) + Màńàĝēď ƀŷ àũţĥēńţĩķ (Ďĩśćōvēŕēď) + + + + Yes () + Ŷēś () + + + + No + Ńō + + + + Update Certificate-Key Pair + Ũƥďàţē Ćēŕţĩƒĩćàţē-Ķēŷ Ƥàĩŕ + + + + Certificate Fingerprint (SHA1) + Ćēŕţĩƒĩćàţē Ƒĩńĝēŕƥŕĩńţ (ŚĤÀ1) + + + + Certificate Fingerprint (SHA256) + Ćēŕţĩƒĩćàţē Ƒĩńĝēŕƥŕĩńţ (ŚĤÀ256) + + + + Certificate Subject + Ćēŕţĩƒĩćàţē ŚũƀĴēćţ + + + + Download Certificate + Ďōŵńĺōàď Ćēŕţĩƒĩćàţē + + + + Download Private key + Ďōŵńĺōàď Ƥŕĩvàţē ķēŷ + + + + Create Certificate-Key Pair + Ćŕēàţē Ćēŕţĩƒĩćàţē-Ķēŷ Ƥàĩŕ + + + + Generate + Ĝēńēŕàţē + + + + Generate Certificate-Key Pair + Ĝēńēŕàţē Ćēŕţĩƒĩćàţē-Ķēŷ Ƥàĩŕ + + + + Successfully updated instance. + Śũććēśśƒũĺĺŷ ũƥďàţēď ĩńśţàńćē. + + + + Successfully created instance. + Śũććēśśƒũĺĺŷ ćŕēàţēď ĩńśţàńćē. + + + + Disabled blueprints are never applied. + Ďĩśàƀĺēď ƀĺũēƥŕĩńţś àŕē ńēvēŕ àƥƥĺĩēď. + + + + Local path + Ĺōćàĺ ƥàţĥ + + + + OCI Registry + ŌĆĨ Ŕēĝĩśţŕŷ + + + + Internal + Ĩńţēŕńàĺ + + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + ŌĆĨ ŨŔĹ, ĩń ţĥē ƒōŕmàţ ōƒ ōćĩ://ŕēĝĩśţŕŷ.ďōmàĩń.ţĺď/ƥàţĥ/ţō/màńĩƒēśţ. + + + + See more about OCI support here: + Śēē mōŕē àƀōũţ ŌĆĨ śũƥƥōŕţ ĥēŕē: + + + + Blueprint + ßĺũēƥŕĩńţ + + + + Configure the blueprint context, used for templating. + Ćōńƒĩĝũŕē ţĥē ƀĺũēƥŕĩńţ ćōńţēxţ, ũśēď ƒōŕ ţēmƥĺàţĩńĝ. + + + + Orphaned + Ōŕƥĥàńēď + + + + Blueprints + ßĺũēƥŕĩńţś + + + + Automate and template configuration within authentik. + Àũţōmàţē àńď ţēmƥĺàţē ćōńƒĩĝũŕàţĩōń ŵĩţĥĩń àũţĥēńţĩķ. + + + + Last applied + Ĺàśţ àƥƥĺĩēď + + + + Blueprint(s) + ßĺũēƥŕĩńţ(ś) + + + + Update Blueprint + Ũƥďàţē ßĺũēƥŕĩńţ + + + + Create Blueprint Instance + Ćŕēàţē ßĺũēƥŕĩńţ Ĩńśţàńćē + + + + API Requests + ÀƤĨ Ŕēǫũēśţś + + + + Open API Browser + Ōƥēń ÀƤĨ ßŕōŵśēŕ + + + + Notifications + Ńōţĩƒĩćàţĩōńś + + + + unread + ũńŕēàď + + + + Successfully cleared notifications + Śũććēśśƒũĺĺŷ ćĺēàŕēď ńōţĩƒĩćàţĩōńś + + + + Clear all + Ćĺēàŕ àĺĺ + + + + A newer version of the frontend is available. + À ńēŵēŕ vēŕśĩōń ōƒ ţĥē ƒŕōńţēńď ĩś àvàĩĺàƀĺē. + + + + You're currently impersonating . Click to stop. + Ŷōũ'ŕē ćũŕŕēńţĺŷ ĩmƥēŕśōńàţĩńĝ . Ćĺĩćķ ţō śţōƥ. + + + + User interface + Ũśēŕ ĩńţēŕƒàćē + + + + Dashboards + Ďàśĥƀōàŕďś + + + + Events + Ēvēńţś + + + + Logs + Ĺōĝś + + + + Customisation + Ćũśţōmĩśàţĩōń + + + + Directory + Ďĩŕēćţōŕŷ + + + + System + Śŷśţēm + + + + Certificates + Ćēŕţĩƒĩćàţēś + + + + Outpost Integrations + Ōũţƥōśţ Ĩńţēĝŕàţĩōńś + + + + API request failed + ÀƤĨ ŕēǫũēśţ ƒàĩĺēď + + + + User's avatar + Ũśēŕ'ś àvàţàŕ + + + + Something went wrong! Please try again later. + Śōmēţĥĩńĝ ŵēńţ ŵŕōńĝ! Ƥĺēàśē ţŕŷ àĝàĩń ĺàţēŕ. + + + + Request ID + Ŕēǫũēśţ ĨĎ + + + + You may close this page now. + Ŷōũ màŷ ćĺōśē ţĥĩś ƥàĝē ńōŵ. + + + + You're about to be redirect to the following URL. + Ŷōũ'ŕē àƀōũţ ţō ƀē ŕēďĩŕēćţ ţō ţĥē ƒōĺĺōŵĩńĝ ŨŔĹ. + + + + Follow redirect + Ƒōĺĺōŵ ŕēďĩŕēćţ + + + + Request has been denied. + Ŕēǫũēśţ ĥàś ƀēēń ďēńĩēď. + + + + Not you? + Ńōţ ŷōũ? + + + + Need an account? + Ńēēď àń àććōũńţ? + + + + Sign up. + Śĩĝń ũƥ. + + + + Forgot username or password? + Ƒōŕĝōţ ũśēŕńàmē ōŕ ƥàśśŵōŕď? + + + + Select one of the sources below to login. + Śēĺēćţ ōńē ōƒ ţĥē śōũŕćēś ƀēĺōŵ ţō ĺōĝĩń. + + + + Or + Ōŕ + + + + Use a security key + Ũśē à śēćũŕĩţŷ ķēŷ + + + + Login to continue to . + Ĺōĝĩń ţō ćōńţĩńũē ţō . + + + + Please enter your password + Ƥĺēàśē ēńţēŕ ŷōũŕ ƥàśśŵōŕď + + + + Forgot password? + Ƒōŕĝōţ ƥàśśŵōŕď? + + + + Application requires following permissions: + Àƥƥĺĩćàţĩōń ŕēǫũĩŕēś ƒōĺĺōŵĩńĝ ƥēŕmĩśśĩōńś: + + + + Application already has access to the following permissions: + Àƥƥĺĩćàţĩōń àĺŕēàďŷ ĥàś àććēśś ţō ţĥē ƒōĺĺōŵĩńĝ ƥēŕmĩśśĩōńś: + + + + Application requires following new permissions: + Àƥƥĺĩćàţĩōń ŕēǫũĩŕēś ƒōĺĺōŵĩńĝ ńēŵ ƥēŕmĩśśĩōńś: + + + + Check your Inbox for a verification email. + Ćĥēćķ ŷōũŕ Ĩńƀōx ƒōŕ à vēŕĩƒĩćàţĩōń ēmàĩĺ. + + + + Send Email again. + Śēńď Ēmàĩĺ àĝàĩń. + + + + Successfully copied TOTP Config. + Śũććēśśƒũĺĺŷ ćōƥĩēď ŢŌŢƤ Ćōńƒĩĝ. + + + + Copy + Ćōƥŷ + + + + Code + Ćōďē + + + + Please enter your TOTP Code + Ƥĺēàśē ēńţēŕ ŷōũŕ ŢŌŢƤ Ćōďē + + + + Duo activation QR code + Ďũō àćţĩvàţĩōń ǪŔ ćōďē + + + + Alternatively, if your current device has Duo installed, click on this link: + Àĺţēŕńàţĩvēĺŷ, ĩƒ ŷōũŕ ćũŕŕēńţ ďēvĩćē ĥàś Ďũō ĩńśţàĺĺēď, ćĺĩćķ ōń ţĥĩś ĺĩńķ: + + + + Duo activation + Ďũō àćţĩvàţĩōń + + + + Check status + Ćĥēćķ śţàţũś + + + + Make sure to keep these tokens in a safe place. + Màķē śũŕē ţō ķēēƥ ţĥēśē ţōķēńś ĩń à śàƒē ƥĺàćē. + + + + Phone number + Ƥĥōńē ńũmƀēŕ + + + + Please enter your Phone number. + Ƥĺēàśē ēńţēŕ ŷōũŕ Ƥĥōńē ńũmƀēŕ. + + + + Please enter the code you received via SMS + Ƥĺēàśē ēńţēŕ ţĥē ćōďē ŷōũ ŕēćēĩvēď vĩà ŚMŚ + + + + A code has been sent to you via SMS. + À ćōďē ĥàś ƀēēń śēńţ ţō ŷōũ vĩà ŚMŚ. + + + + Open your two-factor authenticator app to view your authentication code. + Ōƥēń ŷōũŕ ţŵō-ƒàćţōŕ àũţĥēńţĩćàţōŕ àƥƥ ţō vĩēŵ ŷōũŕ àũţĥēńţĩćàţĩōń ćōďē. + + + + Static token + Śţàţĩć ţōķēń + + + + Authentication code + Àũţĥēńţĩćàţĩōń ćōďē + + + + Please enter your code + Ƥĺēàśē ēńţēŕ ŷōũŕ ćōďē + + + + Return to device picker + Ŕēţũŕń ţō ďēvĩćē ƥĩćķēŕ + + + + Sending Duo push notification + Śēńďĩńĝ Ďũō ƥũśĥ ńōţĩƒĩćàţĩōń + + + + Assertions is empty + Àśśēŕţĩōńś ĩś ēmƥţŷ + + + + Error when creating credential: + Ēŕŕōŕ ŵĥēń ćŕēàţĩńĝ ćŕēďēńţĩàĺ: + + + + Error when validating assertion on server: + Ēŕŕōŕ ŵĥēń vàĺĩďàţĩńĝ àśśēŕţĩōń ōń śēŕvēŕ: + + + + Retry authentication + Ŕēţŕŷ àũţĥēńţĩćàţĩōń + + + + Duo push-notifications + Ďũō ƥũśĥ-ńōţĩƒĩćàţĩōńś + + + + Receive a push notification on your device. + Ŕēćēĩvē à ƥũśĥ ńōţĩƒĩćàţĩōń ōń ŷōũŕ ďēvĩćē. + + + + Authenticator + Àũţĥēńţĩćàţōŕ + + + + Use a security key to prove your identity. + Ũśē à śēćũŕĩţŷ ķēŷ ţō ƥŕōvē ŷōũŕ ĩďēńţĩţŷ. + + + + Traditional authenticator + Ţŕàďĩţĩōńàĺ àũţĥēńţĩćàţōŕ + + + + Use a code-based authenticator. + Ũśē à ćōďē-ƀàśēď àũţĥēńţĩćàţōŕ. + + + + Recovery keys + Ŕēćōvēŕŷ ķēŷś + + + + In case you can't access any other method. + Ĩń ćàśē ŷōũ ćàń'ţ àććēśś àńŷ ōţĥēŕ mēţĥōď. + + + + SMS + ŚMŚ + + + + Tokens sent via SMS. + Ţōķēńś śēńţ vĩà ŚMŚ. + + + + Select an authentication method. + Śēĺēćţ àń àũţĥēńţĩćàţĩōń mēţĥōď. + + + + Stay signed in? + Śţàŷ śĩĝńēď ĩń? + + + + Select Yes to reduce the number of times you're asked to sign in. + Śēĺēćţ Ŷēś ţō ŕēďũćē ţĥē ńũmƀēŕ ōƒ ţĩmēś ŷōũ'ŕē àśķēď ţō śĩĝń ĩń. + + + + Authenticating with Plex... + Àũţĥēńţĩćàţĩńĝ ŵĩţĥ Ƥĺēx... + + + + Waiting for authentication... + Ŵàĩţĩńĝ ƒōŕ àũţĥēńţĩćàţĩōń... + + + + If no Plex popup opens, click the button below. + Ĩƒ ńō Ƥĺēx ƥōƥũƥ ōƥēńś, ćĺĩćķ ţĥē ƀũţţōń ƀēĺōŵ. + + + + Open login + Ōƥēń ĺōĝĩń + + + + Authenticating with Apple... + Àũţĥēńţĩćàţĩńĝ ŵĩţĥ Àƥƥĺē... + + + + Retry + Ŕēţŕŷ + + + + Enter the code shown on your device. + Ēńţēŕ ţĥē ćōďē śĥōŵń ōń ŷōũŕ ďēvĩćē. + + + + Please enter your Code + Ƥĺēàśē ēńţēŕ ŷōũŕ Ćōďē + + + + You've successfully authenticated your device. + Ŷōũ'vē śũććēśśƒũĺĺŷ àũţĥēńţĩćàţēď ŷōũŕ ďēvĩćē. + + + + Flow inspector + Ƒĺōŵ ĩńśƥēćţōŕ + + + + Next stage + Ńēxţ śţàĝē + + + + Stage name + Śţàĝē ńàmē + + + + Stage kind + Śţàĝē ķĩńď + + + + Stage object + Śţàĝē ōƀĴēćţ + + + + This flow is completed. + Ţĥĩś ƒĺōŵ ĩś ćōmƥĺēţēď. + + + + Plan history + Ƥĺàń ĥĩśţōŕŷ + + + + Current plan context + Ćũŕŕēńţ ƥĺàń ćōńţēxţ + + + + Session ID + Śēśśĩōń ĨĎ + + + + Powered by authentik + Ƥōŵēŕēď ƀŷ àũţĥēńţĩķ + + + + Background image + ßàćķĝŕōũńď ĩmàĝē + + + + Error creating credential: + Ēŕŕōŕ ćŕēàţĩńĝ ćŕēďēńţĩàĺ: + + + + Server validation of credential failed: + Śēŕvēŕ vàĺĩďàţĩōń ōƒ ćŕēďēńţĩàĺ ƒàĩĺēď: + + + + Register device + Ŕēĝĩśţēŕ ďēvĩćē + + + + Refer to documentation + Ŕēƒēŕ ţō ďōćũmēńţàţĩōń + + + No Applications available. + Ńō Àƥƥĺĩćàţĩōńś àvàĩĺàƀĺē. + + + + Either no applications are defined, or you don’t have access to any. + Ēĩţĥēŕ ńō àƥƥĺĩćàţĩōńś àŕē ďēƒĩńēď, ōŕ ŷōũ ďōń’ţ ĥàvē àććēśś ţō àńŷ. + + + My Applications + Mŷ Àƥƥĺĩćàţĩōńś + + + + My applications + Mŷ àƥƥĺĩćàţĩōńś + + + + Change your password + Ćĥàńĝē ŷōũŕ ƥàśśŵōŕď + + + + Change password + Ćĥàńĝē ƥàśśŵōŕď + + + + + + + + + Save + Śàvē + + + + Delete account + Ďēĺēţē àććōũńţ + + + + Successfully updated details + Śũććēśśƒũĺĺŷ ũƥďàţēď ďēţàĩĺś + + + + Open settings + Ōƥēń śēţţĩńĝś + + + + No settings flow configured. + Ńō śēţţĩńĝś ƒĺōŵ ćōńƒĩĝũŕēď. + + + + Update details + Ũƥďàţē ďēţàĩĺś + + + + Successfully disconnected source + Śũććēśśƒũĺĺŷ ďĩśćōńńēćţēď śōũŕćē + + + + Failed to disconnected source: + Ƒàĩĺēď ţō ďĩśćōńńēćţēď śōũŕćē: + + + + Disconnect + Ďĩśćōńńēćţ + + + + Connect + Ćōńńēćţ + + + + Error: unsupported source settings: + Ēŕŕōŕ: ũńśũƥƥōŕţēď śōũŕćē śēţţĩńĝś: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Ćōńńēćţ ŷōũŕ ũśēŕ àććōũńţ ţō ţĥē śēŕvĩćēś ĺĩśţēď ƀēĺōŵ, ţō àĺĺōŵ ŷōũ ţō ĺōĝĩń ũśĩńĝ ţĥē śēŕvĩćē ĩńśţēàď ōƒ ţŕàďĩţĩōńàĺ ćŕēďēńţĩàĺś. + + + + No services available. + Ńō śēŕvĩćēś àvàĩĺàƀĺē. + + + + Create App password + Ćŕēàţē Àƥƥ ƥàśśŵōŕď + + + + User details + Ũśēŕ ďēţàĩĺś + + + + Consent + Ćōńśēńţ + + + + MFA Devices + MƑÀ Ďēvĩćēś + + + + Connected services + Ćōńńēćţēď śēŕvĩćēś + + + + Tokens and App passwords + Ţōķēńś àńď Àƥƥ ƥàśśŵōŕďś + + + + Unread notifications + Ũńŕēàď ńōţĩƒĩćàţĩōńś + + + + Admin interface + Àďmĩń ĩńţēŕƒàćē + + + + Stop impersonation + Śţōƥ ĩmƥēŕśōńàţĩōń + + + + Avatar image + Àvàţàŕ ĩmàĝē + + Failed + Ƒàĩĺēď Unsynced / N/A - - - Healthy outposts + Ũńśŷńćēď / Ń/À Outdated outposts + Ōũţďàţēď ōũţƥōśţś Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - - - Restart task - - - Close - - - Create + Ũńĥēàĺţĥŷ ōũţƥōśţś Next + Ńēxţ - - Back + + Inactive + Ĩńàćţĩvē - - Submit + + Regular user + Ŕēĝũĺàŕ ũśēŕ - - Type + + Activate + Àćţĩvàţē - - Select providers to add to application + + Use Server URI for SNI verification + Ũśē Śēŕvēŕ ŨŔĨ ƒōŕ ŚŃĨ vēŕĩƒĩćàţĩōń - - Add + + Required for servers using TLS 1.3+ + Ŕēǫũĩŕēď ƒōŕ śēŕvēŕś ũśĩńĝ ŢĹŚ 1.3+ - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - - - Add provider - - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + Ćĺĩēńţ ćēŕţĩƒĩćàţē ķēŷƥàĩŕ ţō àũţĥēńţĩćàţē àĝàĩńśţ ţĥē ĹĎÀƤ Śēŕvēŕ'ś Ćēŕţĩƒĩćàţē. The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate + Ţĥē ćēŕţĩƒĩćàţē ƒōŕ ţĥē àƀōvē ćōńƒĩĝũŕēď ßàśē ĎŃ. Àś à ƒàĺĺƀàćķ, ţĥē ƥŕōvĩďēŕ ũśēś à śēĺƒ-śĩĝńēď ćēŕţĩƒĩćàţē. TLS Server name + ŢĹŚ Śēŕvēŕ ńàmē - - UID start number + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + ĎŃŚ ńàmē ƒōŕ ŵĥĩćĥ ţĥē àƀōvē ćōńƒĩĝũŕēď ćēŕţĩƒĩćàţē śĥōũĺď ƀē ũśēď. Ţĥē ćēŕţĩƒĩćàţē ćàńńōţ ƀē ďēţēćţēď ƀàśēď ōń ţĥē ƀàśē ĎŃ, àś ţĥē ŚŚĹ/ŢĹŚ ńēĝōţĩàţĩōń ĥàƥƥēńś ƀēƒōŕē śũćĥ ďàţà ĩś ēxćĥàńĝēď. - - GID start number + + TLS Client authentication certificate + ŢĹŚ Ćĺĩēńţ àũţĥēńţĩćàţĩōń ćēŕţĩƒĩćàţē - - Successfully updated provider. + + Model + Mōďēĺ - - Successfully created provider. + + Match events created by selected model. When left empty, all models are matched. + Màţćĥ ēvēńţś ćŕēàţēď ƀŷ śēĺēćţēď mōďēĺ. Ŵĥēń ĺēƒţ ēmƥţŷ, àĺĺ mōďēĺś àŕē màţćĥēď. - - (Format: hours=-1;minutes=-2;seconds=-3). + + Code-based MFA Support + Ćōďē-ƀàśēď MƑÀ Śũƥƥōŕţ - - (Format: hours=1;minutes=2;seconds=3). + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + Ŵĥēń ēńàƀĺēď, ćōďē-ƀàśēď mũĺţĩ-ƒàćţōŕ àũţĥēńţĩćàţĩōń ćàń ƀē ũśēď ƀŷ àƥƥēńďĩńĝ à śēmĩćōĺōń àńď ţĥē ŢŌŢƤ ćōďē ţō ţĥē ƥàśśŵōŕď. Ţĥĩś śĥōũĺď ōńĺŷ ƀē ēńàƀĺēď ĩƒ àĺĺ ũśēŕś ţĥàţ ŵĩĺĺ ƀĩńď ţō ţĥĩś ƥŕōvĩďēŕ ĥàvē à ŢŌŢƤ ďēvĩćē ćōńƒĩĝũŕēď, àś ōţĥēŕŵĩśē à ƥàśśŵōŕď màŷ ĩńćōŕŕēćţĺŷ ƀē ŕēĴēćţēď ĩƒ ĩţ ćōńţàĩńś à śēmĩćōĺōń. - - The following keywords are supported: + + User type + Ũśēŕ ţŷƥē - - Confidential + + Successfully updated license. + Śũććēśśƒũĺĺŷ ũƥďàţēď ĺĩćēńśē. - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + Successfully created license. + Śũććēśśƒũĺĺŷ ćŕēàţēď ĺĩćēńśē. - - Public + + Install ID + Ĩńśţàĺĺ ĨĎ - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + License key + Ĺĩćēńśē ķēŷ - - Based on the User's hashed ID + + Licenses + Ĺĩćēńśēś - - Based on the User's ID + + License(s) + Ĺĩćēńśē(ś) - - Based on the User's UUID + + Enterprise is in preview. + Ēńţēŕƥŕĩśē ĩś ĩń ƥŕēvĩēŵ. - - Based on the User's username + + Cumulative license expiry + Ćũmũĺàţĩvē ĺĩćēńśē ēxƥĩŕŷ - - Based on the User's Email + + Update License + Ũƥďàţē Ĺĩćēńśē - - This is recommended over the UPN mode. + + Warning: The current user count has exceeded the configured licenses. + Ŵàŕńĩńĝ: Ţĥē ćũŕŕēńţ ũśēŕ ćōũńţ ĥàś ēxćēēďēď ţĥē ćōńƒĩĝũŕēď ĺĩćēńśēś. - - Based on the User's UPN + + Click here for more info. + Ćĺĩćķ ĥēŕē ƒōŕ mōŕē ĩńƒō. - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + Enterprise + Ēńţēŕƥŕĩśē - - Each provider has a different issuer, based on the application slug + + Manage enterprise licenses + Màńàĝē ēńţēŕƥŕĩśē ĺĩćēńśēś - - Same identifier is used for all providers + + No licenses found. + Ńō ĺĩćēńśēś ƒōũńď. - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + + Send us feedback! + Śēńď ũś ƒēēďƀàćķ! - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + + Get a license + Ĝēţ à ĺĩćēńśē - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + Go to Customer Portal + Ĝō ţō Ćũśţōmēŕ Ƥōŕţàĺ - - Authentication flow + + Forecast internal users + Ƒōŕēćàśţ ĩńţēŕńàĺ ũśēŕś - - Flow used when a user access this provider and is not authenticated. + + Estimated user count one year from now based on current internal users and forecasted internal users. + Ēśţĩmàţēď ũśēŕ ćōũńţ ōńē ŷēàŕ ƒŕōm ńōŵ ƀàśēď ōń ćũŕŕēńţ ĩńţēŕńàĺ ũśēŕś àńď ƒōŕēćàśţēď ĩńţēŕńàĺ ũśēŕś. - - Authorization flow + + Forecast external users + Ƒōŕēćàśţ ēxţēŕńàĺ ũśēŕś - - Flow used when authorizing this provider. + + Estimated user count one year from now based on current external users and forecasted external users. + Ēśţĩmàţēď ũśēŕ ćōũńţ ōńē ŷēàŕ ƒŕōm ńōŵ ƀàśēď ōń ćũŕŕēńţ ēxţēŕńàĺ ũśēŕś àńď ƒōŕēćàśţēď ēxţēŕńàĺ ũśēŕś. - - Client type + + Install + Ĩńśţàĺĺ - - Client ID + + Install License + Ĩńśţàĺĺ Ĺĩćēńśē - - Client Secret + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + Ĩńţēŕńàĺ ũśēŕś mĩĝĥţ ƀē ũśēŕś śũćĥ àś ćōmƥàńŷ ēmƥĺōŷēēś, ŵĥĩćĥ ŵĩĺĺ ĝēţ àććēśś ţō ţĥē ƒũĺĺ Ēńţēŕƥŕĩśē ƒēàţũŕē śēţ. - - Redirect URIs/Origins (RegEx) + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + Ēxţēŕńàĺ ũśēŕś mĩĝĥţ ƀē ēxţēŕńàĺ ćōńśũĺţàńţś ōŕ ß2Ć ćũśţōmēŕś. Ţĥēśē ũśēŕś ďōń'ţ ĝēţ àććēśś ţō ēńţēŕƥŕĩśē ƒēàţũŕēś. - - Signing Key + + Service accounts should be used for machine-to-machine authentication or other automations. + Śēŕvĩćē àććōũńţś śĥōũĺď ƀē ũśēď ƒōŕ màćĥĩńē-ţō-màćĥĩńē àũţĥēńţĩćàţĩōń ōŕ ōţĥēŕ àũţōmàţĩōńś. - - Key used to sign the tokens. + + Less details + Ĺēśś ďēţàĩĺś - - Advanced protocol settings + + More details + Mōŕē ďēţàĩĺś - - Access code validity + + Remove item + Ŕēmōvē ĩţēm - - Configure how long access codes are valid for. + + Open API drawer + Ōƥēń ÀƤĨ ďŕàŵēŕ - - Access Token validity + + Open Notification drawer + Ōƥēń Ńōţĩƒĩćàţĩōń ďŕàŵēŕ - - Configure how long access tokens are valid for. + + Restart task + Ŕēśţàŕţ ţàśķ - - Refresh Token validity + + Add provider + Àďď ƥŕōvĩďēŕ - - Configure how long refresh tokens are valid for. + + Open + Ōƥēń - - Scopes + + Copy token + Ćōƥŷ ţōķēń - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. + + Add users + Àďď ũśēŕś - - Hold control/command to select multiple items. + + Add group + Àďď ĝŕōũƥ - - Subject mode + + Import devices + Ĩmƥōŕţ ďēvĩćēś - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + + Execute + Ēxēćũţē - - Include claims in id_token + + Show details + Śĥōŵ ďēţàĩĺś - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + + Apply + Àƥƥĺŷ - - Issuer mode + + Settings + Śēţţĩńĝś - - Configure how the issuer field of the ID Token should be filled. + + Sign out + Śĩĝń ōũţ - - Machine-to-Machine authentication settings + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. + Ţĥē ńũmƀēŕ ōƒ ţōķēńś ĝēńēŕàţēď ŵĥēńēvēŕ ţĥĩś śţàĝē ĩś ũśēď. Ēvēŕŷ ţōķēń ĝēńēŕàţēď ƥēŕ śţàĝē ēxēćũţĩōń ŵĩĺĺ ƀē àţţàćĥēď ţō à śĩńĝĺē śţàţĩć ďēvĩćē. - - Trusted OIDC Sources + + Token length + Ţōķēń ĺēńĝţĥ - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + The length of the individual generated tokens. Can be increased to improve security. + Ţĥē ĺēńĝţĥ ōƒ ţĥē ĩńďĩvĩďũàĺ ĝēńēŕàţēď ţōķēńś. Ćàń ƀē ĩńćŕēàśēď ţō ĩmƥŕōvē śēćũŕĩţŷ. - - Configure OAuth2/OpenId Provider + + Internal: + Ĩńţēŕńàĺ: - - HTTP-Basic Username Key + + External: + Ēxţēŕńàĺ: - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + Śţàţĩćàĺĺŷ ďēńŷ ţĥē ƒĺōŵ. Ţō ũśē ţĥĩś śţàĝē ēƒƒēćţĩvēĺŷ, ďĩśàƀĺē *Ēvàĺũàţē ŵĥēń ƒĺōŵ ĩś ƥĺàńńēď* ōń ţĥē ŕēśƥēćţĩvē ƀĩńďĩńĝ. - - HTTP-Basic Password Key + + Create and bind Policy + Ćŕēàţē àńď ƀĩńď Ƥōĺĩćŷ - - User/Group Attribute used for the password part of the HTTP-Basic Header. + + Federation and Social login + Ƒēďēŕàţĩōń àńď Śōćĩàĺ ĺōĝĩń - - Configure Proxy Provider + + Create and bind Stage + Ćŕēàţē àńď ƀĩńď Śţàĝē - - Token validity + + Flows and Stages + Ƒĺōŵś àńď Śţàĝēś - - Configure how long tokens are valid for. + + New version available + Ńēŵ vēŕśĩōń àvàĩĺàƀĺē - - AdditionalScopes + + Failure result + Ƒàĩĺũŕē ŕēśũĺţ - - Additional scope mappings, which are passed to the proxy. + + Pass + Ƥàśś - - Unauthenticated URLs + + Don't pass + Ďōń'ţ ƥàśś - - Unauthenticated Paths + + Result used when policy execution fails. + Ŕēśũĺţ ũśēď ŵĥēń ƥōĺĩćŷ ēxēćũţĩōń ƒàĩĺś. - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + + Required: User verification must occur. + Ŕēǫũĩŕēď: Ũśēŕ vēŕĩƒĩćàţĩōń mũśţ ōććũŕ. - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + + Preferred: User verification is preferred if available, but not required. + Ƥŕēƒēŕŕēď: Ũśēŕ vēŕĩƒĩćàţĩōń ĩś ƥŕēƒēŕŕēď ĩƒ àvàĩĺàƀĺē, ƀũţ ńōţ ŕēǫũĩŕēď. - - Authentication settings + + Discouraged: User verification should not occur. + Ďĩśćōũŕàĝēď: Ũśēŕ vēŕĩƒĩćàţĩōń śĥōũĺď ńōţ ōććũŕ. - - Intercept header authentication + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur + Ŕēǫũĩŕēď: Ţĥē àũţĥēńţĩćàţōŕ MŨŚŢ ćŕēàţē à ďēďĩćàţēď ćŕēďēńţĩàĺ. Ĩƒ ĩţ ćàńńōţ, ţĥē ŔƤ ĩś ƥŕēƥàŕēď ƒōŕ àń ēŕŕōŕ ţō ōććũŕ - - When enabled, authentik will intercept the Authorization header to authenticate the request. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too + Ƥŕēƒēŕŕēď: Ţĥē àũţĥēńţĩćàţōŕ ćàń ćŕēàţē àńď śţōŕē à ďēďĩćàţēď ćŕēďēńţĩàĺ, ƀũţ ĩƒ ĩţ ďōēśń'ţ ţĥàţ'ś àĺŕĩĝĥţ ţōō - - Send HTTP-Basic Authentication + + Discouraged: The authenticator should not create a dedicated credential + Ďĩśćōũŕàĝēď: Ţĥē àũţĥēńţĩćàţōŕ śĥōũĺď ńōţ ćŕēàţē à ďēďĩćàţēď ćŕēďēńţĩàĺ - - Send a custom HTTP-Basic Authentication header based on values from authentik. + + Lock the user out of this system + Ĺōćķ ţĥē ũśēŕ ōũţ ōƒ ţĥĩś śŷśţēm - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + + Allow the user to log in and use this system + Àĺĺōŵ ţĥē ũśēŕ ţō ĺōĝ ĩń àńď ũśē ţĥĩś śŷśţēm - - An example setup can look like this: + + Temporarily assume the identity of this user + Ţēmƥōŕàŕĩĺŷ àśśũmē ţĥē ĩďēńţĩţŷ ōƒ ţĥĩś ũśēŕ - - authentik running on auth.example.com + + Enter a new password for this user + Ēńţēŕ à ńēŵ ƥàśśŵōŕď ƒōŕ ţĥĩś ũśēŕ - - app1 running on app1.example.com + + Create a link for this user to reset their password + Ćŕēàţē à ĺĩńķ ƒōŕ ţĥĩś ũśēŕ ţō ŕēśēţ ţĥēĩŕ ƥàśśŵōŕď - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + + WebAuthn requires this page to be accessed via HTTPS. + ŴēƀÀũţĥń ŕēǫũĩŕēś ţĥĩś ƥàĝē ţō ƀē àććēśśēď vĩà ĤŢŢƤŚ. - - External host + + WebAuthn not supported by browser. + ŴēƀÀũţĥń ńōţ śũƥƥōŕţēď ƀŷ ƀŕōŵśēŕ. - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + Ũśē ţĥĩś ƥŕōvĩďēŕ ŵĩţĥ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś ƒōŕŵàŕďÀũţĥ. Ēàćĥ àƥƥĺĩćàţĩōń/ďōmàĩń ńēēďś ĩţś ōŵń ƥŕōvĩďēŕ. Àďďĩţĩōńàĺĺŷ, ōń ēàćĥ ďōmàĩń, /ōũţƥōśţ.ĝōàũţĥēńţĩķ.ĩō mũśţ ƀē ŕōũţēď ţō ţĥē ōũţƥōśţ (ŵĥēń ũśĩńĝ à màńàĝēď ōũţƥōśţ, ţĥĩś ĩś ďōńē ƒōŕ ŷōũ). - - Cookie domain + + Default relay state + Ďēƒàũĺţ ŕēĺàŷ śţàţē - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + + When using IDP-initiated logins, the relay state will be set to this value. + Ŵĥēń ũśĩńĝ ĨĎƤ-ĩńĩţĩàţēď ĺōĝĩńś, ţĥē ŕēĺàŷ śţàţē ŵĩĺĺ ƀē śēţ ţō ţĥĩś vàĺũē. - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + + Flow Info + Ƒĺōŵ Ĩńƒō - - The external URL you'll access the application at. Include any non-standard port. + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). + Śţàĝē ũśēď ţō ćōńƒĩĝũŕē à ŴēƀÀũţĥń àũţĥēńţĩćàţōŕ (ĩ.ē. Ŷũƀĩķēŷ, ƑàćēĨĎ/Ŵĩńďōŵś Ĥēĺĺō). - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. +<<<<<<< HEAD + + Internal application name used in URLs. + Ĩńţēŕńàĺ àƥƥĺĩćàţĩōń ńàmē ũśēď ĩń ŨŔĹś. + + + Submit + Śũƀmĩţ + + + UI Settings + ŨĨ Śēţţĩńĝś + + + Transparent Reverse Proxy + Ţŕàńśƥàŕēńţ Ŕēvēŕśē Ƥŕōxŷ + + + For transparent reverse proxies with required authentication + Ƒōŕ ţŕàńśƥàŕēńţ ŕēvēŕśē ƥŕōxĩēś ŵĩţĥ ŕēǫũĩŕēď àũţĥēńţĩćàţĩōń + + + Configure SAML provider manually + Ćōńƒĩĝũŕē ŚÀMĹ ƥŕōvĩďēŕ màńũàĺĺŷ + + + Configure RADIUS provider manually + Ćōńƒĩĝũŕē ŔÀĎĨŨŚ ƥŕōvĩďēŕ màńũàĺĺŷ + + + Configure SCIM provider manually + Ćōńƒĩĝũŕē ŚĆĨM ƥŕōvĩďēŕ màńũàĺĺŷ + + + Saving Application... + Śàvĩńĝ Àƥƥĺĩćàţĩōń... + + + Authentik was unable to save this application: + Àũţĥēńţĩķ ŵàś ũńàƀĺē ţō śàvē ţĥĩś àƥƥĺĩćàţĩōń: + + + Your application has been saved + Ŷōũŕ àƥƥĺĩćàţĩōń ĥàś ƀēēń śàvēď + + + Method's display Name. + Mēţĥōď'ś ďĩśƥĺàŷ Ńàmē. Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application - - - Don't show this message again. - - - One hint, 'New Application Wizard', is currently hidden - - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - - - Open - - - Successfully sent test-request. - - - Log messages - - - No log messages. - - - Active - - - Last login - - - Select users to add - - - Successfully updated group. - - - Successfully created group. - - - Is superuser - - - Users added to this group will be superusers. - - - Parent - - - Roles - - - Select roles to grant this groups' users' permissions from the selected roles. - - - Attributes - - - Set custom attributes using YAML or JSON. - - - Successfully updated binding. - - - Successfully created binding. - - - Policy - - - Group mappings can only be checked if a user is already logged in when trying to access this source. - - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout - - - Failure result - - - Pass - - - Don't pass - - - Result used when policy execution fails. - - - Successfully updated policy. - - - Successfully created policy. - - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. - - - Execution logging - - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. - - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info - - - Lock the user out of this system - - - Allow the user to log in and use this system - - - Temporarily assume the identity of this user - - - Enter a new password for this user - - - Create a link for this user to reset their password - - - Create Recovery Link - - - Actions over the last week (per 8 hours) - - - Edit the notes attribute of this user to add notes here. - - - Sessions - - - User events - - - Explicit Consent - - - OAuth Refresh Tokens - - - MFA Authenticators - - - Assigned permissions - - - Assigned global permissions - - - Assigned object permissions - - - Successfully updated role. - - - Successfully created role. - - - Manage roles which grant permissions to objects within authentik. - - - Role(s) - - - Update Role - - - Create Role - - - Role doesn't have view permission so description cannot be retrieved. - - - Role - - - Role Info - - - Successfully updated invitation. - - - Successfully created invitation. - - - Flow - - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + Ũśē ţĥĩś ƥŕōvĩďēŕ ŵĩţĥ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś + ƒōŕŵàŕďÀũţĥ. Ēàćĥ àƥƥĺĩćàţĩōń/ďōmàĩń ńēēďś ĩţś ōŵń ƥŕōvĩďēŕ. + Àďďĩţĩōńàĺĺŷ, ōń ēàćĥ ďōmàĩń, /ōũţƥōśţ.ĝōàũţĥēńţĩķ.ĩō mũśţ ƀē + ŕōũţēď ţō ţĥē ōũţƥōśţ (ŵĥēń ũśĩńĝ à màńàĝēď ōũţƥōśţ, ţĥĩś ĩś ďōńē ƒōŕ ŷōũ). Custom attributes + Ćũśţōm àţţŕĩƀũţēś - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + + Don't show this message again. + Ďōń'ţ śĥōŵ ţĥĩś mēśśàĝē àĝàĩń. - - Single use + + Pseudolocale (for testing) + Ƥśēũďōĺōćàĺē (ƒōŕ ţēśţĩńĝ) - - When enabled, the invitation will be deleted after usage. + + Failed to fetch + Ƒàĩĺēď ţō ƒēţćĥ - - Select an enrollment flow + + Failed to fetch data. + Ƒàĩĺēď ţō ƒēţćĥ ďàţà. - - Link to use the invitation. + + Successfully assigned permission. + Śũććēśśƒũĺĺŷ àśśĩĝńēď ƥēŕmĩśśĩōń. - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + + Role + Ŕōĺē - - Created by + + Assign + Àśśĩĝń - - Invitation(s) + + Assign permission to role + Àśśĩĝń ƥēŕmĩśśĩōń ţō ŕōĺē - - Invitation not limited to any flow, and can be used with any enrollment flow. + + Assign to new role + Àśśĩĝń ţō ńēŵ ŕōĺē - - Update Invitation + + Directly assigned + Ďĩŕēćţĺŷ àśśĩĝńēď - - Create Invitation + + Assign permission to user + Àśśĩĝń ƥēŕmĩśśĩōń ţō ũśēŕ - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + + Assign to new user + Àśśĩĝń ţō ńēŵ ũśēŕ - - Auto-detect (based on your browser) + + User Object Permissions + Ũśēŕ ŌƀĴēćţ Ƥēŕmĩśśĩōńś - - Required. + + Role Object Permissions + Ŕōĺē ŌƀĴēćţ Ƥēŕmĩśśĩōńś - - Continue + + Roles + Ŕōĺēś - - Successfully updated prompt. + + Select roles to grant this groups' users' permissions from the selected roles. + Śēĺēćţ ŕōĺēś ţō ĝŕàńţ ţĥĩś ĝŕōũƥś' ũśēŕś' ƥēŕmĩśśĩōńś ƒŕōm ţĥē śēĺēćţēď ŕōĺēś. - - Successfully created prompt. + + Update Permissions + Ũƥďàţē Ƥēŕmĩśśĩōńś - - Text: Simple Text input + + Editing is disabled for managed tokens + Ēďĩţĩńĝ ĩś ďĩśàƀĺēď ƒōŕ màńàĝēď ţōķēńś - - Text Area: Multiline text input + + Select permissions to grant + Śēĺēćţ ƥēŕmĩśśĩōńś ţō ĝŕàńţ - - Text (read-only): Simple Text input, but cannot be edited. + + Permissions to add + Ƥēŕmĩśśĩōńś ţō àďď - - Text Area (read-only): Multiline text input, but cannot be edited. + + Select permissions + Śēĺēćţ ƥēŕmĩśśĩōńś - - Username: Same as Text input, but checks for and prevents duplicate usernames. + + Assign permission + Àśśĩĝń ƥēŕmĩśśĩōń - - Email: Text field with Email type. + + Permission(s) + Ƥēŕmĩśśĩōń(ś) - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + Permission + Ƥēŕmĩśśĩōń - - Number + + User doesn't have view permission so description cannot be retrieved. + Ũśēŕ ďōēśń'ţ ĥàvē vĩēŵ ƥēŕmĩśśĩōń śō ďēśćŕĩƥţĩōń ćàńńōţ ƀē ŕēţŕĩēvēď. - - Checkbox + + Assigned permissions + Àśśĩĝńēď ƥēŕmĩśśĩōńś - - Radio Button Group (fixed choice) + + Assigned global permissions + Àśśĩĝńēď ĝĺōƀàĺ ƥēŕmĩśśĩōńś - - Dropdown (fixed choice) + + Assigned object permissions + Àśśĩĝńēď ōƀĴēćţ ƥēŕmĩśśĩōńś - - Date + + Successfully updated role. + Śũććēśśƒũĺĺŷ ũƥďàţēď ŕōĺē. - - Date Time + + Successfully created role. + Śũććēśśƒũĺĺŷ ćŕēàţēď ŕōĺē. - - File + + Manage roles which grant permissions to objects within authentik. + Màńàĝē ŕōĺēś ŵĥĩćĥ ĝŕàńţ ƥēŕmĩśśĩōńś ţō ōƀĴēćţś ŵĩţĥĩń àũţĥēńţĩķ. - - Separator: Static Separator Line + + Role(s) + Ŕōĺē(ś) - - Hidden: Hidden field, can be used to insert data into form. + + Update Role + Ũƥďàţē Ŕōĺē - - Static: Static value, displayed as-is. + + Create Role + Ćŕēàţē Ŕōĺē - - authentik: Locale: Displays a list of locales authentik supports. + + Role doesn't have view permission so description cannot be retrieved. + Ŕōĺē ďōēśń'ţ ĥàvē vĩēŵ ƥēŕmĩśśĩōń śō ďēśćŕĩƥţĩōń ćàńńōţ ƀē ŕēţŕĩēvēď. - - Preview errors + + Role + Ŕōĺē - - Data preview + + Role Info + Ŕōĺē Ĩńƒō - - Unique name of this field, used for selecting fields in prompt stages. + + Create With Wizard + Ćŕēàţē Ŵĩţĥ Ŵĩźàŕď - - Field Key + + One hint, 'New Application Wizard', is currently hidden + Ōńē ĥĩńţ, 'Ńēŵ Àƥƥĺĩćàţĩōń Ŵĩźàŕď', ĩś ćũŕŕēńţĺŷ ĥĩďďēń - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + Ēxţēŕńàĺ àƥƥĺĩćàţĩōńś ţĥàţ ũśē àũţĥēńţĩķ àś àń ĩďēńţĩţŷ ƥŕōvĩďēŕ vĩà ƥŕōţōćōĺś ĺĩķē ŌÀũţĥ2 àńď ŚÀMĹ. Àĺĺ àƥƥĺĩćàţĩōńś àŕē śĥōŵń ĥēŕē, ēvēń ōńēś ŷōũ ćàńńōţ àććēśś. Deny message + Ďēńŷ mēśśàĝē Message shown when this stage is run. + Mēśśàĝē śĥōŵń ŵĥēń ţĥĩś śţàĝē ĩś ŕũń. - - Dummy stage used for testing. Shows a simple continue button and always passes. + + Open Wizard + Ōƥēń Ŵĩźàŕď - - Throw error? + + Demo Wizard + Ďēmō Ŵĩźàŕď - - SMTP Host + + Run the demo wizard + Ŕũń ţĥē ďēmō ŵĩźàŕď - - SMTP Port + + OAuth2/OIDC (Open Authorization/OpenID Connect) + ŌÀũţĥ2/ŌĨĎĆ (Ōƥēń Àũţĥōŕĩźàţĩōń/ŌƥēńĨĎ Ćōńńēćţ) - - SMTP Username + + LDAP (Lightweight Directory Access Protocol) + ĹĎÀƤ (Ĺĩĝĥţŵēĩĝĥţ Ďĩŕēćţōŕŷ Àććēśś Ƥŕōţōćōĺ) - - SMTP Password + + Forward Auth (Single Application) + Ƒōŕŵàŕď Àũţĥ (Śĩńĝĺē Àƥƥĺĩćàţĩōń) - - Use TLS + + Forward Auth (Domain Level) + Ƒōŕŵàŕď Àũţĥ (Ďōmàĩń Ĺēvēĺ) - - Use SSL + + SAML (Security Assertion Markup Language) + ŚÀMĹ (Śēćũŕĩţŷ Àśśēŕţĩōń Màŕķũƥ Ĺàńĝũàĝē) - - From address + + RADIUS (Remote Authentication Dial-In User Service) + ŔÀĎĨŨŚ (Ŕēmōţē Àũţĥēńţĩćàţĩōń Ďĩàĺ-Ĩń Ũśēŕ Śēŕvĩćē) - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + SCIM (System for Cross-domain Identity Management) + ŚĆĨM (Śŷśţēm ƒōŕ Ćŕōśś-ďōmàĩń Ĩďēńţĩţŷ Màńàĝēmēńţ) - - Activate pending user on success + + The token has been copied to your clipboard + Ţĥē ţōķēń ĥàś ƀēēń ćōƥĩēď ţō ŷōũŕ ćĺĩƥƀōàŕď - - When a user returns from the email successfully, their account will be activated. + + The token was displayed because authentik does not have permission to write to the clipboard + Ţĥē ţōķēń ŵàś ďĩśƥĺàŷēď ƀēćàũśē àũţĥēńţĩķ ďōēś ńōţ ĥàvē ƥēŕmĩśśĩōń ţō ŵŕĩţē ţō ţĥē ćĺĩƥƀōàŕď - - Use global settings + + A copy of this recovery link has been placed in your clipboard + À ćōƥŷ ōƒ ţĥĩś ŕēćōvēŕŷ ĺĩńķ ĥàś ƀēēń ƥĺàćēď ĩń ŷōũŕ ćĺĩƥƀōàŕď - - When enabled, global Email connection settings will be used and connection settings below will be ignored. + + Create recovery link + Ćŕēàţē ŕēćōvēŕŷ ĺĩńķ - - Token expiry + + Create Recovery Link + Ćŕēàţē Ŕēćōvēŕŷ Ĺĩńķ - - Time in minutes the token sent is valid. + + External + Ēxţēŕńàĺ - - Template + + Service account + Śēŕvĩćē àććōũńţ - - Let the user identify themselves with their username or Email address. + + Service account (internal) + Śēŕvĩćē àććōũńţ (ĩńţēŕńàĺ) - - User fields + + Check the release notes + Ćĥēćķ ţĥē ŕēĺēàśē ńōţēś - - UPN + + User Statistics + Ũśēŕ Śţàţĩśţĩćś - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + <No name set> + <Ńō ńàmē śēţ> - - Password stage + + For nginx's auth_request or traefik's forwardAuth + Ƒōŕ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś ƒōŕŵàŕďÀũţĥ - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + For nginx's auth_request or traefik's forwardAuth per root domain + Ƒōŕ ńĝĩńx'ś àũţĥ_ŕēǫũēśţ ōŕ ţŕàēƒĩķ'ś ƒōŕŵàŕďÀũţĥ ƥēŕ ŕōōţ ďōmàĩń - - Case insensitive matching + + RBAC is in preview. + ŔßÀĆ ĩś ĩń ƥŕēvĩēŵ. - - When enabled, user fields are matched regardless of their casing. + + User type used for newly created users. + Ũśēŕ ţŷƥē ũśēď ƒōŕ ńēŵĺŷ ćŕēàţēď ũśēŕś. + + + Users created + Ũśēŕś ćŕēàţēď + + + Failed logins + Ƒàĩĺēď ĺōĝĩńś + + + Also known as Client ID. + Àĺśō ķńōŵń àś Ćĺĩēńţ ĨĎ. + + + Also known as Client Secret. + Àĺśō ķńōŵń àś Ćĺĩēńţ Śēćŕēţ. + + + Global status + Ĝĺōƀàĺ śţàţũś + + + Vendor + Vēńďōŕ + + + No sync status. + Ńō śŷńć śţàţũś. + + + Sync currently running. + Śŷńć ćũŕŕēńţĺŷ ŕũńńĩńĝ. + + + Connectivity + Ćōńńēćţĩvĩţŷ + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + 0: Ţōō ĝũēśśàƀĺē: ŕĩśķŷ ƥàśśŵōŕď. (ĝũēśśēś &ĺţ; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + 1: Vēŕŷ ĝũēśśàƀĺē: ƥŕōţēćţĩōń ƒŕōm ţĥŕōţţĺēď ōńĺĩńē àţţàćķś. (ĝũēśśēś &ĺţ; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + 2: Śōmēŵĥàţ ĝũēśśàƀĺē: ƥŕōţēćţĩōń ƒŕōm ũńţĥŕōţţĺēď ōńĺĩńē àţţàćķś. (ĝũēśśēś &ĺţ; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + 3: Śàƒēĺŷ ũńĝũēśśàƀĺē: mōďēŕàţē ƥŕōţēćţĩōń ƒŕōm ōƒƒĺĩńē śĺōŵ-ĥàśĥ śćēńàŕĩō. (ĝũēśśēś &ĺţ; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + 4: Vēŕŷ ũńĝũēśśàƀĺē: śţŕōńĝ ƥŕōţēćţĩōń ƒŕōm ōƒƒĺĩńē śĺōŵ-ĥàśĥ śćēńàŕĩō. (ĝũēśśēś &ĝţ;= 10^10) + + + Successfully created user and added to group + Śũććēśśƒũĺĺŷ ćŕēàţēď ũśēŕ àńď àďďēď ţō ĝŕōũƥ + + + This user will be added to the group "". + Ţĥĩś ũśēŕ ŵĩĺĺ ƀē àďďēď ţō ţĥē ĝŕōũƥ "". Pretend user exists + Ƥŕēţēńď ũśēŕ ēxĩśţś When enabled, the stage will always accept the given user identifier and continue. + Ŵĥēń ēńàƀĺēď, ţĥē śţàĝē ŵĩĺĺ àĺŵàŷś àććēƥţ ţĥē ĝĩvēń ũśēŕ ĩďēńţĩƒĩēŕ àńď ćōńţĩńũē. - - Show matched user + + There was an error in the application. + Ţĥēŕē ŵàś àń ēŕŕōŕ ĩń ţĥē àƥƥĺĩćàţĩōń. - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + Review the application. + Ŕēvĩēŵ ţĥē àƥƥĺĩćàţĩōń. - - Source settings + + There was an error in the provider. + Ţĥēŕē ŵàś àń ēŕŕōŕ ĩń ţĥē ƥŕōvĩďēŕ. - - Sources + + Review the provider. + Ŕēvĩēŵ ţĥē ƥŕōvĩďēŕ. - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + There was an error + Ţĥēŕē ŵàś àń ēŕŕōŕ - - Show sources' labels + + There was an error creating the application, but no error message was sent. Please review the server logs. + Ţĥēŕē ŵàś àń ēŕŕōŕ ćŕēàţĩńĝ ţĥē àƥƥĺĩćàţĩōń, ƀũţ ńō ēŕŕōŕ mēśśàĝē ŵàś śēńţ. Ƥĺēàśē ŕēvĩēŵ ţĥē śēŕvēŕ ĺōĝś. - - By default, only icons are shown for sources. Enable this to show their full names. + + Configure LDAP Provider + Ćōńƒĩĝũŕē ĹĎÀƤ Ƥŕōvĩďēŕ - - Passwordless flow + + Configure OAuth2/OpenId Provider + Ćōńƒĩĝũŕē ŌÀũţĥ2/ŌƥēńĨď Ƥŕōvĩďēŕ - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + Configure Proxy Provider + Ćōńƒĩĝũŕē Ƥŕōxŷ Ƥŕōvĩďēŕ - - Optional enrollment flow, which is linked at the bottom of the page. + + AdditionalScopes + ÀďďĩţĩōńàĺŚćōƥēś - - Optional recovery flow, which is linked at the bottom of the page. + + Configure Radius Provider + Ćōńƒĩĝũŕē Ŕàďĩũś Ƥŕōvĩďēŕ - - This stage can be included in enrollment flows to accept invitations. + + Configure SAML Provider + Ćōńƒĩĝũŕē ŚÀMĹ Ƥŕōvĩďēŕ - - Continue flow without invitation + + Property mappings used for user mapping. + Ƥŕōƥēŕţŷ màƥƥĩńĝś ũśēď ƒōŕ ũśēŕ màƥƥĩńĝ. - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + Configure SCIM Provider + Ćōńƒĩĝũŕē ŚĆĨM Ƥŕōvĩďēŕ - - Validate the user's password against the selected backend(s). + + Property mappings used for group creation. + Ƥŕōƥēŕţŷ màƥƥĩńĝś ũśēď ƒōŕ ĝŕōũƥ ćŕēàţĩōń. - - Backends + + Event volume - - User database + standard password + + Require Outpost (flow can only be executed from an outpost). - - User database + app passwords + + Connection settings. - - User database + LDAP password + + Successfully updated endpoint. - - Selection of backends to test the password against. + + Successfully created endpoint. - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + Protocol - - Failed attempts before cancel + + RDP - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + SSH - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + VNC - - Fields + + Host - - ("", of type ) + + Hostname/IP to connect to. - - Validation Policies + + Endpoint(s) - - Selected policies are executed when the stage is submitted to validate the data. + + Update Endpoint - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - Log the currently pending user in. + + Create Endpoint - - Session duration + + RAC is in preview. - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + Update RAC Provider - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + Endpoints - - See here. + + General settings - - Stay signed in offset + + RDP settings - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Ignore server certificate + + + Enable wallpaper + + + Enable font-smoothing + + + Enable full window dragging Network binding @@ -3878,593 +8019,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +8135,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +8156,4 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - - + diff --git a/web/xliff/tr.xlf b/web/xliff/tr.xlf index e54d1fd0e..6a5ee1e02 100644 --- a/web/xliff/tr.xlf +++ b/web/xliff/tr.xlf @@ -1,9 +1,5492 @@ - + - - - - Admin + + + + English + İngilizce + + + French + Fransızca + + + Turkish + Türkçe + + + Spanish + + + Polish + + + Taiwanese Mandarin + + + Chinese (simplified) + + + Chinese (traditional) + + + German + + + Loading... + Yükleniyor... + + + Application + Uygulama + + + Logins + Oturum Açma + + + Show less + Daha az göster + + + Show more + Daha fazla göster + + + UID + UID + + + Name + İsim + + + App + Uygulama + + + Model Name + Model Adı + + + Message + Mesaj + + + Subject + Konu + + + From + itibaren + + + To + Kime + + + Context + Bağlam + + + User + Kullanıcı + + + Affected model: + Etkilenen model: + + + Authorized application: + Yetkili başvuru: + + + Using flow + Akışı kullanma + + + Email info: + E-posta bilgileri: + + + Secret: + Sır: + + + Open issue on GitHub... + GitHub'da açık sorun... + + + Exception + Hata + + + Expression + İfade + + + Binding + Ciltleme + + + Request + Talep + + + Object + Nesne + + + Result + Sonuç + + + Passing + Geçiyor + + + Messages + İletiler + + + Using source + Kaynak kullanma + + + Attempted to log in as + + olarak oturum açmaya çalışıldı + + + No additional data available. + Ek veri yok. + + + Click to change value + Değeri değiştirmek için tıklayın + + + Select an object. + + + Loading options... + + + Connection error, reconnecting... + Bağlantı hatası, yeniden bağlanıyor... + + + Login + Giriş + + + Failed login + Başarısız oturum açma + + + Logout + Oturumu Kapa + + + User was written to + Kullanıcı yazıldı + + + Suspicious request + Şüpheli istek + + + Password set + Parola seti + + + Secret was viewed + Sır görüldü + + + Secret was rotated + Sırrı döndürüldü + + + Invitation used + Kullanılan davetiye + + + Application authorized + Başvuru yetkili + + + Source linked + Kaynak bağlantılı + + + Impersonation started + Kimliğe bürünme başladı + + + Impersonation ended + Taklit sona erdi + + + Flow execution + Akış yürütme + + + Policy execution + İlke yürütme + + + Policy exception + İlke hatası + + + Property Mapping exception + Özellik Eşleme hatası + + + System task execution + Sistem görevi yürütme + + + System task exception + Sistem görevi hatası + + + General system exception + Genel sistem hatası + + + Configuration error + Yapılandırma hatası + + + Model created + Model oluşturuldu + + + Model updated + Model güncellendi + + + Model deleted + Model silindi + + + Email sent + E-posta gönderildi + + + Update available + Güncelleme mevcut + + + Unknown severity + + + Alert + Alarm + + + Notice + Uyarı + + + Warning + Uyarı + + + no tabs defined + tanımlanmış sekme yok + + + - of + + içinden + - + + + + Go to previous page + Önceki sayfaya git + + + Go to next page + Sonraki sayfaya git + + + Search... + Ara... + + + Loading + Yükleniyor + + + No objects found. + Nesne bulunamadı. + + + Failed to fetch objects. + + + Refresh + Yenile + + + Select all rows + Tüm satırları seç + + + Action + Eylem + + + Creation Date + Oluşturma Tarihi + + + Client IP + İstemci IP + + + Recent events + + + On behalf of + + adına + + + - + - + + + No Events found. + Olaylar bulunamadı. + + + No matching events could be found. + Eşleşen olay bulunamadı. + + + Embedded outpost is not configured correctly. + Gömülü üs düzgün yapılandırılmamış. + + + Check outposts. + İleri üsleri kontrol edin. + + + HTTPS is not detected correctly + HTTPS doğru algılanmadı + + + Server and client are further than 5 seconds apart. + Sunucu ve istemci arasında 5 saniyeden daha uzaktır. + + + OK + OK + + + Everything is ok. + Her şey yolunda. + + + System status + Sistem durumu + + + Based on + + + is available! + + kullanılabilir! + + + Up-to-date! + Güncel! + + + Version + Sürüm + + + Workers + İşçiler + + + No workers connected. Background tasks will not run. + İşçi bağlantısı yok. Arka plan görevleri çalışmaz. + + + hour(s) ago + + + day(s) ago + + + Authorizations + Yetkilendirmeler + + + Failed Logins + Başarısız Oturum Açma + + + Successful Logins + Başarılı Oturum Açma + + + : + + : + + + + Cancel + İptal et + + + LDAP Source + LDAP Kaynağı + + + SCIM Provider + + + Healthy + + + Healthy outposts + Sağlıklı üsler + + + Admin + Yönetici + + + Not found + Bulunamadı + + + The URL "" was not found. + “ + ” URL'si bulunamadı. + + + Return home + Eve dön + + + General system status + Genel sistem durumu + + + Welcome, . + Hoş geldiniz, + . + + + Quick actions + Hızlı eylemler + + + Create a new application + Yeni bir uygulama oluştur + + + Check the logs + Günlükleri kontrol et + + + Explore integrations + Entegrasyonları keşfedin + + + Manage users + + + Outpost status + Üs durumu + + + Sync status + Durumu senkronize et + + + Logins and authorizations over the last week (per 8 hours) + + + Apps with most usage + En çok kullanıma sahip uygulamalar + + + days ago + + gün önce + + + Objects created + Oluşturulan nesneler + + + Users created per day in the last month + Son ay içinde günlük oluşturulan kullanıcılar + + + Logins per day in the last month + Son ay içinde günlük oturum açma + + + Failed Logins per day in the last month + Geçtiğimiz ay içinde günlük başarısız oturum açma + + + Clear search + + + System Tasks + Sistem Görevleri + + + Long-running operations which authentik executes in the background. + authentik'in arka planda yürüttüğü uzun süreli işlemler. + + + Identifier + Tanımlayıcı + + + Description + Açıklama + + + Last run + Son çalıştırma + + + Status + Durum + + + Actions + Eylemler + + + Successful + Başarılı + + + Error + Hata + + + Unknown + bilinmeyen + + + Duration + + + seconds + + + Authentication + Kimlik Doğrulama + + + Authorization + Yetkilendirme + + + Enrollment + Kayıt + + + Invalidation + Geçersiz + + + Recovery + Kurtarma + + + Stage Configuration + Aşama Konfigürasyonu + + + Unenrollment + Kayıttan Çıkarma + + + Unknown designation + + + Stacked + + + Content left + + + Content right + + + Sidebar left + + + Sidebar right + + + Unknown layout + + + Successfully updated provider. + Sağlayıcı başarıyla güncellendi. + + + Successfully created provider. + Sağlayıcı başarıyla oluşturuldu. + + + Bind flow + Bağlama akışı + + + Flow used for users to authenticate. + + + Search group + Arama grubu + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + Seçilen gruptaki kullanıcılar arama sorguları yapabilir. Hiçbir grup seçilmezse, LDAP Aramalarına izin verilmez. + + + Bind mode + + + Cached binding + + + Flow is executed and session is cached in memory. Flow is executed when session expires + + + Direct binding + + + Always execute the configured bind flow to authenticate the user + + + Configure how the outpost authenticates requests. + + + Search mode + Arama modu + + + Cached querying + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + + + Direct querying + + + Always returns the latest data, but slower than cached querying + + + Configure how the outpost queries the core authentik server's users. + Üssün çekirdek authentik sunucusunun kullanıcılarını nasıl sorgulayacağını yapılandırın. + + + Protocol settings + Protokol ayarları + + + Base DN + Taban DN + + + LDAP DN under which bind requests and search requests can be made. + Bağlama istekleri ve arama istekleri altında yapılabilen LDAP DN. + + + Certificate + Sertifika + + + UID start number + UID başlangıç numarası + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + UidNumbers'ın başlangıcında, bu sayı, POSIX kullanıcıları için sayıların çok düşük olmadığından emin olmak için user.Pk öğesine eklenir. Varsayılan 2000 yerel kullanıcılarla çarpışmadığımızdan emin olmak için uidNumber + + + GID start number + GID başlangıç numarası + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + gidNumbers'ın başlangıcı, bu sayı group.Pk öğesinden oluşturulan bir sayıya eklenir ve sayıların POSIX grupları için çok düşük olmamasını sağlar. Yerel gruplar veya kullanıcıların birincil grupların gidNumber'ıyla çakışmaması için varsayılan 4000'dir + + + (Format: hours=-1;minutes=-2;seconds=-3). + (Biçim: saat=-1; dakika=-2; ikincil=-3). + + + (Format: hours=1;minutes=2;seconds=3). + (Biçim: saat=1; dakika=2; saniye= 3). + + + The following keywords are supported: + + + Authentication flow + Kimlik doğrulama akışı + + + Flow used when a user access this provider and is not authenticated. + + + Authorization flow + Yetkilendirme akışı + + + Flow used when authorizing this provider. + Bu sağlayıcıyı yetkilendirirken kullanılan akış. + + + Client type + İstemci türü + + + Confidential + Gizli + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + + Public + Kamu + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + + Client ID + Müşteri Kimliği + + + Client Secret + Müşteri Sırrı + + + Redirect URIs/Origins (RegEx) + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + Başarılı bir yetkilendirme akışından sonra geçerli yeniden yönlendirme URL'leri. Ayrıca Kapalı akışlar için burada tüm kökenleri belirtin. + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + + Signing Key + İmzalama Anahtarı + + + Key used to sign the tokens. + Anahtar belirteçleri imzalamak için kullanılır. + + + Advanced protocol settings + Gelişmiş protokol ayarları + + + Access code validity + Erişim kodu geçerliliği + + + Configure how long access codes are valid for. + Erişim kodlarının ne kadar süreyle geçerli olduğunu yapılandırın. + + + Access Token validity + + + Configure how long access tokens are valid for. + Erişim belirteçlerinin ne kadar süreyle geçerli olduğunu yapılandırın. + + + Refresh Token validity + + + Configure how long refresh tokens are valid for. + + + Scopes + Kapsamlar + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + İstemci tarafından hangi kapsamların kullanılabileceğini seçin. İstemci yine de verilere erişmek için kapsamı belirtmelidir. + + + Hold control/command to select multiple items. + Birden fazla öğe seçmek için control/command tuşunu basılı tut. + + + Subject mode + Konu modu + + + Based on the User's hashed ID + + + Based on the User's ID + + + Based on the User's UUID + + + Based on the User's username + + + Based on the User's Email + + + This is recommended over the UPN mode. + + + Based on the User's UPN + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + Hangi verilerin benzersiz Kullanıcı Tanımlayıcısı olarak kullanılması gerektiğini yapılandırın. Çoğu durumda, varsayılan seçim yeterlidir. + + + Include claims in id_token + İd_token'a hak taleplerini dahil et + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + Userinfo uç noktasına erişmeyen uygulamalar için, id_token'daki kapsamlardan Kullanıcı taleplerini dahil edin. + + + Issuer mode + Yayımcı kipi + + + Each provider has a different issuer, based on the application slug + + + Same identifier is used for all providers + Aynı tanımlayıcı tüm sağlayıcılar için kullanılır + + + Configure how the issuer field of the ID Token should be filled. + Kimlik Belirtecinin yayımcı alanının nasıl doldurulacağını yapılandırın. + + + Machine-to-Machine authentication settings + + + Trusted OIDC Sources + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + + HTTP-Basic Username Key + HTTP-Basic Kullanıcı Adı Anahtarı + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + HTTP-Basic Üstbilgisinin kullanıcı bölümü için kullanılan Kullanıcı/Grup Özniteliği. Ayarlanmazsa, kullanıcının E-posta adresi kullanılır. + + + HTTP-Basic Password Key + HTTP-Temel Parola Anahtarı + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + HTTP-Basic Üstbilgisinin parola kısmı için kullanılan Kullanıcı/Grup Özniteliği. + + + Proxy + Vekil Sunucu + + + Forward auth (single application) + İleri kimlik doğrulaması (tek uygulama) + + + Forward auth (domain level) + İleri kimlik doğrulama (etki alanı düzeyi) + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + Bu sağlayıcı saydam bir ters vekil sunucu gibi davranır, ancak isteklerin kimliğinin doğrulanması gerekir. Yön uygulamanızda HTTPS kullanıyorsa üsse de HTTPS kullanarak bağlandığınızdan emin olun. + + + External host + Harici ana bilgisayar + + + The external URL you'll access the application at. Include any non-standard port. + Uygulamaya erişeceğiniz harici URL. Standart olmayan herhangi bir bağlantı noktasını dahil edin. + + + Internal host + Dahili ana bilgisayar + + + Upstream host that the requests are forwarded to. + İsteklerin iletildiği yukarı ana bilgisayar. + + + Internal host SSL Validation + Dahili ana bilgisayar SSL Doğrulaması + + + Validate SSL Certificates of upstream servers. + Yayın yukarı akış sunucularının SSL Sertifikalarını doğrulayın. + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + Bu sağlayıcıyı nginx'in auth_request veya traefik'in forwardAuth ile kullanın. Kök etki alanı başına yalnızca tek bir sağlayıcı gereklidir. Uygulama başına yetkilendirme yapamazsınız, ancak her uygulama için bir sağlayıcı oluşturmanız gerekmez. + + + An example setup can look like this: + Bir örnek kurulum şu şekilde görünebilir: + + + authentik running on auth.example.com + auth.example.com üzerinde çalışan authentik + + + app1 running on app1.example.com + app1 üzerinde çalışan app1.example.com + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + Bu durumda, Kimlik Doğrulama URL'sini auth.example.com ve Çerez etki alanı olarak example.com olarak ayarlamalısınız. + + + Authentication URL + Kimlik Doğrulama URL'si + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + Kimlik doğrulayacağınız harici URL. Auentik çekirdek sunucusuna bu URL altında erişilebilir olmalıdır. + + + Cookie domain + Çerez alan adı + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + Bunu kimlik doğrulamasının geçerli olmasını istediğiniz etki alanına ayarlayın. Yukarıdaki URL'nin bir üst etki alanı olmalıdır. Uygulamaları app1.domain.tld, app2.domain.tld olarak çalıştırıyorsanız, bunu 'domain.tld' olarak ayarlayın. + + + Unknown proxy mode + + + Token validity + Belirteç geçerliliği + + + Configure how long tokens are valid for. + Belirteçlerin ne kadar geçerli olduğunu yapılandırın. + + + Additional scopes + + + Additional scope mappings, which are passed to the proxy. + Proxy'ye iletilen ek kapsam eşlemeleri. + + + Unauthenticated URLs + Kimliği Doğrulanmamış URL'ler + + + Unauthenticated Paths + Kimliği Doğrulanmamış Yollar + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + Kimlik doğrulamasının gerekli olmadığı düzenli ifadeler. Her yeni satır yeni bir ifade olarak yorumlanır. + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + Proxy veya ileri auth (tek uygulama) modunu kullanırken, istenen URL Yolu düzenli ifadelere karşı denetlenir. İleriye yönlendirme (etki alanı modu) kullanıldığında, şema ve ana bilgisayar da dahil olmak üzere istenen tam URL normal ifadelerle eşleştirilir. + + + Authentication settings + + + Intercept header authentication + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + + + Send HTTP-Basic Authentication + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + + + ACS URL + ACS URL + + + Issuer + Yayımcı + + + Also known as EntityID. + + + Service Provider Binding + Servis Sağlayıcı Bağlama + + + Redirect + Yönlendirme + + + Post + Post + + + Determines how authentik sends the response back to the Service Provider. + authentik'in yanıtı Servis Sağlayıcıya nasıl geri göndereceğini belirler. + + + Audience + İzleyici + + + Signing Certificate + İmzalama Serfikası + + + Certificate used to sign outgoing Responses going to the Service Provider. + Sertifika Hizmet Sağlayıcıya giden giden Yanıtları imzalamak için kullanılır. + + + Verification Certificate + Doğrulama Sertifikası + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + Seçildiğinde, gelen onaylama öğesinin İmzaları bu sertifikaya göre doğrulanır. İmzasız İsteklere izin vermek için varsayılan olarak bırakın. + + + Property mappings + Özellik eşlemeleri + + + NameID Property Mapping + NameID Özellik Eşlemesi + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + NameID değerinin nasıl oluşturulacağını yapılandırın. Boş bırakıldığında, gelen isteğin NameIDPolicy değerine saygı gösterilir. + + + Assertion valid not before + Onaylama işlemi daha önce geçerli değil + + + Configure the maximum allowed time drift for an assertion. + Bir onaylama işlemi için izin verilen maksimum zaman kaymasını yapılandırın. + + + Assertion valid not on or after + Onaylama işlemi geçerli değil veya sonrasında + + + Assertion not valid on or after current time + this value. + + + Session valid not on or after + Oturum geçerli değil veya sonrasında + + + Session not valid on or after current time + this value. + + + Digest algorithm + Digest algoritması + + + Signature algorithm + İmza algoritması + + + Successfully imported provider. + Sağlayıcı başarıyla içe aktarıldı. + + + Metadata + Meta veriler + + + Apply changes + + + Close + Kapat + + + Finish + + + Back + + + No form found + Form bulunamadı + + + Form didn't return a promise for submitting + Form göndermek için bir söz vermedi + + + Select type + + + Try the new application wizard + + + The new application wizard greatly simplifies the steps required to create applications and providers. + + + Try it now + + + Create + Oluştur + + + New provider + + + Create a new provider. + + + Create + Oluştur + + + + Shared secret + + + Client Networks + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + + + URL + + + SCIM base url, usually ends in /v2. + + + Token + Belirteç + + + Token to authenticate with. Currently only bearer authentication is supported. + + + User filtering + + + Exclude service accounts + + + Group + Grup + + + Only sync users within the selected group. + + + Attribute mapping + + + User Property Mappings + Kullanıcı Özellik Eşlemeleri + + + Property mappings used to user mapping. + + + Group Property Mappings + Grup Özellik Eşlemeleri + + + Property mappings used to group creation. + Grup oluşturma için kullanılan özellik eşlemeleri. + + + Not used by any other object. + Başka bir nesne tarafından kullanılmaz. + + + object will be DELETED + nesne SILİNECEK + + + connection will be deleted + bağlantı silinecek + + + reference will be reset to default value + referans varsayılan değere sıfırlanır + + + reference will be set to an empty value + referans boş bir değere ayarlanacaktır + + + () + + ( + ) + + + ID + ID + + + Successfully deleted + + + Failed to delete : + + silinemedi: + + + + Delete + + Sil + + + Are you sure you want to delete ? + + + Delete + Sil + + + Providers + Sağlayıcılar + + + Provide support for protocols like SAML and OAuth to assigned applications. + Atanan uygulamalara SAML ve OAuth gibi protokoller için destek sağlayın. + + + Type + Tipi + + + Provider(s) + Sağlayıcı (lar) + + + Assigned to application + Uygulamaya atanmış + + + Assigned to application (backchannel) + + + Warning: Provider not assigned to any application. + Uyarı: Sağlayıcı herhangi bir uygulamaya atanmamış. + + + Update + Güncelleme + + + Update + Güncelleme + + + + Select providers to add to application + + + Add + Ekle + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + Ya tam bir URL, göreli bir yol girin ya da 'fa://fa-test' Yazı Tipi Awesome simgesini “fa-test” kullanmak için kullanın. + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + + + Successfully updated application. + Uygulama başarıyla güncellendi. + + + Successfully created application. + Uygulama başarıyla oluşturuldu. + + + Application's display Name. + Uygulamanın görünen Adı. + + + Slug + Kısa İsim + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + + + Provider + Sağlayıcı + + + Select a provider that this application should use. + + + Select backchannel providers which augment the functionality of the main provider. + + + Policy engine mode + İlke altyapısı modu + + + Any policy must match to grant access + + + All policies must match to grant access + + + UI settings + UI ayarları + + + Launch URL + URL Başlat + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + Boş bırakılırsa, authentik seçili sağlayıcıya göre başlatma URL'sini ayıklamaya çalışacaktır. + + + Open in new tab + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + + + Icon + Simge + + + Currently set to: + Şu anda şu şekilde ayarlanmış: + + + Clear icon + Simgeyi temizle + + + Publisher + Yayıncı + + + Create Application + Uygulama Oluştur + + + Overview + Genel Bakış + + + Changelog + Değişiklikler + + + Warning: Provider is not used by any Outpost. + Uyarı: Sağlayıcı herhangi bir Üs tarafından kullanılmaz. + + + Assigned to application + Uygulamaya atanmış + + + Update LDAP Provider + LDAP Sağlayıcısını Güncelle + + + Edit + Düzenle + + + How to connect + Nasıl bağlanır + + + Connect to the LDAP Server on port 389: + Bağlantı noktası 389 LDAP sunucusuna bağlanın: + + + Check the IP of the Kubernetes service, or + Kubernetes hizmetinin IP'lerini kontrol edin veya + + + The Host IP of the docker host + Docker ana bilgisayarının Ana Bilgisayar IP'si + + + Bind DN + Bağlama DN + + + Bind Password + Parola Bağla + + + Search base + Arama tabanı + + + Preview + + + Warning: Provider is not used by an Application. + Uyarı: Sağlayıcı bir Uygulama tarafından kullanılmaz. + + + Redirect URIs + URI'leri yeniden yönlendirme + + + Update OAuth2 Provider + OAuth2 Sağlayıcısını Güncelleştirme + + + OpenID Configuration URL + OpenID Yapılandırma URL + + + OpenID Configuration Issuer + OpenID Yapılandırması Yayımlayıcı + + + Authorize URL + URL'yi yetkilendirme + + + Token URL + Belirteç URL'si + + + Userinfo URL + Userinfo URL'si + + + Logout URL + Oturum Kapma URL'si + + + JWKS URL + + + Example JWT payload (for currently authenticated user) + + + Forward auth (domain-level) + İleri kimlik doğrulama (alan düzeyi) + + + Nginx (Ingress) + Nginx (Giriş) + + + Nginx (Proxy Manager) + Nginx (Proxy Yöneticisi) + + + Nginx (standalone) + Nginx (bağımsız) + + + Traefik (Ingress) + Traefik (Giriş) + + + Traefik (Compose) + Traefik (Beste) + + + Traefik (Standalone) + Traefik (Bağımsız) + + + Caddy (Standalone) + + + Internal Host + Dahili Ana Bilgisayar + + + External Host + Harici Ana Bilgisayar + + + Basic-Auth + Basic-Auth + + + Yes + Evet + + + Mode + Mod + + + Update Proxy Provider + Proxy Sağlayıcıyı Güncelle + + + Protocol Settings + Protokol Ayarları + + + Allowed Redirect URIs + İzin Verilen Yeniden Yönlendirme URI'leri + + + Setup + Kurulum + + + No additional setup is required. + Ek kurulum gerekmez. + + + Update Radius Provider + + + Download + Indir + + + Copy download URL + İndirme URL'sini + + + Download signing certificate + İmzalama sertifikasını indirme + + + Related objects + İlgili nesneler + + + Update SAML Provider + SAML Sağlayıcısını Güncelle + + + SAML Configuration + + + EntityID/Issuer + + + SSO URL (Post) + + + SSO URL (Redirect) + + + SSO URL (IdP-initiated Login) + + + SLO URL (Post) + + + SLO URL (Redirect) + + + SAML Metadata + SAML Meta Verileri + + + Example SAML attributes + + + NameID attribute + + + Warning: Provider is not assigned to an application as backchannel provider. + + + Update SCIM Provider + + + Run sync again + Eşzamanlamayı tekrar çalıştır + + + Modern applications, APIs and Single-page applications. + + + LDAP + LDAP + + + Provide an LDAP interface for applications and users to authenticate against. + + + New application + + + Applications + Uygulamalar + + + Provider Type + Sağlayıcı Türü + + + Application(s) + Uygulama (lar) + + + Application Icon + Uygulama Simgesi + + + Update Application + Uygulamayı Güncelle + + + Successfully sent test-request. + Test isteği başarıyla gönderildi. + + + Log messages + + + No log messages. + + + Active + Etkin + + + Last login + Son giriş + + + Select users to add + Eklenecek kullanıcıları seçin + + + Successfully updated group. + Grup başarıyla güncellendi. + + + Successfully created group. + Grup başarıyla oluşturuldu. + + + Is superuser + Süper kullanıcı + + + Users added to this group will be superusers. + Bu gruba eklenen kullanıcılar süper kullanıcılar olacaktır. + + + Parent + Ebeveyn + + + Attributes + Öznitellikler + + + Set custom attributes using YAML or JSON. + YAML veya JSON kullanarak özel nitelikleri ayarlayın. + + + Successfully updated binding. + Ciltleme başarıyla güncellendi. + + + Successfully created binding. + Bağlama başarılı bir şekilde oluşturuldu. + + + Policy + İlke + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + + + User mappings can only be checked if a user is already logged in when trying to access this source. + + + Enabled + Etkin + + + Negate result + Negate sonucu + + + Negates the outcome of the binding. Messages are unaffected. + Bağlamanın sonucunu susturur. Mesajlar etkilenmez. + + + Order + Sıra + + + Timeout + Zaman aşımı + + + Successfully updated policy. + İlke başarıyla güncelleştirildi. + + + Successfully created policy. + İlke başarıyla oluşturuldu. + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + Test için kullanılan bir ilke. Her zaman rastgele bir süre bekledikten sonra aşağıda belirtilen sonucu döndürür. + + + Execution logging + Yürütme günlüğü + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + Bu seçenek etkinleştirildiğinde, bu ilkenin tüm yürütmeleri günlüğe kaydedilir. Varsayılan olarak, yalnızca yürütme hataları günlüğe kaydedilir. + + + Policy-specific settings + İlke özel ayarlar + + + Pass policy? + Geçiş ilkesi? + + + Wait (min) + Bekle (dk) + + + The policy takes a random time to execute. This controls the minimum time it will take. + İlke yürütmesi rastgele bir zaman alır. Bu, alacağı minimum süreyi belirler. + + + Wait (max) + Bekleyin (maks.) + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + Bir olayı ölçütler kümesine göre eşleştirir. Yapılandırılan değerlerden herhangi biri eşleşirse, ilke geçer. + + + Match created events with this action type. When left empty, all action types will be matched. + Oluşturulan olayları bu eylem türüyle eşleştirin. Boş bırakıldığında tüm eylem türleri eşleştirilir. + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + Olayın İstemci IP'siyle eşleşir (katı eşleştirme, ağ eşleştirme için bir İfade İlkesi kullanın. + + + Match events created by selected application. When left empty, all applications are matched. + Seçilen uygulama tarafından oluşturulan olayları eşleştir. Boş bırakıldığında, tüm uygulamalar eşleştirilir. + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + İsteğin kullanıcı parolasının son x gün içinde değiştirilip değiştirilmediğini kontrol eder ve ayarlara göre reddedilir. + + + Maximum age (in days) + Maksimum yaş (gün olarak) + + + Only fail the policy, don't invalidate user's password + + + Executes the python snippet to determine whether to allow or deny a request. + Bir isteğe izin verip reddedilmeyeceğini belirlemek için python parçacığını çalıştırır. + + + Expression using Python. + Python kullanarak ifade. + + + See documentation for a list of all variables. + Tüm değişkenlerin listesi için belgelere bakın. + + + Static rules + + + Minimum length + Minimum uzunluk + + + Minimum amount of Uppercase Characters + Minimum Büyük Harf Karakter Miktarı + + + Minimum amount of Lowercase Characters + Minimum Küçük Harf Karakter Miktarı + + + Minimum amount of Digits + Minimum Rakam sayısı + + + Minimum amount of Symbols Characters + Minimum Semboller Karakter Miktarı + + + Error message + Hata mesajı + + + Symbol charset + Sembol karakter seti + + + Characters which are considered as symbols. + Sembol olarak kabul edilen karakterler. + + + HaveIBeenPwned settings + + + Allowed count + İzin verilen sayısı + + + Allow up to N occurrences in the HIBP database. + HIBP veritabanında N oluşumuna kadar izin ver. + + + zxcvbn settings + + + Score threshold + + + If the password's score is less than or equal this value, the policy will fail. + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + İlke isteğindeki değeri, çoğunlukla parola gücünü sağlamak için kullanılan çeşitli kurallara göre denetler. + + + Password field + Parola alanı + + + Field key to check, field keys defined in Prompt stages are available. + Alan tuşu kontrol etmek için, İstem aşamalarında tanımlanan alan tuşları mevcuttur. + + + Check static rules + + + Check haveibeenpwned.com + + + For more info see: + + + Check zxcvbn + + + Password strength estimator created by Dropbox, see: + + + Allows/denys requests based on the users and/or the IPs reputation. + Kullanıcıların ve/veya IP'lerin itibarına göre isteklere izin ver/reddeder. + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + + + Check IP + IP'yi Kontrol Et + + + Check Username + Kullanıcı Adını Kontrol Et + + + Threshold + Eşik + + + New policy + + + Create a new policy. + + + Create Binding + Bağlama Oluştur + + + Superuser + Süper kullanıcı + + + Members + Üyeler + + + Select groups to add user to + Kullanıcı eklemek için grupları seçin + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + + + Successfully updated user. + Kullanıcı başarıyla güncellendi. + + + Successfully created user. + Kullanıcı başarıyla oluşturuldu. + + + Username + Kullanıcı Adı + + + User's primary identifier. 150 characters or fewer. + + + User's display name. + Kullanıcının görünen adı. + + + Email + E-posta + + + Is active + Aktif + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + Bu kullanıcının etkin olarak değerlendirilmesi gerekip gerekmediğini belirtir. Hesapları silmek yerine bunun seçimini kaldırın. + + + Path + + + Policy / User / Group + İlke / Kullanıcı / Grup + + + Policy + İlke + + + + Group + Grup + + + + User + Kullanıcı + + + + Edit Policy + İlkeyi Düzenle + + + Update Group + Güncelleme Grubu + + + Edit Group + Grubu Düzenle + + + Update User + Kullanıcı Güncelle + + + Edit User + Kullanıcı Düzenle + + + Policy binding(s) + İlke bağlama (ler) + + + Update Binding + Ciltlemeyi Güncelle + + + Edit Binding + Bağlamayı Düzenle + + + No Policies bound. + Hiçbir ilke bağlı. + + + No policies are currently bound to this object. + Hiçbir ilke şu anda bu nesneye bağlı değildir. + + + Bind existing policy + + + Warning: Application is not used by any Outpost. + Uyarı: Uygulama herhangi bir Üs tarafından kullanılmıyor. + + + Related + İlgili + + + Backchannel Providers + + + Check access + Erişimi kontrol + + + Check + Kontrol + + + Check Application access + Uygulama erişimini denetle + + + Test + Test + + + Launch + Eriş + + + Logins over the last week (per 8 hours) + + + Policy / Group / User Bindings + İlke / Grup / Kullanıcı Bağlamaları + + + These policies control which users can access this application. + Bu ilkeler hangi kullanıcıların bu uygulamaya erişebileceğini denetler. + + + Successfully updated source. + Kaynak başarıyla güncellendi. + + + Successfully created source. + Kaynak başarıyla oluşturuldu. + + + Sync users + Kullanıcıları senkronize et + + + User password writeback + Kullanıcı parolasını geri yazma + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + Giriş parolası LDAP'den authentik'e otomatik olarak senkronize edilir. Bu seçeneği yalnızca oentik'te parola değişikliklerini LDAP'ye geri yazmak için etkinleştirin. + + + Sync groups + Grupları eşle + + + Connection settings + Bağlantı ayarları + + + Server URI + Sunucu URI + + + Specify multiple server URIs by separating them with a comma. + Birden çok sunucu URI'lerini virgülle ayırarak belirtin. + + + Enable StartTLS + StartTLS'yi Etkinleştir + + + To use SSL instead, use 'ldaps://' and disable this option. + Bunun yerine SSL kullanmak için 'ldaps: //' kullanın ve bu seçeneği devre dışı bırakın. + + + TLS Verification Certificate + TLS Doğrulama Sertifikası + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + TLS ile bir LDAP Sunucusuna bağlanırken, sertifikalar varsayılan olarak denetlenmez. Uzak sertifikayı doğrulamak için bir anahtar çifti belirtin. + + + Bind CN + Bağlama CN + + + LDAP Attribute mapping + LDAP Öznitelik eşlemesi + + + Property mappings used to user creation. + Kullanıcı oluşturma için kullanılan özellik eşlemeleri. + + + Additional settings + Ek ayarlar + + + Parent group for all the groups imported from LDAP. + LDAP'den alınan tüm gruplar için ebeveyn grubu. + + + User path + + + Addition User DN + Ekleme Kullanıcı DN + + + Additional user DN, prepended to the Base DN. + Ek kullanıcı DN, temel DN'ye eklenmiş. + + + Addition Group DN + Toplama Grubu DN + + + Additional group DN, prepended to the Base DN. + Ek grup DN, Base DN için eklenmiş. + + + User object filter + Kullanıcı nesne filtresi + + + Consider Objects matching this filter to be Users. + Bu filtreyle eşleşen nesneleri Kullanıcı olarak düşünün. + + + Group object filter + Grup nesnesi filtresi + + + Consider Objects matching this filter to be Groups. + Bu filtreyle eşleşen nesneleri Gruplar olarak düşünün. + + + Group membership field + Grup üyelik alanı + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + Bir grubun üyelerini içeren alan. “memberUid” alanını kullanıyorsanız, değerin göreli bir ayırt edici ad içerdiği varsayılır. örn. 'memberUid=cn=some-user yerine 'memberUid=some-user, ou=groups,...' + + + Object uniqueness field + Nesne benzersizliği alanı + + + Field which contains a unique Identifier. + Benzersiz bir Tanımlayıcı içeren alan. + + + Link users on unique identifier + Kullanıcıları benzersiz tanımlayıcıya bağlama + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + Aynı e-posta adresine sahip bir kullanıcıya bağlantı verin. Bir kaynak e-posta adreslerini doğrulamadığında güvenlik etkileri olabilir + + + Use the user's email address, but deny enrollment when the email address already exists + + + Link to a user with identical username. Can have security implications when a username is used with another source + + + Use the user's username, but deny enrollment when the username already exists + + + Unknown user matching mode + + + URL settings + URL ayarları + + + Authorization URL + Yetkilendirme URL'si + + + URL the user is redirect to to consent the authorization. + Kullanıcının yetkilendirmeyi onaylamak için yönlendirdiği URL. + + + Access token URL + Erişim belirteci URL'si + + + URL used by authentik to retrieve tokens. + Auentik tarafından belirteçleri almak için kullanılan URL. + + + Profile URL + Profil URL'si + + + URL used by authentik to get user information. + Kullanıcı bilgilerini almak için authentik tarafından kullanılan URL. + + + Request token URL + Belirteç URL'sini iste + + + URL used to request the initial token. This URL is only required for OAuth 1. + İlk belirteci istemek için kullanılan URL. Bu URL yalnızca OAuth 1 için gereklidir. + + + OIDC Well-known URL + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + + + OIDC JWKS URL + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + + + OIDC JWKS + + + Raw JWKS data. + + + User matching mode + Kullanıcı eşleştirme modu + + + Delete currently set icon. + Şu anda ayarlanan simgeyi sil. + + + Consumer key + Tüketici anahtarı + + + Consumer secret + Tüketici sırrı + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + + + Flow settings + Akış ayarları + + + Flow to use when authenticating existing users. + Mevcut kullanıcıların kimliğini doğrularken kullanmak için akış. + + + Enrollment flow + Kayıt akışı + + + Flow to use when enrolling new users. + Yeni kullanıcıları kaydettirirken kullanmak için akış. + + + Load servers + Sunucuları yükle + + + Re-authenticate with plex + plex ile yeniden kimlik doğrulama + + + Allow friends to authenticate via Plex, even if you don't share any servers + Herhangi bir sunucu paylaşmasan bile arkadaşlarının Plex aracılığıyla kimlik doğrulamasına izin ver + + + Allowed servers + İzin verilen sunucular + + + Select which server a user has to be a member of to be allowed to authenticate. + Bir kullanıcının kimlik doğrulamasına izin verilmesi için üye olması gereken sunucuyu seçin. + + + SSO URL + SSO URL + + + URL that the initial Login request is sent to. + İlk oturum açma isteğinin gönderildiği URL. + + + SLO URL + SLO URL + + + Optional URL if the IDP supports Single-Logout. + IDP Tek Oturumu Kapat'ı destekliyorsa isteğe bağlı URL. + + + Also known as Entity ID. Defaults the Metadata URL. + Entity ID olarak da bilinir. Metadata URL'sine varsayılan olarak ayarlanır. + + + Binding Type + Bağlama Tipi + + + Redirect binding + Yeniden yönlendirme bağlama + + + Post-auto binding + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + + + Post binding + Post ciltleme + + + Signing keypair + Anahtar çifti imzalama + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + Giden istekleri imzalamak için kullanılan anahtar çifti. İmzalamayı devre dışı bırakmak için boş bırakın. + + + Allow IDP-initiated logins + IDP tarafından başlatılan oturumlara izin ver + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + IdP tarafından başlatılan kimlik doğrulama akışlarına izin verir. İstek kimliğinin doğrulanması yapılmadığından, bu bir güvenlik riski olabilir. + + + NameID Policy + NameID İlkesi + + + Persistent + Kalıcı + + + Email address + E-posta adresi + + + Windows + Windows + + + X509 Subject + X509 Konusu + + + Transient + Geçici + + + Delete temporary users after + Geçici kullanıcıları sonra sil + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + + + Pre-authentication flow + Ön kimlik doğrulama akışı + + + Flow used before authentication. + Kimlik doğrulamadan önce kullanılan akış. + + + New source + + + Create a new source. + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + Auentik'in veritabanına senkronize edilebilen ya da kullanıcılar tarafından kimlik doğrulaması ve kayıt yaptırmak için kullanılabilen kimliklerin kaynakları. + + + Source(s) + Kaynak (lar) + + + Disabled + Devre Dışı + + + Built-in + Dahili + + + Update LDAP Source + LDAP Kaynağını Güncelle + + + Not synced yet. + Henüz senkronize edilmedi. + + + Task finished with warnings + Görev uyarılarla tamamlandı + + + Task finished with errors + Görev hatalarla tamamlandı + + + Last sync: + Son senkronizasyon: + + + + OAuth Source + + + Generic OpenID Connect + Genel OpenID Connect + + + Unknown provider type + + + Details + + + Callback URL + Geri arama URL'si + + + Access Key + Erişim Anahtarı + + + Update OAuth Source + OAuth Kaynağını Güncelle + + + Diagram + Diyagram + + + Policy Bindings + İlke Bağlamaları + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + + + Update Plex Source + Plex Kaynağını Güncelle + + + Update SAML Source + SAML Kaynağını Güncelle + + + Successfully updated mapping. + Eşleme başarıyla güncellendi. + + + Successfully created mapping. + Eşleme başarıyla oluşturuldu. + + + Object field + Nesne alanı + + + Field of the user object this value is written to. + Bu değerin yazıldığı kullanıcı nesnesinin alanı. + + + SAML Attribute Name + SAML Öznitelik Adı + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + SAML Onaylamaları için kullanılan öznitelik adı. URN OID, şema referansı veya başka bir dize olabilir. Bu özellik eşlemesi NameID özelliği için kullanılıyorsa, bu alan atılır. + + + Friendly Name + Dostça İsim + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + İsteğe bağlı olarak onaylama özniteliğinin 'FriendlyName' değerini ayarlayın. + + + Scope name + Kapsam adı + + + Scope which the client can specify to access these properties. + İstemcinin bu özelliklere erişmek için belirtebileceği kapsam. + + + Description shown to the user when consenting. If left empty, the user won't be informed. + Açıklama, izin verirken kullanıcıya gösterilir. Boş bırakılırsa kullanıcı bilgilendirilmez. + + + Example context data + + + Active Directory User + + + Active Directory Group + + + New property mapping + + + Create a new property mapping. + + + Property Mappings + Özellik Eşleştirmeleri + + + Control how authentik exposes and interprets information. + Auentik'in bilgiyi nasıl açığa çıkardığını ve yorumlayacağını kontrol edin. + + + Property Mapping(s) + Özellik Eşleme (ler) + + + Test Property Mapping + Sınama Özellik Eşlemesi + + + Hide managed mappings + Yönetilen eşlemeleri gizle + + + Successfully updated token. + Belirteç başarıyla güncellendi. + + + Successfully created token. + Belirteç başarıyla oluşturuldu. + + + Unique identifier the token is referenced by. + Belirteç tarafından başvurulan benzersiz tanımlayıcı. + + + Intent + Niyet + + + API Token + + + Used to access the API programmatically + + + App password. + + + Used to login using a flow executor + + + Expiring + Süresi Doluyor + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + Bu seçilirse, belirteç süresi dolacaktır. Süresi dolduktan sonra, belirteç döndürülür. + + + Expires on + Geçerlilik süresi + + + API Access + API Erişimi + + + App password + Uygulama parolası + + + Verification + Doğrulama + + + Unknown intent + + + Tokens + Belirteçler + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + Belirteçler, E-posta doğrulama aşamaları, Kurtarma anahtarları ve API erişimi için authentik boyunca kullanılır. + + + Expires? + Son kullanma tarihi mi? + + + Expiry date + Son kullanma tarihi + + + Token(s) + Belirteç(ler) + + + Create Token + Belirteç Oluştur + + + Token is managed by authentik. + Token authentik tarafından yönetilir. + + + Update Token + Belirteç Güncelle + + + Domain + Alan Adı + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + Eşleştirme, etki alanı sonekine göre yapılır, bu nedenle domain.tld girerseniz foo.domain.tld yine de eşleşir. + + + Default + Varsayılan + + + Branding settings + Markalama ayarları + + + Title + Başlık + + + Branding shown in page title and several other places. + Markalama sayfa başlığında ve başka yerlerde gösterilir. + + + Logo + Logo + + + Icon shown in sidebar/header and flow executor. + Simge kenar çubuğu/başlık ve akış yürütücüde gösterilir. + + + Favicon + Favicon + + + Icon shown in the browser tab. + Tarayıcı sekmesinde gösterilen simge. + + + Default flows + Varsayılan akışlar + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + Kullanıcıların kimliğini doğrulamak için kullanılan akış. Boş bırakılırsa, kısa isme göre sıralanan ilk uygulanabilir akış kullanılır. + + + Invalidation flow + Geçersizleştirme akışı + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + Çıkış yapmak için kullanılan akış. Boş bırakılırsa, kısa isme göre sıralanan ilk uygulanabilir akış kullanılır. + + + Recovery flow + Kurtarma akışı + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + Kurtarma akışı. Boş bırakılırsa, kısa isme göre sıralanan ilk uygulanabilir akış kullanılır. + + + Unenrollment flow + Kayıt dışı akış + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + Ayarlanırsa, kullanıcılar bu akışı kullanarak kendi kayıtlarını kaldırabilir. Akış ayarlanmamışsa seçenek gösterilmez. + + + User settings flow + + + If set, users are able to configure details of their profile. + + + Device code flow + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + + + Other global settings + Diğer genel ayarlar + + + Web Certificate + Web Sertifikası + + + Event retention + Etkinliği saklama + + + Duration after which events will be deleted from the database. + Olayların veritabanından silineceği süre. + + + When using an external logging solution for archiving, this can be set to "minutes=5". + Arşivleme için harici bir günlük çözümü kullanırken, bu “Dakika = 5" olarak ayarlanabilir. + + + This setting only affects new Events, as the expiration is saved per-event. + Bu ayar, süre sonu olay başına kaydedildiğinden, yalnızca yeni Olayları etkiler. + + + Configure visual settings and defaults for different domains. + Farklı etki alanları için görsel ayarları ve varsayılanları yapılandırın. + + + Default? + Varsayılan? + + + Policies + İlkeler + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + Kullanıcıların özelliklere göre Uygulamaları kullanmasına, Parola Ölçütlerini uygulamasına ve Aşama Alanları'nı seçerek uygulamasına izin verin. + + + Assigned to object(s). + + nesneye atanır. + + + Warning: Policy is not assigned. + Uyarı: İlke atanmamış. + + + Test Policy + Test İlkesi + + + Policy / Policies + İlke / İlkeler + + + Successfully cleared policy cache + İlke önbelleği başarıyla temizlendi + + + Failed to delete policy cache + İlke önbelleği silinemedi + + + Clear cache + Önbelleği temizle + + + Clear Policy cache + İlke önbelleği temizle + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + + + Reputation scores + İtibar puanları + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + IP ve kullanıcı tanımlayıcıları için itibar. Başarısız olan her giriş için puan azaltılır ve her başarılı oturum açma için artırılır. + + + IP + İP + + + Score + Skor + + + Updated + Güncellendi + + + Reputation + İtibar + + + Groups + Gruplar + + + Group users together and give them permissions based on the membership. + Kullanıcıları birlikte gruplandırın ve üyeliğe bağlı olarak izinler verin. + + + Superuser privileges? + Süper kullanıcı ayrıcalıkları mı? + + + Group(s) + Grup (ler) + + + Create Group + Grup Oluştur + + + Create group + Grup oluştur + + + Enabling this toggle will create a group named after the user, with the user as member. + Bu geçiş özelliğini etkinleştirmek, kullanıcının adını taşıyan ve kullanıcının üye olduğu bir grup oluşturur. + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + Kimlik doğrulaması için aşağıdaki kullanıcı adı ve parolayı kullanın. Parola daha sonra Belirteçler sayfasından alınabilir. + + + Password + Parola + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + 360 gün boyunca geçerlidir, bundan sonra parola otomatik olarak dönecektir. Parolayı Token Listesi'nden kopyalayabilirsiniz. + + + The following objects use + Aşağıdaki nesneler + + + + connecting object will be deleted + bağlantılı nesne silinecek + + + Successfully updated + + + Failed to update : + + güncellenemedi: + + + + Are you sure you want to update ""? + + “ + ” güncellemesini istediğinizden emin misiniz? + + + Successfully updated password. + Parola başarıyla güncellendi. + + + Successfully sent email. + Başarıyla e-posta gönderildi. + + + Email stage + E-posta aşaması + + + Successfully added user(s). + + + Users to add + + + User(s) + Kullanıcı (lar) + + + Remove Users(s) + + + Are you sure you want to remove the selected users from the group ? + + + Remove + + + Impersonate + Taklit et + + + User status + Kullanıcı durumu + + + Change status + Durumu değiştir + + + Deactivate + Devre dışı bırak + + + Update password + Parolayı güncelle + + + Set password + Parola ayarla + + + Successfully generated recovery link + Kurtarma bağlantısı başarıyla oluşturuldu + + + No recovery flow is configured. + Kurtarma akışı yapılandırılmamış. + + + Copy recovery link + Kurtarma bağlantısı kopyalama + + + Send link + Bağlantıyı gönder + + + Send recovery link to user + Kullanıcıya kurtarma bağlantısını gönder + + + Email recovery link + E-posta kurtarma bağlantısı + + + Recovery link cannot be emailed, user has no email address saved. + Kurtarma bağlantısı e-posta ile gönderilemez, kullanıcının e-posta adresi kaydedilmez. + + + Add User + + + Warning: This group is configured with superuser access. Added users will have superuser access. + + + Add existing user + + + Create user + + + Create User + Kullanıcı Oluştur + + + Create Service account + Hizmet hesabı oluştur + + + Hide service-accounts + Hizmet hesaplarını gizle + + + Group Info + + + Notes + + + Edit the notes attribute of this group to add notes here. + + + Users + Kullanıcılar + + + Root + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + Uyarı: Oturum açtığınız kullanıcıyı ( + ) silmek üzeresiniz. Kendi sorumluluğunuzdadır. + + + Hide deactivated user + + + User folders + + + Successfully added user to group(s). + + + Groups to add + + + Remove from Group(s) + + + Are you sure you want to remove user from the following groups? + + + Add Group + + + Add to existing group + + + Add new group + + + Application authorizations + Uygulama yetkilendirmeleri + + + Revoked? + İptal mi edildi? + + + Expires + Süresi Doluyor + + + ID Token + Kimlik Belirteci + + + Refresh Tokens(s) + + + Last IP + Son IP + + + Session(s) + Oturum (lar) + + + Expiry + Son kullanma tarihi + + + (Current session) + + + Permissions + + + Consent(s) + Rıza(lar) + + + Successfully updated device. + Cihaz başarıyla güncellendi. + + + Static tokens + Statik belirteçler + + + TOTP Device + TOTP Cihazı + + + Enroll + Kaydolun + + + Device(s) + Aygıt (ler) + + + Update Device + Cihazı Güncelle + + + Confirmed + + + User Info + Kullanıcı Bilgileri + + + Actions over the last week (per 8 hours) + + + Edit the notes attribute of this user to add notes here. + + + Sessions + Oturumlar + + + User events + Kullanıcı olayları + + + Explicit Consent + Açık Onayı + + + OAuth Refresh Tokens + + + MFA Authenticators + + + Successfully updated invitation. + Davet başarıyla güncellendi. + + + Successfully created invitation. + Davet başarıyla oluşturuldu. + + + Flow + Akış + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + Akışın 'prompt_data' bağlam değişkenine yüklenen isteğe bağlı veriler. YAML veya JSON. + + + Single use + Tek kullanımlık + + + When enabled, the invitation will be deleted after usage. + Etkinleştirildiğinde, davetiye kullanımdan sonra silinir. + + + Select an enrollment flow + Bir kayıt akışı seçme + + + Link to use the invitation. + Daveti kullanmak için bağlantı. + + + Invitations + Davetiyeler + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + Kullanıcıları kaydetmek için Davet Bağlantıları oluşturun ve isteğe bağlı olarak hesaplarının belirli özniteliklerini zorlayın. + + + Created by + Tarafından yaratıldı + + + Invitation(s) + Davetiye (ler) + + + Invitation not limited to any flow, and can be used with any enrollment flow. + + + Update Invitation + + + Create Invitation + Davet Oluştur + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + Uyarı: Hiçbir davetiye aşaması herhangi bir akışa bağlı değildir. Davetiyeler beklendiği gibi çalışmaz. + + + Auto-detect (based on your browser) + Otomatik algıla (tarayıcınıza göre) + + + Required. + Zorunlu. + + + Continue + Devam Et + + + Successfully updated prompt. + İstemi başarıyla güncellendi. + + + Successfully created prompt. + Başarıyla komut istemi oluşturuldu. + + + Text: Simple Text input + Metin: Basit Metin girişi + + + Text Area: Multiline text input + + + Text (read-only): Simple Text input, but cannot be edited. + Metin (salt okunur): Basit Metin girişi, ancak düzenlenemez. + + + Text Area (read-only): Multiline text input, but cannot be edited. + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + Kullanıcı adı: Metin girişi ile aynı, ancak yinelenen kullanıcı adlarını denetler ve engeller. + + + Email: Text field with Email type. + E-posta: E-posta türü ile metin alanı. + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + + Number + Numara + + + Checkbox + Onay Kutusu + + + Radio Button Group (fixed choice) + + + Dropdown (fixed choice) + + + Date + Tarih + + + Date Time + Tarih Saat + + + File + + + Separator: Static Separator Line + Ayırıcı: Statik Ayırıcı Hattı + + + Hidden: Hidden field, can be used to insert data into form. + Gizli: Gizli alan, form içine veri eklemek için kullanılabilir. + + + Static: Static value, displayed as-is. + Statik: Statik değer, olduğu gibi görüntülenir. + + + authentik: Locale: Displays a list of locales authentik supports. + + + Preview errors + + + Data preview + + + Unique name of this field, used for selecting fields in prompt stages. + + + Field Key + Alan Anahtarı + + + Name of the form field, also used to store the value. + Değeri depolamak için de kullanılan form alanının adı. + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + Kullanıcı Yazma aşaması ile birlikte kullanıldığında, öznitelikleri yazmak için attributes.foo kullanın. + + + Label + Etiket + + + Label shown next to/above the prompt. + Etiket, istemin yanında veya üstünde gösterilir. + + + Required + Zorunlu + + + Interpret placeholder as expression + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + + + Placeholder + Yer tutucu + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + + + Interpret initial value as expression + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + + + Initial value + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + + + Help text + Yardım metni + + + Any HTML can be used. + Herhangi bir HTML kullanılabilir. + + + Prompts + İstemler + + + Single Prompts that can be used for Prompt Stages. + İstemi Aşamaları için kullanılabilecek Tek İstemler. + + + Field + Alan + + + Stages + Aşamalar + + + Prompt(s) + İstemi (ler) + + + Update Prompt + Güncelleme İstemi + + + Create Prompt + İstemi Oluştur + + + Target + Hedef + + + Stage + Aşama + + + Evaluate when flow is planned + + + Evaluate policies during the Flow planning process. + + + Evaluate when stage is run + + + Evaluate policies before the Stage is present to the user. + Aşama kullanıcıya sunulmadan önce ilkeleri değerlendirin. + + + Invalid response behavior + + + Returns the error message and a similar challenge to the executor + + + Restarts the flow from the beginning + + + Restarts the flow from the beginning, while keeping the flow context + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + + + Successfully updated stage. + Aşama başarıyla güncellendi. + + + Successfully created stage. + Aşama aşaması başarıyla oluşturuldu. + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Aşama ikili tabanlı kimlik doğrulayıcısını yapılandırmak için kullanılır. Bu aşama yapılandırma akışları için kullanılmalıdır. + + + Authenticator type name + + + Display name of this authenticator, used by users when they enroll an authenticator. + + + API Hostname + API Ana bilgisayar adı + + + Duo Auth API + + + Integration key + Entegrasyon anahtarı + + + Secret key + Gizli anahtar + + + Duo Admin API (optional) + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + + + Stage-specific settings + Aşama alanına özgü ayarlar + + + Configuration flow + Yapılandırma akışı + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + Bu Aşama'yı yapılandırmak için kimliği doğrulanmış bir kullanıcı tarafından kullanılan akış. Boşsa, kullanıcı bu aşamayı yapılandıramaz. + + + Twilio Account SID + Twilio Hesabı SID + + + Get this value from https://console.twilio.com + Bu değeri https://console.twilio.com adresinden alın + + + Twilio Auth Token + Twilio Auth Belirteci + + + Authentication Type + Kimlik Doğrulama Türü + + + Basic Auth + Temel Auth + + + Bearer Token + Bearer Belirteci + + + External API URL + Harici API URL'si + + + This is the full endpoint to send POST requests to. + Bu, POST istekleri göndermek için tam bitiş noktasıdır. + + + API Auth Username + API Auth Kullanıcı Adı + + + This is the username to be used with basic auth or the token when used with bearer token + Bu, temel kimlik doğrulama veya taşıyıcı belirteci ile kullanıldığında kullanılacak kullanıcı adıdır + + + API Auth password + API Auth parolası + + + This is the password to be used with basic auth + Bu, temel kimlik doğrulama ile kullanılacak paroladır + + + Mapping + + + Modify the payload sent to the custom provider. + + + Stage used to configure an SMS-based TOTP authenticator. + Aşama, SMS tabanlı bir TOTP kimlik doğrulayıcısını yapılandırmak için kullanılır. + + + Twilio + Twilio + + + Generic + Jenerik + + + From number + Numarasından + + + Number the SMS will be sent from. + Numara SMS gönderilecektir. + + + Hash phone number + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Statik kimlik doğrulayıcısını (yani statik belirteçleri) yapılandırmak için kullanılan aşama. Bu aşama yapılandırma akışları için kullanılmalıdır. + + + Token count + Belirteç sayısı + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + Bir TOTP kimlik doğrulayıcısını (Authy/Google Authenticator) yapılandırmak için kullanılan aşama. + + + Digits + Rakamlar + + + 6 digits, widely compatible + 6 basamaklı, yaygın olarak uyumlu + + + 8 digits, not compatible with apps like Google Authenticator + Google Authenticator gibi uygulamalarla uyumlu olmayan 8 haneli + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Aşama, herhangi bir kimlik doğrulayıcıyı doğrulamak için kullanılır. Bu aşama kimlik doğrulama veya yetkilendirme akışları sırasında kullanılmalıdır. + + + Device classes + Cihaz sınıfları + + + Static Tokens + Statik Belirteçler + + + TOTP Authenticators + TOTP Kimlik Doğrulayıcıları + + + WebAuthn Authenticators + WebAuthn Kimlik Doğrulayıcıları + + + Duo Authenticators + Duo Kimlik Doğrulayıcıları + + + SMS-based Authenticators + SMS Tabanlı Kimlik Doğrulayıcıları + + + Device classes which can be used to authenticate. + Kimlik doğrulaması için kullanılabilecek aygıt sınıfları. + + + Last validation threshold + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + + + Not configured action + Yapılandırılmamış eylem + + + Force the user to configure an authenticator + Kullanıcıyı bir kimlik doğrulayıcı yapılandırmaya zorla + + + Deny the user access + Kullanıcı erişimini engelle + + + WebAuthn User verification + + + User verification must occur. + Kullanıcı doğrulaması gerçekleşmelidir. + + + User verification is preferred if available, but not required. + Kullanıcı doğrulaması varsa tercih edilir, ancak gerekli değildir. + + + User verification should not occur. + Kullanıcı doğrulaması gerçekleşmemelidir. + + + Configuration stages + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + + + When multiple stages are selected, the user can choose which one they want to enroll. + + + User verification + Kullanıcı doğrulaması + + + Resident key requirement + + + Authenticator Attachment + + + No preference is sent + + + A non-removable authenticator, like TouchID or Windows Hello + + + A "roaming" authenticator, like a YubiKey + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + + + Public Key + Genel Anahtar + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + https://www.google.com/recaptcha/intro/v3.html adresinden edinilen genel anahtar. + + + Private Key + Özel Anahtar + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + https://www.google.com/recaptcha/intro/v3.html adresinden edinilen özel anahtar. + + + Advanced settings + Gelişmiş ayarlar + + + JS URL + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + + + API URL + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + Kullanıcının rızasını isteme. Onay kalıcı olabilir veya belirli bir süre içinde geçerlilik süresi dolabilir. + + + Always require consent + Her zaman rıza gerektirir + + + Consent given last indefinitely + Süresiz olarak verilen izin + + + Consent expires. + Onayın süresi doluyor. + + + Consent expires in + Onayın süresi + + + Offset after which consent expires. + + + Dummy stage used for testing. Shows a simple continue button and always passes. + Test için kullanılan kukla aşama. Basit bir devam düğmesi gösterir ve her zaman geçer. + + + Throw error? + + + SMTP Host + SMTP Ana Bilgisayarı + + + SMTP Port + SMTP Bağlantı Noktası + + + SMTP Username + SMTP Kullanıcı Adı + + + SMTP Password + SMTP Parolası + + + Use TLS + TLS Kullan + + + Use SSL + SSL kullan + + + From address + Gönderen adres + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + Kullanıcının e-posta adresini bir kerelik bağlantı göndererek doğrulayın. Kullanıcının orijinalliğini doğrulamak için kurtarma için de kullanılabilir. + + + Activate pending user on success + Bekleyen kullanıcıyı başarı durumunda etkinleştir + + + When a user returns from the email successfully, their account will be activated. + Bir kullanıcı e-postadan başarıyla döndüğünde, hesabı etkinleştirilir. + + + Use global settings + Genel ayarları kullan + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + Etkinleştirildiğinde, genel E-posta bağlantısı ayarları kullanılır ve aşağıdaki bağlantı ayarları yoksayılır. + + + Token expiry + Belirteç son kullanma tarihi + + + Time in minutes the token sent is valid. + Gönderilen belirtecin dakika cinsinden geçerlilik süresi. + + + Template + Şablon + + + Let the user identify themselves with their username or Email address. + Kullanıcının kullanıcı adı veya E-posta adresi ile kendilerini tanımlamasına izin verin. + + + User fields + Kullanıcı alanları + + + UPN + UPN + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + Kullanıcının kendilerini tanımlayabileceği alanlar. Herhangi bir alan seçilmezse, kullanıcı yalnızca kaynakları kullanabilir. + + + Password stage + Parola aşaması + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + Seçildiğinde, ayrı bir sayfa yerine aynı sayfada bir parola alanı gösterilir. Bu, kullanıcı adı numaralandırma saldırılarını engeller. + + + Case insensitive matching + Harf büyüklüğüne duyarsız eşleştirme + + + When enabled, user fields are matched regardless of their casing. + Etkinleştirildiğinde, kullanıcı alanları muhafazası ne olursa olsun eşleştirilir. + + + Show matched user + Eşleşen kullanıcıyı göster + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + Geçerli bir kullanıcı adı/e-posta girildiğinde ve bu seçenek etkinleştirildiğinde, kullanıcının kullanıcı adı ve avatarı gösterilir. Aksi takdirde, kullanıcının girdiği metin gösterilir. + + + Source settings + + + Sources + Kaynaklar + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + Kullanıcıların kimlik doğrulaması için belirli kaynaklar gösterilmelidir. Bu, LDAP'yi değil, yalnızca web tabanlı kaynakları etkiler. + + + Show sources' labels + Kaynakların etiketlerini göster + + + By default, only icons are shown for sources. Enable this to show their full names. + Varsayılan olarak, kaynaklar için yalnızca simgeler gösterilir. Tam adlarını göstermek için bunu etkinleştirin. + + + Passwordless flow + Parolasız akış + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + Sayfanın alt kısmında bağlanan isteğe bağlı parolasız akış. Yapılandırıldığında, kullanıcılar herhangi bir ayrıntı girmeden WebAuthn kimlik doğrulayıcısı ile kimlik doğrulaması için bu akışı kullanabilir. + + + Optional enrollment flow, which is linked at the bottom of the page. + Sayfanın alt kısmında bağlanan isteğe bağlı kayıt akışı. + + + Optional recovery flow, which is linked at the bottom of the page. + Sayfanın alt kısmında bağlı olan isteğe bağlı kurtarma akışı. + + + This stage can be included in enrollment flows to accept invitations. + Bu aşama, davetleri kabul etmek için kayıt akışlarına dahil edilebilir. + + + Continue flow without invitation + Davetsiz akışa devam edin + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + Bu bayrak ayarlanırsa, Davet verilmediğinde bu Aşama bir sonraki Aşama'ya atlanır. Varsayılan olarak bu Aşama , davet verilmediğinde Akışı iptal eder. + + + Validate the user's password against the selected backend(s). + Kullanıcının parolasını seçili arka uç(lara) göre doğrulayın. + + + Backends + Arka uçlar + + + User database + standard password + Kullanıcı veritabanı+standart parola + + + User database + app passwords + Kullanıcı veritabanı+uygulama parolaları + + + User database + LDAP password + Kullanıcı veritabanı+LDAP parolası + + + Selection of backends to test the password against. + Parolayı test etmek için arka uçların seçimi. + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + Kimliği doğrulanmış bir kullanıcı tarafından parolasını yapılandırmak için kullanılan akış. Boşsa, kullanıcı parolasını değiştirmeyi yapılandıramaz. + + + Failed attempts before cancel + İptal edilmeden önce başarısız denemeler + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + Akış iptal edilmeden önce bir kullanıcının kaç denemesi vardır. Kullanıcıyı kilitlemek için itibar ilkesi ve user_write aşamasını kullanın. + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + Kullanıcıya rastgele giriş alanlarını göster, örneğin kayıt sırasında. Veriler akış bağlamında 'prompt_data' değişkeni altında kaydedilir. + + + Fields + Alanlar + + + ("", of type ) + + (“ + ”, + türünde) + + + Validation Policies + Doğrulama İlkeleri + + + Selected policies are executed when the stage is submitted to validate the data. + Seçilen ilkeler, verileri doğrulamak için aşama gönderildiğinde yürütülür. + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + + Log the currently pending user in. + Şu anda bekleyen kullanıcıya oturum açın. + + + Session duration + Oturum süresi + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + Oturumun ne kadar süreceğini belirler. Varsayılan 0 saniye, oturumların tarayıcı kapanana kadar sürdüğü anlamına gelir. + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + + See here. + + + Stay signed in offset + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + + Terminate other sessions + + + When enabled, all previous sessions of the user will be terminated. + + + Remove the user from the current session. + Kullanıcıyı geçerli oturumdan kaldırın. + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + + + Never create users + + + When no user is present in the flow context, the stage will fail. + + + Create users when required + + + When no user is present in the the flow context, a new user is created. + + + Always create new users + + + Create a new user even if a user is in the flow context. + + + Create users as inactive + Kullanıcıları etkin olmayan olarak oluşturma + + + Mark newly created users as inactive. + Yeni oluşturulan kullanıcıları etkin değil olarak işaretleyin. + + + User path template + + + Path new users will be created under. If left blank, the default path will be used. + + + Newly created users are added to this group, if a group is selected. + Bir grup seçiliyse, yeni oluşturulan kullanıcılar bu gruba eklenir. + + + New stage + + + Create a new stage. + + + Successfully imported device. + + + The user in authentik this device will be assigned to. + + + Duo User ID + + + The user ID in Duo, can be found in the URL after clicking on a user. + + + Automatic import + + + Successfully imported devices. + + + Start automatic import + + + Or manually import + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + Aşamalar, bir Akış'ın kullanıcının yönlendirildiği tek adımlardır. Bir aşama yalnızca bir akış içinden yürütülebilir. + + + Flows + Akışlar + + + Stage(s) + Aşama (lar) + + + Import + İçe Aktar + + + Import Duo device + + + Successfully updated flow. + Akış başarıyla güncellendi. + + + Successfully created flow. + Akış başarıyla oluşturuldu. + + + Shown as the Title in Flow pages. + Akış sayfalarında Başlık olarak gösterilir. + + + Visible in the URL. + URL'de görünür. + + + Designation + Tanımlama + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + Bu Akış'ın ne için kullanıldığına karar verir. Örneğin, kimliği doğrulanmamış bir kullanıcı authentik ziyaret ettiğinde kimlik doğrulama akışı yönlendirir. + + + No requirement + + + Require authentication + + + Require no authentication. + + + Require superuser. + + + Required authentication level for this flow. + + + Behavior settings + + + Compatibility mode + Uyumluluk modu + + + Increases compatibility with password managers and mobile devices. + + + Denied action + + + Will follow the ?next parameter if set, otherwise show a message + + + Will either follow the ?next parameter or redirect to the default interface + + + Will notify the user the flow isn't applicable + + + Decides the response when a policy denies access to this flow for a user. + + + Appearance settings + + + Layout + + + Background + Arkaplan + + + Background shown during execution. + Yürütme sırasında arka plan gösterilir. + + + Clear background + + + Delete currently set background image. + Şu anda ayarlanmış arka plan görüntüsünü sil. + + + Successfully imported flow. + Akış başarıyla aktarıldı. + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + .yaml dosyaları, goauthentik.io'da bulunabilir ve authentik tarafından ihraç edilebilir. + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + Akışlar, bir kullanıcının kimliğini doğrulamak, kaydetmek veya kurtarmak için Aşama zincirini tanımlar. Aşamalar, bunlara uygulanan ilkelere göre seçilir. + + + Flow(s) + Akış (ler) + + + Update Flow + Akışı Güncelle + + + Create Flow + Akış Oluştur + + + Import Flow + Akışı İçe Aktar + + + Successfully cleared flow cache + Akış önbelleği başarıyla temizlendi + + + Failed to delete flow cache + Akış önbelleği silinemedi + + + Clear Flow cache + Akış önbelleğini temizleme + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + + + Stage binding(s) + Aşama bağlama (ler) + + + Stage type + Aşama türü + + + Edit Stage + Aşama Alanını Düzenle + + + Update Stage binding + Aşama bağlamasını Güncelle + + + These bindings control if this stage will be applied to the flow. + Bu bağlamalar, bu aşama akışa uygulanacak olup olmadığını denetler. + + + No Stages bound + Hiçbir Aşama Bağlı + + + No stages are currently bound to this flow. + Hiçbir aşama şu anda bu akışa bağlı değildir. + + + Create Stage binding + Aşama bağlama oluştur + + + Bind stage + Bağlama aşaması + + + Bind existing stage + + + Flow Overview + Akışa Genel Bakış + + + Related actions + + + Execute flow + Akışı yürüt + + + Normal + Normal + + + with current user + + + with inspector + müfettiş ile + + + Export flow + Akışı aktar + + + Export + İhracat + + + Stage Bindings + Aşama Bağlamaları + + + These bindings control which users can access this flow. + Bu bağlamalar hangi kullanıcıların bu akışa erişebileceğini denetler. + + + Event Log + Olay Günlüğü + + + Event + Olay + + + + Event info + Olay bilgileri + + + Created + + + Successfully updated transport. + Aktarıcı başarılı bir şekilde güncellendi. + + + Successfully created transport. + Aktarıcı başarıyla oluşturuldu. + + + Local (notifications will be created within authentik) + + + Webhook (generic) + Webhook (genel) + + + Webhook (Slack/Discord) + Webhook (Kayak/Uyuşmazlık) + + + Webhook URL + Web Kancası URL'si + + + Webhook Mapping + Web Kancası Haritalama + + + Send once + Bir kez gönder + + + Only send notification once, for example when sending a webhook into a chat channel. + Yalnızca bir kez bildirim gönderin, örneğin bir sohbet kanalına web kancası gönderirken. + + + Notification Transports + Bildirim Aktarıcıları + + + Define how notifications are sent to users, like Email or Webhook. + E-posta veya Webhook gibi kullanıcılara bildirimlerin nasıl gönderileceğini tanımlayın. + + + Notification transport(s) + + + Update Notification Transport + Bildirim Aktarıcısını Güncelle + + + Create Notification Transport + Bildirim Aktarıcı Oluştur + + + Successfully updated rule. + Kural başarıyla güncellendi. + + + Successfully created rule. + Kural başarıyla oluşturuldu. + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + + + Transports + Aktarıcılar + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + Kullanıcıyı bilgilendirmek için hangi aktarıcıların kullanılması gerektiğini seçin. Hiçbiri seçilmemişse, bildirim yalnızca authentik kullanıcı arabiriminde gösterilir. + + + Severity + Önem derecesi + + + Notification Rules + Bildirim Kuralları + + + Send notifications whenever a specific Event is created and matched by policies. + Belirli bir Olay oluşturulduğunda ve ilkelerle eşleştirildiğinde bildirim gönderin. + + + Sent to group + Gruba gönderildi + + + Notification rule(s) + Bildirim kuralları + + + None (rule disabled) + Hiçbiri (kural devre dışı) + + + Update Notification Rule + Bildirim Kuralını Güncelle + + + Create Notification Rule + Bildirim Kuralı Oluştur + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + + + Outpost Deployment Info + Üs Dağıtım Bilgileri + + + View deployment documentation + Dağıtım belgelerini görüntüleme + + + Click to copy token + Belirteci kopyalamak için tıklayın + + + If your authentik Instance is using a self-signed certificate, set this value. + Auentik Örneğiniz kendinden imzalı bir sertifika kullanıyorsa, bu değeri ayarlayın. + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + Auentik_host ayarınız oturum açmak istediğiniz URL'yle eşleşmiyorsa, bu ayarı ekleyin. + + + Successfully updated outpost. + İleri üssü başarıyla güncelledi. + + + Successfully created outpost. + Üs başarıyla oluşturdu. + + + Radius + + + Integration + Entegrasyon + + + Selecting an integration enables the management of the outpost by authentik. + Bir entegrasyon seçilmesi, oentik tarafından üssün yönetimini sağlar. + + + You can only select providers that match the type of the outpost. + Yalnızca üssün türüne uyan sağlayıcıları seçebilirsiniz. + + + Configuration + yapılandırma + + + See more here: + + + Documentation + + + Last seen + + + , should be + + , + olmalıdır + + + Hostname + + + Not available + Mevcut değil + + + Last seen: + Son görüldü: + + + + Unknown type + + + Outposts + Üsler + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Outposts, ters proxy'ler gibi farklı ortamları ve protokolleri desteklemek için authentik bileşenlerinin dağıtımlarıdır. + + + Health and Version + Sağlık ve Versiyon + + + Warning: authentik Domain is not configured, authentication will not work. + Uyarı: authentik Domain yapılandırılmamış, kimlik doğrulama çalışmaz. + + + Logging in via . + + üzerinden giriş yapın. + + + No integration active + Entegrasyon etkin + + + Update Outpost + Üssü Güncelle + + + View Deployment Info + Dağıtım Bilgilerini Görüntüle + + + Detailed health (one instance per column, data is cached so may be out of date) + + + Outpost(s) + Üs (ler) + + + Create Outpost + Üs Oluştur + + + Successfully updated integration. + Entegrasyon başarıyla güncellendi. + + + Successfully created integration. + Entegrasyon başarıyla oluşturuldu. + + + Local + Yerel + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + Etkinleştirilirse, yerel bağlantıyı kullanın. Gerekli Docker soketi/Kubernetes Entegrasyonu. + + + Docker URL + Docker URL'si + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + SSH üzerinden bağlanmak için 'ssh: //' veya uzak bir sisteme bağlanırken 'https://:2376' kullanarak yerel bir docker daemonuna bağlanırken 'unix: //' biçiminde olabilir. + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + Uç noktanın Sertifikası karşı doğrulanan CA. Doğrulama yapılmadan boş bırakılabilir. + + + TLS Authentication Certificate/SSH Keypair + TLS Kimlik Doğrulama Sertifikası/SH Anahtar Eşi + + + Certificate/Key used for authentication. Can be left empty for no authentication. + Kimlik doğrulama için kullanılan sertifika/anahtar. Kimlik doğrulama olmadan boş bırakılabilir. + + + When connecting via SSH, this keypair is used for authentication. + SSH üzerinden bağlanırken, bu anahtar çifti kimlik doğrulama için kullanılır. + + + Kubeconfig + Kubeconfig + + + Verify Kubernetes API SSL Certificate + + + New outpost integration + + + Create a new outpost integration. + + + State + Eyalet + + + Unhealthy + Sağlıksız + + + Outpost integration(s) + Üs entegrasyonu + + + Successfully generated certificate-key pair. + Sertifika-anahtar çifti başarıyla oluşturuldu. + + + Common Name + Ortak İsim + + + Subject-alt name + Konu-alt adı + + + Optional, comma-separated SubjectAlt Names. + İsteğe bağlı, virgülle ayrılmış SubjectAlt Adları. + + + Validity days + Geçerlilik günleri + + + Successfully updated certificate-key pair. + Sertifika anahtarı çifti başarıyla güncelleştirildi. + + + Successfully created certificate-key pair. + Sertifika anahtarı çifti başarıyla oluşturuldu. + + + PEM-encoded Certificate data. + PEM kodlu Sertifika verileri. + + + Optional Private Key. If this is set, you can use this keypair for encryption. + İsteğe Bağlı Özel Anahtar. Bu ayarlanırsa, şifreleme için bu anahtar çiftini kullanabilirsiniz. + + + Certificate-Key Pairs + Sertifika Anahtarı Çiftleri + + + Import certificates of external providers or create certificates to sign requests with. + Harici sağlayıcıların sertifikalarını içe aktarın veya istekleri imzalamak için sertifikalar oluşturun. + + + Private key available? + Özel anahtar mevcut mu? + + + Certificate-Key Pair(s) + Sertifika Anahtarı Çiftleri + + + Managed by authentik + Auentik tarafından yönetiliyor + + + Managed by authentik (Discovered) + Auentik tarafından yönetilen (Keşfedildi) + + + Yes () + Evet ( + ) + + + No + Hayır + + + Update Certificate-Key Pair + Sertifika Anahtarı Çiftini Güncelleştir + + + Certificate Fingerprint (SHA1) + Sertifika Parmak İzi (SHA1) + + + Certificate Fingerprint (SHA256) + Sertifika Parmak İzi (SHA256) + + + Certificate Subject + Sertifika Konusu + + + Download Certificate + Sertifikayı İndirin + + + Download Private key + Indir Özel anahtar + + + Create Certificate-Key Pair + Sertifika Anahtarı Çifti Oluştur + + + Generate + Oluştur + + + Generate Certificate-Key Pair + Sertifika Anahtarı Çifti Oluştur + + + Successfully updated instance. + + + Successfully created instance. + + + Disabled blueprints are never applied. + + + Local path + + + OCI Registry + + + Internal + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + + + See more about OCI support here: + + + Blueprint + + + Configure the blueprint context, used for templating. + + + Orphaned + + + Blueprints + + + Automate and template configuration within authentik. + + + Last applied + + + Blueprint(s) + + + Update Blueprint + + + Create Blueprint Instance + + + API Requests + API İstekleri + + + Open API Browser + API Tarayıcısını aç + + + Notifications + Bildirimler + + + unread + + okunmamış + + + Successfully cleared notifications + Bildirimler başarıyla silindi + + + Clear all + Hepsini temizle + + + A newer version of the frontend is available. + Ön yüzün daha yeni bir sürümü mevcuttur. + + + You're currently impersonating . Click to stop. + Şu anda + kimliğine bürünüyorsunuz. Durdurmak için tıklayın. + + + User interface + Kullanıcı arayüzü + + + Dashboards + Gösterge Panoları + + + Events + Olaylar + + + Logs + Günlükler + + + Customisation + Özelleştirme + + + Directory + Rehber + + + System + Sistem + + + Certificates + Sertifikalar + + + Outpost Integrations + Üs Entegrasyonları + + + API request failed + API isteği başarısız + + + User's avatar + Kullanıcının avatarı + + + Something went wrong! Please try again later. + Bir şeyler ters gitti! Lütfen daha sonra tekrar deneyin. + + + Request ID + + + You may close this page now. + + + You're about to be redirect to the following URL. + Aşağıdaki URL'ye yönlendirmek üzeresiniz. + + + Follow redirect + Yönlendirmeyi takip et + + + Request has been denied. + İstek reddedildi. + + + Not you? + Sen değil mi? + + + Need an account? + Bir hesaba mı ihtiyacınız var? + + + Sign up. + Kaydolun. + + + Forgot username or password? + Kullanıcı adı veya parolayı mı unuttunuz? + + + Select one of the sources below to login. + Giriş yapmak için aşağıdaki kaynaklardan birini seçin. + + + Or + + + Use a security key + Güvenlik anahtarı kullan + + + Login to continue to . + + adresine devam etmek için giriş yapın. + + + Please enter your password + Lütfen parolanızı girin + + + Forgot password? + Parolanı mi unuttun? + + + Application requires following permissions: + Uygulama aşağıdaki izinleri gerektirir: + + + Application already has access to the following permissions: + + + Application requires following new permissions: + + + Check your Inbox for a verification email. + Doğrulama e-postası için Gelen Kutunuzu kontrol edin. + + + Send Email again. + E-postayı tekrar gönder. + + + Successfully copied TOTP Config. + TOTP Yapılandırması başarıyla kopyalandı. + + + Copy + Kopya + + + Code + Kodu + + + Please enter your TOTP Code + Lütfen TOTP Kodunuzu girin + + + Duo activation QR code + + + Alternatively, if your current device has Duo installed, click on this link: + Alternatif olarak, mevcut cihazınızda Duo yüklüyse, şu bağlantıya tıklayın: + + + Duo activation + İkili aktivasyon + + + Check status + Durumu kontrol et + + + Make sure to keep these tokens in a safe place. + Bu belirteçleri güvenli bir yerde tuttuğunuzdan emin olun. + + + Phone number + Telefon numarası + + + Please enter your Phone number. + Lütfen Telefon numaranızı girin. + + + Please enter the code you received via SMS + + + A code has been sent to you via SMS. + SMS ile size bir kod gönderildi. + + + Open your two-factor authenticator app to view your authentication code. + + + Static token + Statik belirteç + + + Authentication code + + + Please enter your code + + + Return to device picker + Aygıt seçiciye geri dön + + + Sending Duo push notification + + + Assertions is empty + İddeler boş + + + Error when creating credential: + Kimlik bilgisi oluşturulurken hata oluştu: + + + + Error when validating assertion on server: + Sunucuda onaylama işlemi doğrulanırken hata oluştu: + + + + Retry authentication + Kimlik doğrulamayı yeniden deneyin + + + Duo push-notifications + Duo push-bildirimleri + + + Receive a push notification on your device. + Cihazınızda anında iletme bildirimi alın. + + + Authenticator + Kimlik Doğrulayıcı + + + Use a security key to prove your identity. + Kimliğinizi kanıtlamak için bir güvenlik anahtarı kullanın. + + + Traditional authenticator + Geleneksel kimlik doğrulayıcı + + + Use a code-based authenticator. + Kod tabanlı kimlik doğrulayıcı kullanın. + + + Recovery keys + Kurtarma tuşları + + + In case you can't access any other method. + Başka bir yönteme erişemiyorsanız. + + + SMS + SMS + + + Tokens sent via SMS. + Belirteçler SMS ile gönderildi. + + + Select an authentication method. + Bir kimlik doğrulama yöntemi seçin. + + + Stay signed in? + + + Select Yes to reduce the number of times you're asked to sign in. + + + Authenticating with Plex... + Plex ile kimlik doğrulaması... + + + Waiting for authentication... + + + If no Plex popup opens, click the button below. + + + Open login + + + Authenticating with Apple... + Apple ile kimlik doğrulaması... + + + Retry + Yeniden dene + + + Enter the code shown on your device. + + + Please enter your Code + Lütfen Kodunuzu girin + + + You've successfully authenticated your device. + + + Flow inspector + Akış denetçisi + + + Next stage + Sonraki aşama + + + Stage name + Aşama adı + + + Stage kind + Aşama türü + + + Stage object + Aşama nesnesi + + + This flow is completed. + Bu akış tamamlandı. + + + Plan history + Plan geçmişi + + + Current plan context + Mevcut plan bağlamı + + + Session ID + Oturum Kimliği + + + Powered by authentik + Auentik tarafından desteklenmektedir + + + Background image + Arkaplan resmi + + + Error creating credential: + Kimlik bilgisi oluşturulurken hata oluştu: + + + + Server validation of credential failed: + Kimlik bilgisi sunucu doğrulaması başarısız oldu: + + + + Register device + Aygıtı kaydet + + + Refer to documentation + + + No Applications available. + Kullanılabilir Uygulama yok. + + + Either no applications are defined, or you don’t have access to any. + + + My Applications + Uygulamalarım + + + My applications + Uygulamalarım + + + Change your password + Parolanızı değiştirin + + + Change password + Parolayı değiştir + + + + + + + + + Save + Kaydet + + + Delete account + Hesabı sil + + + Successfully updated details + + + Open settings + + + No settings flow configured. + + + Update details + Ayrıntıları güncelle + + + Successfully disconnected source + + + Failed to disconnected source: + + + Disconnect + Bağlantıyı kes + + + Connect + Bağlan + + + Error: unsupported source settings: + Hata: desteklenmeyen kaynak ayarları: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + Geleneksel kimlik bilgileri yerine hizmeti kullanarak oturum açmanıza izin vermek için kullanıcı hesabınızı aşağıda listelenen hizmetlere bağlayın. + + + No services available. + Hizmet yok. + + + Create App password + Uygulama parolası oluştur + + + User details + Kullanıcı ayrıntıları + + + Consent + Onaylı + + + MFA Devices + MFA Cihazları + + + Connected services + Bağlı hizmetler + + + Tokens and App passwords + Belirteçler ve Uygulama parolaları + + + Unread notifications + Okunmamış bildirimler + + + Admin interface + Yönetici arayüzü + + + Stop impersonation + Taklitçiliği durdurun + + + Avatar image + Avatar resmi + + + Failed + + + Unsynced / N/A + + + Outdated outposts + Eski üsler + + + Unhealthy outposts + Sağlıksız üsler + + + Next + + + Inactive + Etkin değil + + + Regular user + Düzenli kullanıcı + + + Activate + Etkinleştir + + + Use Server URI for SNI verification + + + Required for servers using TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + + + TLS Server name + + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + + + TLS Client authentication certificate + + + Model + + + Match events created by selected model. When left empty, all models are matched. + + + Code-based MFA Support + + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + + + User type + + + Successfully updated license. + + + Successfully created license. + + + Install ID + + + License key + + + Licenses + + + License(s) + + + Enterprise is in preview. + + + Cumulative license expiry + + + Update License + + + Warning: The current user count has exceeded the configured licenses. + + + Click here for more info. + + + Enterprise + + + Manage enterprise licenses + + + No licenses found. + + + Send us feedback! + + + Get a license + + + Go to Customer Portal + + + Forecast internal users + + + Estimated user count one year from now based on current internal users and forecasted internal users. + + + Forecast external users + + + Estimated user count one year from now based on current external users and forecasted external users. + + + Install + + + Install License + + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + + + Service accounts should be used for machine-to-machine authentication or other automations. + + + Less details + + + More details + + + Remove item Open API drawer @@ -11,1702 +5494,74 @@ Open Notification drawer - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - Restart task - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - Add provider - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber - - - The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate - - - TLS Server name - - - UID start number - - - GID start number - - - Successfully updated provider. - - - Successfully created provider. - - - (Format: hours=-1;minutes=-2;seconds=-3). - - - (Format: hours=1;minutes=2;seconds=3). - - - The following keywords are supported: - - - Confidential - - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets - - - Public - - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. - - - Based on the User's hashed ID - - - Based on the User's ID - - - Based on the User's UUID - - - Based on the User's username - - - Based on the User's Email - - - This is recommended over the UPN mode. - - - Based on the User's UPN - - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. - - - Each provider has a different issuer, based on the application slug - - - Same identifier is used for all providers - - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. - - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. - - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - - - Authentication flow - - - Flow used when a user access this provider and is not authenticated. - - - Authorization flow - - - Flow used when authorizing this provider. - - - Client type - - - Client ID - - - Client Secret - - - Redirect URIs/Origins (RegEx) - - - Signing Key - - - Key used to sign the tokens. - - - Advanced protocol settings - - - Access code validity - - - Configure how long access codes are valid for. - - - Access Token validity - - - Configure how long access tokens are valid for. - - - Refresh Token validity - - - Configure how long refresh tokens are valid for. - - - Scopes - - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. - - - Hold control/command to select multiple items. - - - Subject mode - - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - - - Include claims in id_token - - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. - - - Issuer mode - - - Configure how the issuer field of the ID Token should be filled. - - - Machine-to-Machine authentication settings - - - Trusted OIDC Sources - - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. - - - Configure OAuth2/OpenId Provider - - - HTTP-Basic Username Key - - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. - - - HTTP-Basic Password Key - - - User/Group Attribute used for the password part of the HTTP-Basic Header. - - - Configure Proxy Provider - - - Token validity - - - Configure how long tokens are valid for. - - - AdditionalScopes - - - Additional scope mappings, which are passed to the proxy. - - - Unauthenticated URLs - - - Unauthenticated Paths - - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. - - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. - - - Authentication settings - - - Intercept header authentication - - - When enabled, authentik will intercept the Authorization header to authenticate the request. - - - Send HTTP-Basic Authentication - - - Send a custom HTTP-Basic Authentication header based on values from authentik. - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. - - - An example setup can look like this: - - - authentik running on auth.example.com - - - app1 running on app1.example.com - - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. - - - External host - - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. - - - Cookie domain - - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. - - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. - - - The external URL you'll access the application at. Include any non-standard port. - - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. - - - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application - - - Don't show this message again. - - - One hint, 'New Application Wizard', is currently hidden - - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - Open - - Successfully sent test-request. + + Copy token - - Log messages + + Add users - - No log messages. + + Add group - - Active + + Import devices - - Last login + + Execute - - Select users to add + + Show details - - Successfully updated group. + + Apply - - Successfully created group. + + Settings - - Is superuser + + Sign out - - Users added to this group will be superusers. + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - Parent + + Token length - - Roles + + The length of the individual generated tokens. Can be increased to improve security. - - Select roles to grant this groups' users' permissions from the selected roles. + + Internal: - - Attributes + + External: - - Set custom attributes using YAML or JSON. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - Successfully updated binding. + + Create and bind Policy - - Successfully created binding. + + Federation and Social login - - Policy + + Create and bind Stage - - Group mappings can only be checked if a user is already logged in when trying to access this source. + + Flows and Stages - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout + + New version available Failure result @@ -1720,1346 +5575,23 @@ Result used when policy execution fails. - - Successfully updated policy. + + Required: User verification must occur. - - Successfully created policy. + + Preferred: User verification is preferred if available, but not required. - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + Discouraged: User verification should not occur. - - Execution logging + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info + + Discouraged: The authenticator should not create a dedicated credential Lock the user out of this system @@ -3076,29 +5608,144 @@ doesn't pass when either or both of the selected options are equal or above the Create a link for this user to reset their password - - Create Recovery Link + + WebAuthn requires this page to be accessed via HTTPS. - - Actions over the last week (per 8 hours) + + WebAuthn not supported by browser. - - Edit the notes attribute of this user to add notes here. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - Sessions + + Default relay state - - User events + + When using IDP-initiated logins, the relay state will be set to this value. - - Explicit Consent + + Flow Info - - OAuth Refresh Tokens + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - MFA Authenticators +<<<<<<< HEAD + + Internal application name used in URLs. + + + Submit + + + UI Settings + + + Transparent Reverse Proxy + + + For transparent reverse proxies with required authentication + + + Configure SAML provider manually + + + Configure RADIUS provider manually + + + Configure SCIM provider manually + + + Saving Application... + + + Authentik was unable to save this application: + + + Your application has been saved + + + Method's display Name. + + + Use this provider with nginx's auth_request or traefik's + forwardAuth. Each application/domain needs its own provider. + Additionally, on each domain, /outpost.goauthentik.io must be + routed to the outpost (when using a managed outpost, this is done for you). + + + Custom attributes + + + Don't show this message again. + + + Failed to fetch + + + Failed to fetch data. + + + Successfully assigned permission. + + + Role + + + Assign + + + Assign permission to role + + + Assign to new role + + + Directly assigned + + + Assign permission to user + + + Assign to new user + + + User Object Permissions + + + Role Object Permissions + + + Roles + + + Select roles to grant this groups' users' permissions from the selected roles. + + + Update Permissions + + + Editing is disabled for managed tokens + + + Select permissions to grant + + + Permissions to add + + + Select permissions + + + Assign permission + + + Permission(s) + + + Permission + + + User doesn't have view permission so description cannot be retrieved. Assigned permissions @@ -3136,519 +5783,17 @@ doesn't pass when either or both of the selected options are equal or above the Role Info - - Successfully updated invitation. + + Pseudolocale (for testing) - - Successfully created invitation. + + Create With Wizard - - Flow + + One hint, 'New Application Wizard', is currently hidden - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Deny message @@ -3656,80 +5801,128 @@ doesn't pass when either or both of the selected options are equal or above the Message shown when this stage is run. - - Dummy stage used for testing. Shows a simple continue button and always passes. + + Open Wizard - - Throw error? + + Demo Wizard - - SMTP Host + + Run the demo wizard - - SMTP Port + + OAuth2/OIDC (Open Authorization/OpenID Connect) - - SMTP Username + + LDAP (Lightweight Directory Access Protocol) - - SMTP Password + + Forward Auth (Single Application) - - Use TLS + + Forward Auth (Domain Level) - - Use SSL + + SAML (Security Assertion Markup Language) - - From address + + RADIUS (Remote Authentication Dial-In User Service) - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + SCIM (System for Cross-domain Identity Management) - - Activate pending user on success + + The token has been copied to your clipboard - - When a user returns from the email successfully, their account will be activated. + + The token was displayed because authentik does not have permission to write to the clipboard - - Use global settings + + A copy of this recovery link has been placed in your clipboard - - When enabled, global Email connection settings will be used and connection settings below will be ignored. + + Create recovery link - - Token expiry + + Create Recovery Link - - Time in minutes the token sent is valid. + + External - - Template + + Service account - - Let the user identify themselves with their username or Email address. + + Service account (internal) - - User fields + + Check the release notes - - UPN + + User Statistics - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + <No name set> - - Password stage + + For nginx's auth_request or traefik's forwardAuth - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + For nginx's auth_request or traefik's forwardAuth per root domain - - Case insensitive matching + + RBAC is in preview. - - When enabled, user fields are matched regardless of their casing. + + User type used for newly created users. + + + Users created + + + Failed logins + + + Also known as Client ID. + + + Also known as Client Secret. + + + Global status + + + Vendor + + + No sync status. + + + Sync currently running. + + + Connectivity + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + + + Successfully created user and added to group + + + This user will be added to the group "". Pretend user exists @@ -3737,113 +5930,122 @@ doesn't pass when either or both of the selected options are equal or above the When enabled, the stage will always accept the given user identifier and continue. - - Show matched user + + There was an error in the application. - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + Review the application. - - Source settings + + There was an error in the provider. - - Sources + + Review the provider. - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + There was an error - - Show sources' labels + + There was an error creating the application, but no error message was sent. Please review the server logs. - - By default, only icons are shown for sources. Enable this to show their full names. + + Configure LDAP Provider - - Passwordless flow + + Configure OAuth2/OpenId Provider - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + Configure Proxy Provider - - Optional enrollment flow, which is linked at the bottom of the page. + + AdditionalScopes - - Optional recovery flow, which is linked at the bottom of the page. + + Configure Radius Provider - - This stage can be included in enrollment flows to accept invitations. + + Configure SAML Provider - - Continue flow without invitation + + Property mappings used for user mapping. - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + Configure SCIM Provider - - Validate the user's password against the selected backend(s). + + Property mappings used for group creation. - - Backends + + Event volume - - User database + standard password + + Require Outpost (flow can only be executed from an outpost). - - User database + app passwords + + Connection settings. - - User database + LDAP password + + Successfully updated endpoint. - - Selection of backends to test the password against. + + Successfully created endpoint. - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + Protocol - - Failed attempts before cancel + + RDP - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + SSH - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + VNC - - Fields + + Host - - ("", of type ) + + Hostname/IP to connect to. - - Validation Policies + + Endpoint(s) - - Selected policies are executed when the stage is submitted to validate the data. + + Update Endpoint - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - Log the currently pending user in. + + Create Endpoint - - Session duration + + RAC is in preview. - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + Update RAC Provider - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + Endpoints - - See here. + + General settings - - Stay signed in offset + + RDP settings - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Ignore server certificate + + + Enable wallpaper + + + Enable font-smoothing + + + Enable full window dragging Network binding @@ -3878,593 +6080,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +6196,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +6217,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/zh-Hans.xlf b/web/xliff/zh-Hans.xlf index 75295d3b7..69eb76c0b 100644 --- a/web/xliff/zh-Hans.xlf +++ b/web/xliff/zh-Hans.xlf @@ -1,2519 +1,8152 @@ - - - - - - Admin - - - Open API drawer - - - Open Notification drawer - - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - - - Restart task - - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - - - Add provider - - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + + + + + English + 英语 + + + + French + 法语 + + + + Turkish + 土耳其语 + + + + Spanish + 西班牙语 + + + + Polish + 波兰语 + + + + Taiwanese Mandarin + 台湾华语 + + + + Chinese (simplified) + 简体中文 + + + + Chinese (traditional) + 繁体中文 + + + + German + 德语 + + + + Loading... + 正在加载…… + + + + Application + 应用程序 + + + + Logins + 登录 + + + + Show less + 显示更少 + + + + Show more + 显示更多 + + + + UID + UID + + + + Name + 名称 + + + + App + 应用 + + + + Model Name + 模型名称 + + + + Message + 消息 + + + + Subject + 主题 + + + + From + 来自 + + + + To + + + + + Context + 上下文 + + + + User + 用户 + + + + Affected model: + 受影响的模型: + + + + Authorized application: + 已授权应用程序: + + + + Using flow + 使用流程 + + + + Email info: + 电子邮件信息: + + + + Secret: + Secret: + + + + Open issue on GitHub... + 在 GitHub 上提出议题... + + + + Exception + 异常 + + + + Expression + 表达式 + + + + Binding + 绑定 + + + + Request + 请求 + + + + Object + 对象 + + + + Result + 结果 + + + + Passing + 通过 + + + + Messages + 消息 + + + + Using source + 使用源 + + + + Attempted to log in as + 已尝试以 + 身份登录 + + + + No additional data available. + 没有可用的额外数据。 + + + + Click to change value + 点击以更改值 + + + + Select an object. + 选择一个对象。 + + + + Loading options... + 正在加载选项… + + + + Connection error, reconnecting... + 连接错误,正在重新连接…… + + + + Login + 登录 + + + + Failed login + 登录失败 + + + + Logout + 登出 + + + + User was written to + 用户被写入 + + + + Suspicious request + 可疑请求 + + + + Password set + 密码已设置 + + + + Secret was viewed + Secret 已查看 + + + + Secret was rotated + Secret 已轮换 + + + + Invitation used + 已使用邀请 + + + + Application authorized + 应用程序已授权 + + + + Source linked + 源已链接 + + + + Impersonation started + 已开始模拟身份 + + + + Impersonation ended + 已结束模拟身份 + + + + Flow execution + 流程执行 + + + + Policy execution + 策略执行 + + + + Policy exception + 策略异常 + + + + Property Mapping exception + 属性映射异常 + + + + System task execution + 系统任务执行 + + + + System task exception + 系统任务异常 + + + + General system exception + 一般系统异常 + + + + Configuration error + 配置错误 + + + + Model created + 模型已创建 + + + + Model updated + 模型已更新 + + + + Model deleted + 模型已删除 + + + + Email sent + 已发送电子邮件 + + + + Update available + 更新可用 + + + + Unknown severity + 未知严重程度 + + + + Alert + 注意 + + + + Notice + 通知 + + + + Warning + 警告 + + + + no tabs defined + 未定义选项卡 + + + + - of + + - + / + + + + + Go to previous page + 前往上一页 + + + + Go to next page + 前往下一页 + + + + Search... + 搜索... + + + + Loading + 正在加载 + + + + No objects found. + 未找到对象。 + + + + Failed to fetch objects. + 拉取对象失败。 + + + + Refresh + 刷新 + + + + Select all rows + 选择所有行 + + + + Action + 操作 + + + + Creation Date + 创建日期 + + + + Client IP + 客户端 IP + + + + Recent events + 近期事件 + + + + On behalf of + 代表 + + + + + - + - + + + + No Events found. + 未找到事件。 + + + + No matching events could be found. + 未找到匹配的事件 + + + + Embedded outpost is not configured correctly. + 嵌入式前哨配置不正确。 + + + + Check outposts. + 检查前哨。 + + + + HTTPS is not detected correctly + 未正确检测到 HTTPS + + + + Server and client are further than 5 seconds apart. + 服务器和客户端的时间相差超过 5 秒。 + + + + OK + 好的 + + + + Everything is ok. + 一切正常。 + + + + System status + 系统状态 + + + + Based on + 基于 + + + + + is available! + + 可用! + + + + Up-to-date! + 最新! + + + + Version + 版本 + + + + Workers + Worker + + + + No workers connected. Background tasks will not run. + 没有 Workers 连接,后台任务将无法运行。 + + + + hour(s) ago + + 小时前 + + + + day(s) ago + + 天前 + + + + Authorizations + 授权 + + + + Failed Logins + 失败登录 + + + + Successful Logins + 成功登录 + + + + : + + : + + + + + Cancel + 取消 + + + + LDAP Source + LDAP 源 + + + + SCIM Provider + SCIM 提供程序 + + + + Healthy + 健康 + + + + Healthy outposts + 健康的前哨 + + + + Admin + 管理员 + + + + Not found + 未找到 + + + + The URL "" was not found. + 未找到 URL " + "。 + + + + Return home + 返回主页 + + + + General system status + 常规系统状态 + + + + Welcome, . + 欢迎, + + + + + Quick actions + 快速操作 + + + + Create a new application + 创建新应用程序 + + + + Check the logs + 检查日志 + + + + Explore integrations + 探索集成 + + + + Manage users + 管理用户 + + + + Outpost status + 前哨状态 + + + + Sync status + 同步状态 + + + + Logins and authorizations over the last week (per 8 hours) + 过去一周的登录与身份验证次数(每 8 小时) + + + + Apps with most usage + 使用率最高的应用 + + + + days ago + + 天前 + + + + Objects created + 已创建对象 + + + + Users created per day in the last month + 上个月中每天创建的用户 + + + + Logins per day in the last month + 上个月中每天的登录次数 + + + + Failed Logins per day in the last month + 上个月中每天的失败登录次数 + + + + Clear search + 清除搜索 + + + + System Tasks + 系统任务 + + + + Long-running operations which authentik executes in the background. + authentik 在后台执行的长时间运行的操作。 + + + + Identifier + 标识符 + + + + Description + 描述 + + + + Last run + 上次运行 + + + + Status + 状态 + + + + Actions + 操作 + + + + Successful + 成功 + + + + Error + 错误 + + + + Unknown + 未知 + + + + Duration + 时长 + + + + seconds + + + + + + Authentication + 身份验证 + + + + Authorization + 授权 + + + + Enrollment + 注册 + + + + Invalidation + 失效 + + + + Recovery + 恢复 + + + + Stage Configuration + 阶段配置 + + + + Unenrollment + 删除账户 + + + + Unknown designation + 未知用途 + + + + Stacked + 叠放 + + + + Content left + 内容左侧 + + + + Content right + 内容右侧 + + + + Sidebar left + 边栏左侧 + + + + Sidebar right + 边栏右侧 + + + + Unknown layout + 未知布局 + + + + Successfully updated provider. + 已成功更新提供程序。 + + + + Successfully created provider. + 已成功创建提供程序。 + + + + Bind flow + Bind 流程 + + + + Flow used for users to authenticate. + 用于验证用户身份的流程。 + + + + Search group + 搜索组 + + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + 所选组中的用户可以执行搜索查询。如果未选择任何组,则不允许 LDAP 搜索。 + + + + Bind mode + 绑定模式 + + + + Cached binding + 缓存绑定 + + + + Flow is executed and session is cached in memory. Flow is executed when session expires + 流程与会话会在内存中执行与缓存。会话过期时执行流程 + + + + Direct binding + 直接绑定 + + + + Always execute the configured bind flow to authenticate the user + 总是执行配置的绑定流程,以验证用户的身份。 + + + + Configure how the outpost authenticates requests. + 配置前哨如何验证请求的身份。 + + + + Search mode + 搜索模式 + + + + Cached querying + 缓存查询 + + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + 前哨将所有用户和组保存在内存中,并每 5 分钟刷新一次 + + + + Direct querying + 直接查询 + + + + Always returns the latest data, but slower than cached querying + 总是返回最新数据,但比缓存查询慢。 + + + + Configure how the outpost queries the core authentik server's users. + 配置前哨如何查询核心 authentik 服务器的用户。 + + + + Protocol settings + 协议设置 + + + + Base DN + Base DN + + + + LDAP DN under which bind requests and search requests can be made. + 可以发出绑定请求和搜索请求的 LDAP DN。 + + + + Certificate + 证书 + + + + UID start number + UID 起始编号 + + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + 起始 uidNumbers,这个数字会被添加到 user.Pk 中,以确保对于 POSIX 用户来说,这个数字不会太低。默认值为 2000,以确保我们不会与本地用户的 uidNumber 发生冲突 + + + + GID start number + GID 起始编号 + + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + 起始 gidNumbers,这个数字会被添加到从 group.Pk 生成的数字中,以确保对于 POSIX 用户来说,这个数字不会太低。默认值为 4000,以确保我们不会与本地群组或用户主组的 gidNumber 发生冲突 + + + + (Format: hours=-1;minutes=-2;seconds=-3). + (格式:hours=-1;minutes=-2;seconds=-3)。 + + + + (Format: hours=1;minutes=2;seconds=3). + (格式:hours=1;minutes=2;seconds=3)。 + + + + The following keywords are supported: + 支持以下关键字: + + + + Authentication flow + 身份验证流程 + + + + Flow used when a user access this provider and is not authenticated. + 当用户访问此提供程序并且尚未验证身份时使用的流程。 + + + + Authorization flow + 授权流程 + + + + Flow used when authorizing this provider. + 授权此提供程序时使用的流程。 + + + + Client type + 客户端类型 + + + + Confidential + 机密 + + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + 机密客户端有能力维护其凭据例如客户端密钥的机密性。 + + + + Public + 公开 + + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + 公开客户端没有能力维护其凭据的机密性,应该使用 PKCE 等方法。 + + + + Client ID + 客户端 ID + + + + Client Secret + 客户端 Secret + + + + Redirect URIs/Origins (RegEx) + 重定向 URI/Origin(正则) + + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + 授权流程成功后有效的重定向 URL。还可以在此处为隐式流程指定任何来源。 + + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + 如果未指定显式重定向 URI,则将保存第一个成功使用的重定向 URI。 + + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + 要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。 + + + + Signing Key + 签名密钥 + + + + Key used to sign the tokens. + 用于签名令牌的密钥。 + + + + Advanced protocol settings + 高级协议设置 + + + + Access code validity + 访问代码有效性 + + + + Configure how long access codes are valid for. + 配置访问代码的有效期限。 + + + + Access Token validity + 访问令牌有效性 + + + + Configure how long access tokens are valid for. + 配置访问令牌的有效期限。 + + + + Refresh Token validity + 刷新令牌有效性 + + + + Configure how long refresh tokens are valid for. + 配置刷新令牌的有效期限。 + + + + Scopes + 作用域 + + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + 选择客户端可以使用哪些作用域。客户端仍然需要指定访问数据的范围。 + + + + Hold control/command to select multiple items. + 按住 ctrl/command 键可选择多个项目。 + + + + Subject mode + Subject 模式 + + + + Based on the User's hashed ID + 基于哈希过的用户 ID + + + + Based on the User's ID + 基于用户 ID + + + + Based on the User's UUID + 基于用户 UUID + + + + Based on the User's username + 基于用户名 + + + + Based on the User's Email + 基于用户电子邮箱 + + + + This is recommended over the UPN mode. + 相比于 UPN,更推荐此模式。 + + + + Based on the User's UPN + 基于用户 UPN + + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + 需要用户设置过“upn”属性,否则回退到哈希过的用户 ID。仅应在您拥有不同 UPN 和邮件域时使用此模式。 + + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + 配置应将哪些数据用作唯一用户标识符。在大多数情况下保持默认值即可。 + + + + Include claims in id_token + 在 id_token 中包含声明 + + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + 对于不访问 userinfo 端点的应用程序,将来自作用域的用户声明包含在 id_token 中。 + + + + Issuer mode + Issuer 模式 + + + + Each provider has a different issuer, based on the application slug + 根据应用程序 Slug,每个提供程序都有不同的颁发者 + + + + Same identifier is used for all providers + 所有提供程序都使用相同的标识符 + + + + Configure how the issuer field of the ID Token should be filled. + 配置如何填写 ID 令牌的颁发者字段。 + + + + Machine-to-Machine authentication settings + M2M(机器到机器)身份验证设置 + + + + Trusted OIDC Sources + 信任的 OIDC 来源 + + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + 在选定源中配置的证书签名的 JWT 可以用于此提供程序的身份验证。 + + + + HTTP-Basic Username Key + HTTP-Basic 用户名键 + + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + 用于 HTTP-Basic 标头用户名部分的用户/组属性。如果未设置,则使用用户的电子邮件地址。 + + + + HTTP-Basic Password Key + HTTP-Basic 密码键 + + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + 用于 HTTP-Basic 标头的密码部分的用户/组属性。 + + + + Proxy + 代理 + + + + Forward auth (single application) + Forward Auth(单应用) + + + + Forward auth (domain level) + Forward Auth(域名级) + + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + 除了请求必须经过身份验证外,此提供程序的行为类似于透明反向代理。如果您的上游应用程序使用 HTTPS,请确保连接到前哨时也使用 HTTPS。 + + + + External host + 外部主机 + + + + The external URL you'll access the application at. Include any non-standard port. + 您将通过此外部 URL 访问应用程序。请包括任何非标准端口。 + + + + Internal host + 内部主机 + + + + Upstream host that the requests are forwarded to. + 请求被转发到的上游主机。 + + + + Internal host SSL Validation + 内部主机 SSL 验证 + + + + Validate SSL Certificates of upstream servers. + 验证上游服务器的 SSL 证书。 + + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + 与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用此提供程序。每个根域名只需要一个提供程序。您无法管理每个应用程序的授权,但不必为每个应用程序分别创建提供程序。 + + + + An example setup can look like this: + 设置示例如下所示: + + + + authentik running on auth.example.com + auth.example.com 上运行的 authentik + + + + app1 running on app1.example.com + app1.example.com 上运行的 app1 + + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + 在这种情况下,您需要将身份验证 URL 设置为 auth.example.com,并将 Cookie 域名设置为 example.com。 + + + + Authentication URL + 身份验证 URL + + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + 您将在此外部 URL 进行身份验证。通过此 URL 应该可以访问到 authentik 核心服务器。 + + + + Cookie domain + Cookie 域名 + + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + 将此设置为您希望身份验证有效的域名。必须是上述 URL 的父域名。如果您的应用部署在 app1.domain.tld、app2.domain.tld,请将其设置为 'domain.tld'。 + + + + Unknown proxy mode + 未知代理模式 + + + + Token validity + 令牌有效性 + + + + Configure how long tokens are valid for. + 配置令牌的有效期限。 + + + + Additional scopes + 额外的作用域 + + + + Additional scope mappings, which are passed to the proxy. + 传递给代理的额外作用域映射。 + + + + Unauthenticated URLs + 不验证身份的 URL + + + + Unauthenticated Paths + 不验证身份的路径 + + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + 用于描述何处不需要身份验证的正则表达式。每个新行都被解释为一个新的表达式。 + + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + 使用代理或 Forward Auth(单应用)模式时,将根据正则表达式检查请求的 URL 路径。使用 Forward Auth(域名模式)时,将根据正则表达式检查请求的完整 URL(包括协议和主机名)。 + + + + Authentication settings + 身份验证设置 + + + + Intercept header authentication + 拦截身份验证标头 + + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + 启用时,authentik 将会拦截 Authorization 标头以认证请求。 + + + + Send HTTP-Basic Authentication + 发送 HTTP-Basic 身份验证 + + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + 根据来自 authentik 的值发送自定义 HTTP-Basic 身份验证标头。 + + + + ACS URL + ACS URL + + + + Issuer + 颁发者 + + + + Also known as EntityID. + 也称为 EntityID。 + + + + Service Provider Binding + 服务提供程序绑定 + + + + Redirect + 重定向 + + + + Post + Post + + + + Determines how authentik sends the response back to the Service Provider. + 确定 authentik 如何将响应发送回服务提供程序。 + + + + Audience + Audience + + + + Signing Certificate + 签名证书 + + + + Certificate used to sign outgoing Responses going to the Service Provider. + 证书,用于签署发送给服务提供程序的传出响应。 + + + + Verification Certificate + 验证证书 + + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + 选中后,传入断言的签名将根据此证书进行验证。要允许未签名的请求,请保留默认值。 + + + + Property mappings + 属性映射 + + + + NameID Property Mapping + NameID 属性映射 + + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + 配置如何创建 NameID 值。如果留空,将遵守传入请求的 NameIDPolicy。 + + + + Assertion valid not before + 不在此刻之前,断言有效 + + + + Configure the maximum allowed time drift for an assertion. + 为断言配置允许的最大时间漂移。 + + + + Assertion valid not on or after + 不在此刻或之后,断言有效 + + + + Assertion not valid on or after current time + this value. + 从当前时间经过多久时或之后,断言无效。 + + + + Session valid not on or after + 不在此刻或之后,会话有效 + + + + Session not valid on or after current time + this value. + 从当前时间经过多久时或之后,会话无效。 + + + + Digest algorithm + 摘要算法 + + + + Signature algorithm + 签名算法 + + + + Successfully imported provider. + 已成功导入提供程序。 + + + + Metadata + 元数据 + + + + Apply changes + 应用更改 + + + + Close + 关闭 + + + + Finish + 完成 + + + + Back + 返回 + + + + No form found + 未找到表单 + + + + Form didn't return a promise for submitting + 表单提交未返回 Promise + + + + Select type + 选择类型 + + + + Try the new application wizard + 尝试新应用程序向导 + + + + The new application wizard greatly simplifies the steps required to create applications and providers. + 新应用程序向导大幅度简化了创建应用程序和提供程序所需的操作步骤。 + + + + Try it now + 现在尝试 + + + + Create + 创建 + + + + New provider + 新建提供程序 + + + + Create a new provider. + 创建一个新提供程序。 + + + + Create + 创建 + + + + + Shared secret + 共享密钥 + + + + Client Networks + 客户端网络 + + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + 允许客户端连接的 CIDR 列表(逗号分隔)。严格的 CIDR 会在宽松的之前匹配。 +来自 CIDR 范围外的客户端连接将会被丢弃。 + + + URL + URL + + + + SCIM base url, usually ends in /v2. + SCIM 基础 URL,通常以 /v2 结尾。 + + + + Token + 令牌 + + + + Token to authenticate with. Currently only bearer authentication is supported. + 用于验证身份的令牌。当前仅支持 Bearer 身份验证。 + + + + User filtering + 用户过滤 + + + + Exclude service accounts + 排除服务账户 + + + + Group + + + + + Only sync users within the selected group. + 只同步选定组中的用户。 + + + + Attribute mapping + 属性映射 + + + + User Property Mappings + 用户属性映射 + + + + Property mappings used to user mapping. + 用于用户映射的属性映射。 + + + + Group Property Mappings + 组属性映射 + + + + Property mappings used to group creation. + 用于创建组的属性映射。 + + + + Not used by any other object. + 不被任何其他对象使用。 + + + + object will be DELETED + 对象将被删除 + + + + connection will be deleted + 连接将被删除 + + + + reference will be reset to default value + 引用将被重置为默认值 + + + + reference will be set to an empty value + 引用将被设置为空值 + + + + () + + ( + + + + + ID + ID + + + + Successfully deleted + 成功删除 + + + Failed to delete : + 删除 + 失败: + + + + + Delete + 删除 + + + + + Are you sure you want to delete ? + 您确定要删除 吗? + + + Delete + 删除 + + + + Providers + 提供程序 + + + + Provide support for protocols like SAML and OAuth to assigned applications. + 为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。 + + + + Type + 类型 + + + + Provider(s) + 提供程序 + + + + Assigned to application + 分配给应用程序 + + + + Assigned to application (backchannel) + 绑定到应用(反向通道) + + + + Warning: Provider not assigned to any application. + 警告:提供程序未分配给任何应用程序。 + + + + Update + 更新 + + + + Update + 更新 + + + + + Select providers to add to application + 选择要添加到应用的提供程序 + + + + Add + 添加 + + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + 输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。 + + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + 创建用户的路径模板。使用占位符如 `%(slug)s` 插入源 Slug。 + + + + Successfully updated application. + 已成功更新应用程序。 + + + + Successfully created application. + 已成功创建应用程序。 + + + + Application's display Name. + 应用的显示名称。 + + + + Slug + Slug + + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + 输入可选的分组名称。分组相同的应用程序会显示在一起。 + + + + Provider + 提供程序 + + + + Select a provider that this application should use. + 选择此应用应该使用的提供程序。 + + + + Select backchannel providers which augment the functionality of the main provider. + 选择可为主要提供程序增强功能的反向通道提供程序。 + + + + Policy engine mode + 策略引擎模式 + + + + Any policy must match to grant access + 必须匹配任意策略才能授予访问权限。 + + + + All policies must match to grant access + 必须匹配所有策略才能授予访问权限 + + + + UI settings + 用户界面设置 + + + + Launch URL + 启动 URL + + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + 如果留空,authentik 将尝试根据选定的提供程序提取启动 URL。 + + + + Open in new tab + 在新标签页中打开 + + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + 如果勾选,在用户的应用程序库中时,启动 URL 将会在新浏览器标签页或窗口中打开。 + + + + Icon + 图标 + + + + Currently set to: + 当前设置为: + + + + Clear icon + 清除图标 + + + + Publisher + 发布者 + + + + Create Application + 创建应用程序 + + + + Overview + 总览 + + + + Changelog + 更新日志 + + + + Warning: Provider is not used by any Outpost. + 警告:提供程序未被任何前哨使用。 + + + + Assigned to application + 分配给应用程序 + + + + Update LDAP Provider + 更新 LDAP 提供程序 + + + + Edit + 编辑 + + + + How to connect + 如何连接 + + + + Connect to the LDAP Server on port 389: + 通过端口 389 连接到 LDAP 服务器: + + + + Check the IP of the Kubernetes service, or + 检查 Kubernetes 服务的 IP,或者 + + + + The Host IP of the docker host + Docker 宿主机的主机 IP + + + + Bind DN + Bind DN + + + + Bind Password + Bind 密码 + + + + Search base + 搜索 Base + + + + Preview + 预览 + + + + Warning: Provider is not used by an Application. + 警告:提供程序未被任何应用程序使用。 + + + + Redirect URIs + 重定向 URI + + + + Update OAuth2 Provider + 更新 OAuth2 提供程序 + + + + OpenID Configuration URL + OpenID 配置 URL + + + + OpenID Configuration Issuer + OpenID 配置颁发者 + + + + Authorize URL + 授权 URL + + + + Token URL + 令牌 URL + + + + Userinfo URL + 用户信息 URL + + + + Logout URL + 登出 URL + + + + JWKS URL + JWKS URL + + + + Example JWT payload (for currently authenticated user) + 示例 JWT 载荷(当前经过身份验证的用户) + + + + Forward auth (domain-level) + Forward Auth(域名级) + + + + Nginx (Ingress) + Nginx(Ingress) + + + + Nginx (Proxy Manager) + Nginx(Proxy Manager) + + + + Nginx (standalone) + Nginx(独立) + + + + Traefik (Ingress) + Traefik(Ingress) + + + + Traefik (Compose) + Traefik(Compose) + + + + Traefik (Standalone) + Traefik(独立) + + + + Caddy (Standalone) + Caddy(独立) + + + + Internal Host + 内部主机 + + + + External Host + 外部主机 + + + + Basic-Auth + 基本身份验证 + + + + Yes + + + + + Mode + 模式 + + + + Update Proxy Provider + 更新代理提供程序 + + + + Protocol Settings + 协议设置 + + + + Allowed Redirect URIs + 允许的重定向 URI + + + + Setup + 设置 + + + + No additional setup is required. + 无需进行额外设置。 + + + + Update Radius Provider + 更新 Radius 提供程序 + + + + Download + 下载 + + + + Copy download URL + 复制下载 URL + + + + Download signing certificate + 下载签名证书 + + + + Related objects + 相关对象 + + + + Update SAML Provider + 更新 SAML 提供程序 + + + + SAML Configuration + SAML 配置 + + + + EntityID/Issuer + EntityID/签发者 + + + + SSO URL (Post) + SSO URL(Post) + + + + SSO URL (Redirect) + SSO URL(重定向) + + + + SSO URL (IdP-initiated Login) + SSO URL(IDP 发起的登录) + + + + SLO URL (Post) + SLO URL(Post) + + + + SLO URL (Redirect) + SLO URL(重定向) + + + + SAML Metadata + SAML 元数据 + + + + Example SAML attributes + 示例 SAML 属性 + + + + NameID attribute + NameID 属性 + + + + Warning: Provider is not assigned to an application as backchannel provider. + 警告:提供程序未作为反向通道分配给应用程序。 + + + + Update SCIM Provider + 更新 SCIM 提供程序 + + + + Run sync again + 再次运行同步 + + + + Modern applications, APIs and Single-page applications. + 现代应用程序、API 与单页应用程序。 + + + + LDAP + LDAP + + + + Provide an LDAP interface for applications and users to authenticate against. + 为应用程序和用户提供 LDAP 接口以进行身份​​验证。 + + + + New application + 新应用程序 + + + + Applications + 应用程序 + + + + Provider Type + 提供程序类型 + + + + Application(s) + 应用程序 + + + + Application Icon + 应用程序图标 + + + + Update Application + 更新应用程序 + + + + Successfully sent test-request. + 已成功发送测试请求。 + + + + Log messages + 日志消息 + + + + No log messages. + 没有日志消息。 + + + + Active + 激活 + + + + Last login + 上次登录 + + + + Select users to add + 选择要添加的用户 + + + + Successfully updated group. + 已成功更新组。 + + + + Successfully created group. + 已成功创建组。 + + + + Is superuser + 是超级用户 + + + + Users added to this group will be superusers. + 添加到该组的用户均为超级用户。 + + + + Parent + 父级 + + + + Attributes + 属性 + + + + Set custom attributes using YAML or JSON. + 使用 YAML 或 JSON 设置自定义属性。 + + + + Successfully updated binding. + 已成功更新绑定。 + + + + Successfully created binding. + 已成功创建绑定。 + + + + Policy + 策略 + + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + 组绑定仅会在已登录用户访问此源时检查。 + + + + User mappings can only be checked if a user is already logged in when trying to access this source. + 用户绑定仅会在已登录用户访问此源时检查。 + + + + Enabled + 已启用 + + + + Negate result + 反转结果 + + + + Negates the outcome of the binding. Messages are unaffected. + 反转绑定的结果。消息不受影响。 + + + + Order + 顺序 + + + + Timeout + 超时 + + + + Successfully updated policy. + 已成功更新策略。 + + + + Successfully created policy. + 已成功创建策略。 + + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + 用于测试的策略。等待随机时长后,始终返回下面指定的结果。 + + + + Execution logging + 记录执行日志 + + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + 启用此选项后,将记录此策略的所有执行日志。默认情况下,只记录执行错误。 + + + + Policy-specific settings + 特定策略设置 + + + + Pass policy? + 通过策略? + + + + Wait (min) + 等待(最短) + + + + The policy takes a random time to execute. This controls the minimum time it will take. + 策略需要一段随机时间来执行。这将控制所需的最短时间。 + + + + Wait (max) + 等待(最长) + + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + 根据一组条件匹配事件。如果任何配置的值匹配,则策略将通过。 + + + + Match created events with this action type. When left empty, all action types will be matched. + 将创建的事件与此操作类型匹配。留空时,所有操作类型都将匹配。 + + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + 匹配事件的客户端 IP(严格匹配,要网络匹配请使用表达式策略)。 + + + + Match events created by selected application. When left empty, all applications are matched. + 匹配选定应用程序创建的事件。如果留空,则匹配所有应用程序。 + + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + 检查过去 x 天内请求的用户密码是否已更改,并根据设置拒绝。 + + + + Maximum age (in days) + 最长使用期限(单位为天) + + + + Only fail the policy, don't invalidate user's password + 仅使策略失败,不使用户的密码失效 + + + + Executes the python snippet to determine whether to allow or deny a request. + 执行 Python 代码段以确定是允许还是拒绝请求。 + + + + Expression using Python. + 使用 Python 的表达式。 + + + + See documentation for a list of all variables. + 请阅读文档了解完整变量列表。 + + + + Static rules + 静态规则 + + + + Minimum length + 最小长度 + + + + Minimum amount of Uppercase Characters + 最低大写字符数 + + + + Minimum amount of Lowercase Characters + 最低小写字符数 + + + + Minimum amount of Digits + 最低数字字符数 + + + + Minimum amount of Symbols Characters + 最低符号字符数 + + + + Error message + 错误消息 + + + + Symbol charset + 符号字符集 + + + + Characters which are considered as symbols. + 被视为符号的字符。 + + + + HaveIBeenPwned settings + HaveIBeenPwned 设置 + + + + Allowed count + 允许的计数 + + + + Allow up to N occurrences in the HIBP database. + HIBP 数据库中最多允许 N 次出现。 + + + + zxcvbn settings + zxcvbn 设置 + + + + Score threshold + 分数阈值 + + + + If the password's score is less than or equal this value, the policy will fail. + 如果密码分数小于等于此值,则策略失败。 + + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + 根据多条规则检查策略请求中的值,这些规则主要用于确保密码强度。 + + + + Password field + 密码字段 + + + + Field key to check, field keys defined in Prompt stages are available. + 要检查的字段键,可以使用输入阶段中定义的字段键。 + + + + Check static rules + 检查静态规则 + + + + Check haveibeenpwned.com + 检查 haveibeenpwned.com + + + + For more info see: + 更多信息请看: + + + + Check zxcvbn + 检查 zxcvbn + + + + Password strength estimator created by Dropbox, see: + Dropbox 制作的密码强度估算器,详见: + + + + Allows/denys requests based on the users and/or the IPs reputation. + 根据用户和/或 IP 信誉允许/拒绝请求。 + + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + 无效的登录尝试将降低客户端 IP 及其尝试登录的用户名的分数。 + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + 当信誉分数低于阈值时策略通过,而当其中一个或两个选定选项 +大于等于阈值时策略不通过。 + + + Check IP + 检查 IP + + + + Check Username + 检查用户名 + + + + Threshold + 阈值 + + + + New policy + 新建策略 + + + + Create a new policy. + 创建一个新策略。 + + + + Create Binding + 创建绑定 + + + + Superuser + 超级用户 + + + + Members + 成员 + + + + Select groups to add user to + 选择要添加用户的组 + + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + 警告:将用户添加到所选的组会使其获得超级用户权限。 + + + + Successfully updated user. + 已成功更新用户。 + + + + Successfully created user. + 已成功创建用户。 + + + + Username + 用户名 + + + + User's primary identifier. 150 characters or fewer. + 用户主标识符。不超过 150 个字符。 + + + + User's display name. + 用户的显示名称 + + + + Email + 电子邮箱 + + + + Is active + 已激活 + + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + 指定是否应将此用户视为活动用户。取消选择此选项,而不是删除帐户。 + + + + Path + 路径 + + + + Policy / User / Group + 策略 / 用户 / 组 + + + + Policy + 策略 + + + + + Group + 组 + + + + + User + 用户 + + + + + Edit Policy + 编辑策略 + + + + Update Group + 更新组 + + + + Edit Group + 编辑组 + + + + Update User + 更新用户 + + + + Edit User + 编辑用户 + + + + Policy binding(s) + 策略绑定 + + + + Update Binding + 更新绑定 + + + + Edit Binding + 编辑绑定 + + + + No Policies bound. + 未绑定策略。 + + + + No policies are currently bound to this object. + 当前没有策略绑定到此对象。 + + + + Bind existing policy + 绑定已有策略 + + + + Warning: Application is not used by any Outpost. + 警告:应用程序未被任何前哨使用。 + + + + Related + 相关 + + + + Backchannel Providers + 反向通道提供程序 + + + + Check access + 检查访问权限 + + + + Check + 检查 + + + + Check Application access + 检查应用程序访问权限 + + + + Test + 测试 + + + + Launch + 启动 + + + + Logins over the last week (per 8 hours) + 过去一周的登录次数(每 8 小时) + + + + Policy / Group / User Bindings + 策略 / 组 / 用户绑定 + + + + These policies control which users can access this application. + 这些策略控制哪些用户可以访问此应用程序。 + + + + Successfully updated source. + 已成功更新源。 + + + + Successfully created source. + 已成功创建源。 + + + + Sync users + 同步用户 + + + + User password writeback + 用户密码写回 + + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + 登录密码会自动从 LDAP 同步到 authentik。启用此选项可将 authentik 中的密码更改写回至 LDAP。 + + + + Sync groups + 同步组 + + + + Connection settings + 连接设置 + + + + Server URI + 服务器 URI + + + + Specify multiple server URIs by separating them with a comma. + 通过用逗号分隔多个服务器 URI 来指定它们。 + + + + Enable StartTLS + 启用 StartTLS + + + + To use SSL instead, use 'ldaps://' and disable this option. + 要改用 SSL,请使用 'ldaps: //' 并禁用此选项。 + + + + TLS Verification Certificate + TLS 验证证书 + + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + 使用 TLS 连接到 LDAP 服务器时,默认情况下不检查证书。指定密钥对以验证远程证书。 + + + + Bind CN + Bind CN + + + + LDAP Attribute mapping + LDAP 属性映射 + + + + Property mappings used to user creation. + 用于创建用户的属性映射。 + + + + Additional settings + 其他设置 + + + + Parent group for all the groups imported from LDAP. + 从 LDAP 导入的所有组的父组。 + + + + User path + 用户路径 + + + + Addition User DN + 额外的用户 DN + + + + Additional user DN, prepended to the Base DN. + 额外的用户 DN,添加到 Base DN 起始处。 + + + + Addition Group DN + 额外的组 DN + + + + Additional group DN, prepended to the Base DN. + 额外的组 DN,添加到 Base DN 起始处。 + + + + User object filter + 用户对象筛选器 + + + + Consider Objects matching this filter to be Users. + 将与此筛选器匹配的对象视为用户。 + + + + Group object filter + 组对象过滤器 + + + + Consider Objects matching this filter to be Groups. + 将与此过滤器匹配的对象视为组。 + + + + Group membership field + 组成员资格字段 + + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + 包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...' + + + + Object uniqueness field + 对象唯一性字段 + + + + Field which contains a unique Identifier. + 包含唯一标识符的字段。 + + + + Link users on unique identifier + 使用唯一标识符链接用户 + + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + 链接到电子邮件地址相同的用户。当源不验证电子邮件地址时,可能会有安全隐患 + + + + Use the user's email address, but deny enrollment when the email address already exists + 使用用户的电子邮件地址,但在电子邮件地址已存在时拒绝注册 + + + + Link to a user with identical username. Can have security implications when a username is used with another source + 链接到用户名相同的用户。当其他源使用相同用户名时,可能会有安全隐患 + + + + Use the user's username, but deny enrollment when the username already exists + 使用用户的用户名,但在用户名已存在时拒绝注册 + + + + Unknown user matching mode + 未知用户匹配模式 + + + + URL settings + URL 设置 + + + + Authorization URL + 授权 URL + + + + URL the user is redirect to to consent the authorization. + 用户被重定向到以同意授权的 URL。 + + + + Access token URL + 访问令牌 URL + + + + URL used by authentik to retrieve tokens. + authentik 用来获取令牌的 URL。 + + + + Profile URL + 个人资料 URL + + + + URL used by authentik to get user information. + authentik 用来获取用户信息的 URL。 + + + + Request token URL + 请求令牌 URL + + + + URL used to request the initial token. This URL is only required for OAuth 1. + 用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。 + + + + OIDC Well-known URL + OIDC Well-known URL + + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + OIDC Well-known 配置 URL。可用于自动配置上述 URL。 + + + + OIDC JWKS URL + OIDC JWKS URL + + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + JSON Web Key URL。来自此 URL 的 Key 将被用于验证此身份来源的 JWT。 + + + + OIDC JWKS + OIDC JWKS + + + + Raw JWKS data. + 原始 JWKS 数据。 + + + + User matching mode + 用户匹配模式 + + + + Delete currently set icon. + 删除当前设置的图标。 + + + + Consumer key + 消费者 Key + + + + Consumer secret + 消费者 Secret + + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + 要传递给 OAuth 提供程序的其他作用域,用空格分隔。要替换已存在的作用域,请添加前缀 *。 + + + + Flow settings + 流程设置 + + + + Flow to use when authenticating existing users. + 认证已存在用户时所使用的流程。 + + + + Enrollment flow + 注册流程 + + + + Flow to use when enrolling new users. + 新用户注册的流程。 + + + + Load servers + 加载服务器 + + + + Re-authenticate with plex + 使用 Plex 重新验证身份 + + + + Allow friends to authenticate via Plex, even if you don't share any servers + 允许好友通过 Plex 进行身份验证,即使您不共享任何服务器。 + + + + Allowed servers + 允许的服务器 + + + + Select which server a user has to be a member of to be allowed to authenticate. + 选择用户必须是哪个服务器的成员才能进行身份验证。 + + + + SSO URL + SSO URL + + + + URL that the initial Login request is sent to. + 初始登录请求发送到的 URL。 + + + + SLO URL + SLO URL + + + + Optional URL if the IDP supports Single-Logout. + 如果 IDP 支持单点登出,则为可选 URL。 + + + + Also known as Entity ID. Defaults the Metadata URL. + 也称为 Entity ID。 默认为元数据 URL。 + + + + Binding Type + 绑定类型 + + + + Redirect binding + 重定向绑定 + + + + Post-auto binding + 自动 Post 绑定 + + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + Post 绑定,但请求会被自动发送,不需要用户确认。 + + + + Post binding + Post 绑定 + + + + Signing keypair + 签名密钥对 + + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + 用于签名传出请求的密钥对。留空则禁用签名。 + + + + Allow IDP-initiated logins + 允许 IDP 发起的登录 + + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + 允许由 IdP 启动的身份验证流程。这可能存在安全风险,因为未对请求 ID 进行验证。 + + + + NameID Policy + NameID 策略 + + + + Persistent + 持久的 + + + + Email address + 电子邮箱地址 + + + + Windows + Windows + + + + X509 Subject + X509 主题 + + + + Transient + 暂时的 + + + + Delete temporary users after + 多久后删除临时用户 + + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + 删除临时用户的时间偏移。这仅适用于您的 IDP 使用 NameID 格式 'transient' 且用户未手动登出的情况。 + + + + Pre-authentication flow + 身份验证前流程 + + + + Flow used before authentication. + 身份验证之前使用的流程。 + + + + New source + 新建身份来源 + + + + Create a new source. + 创建一个新身份来源。 + + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + 身份来源,既可以同步到 authentik 的数据库中,也可以被用户用来进行身份验证和注册。 + + + + Source(s) + + + + + Disabled + 已禁用 + + + + Built-in + 内置 + + + + Update LDAP Source + 更新 LDAP 源 + + + + Not synced yet. + 尚未同步。 + + + + Task finished with warnings + 任务已完成但有警告 + + + + Task finished with errors + 任务已完成但有错误 + + + + Last sync: + 上次同步: + + + + + OAuth Source + OAuth 源 + + + + + Generic OpenID Connect + 通用 OpenID 连接 + + + + Unknown provider type + 未知提供程序类型 + + + + Details + 详情 + + + + Callback URL + 回调 URL + + + + Access Key + 访问密钥 + + + + Update OAuth Source + 更新 OAuth 源 + + + + Diagram + 流程图 + + + + Policy Bindings + 策略绑定 + + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + 这些绑定控制哪些用户可以访问此源。 +您只能在此处使用策略,因为访问权限会在验证用户身份之前检查。 + + + Update Plex Source + 更新 Plex 源 + + + + Update SAML Source + 更新 SAML 源 + + + + Successfully updated mapping. + 已成功更新映射。 + + + + Successfully created mapping. + 已成功创建映射。 + + + + Object field + 对象字段 + + + + Field of the user object this value is written to. + 写入此值的用户对象的字段。 + + + + SAML Attribute Name + SAML 属性名称 + + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + 用于 SAML 断言的属性名称。可以是 URN OID、Schema Reference 或任何其他字符串。如果此属性映射用于 NameID 属性,则会丢弃此字段。 + + + + Friendly Name + 显示名称 + + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + 可选,设置断言属性的 'FriendlyName' 值。 + + + + Scope name + 作用域名称 + + + + Scope which the client can specify to access these properties. + 客户端可以指定的访问这些属性的范围。 + + + + Description shown to the user when consenting. If left empty, the user won't be informed. + 同意授权时向用户显示的描述。如果留空,则不会告知用户。 + + + + Example context data + 示例上下文数据 + + + + Active Directory User + Active Directory 用户 + + + + Active Directory Group + Active Directory 组 + + + + New property mapping + 新建属性映射 + + + + Create a new property mapping. + 创建一个新属性映射。 + + + + Property Mappings + 属性映射 + + + + Control how authentik exposes and interprets information. + 控制 authentik 如何公开和处理信息。 + + + + Property Mapping(s) + 属性映射 + + + + Test Property Mapping + 测试属性映射 + + + + Hide managed mappings + 隐藏管理映射 + + + + Successfully updated token. + 已成功更新令牌。 + + + + Successfully created token. + 已成功创建令牌。 + + + + Unique identifier the token is referenced by. + 引用令牌的唯一标识符。 + + + + Intent + 意图 + + + + API Token + API Token + + + + Used to access the API programmatically + 用于编程方式访问 API + + + + App password. + 应用密码。 + + + + Used to login using a flow executor + 使用流程执行器登录 + + + + Expiring + 即将过期 + + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + 如果选择此选项,令牌将能够过期。过期时,令牌将被轮换。 + + + + Expires on + 过期时间 + + + + API Access + API 访问权限 + + + + App password + 应用密码 + + + + Verification + 验证 + + + + Unknown intent + 未知意图 + + + + Tokens + 令牌 + + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + 令牌在整个 authentik 中用于电子邮件验证阶段、恢复密钥和 API 访问。 + + + + Expires? + 过期? + + + + Expiry date + 过期日期 + + + + Token(s) + 令牌 + + + + Create Token + 创建令牌 + + + + Token is managed by authentik. + 令牌由 authentik 管理。 + + + + Update Token + 更新令牌 + + + + Domain + 域名 + + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + 根据域名后缀完成匹配,因此,如果您输入 domain.tld,foo.domain.tld 仍将匹配。 + + + + Default + 默认 + + + + Branding settings + 品牌设置 + + + + Title + 标题 + + + + Branding shown in page title and several other places. + 品牌信息显示在页面标题和其他几个地方。 + + + + Logo + Logo + + + + Icon shown in sidebar/header and flow executor. + 在侧边栏/标题和流程执行器中显示的图标。 + + + + Favicon + 网站图标 + + + + Icon shown in the browser tab. + 浏览器选项卡中显示的图标。 + + + + Default flows + 默认流程 + + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + 用于对用户进行身份验证的流程。如果留空,则使用按 Slug 排序的第一个适用流程。 + + + + Invalidation flow + 失效流程 + + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + 用于登出的流程。如果留空,则使用按 Slug 排序的第一个适用流程。 + + + + Recovery flow + 恢复流程 + + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + 恢复流程。如果留空,则使用按 Slug 排序的第一个适用流程。 + + + + Unenrollment flow + 删除账户流程 + + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + 如果已设置,则用户可以使用此流程自行删除账户。如果未设置流程,则不显示选项。 + + + + User settings flow + 用户设置流程 + + + + If set, users are able to configure details of their profile. + 设置后,用户可以配置他们个人资料的详细信息。 + + + + Device code flow + 设备代码流程 + + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + 如果设置,则 OAuth 设备代码用户资料可用,并且选定的流程将会用于输入代码。 + + + + Other global settings + 其他全局设置 + + + + Web Certificate + Web 证书 + + + + Event retention + 事件保留 + + + + Duration after which events will be deleted from the database. + 事件从数据库中删除的时间,超过这个时间就会被删除。 + + + + When using an external logging solution for archiving, this can be set to "minutes=5". + 使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。 + + + + This setting only affects new Events, as the expiration is saved per-event. + 此设置仅影响新事件,因为过期时间是分事件保存的。 + + + + Configure visual settings and defaults for different domains. + 配置不同域名的可视化设置和默认值。 + + + + Default? + 默认? + + + + Policies + 策略 + + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + 允许用户根据属性使用应用程序、强制使用密码标准以及选择性地应用阶段。 + + + + Assigned to object(s). + 已分配给 + 个对象。 + + + + Warning: Policy is not assigned. + 警告:策略未分配。 + + + + Test Policy + 测试策略 + + + + Policy / Policies + 策略 + + + + Successfully cleared policy cache + 已成功清除策略缓存 + + + + Failed to delete policy cache + 删除策略缓存失败 + + + + Clear cache + 清除缓存 + + + + Clear Policy cache + 清除策略缓存 + + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + 确实要清除策略缓存吗?这将导致所有策略在下次使用时重新评估。 + + + Reputation scores + 信誉分数 + + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + IP 和用户标识符的信誉。每次登录失败分数都会降低,每次登录成功分数都会增加。 + + + + IP + IP + + + + Score + 分数 + + + + Updated + 已更新 + + + + Reputation + 信誉 + + + + Groups + + + + + Group users together and give them permissions based on the membership. + 将用户分组在一起,并根据成员资格为他们授予权限。 + + + + Superuser privileges? + 超级用户权限? + + + + Group(s) + + + + + Create Group + 创建组 + + + + Create group + 创建组 + + + + Enabling this toggle will create a group named after the user, with the user as member. + 启用此开关将创建一个以用户命名的组,用户为成员。 + + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + 使用下面的用户名和密码进行身份验证。密码可以稍后在令牌页面上获取。 + + + + Password + 密码 + + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + 有效期为 360 天,之后密码将自动轮换。您可以从令牌列表中复制密码。 + + + + The following objects use + 以下对象使用 + + + + + connecting object will be deleted + 连接对象将被删除 + + + + Successfully updated + 成功更新 + + + Failed to update : + 更新 + 失败: + + + + + Are you sure you want to update ""? + 您确定要更新 + " + " 吗? + + + + Successfully updated password. + 已成功更新密码。 + + + + Successfully sent email. + 已成功发送电子邮件。 + + + + Email stage + 电子邮件阶段 + + + + Successfully added user(s). + 成功添加用户。 + + + + Users to add + 要添加的用户 + + + + User(s) + 用户 + + + + Remove Users(s) + 删除用户 + + + + Are you sure you want to remove the selected users from the group ? + 您确定要从组 + 中删除选定的用户吗? + + + + Remove + 删除 + + + + Impersonate + 模拟身份 + + + + User status + 用户状态 + + + + Change status + 更改状态 + + + + Deactivate + 停用 + + + + Update password + 更新密码 + + + + Set password + 设置密码 + + + + Successfully generated recovery link + 已成功生成恢复链接 + + + + No recovery flow is configured. + 未配置恢复流程。 + + + + Copy recovery link + 复制恢复链接 + + + + Send link + 发送链接 + + + + Send recovery link to user + 向用户发送恢复链接 + + + + Email recovery link + 电子邮件恢复链接 + + + + Recovery link cannot be emailed, user has no email address saved. + 无法通过电子邮件发送恢复链接,用户没有保存电子邮件地址。 + + + + Add User + 添加用户 + + + + Warning: This group is configured with superuser access. Added users will have superuser access. + 警告:此组已配置为超级用户权限。加入的用户将会拥有超级用户权限。 + + + + Add existing user + 添加已有用户 + + + + Create user + 创建用户 + + + + Create User + 创建用户 + + + + Create Service account + 创建服务账户 + + + + Hide service-accounts + 隐藏服务账户 + + + + Group Info + 组信息 + + + + Notes + 备注 + + + + Edit the notes attribute of this group to add notes here. + 编辑该组的备注属性以在此处添加备注。 + + + + Users + 用户 + + + + Root + + + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + 警告:您即将删除当前登录的用户( + )。如果继续,请自担风险。 + + + + Hide deactivated user + 隐藏未激活的用户 + + + + User folders + 用户目录 + + + + Successfully added user to group(s). + 成功添加用户到组。 + + + + Groups to add + 要添加的组 + + + + Remove from Group(s) + 从组中删除 + + + + Are you sure you want to remove user from the following groups? + 您确定要从以下组中删除用户 + 吗? + + + + Add Group + 添加组 + + + + Add to existing group + 添加到已有组 + + + + Add new group + 添加新组 + + + + Application authorizations + 应用程序授权 + + + + Revoked? + 已吊销? + + + + Expires + 过期 + + + + ID Token + ID 令牌 + + + + Refresh Tokens(s) + 刷新令牌 + + + + Last IP + 上次 IP + + + + Session(s) + 会话 + + + + Expiry + 过期 + + + + (Current session) + (当前会话) + + + + Permissions + 权限 + + + + Consent(s) + 同意授权 + + + + Successfully updated device. + 已成功更新设备。 + + + + Static tokens + 静态令牌 + + + + TOTP Device + TOTP 设备 + + + + Enroll + 注册 + + + + Device(s) + 设备 + + + + Update Device + 更新设备 + + + + Confirmed + 已确认 + + + + User Info + 用户信息 + + + + Actions over the last week (per 8 hours) + 过去一周的操作(每 8 小时) + + + + Edit the notes attribute of this user to add notes here. + 编辑该用户的备注属性以在此处添加备注。 + + + + Sessions + 会话 + + + + User events + 用户事件 + + + + Explicit Consent + 明确同意授权 + + + + OAuth Refresh Tokens + OAuth 刷新令牌 + + + + MFA Authenticators + MFA 身份验证器 + + + + Successfully updated invitation. + 已成功更新邀请。 + + + + Successfully created invitation. + 已成功创建邀请。 + + + + Flow + 流程 + + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + 选中时,此邀请仅可在对应流程中使用。默认情况下,此邀请接受所有流程的邀请阶段。 + + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + 加载到流程的 'prompt_data' 上下文变量中的可选数据。YAML 或 JSON。 + + + + Single use + 一次性使用 + + + + When enabled, the invitation will be deleted after usage. + 启用后,邀请将在使用后被删除。 + + + + Select an enrollment flow + 选择注册流程 + + + + Link to use the invitation. + 使用邀请的链接。 + + + + Invitations + 邀请 + + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + 创建邀请链接以注册用户,并可选地强制设置其账户的特定属性。 + + + + Created by + 创建者 + + + + Invitation(s) + 邀请 + + + + Invitation not limited to any flow, and can be used with any enrollment flow. + 邀请没有限制到任何流程,可以用于任何注册流程。 + + + + Update Invitation + 更新邀请 + + + + Create Invitation + 创建邀请 + + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + 警告:没有邀请阶段绑定到任何流程。邀请将无法按预期工作。 + + + + Auto-detect (based on your browser) + 自动检测(基于您的浏览器) + + + + Required. + 必需。 + + + + Continue + 继续 + + + + Successfully updated prompt. + 已成功更新输入项。 + + + + Successfully created prompt. + 已成功创建输入项。 + + + + Text: Simple Text input + 文本:简单文本输入 + + + + Text Area: Multiline text input + 文本框:多行文本输入。 + + + + Text (read-only): Simple Text input, but cannot be edited. + 文本(只读):简单文本输入,但无法编辑。 + + + + Text Area (read-only): Multiline text input, but cannot be edited. + 文本框(只读):多行文本输入,但无法编辑。 + + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + 用户名:与文本输入相同,但检查并防止用户名重复。 + + + + Email: Text field with Email type. + 电子邮箱:电子邮箱类型的文本字段。 + + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + 密码:屏蔽显示输入内容,多个此类型的输入如果在同一个输入项下,则内容需要相同。 + + + + Number + 数字 + + + + Checkbox + 复选框 + + + + Radio Button Group (fixed choice) + 单选按钮组(固定选项) + + + + Dropdown (fixed choice) + 下拉框(固定选项) + + + + Date + 日期 + + + + Date Time + 日期时间 + + + + File + 文件 + + + + Separator: Static Separator Line + 分隔符:静态分隔线 + + + + Hidden: Hidden field, can be used to insert data into form. + 隐藏:隐藏字段,可用于将数据插入表单。 + + + + Static: Static value, displayed as-is. + 静态:静态值,按原样显示。 + + + + authentik: Locale: Displays a list of locales authentik supports. + authentik:语言:显示 authentik 支持的语言设置。 + + + + Preview errors + 预览错误 + + + + Data preview + 数据预览 + + + + Unique name of this field, used for selecting fields in prompt stages. + 此字段的唯一名称,用于选择输入阶段的字段。 + + + + Field Key + 字段键 + + + + Name of the form field, also used to store the value. + 表单域的名称,也用于存储值。 + + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + 当与用户写入阶段结合使用时,请使用 attributes.foo 来编写属性。 + + + + Label + 标签 + + + + Label shown next to/above the prompt. + 标签会显示在输入侧方/上方。 + + + + Required + 必需 + + + + Interpret placeholder as expression + 将占位符解释为表达式 + + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + 勾选时,占位符将以与属性映射相同的方式评估。 +如果评估失败,则返回占位符本身。 + + + Placeholder + 占位符 + + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + 可选的简短提示,用来描述期望的输入值。 +在创建固定选项字段时,启用以表达式解释, +并返回多个选项的列表。 + + + Interpret initial value as expression + 将初始值解释为表达式 + + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + 勾选时,初始值将以与属性映射相同的方式评估。 +如果评估失败,则返回初始值本身。 + + + Initial value + 初始值 + + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + 可选的预设输入初始值。 +在创建固定选项字段时,启用以表达式解释, +并返回多个默认选项的列表。 + + + Help text + 帮助文本 + + + + Any HTML can be used. + 可以使用任何 HTML。 + + + + Prompts + 输入 + + + + Single Prompts that can be used for Prompt Stages. + 可用于输入阶段的单个输入项。 + + + + Field + 字段 + + + + Stages + 阶段 + + + + Prompt(s) + 输入 + + + + Update Prompt + 更新输入项 + + + + Create Prompt + 创建输入 + + + + Target + 目标 + + + + Stage + 阶段 + + + + Evaluate when flow is planned + 流程被规划时评估 + + + + Evaluate policies during the Flow planning process. + 在流程规划过程中评估策略。 + + + + Evaluate when stage is run + 阶段被运行时评估 + + + + Evaluate policies before the Stage is present to the user. + 在阶段即将呈现给用户时评估策略。 + + + + Invalid response behavior + 无效响应行为 + + + + Returns the error message and a similar challenge to the executor + 向执行器返回错误消息和类似的质询 + + + + Restarts the flow from the beginning + 从头开始重新启动流程 + + + + Restarts the flow from the beginning, while keeping the flow context + 从头开始重新启动流程,同时保留流程上下文 + + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + 针对由此绑定阶段提供的质询,配置流程执行器应如何处理对此质询的无效响应。 + + + + Successfully updated stage. + 已成功更新阶段。 + + + + Successfully created stage. + 已成功创建阶段。 + + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + 用来配置基于 Duo 的身份验证器的阶段。此阶段应该用于配置流程。 + + + + Authenticator type name + 身份验证类型名称 + + + + Display name of this authenticator, used by users when they enroll an authenticator. + 此验证器的显示名称,在用户注册验证器时使用。 + + + + API Hostname + API 主机名 + + + + Duo Auth API + Duo Auth API + + + + Integration key + 集成密钥 + + + + Secret key + Secret 密钥 + + + + Duo Admin API (optional) + Duo Admin API(可选) + + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + 使用 Duo MFA 的 Access 或 Beyond 计划时,可以创建 Admin API 应用程序。 +这允许 authentik 自动导入设备。 + + + Stage-specific settings + 阶段特定设置 + + + + Configuration flow + 配置流程 + + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + 经过身份验证的用户用来配置此阶段的流程。如果为空,用户将无法配置此阶段。 + + + + Twilio Account SID + Twilio 账户 SID + + + + Get this value from https://console.twilio.com + 从 https://console.twilio.com 获取此值 + + + + Twilio Auth Token + Twilio 身份验证令牌 + + + + Authentication Type + 身份验证类型 + + + + Basic Auth + 基本身份验证 + + + + Bearer Token + Bearer 令牌 + + + + External API URL + 外部 API URL + + + + This is the full endpoint to send POST requests to. + 这是向其发送 POST 请求的完整终端节点。 + + + + API Auth Username + API 身份验证用户名 + + + + This is the username to be used with basic auth or the token when used with bearer token + 这是用于 Basic 身份验证的用户名,或是使用 Bearer 令牌时的令牌 + + + + API Auth password + API 身份验证密码 + + + + This is the password to be used with basic auth + 这是用于 Basic 身份验证的密码 + + + + Mapping + 映射 + + + + Modify the payload sent to the custom provider. + 修改发送到自定义提供程序的载荷。 + + + + Stage used to configure an SMS-based TOTP authenticator. + 用来配置基于短信的 TOTP 身份验证器的阶段。 + + + + Twilio + Twilio + + + + Generic + 通用 + + + + From number + 发信人号码 + + + + Number the SMS will be sent from. + 短信的发信人号码。 + + + + Hash phone number + 哈希电话号码 + + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + 如果启用,仅保存电话号码的哈希。这是出于数据保护的原因。如果设备创建自启用此选项的阶段,则无法在验证阶段使用身份验证器。 + + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + 用来配置静态身份验证器(即静态令牌)的阶段。此阶段应该用于配置流程。 + + + + Token count + 令牌计数 + + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + 用来配置 TOTP 身份验证器(即 Authy/Google 身份验证器)的阶段。 + + + + Digits + 数字 + + + + 6 digits, widely compatible + 6 位数字,广泛兼容 + + + + 8 digits, not compatible with apps like Google Authenticator + 8 位数字,与 Google 身份验证器等应用不兼容 + + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + 用来验证任何身份验证器的阶段。此阶段应在身份验证或授权流程中使用。 + + + + Device classes + 设备类型 + + + + Static Tokens + 静态令牌 + + + + TOTP Authenticators + TOTP 身份验证器 + + + + WebAuthn Authenticators + WebAuthn 身份验证器 + + + + Duo Authenticators + Duo 身份验证器 + + + + SMS-based Authenticators + 基于短信的身份验证器 + + + + Device classes which can be used to authenticate. + 可用于进行身份验证的设备类型。 + + + + Last validation threshold + 上次验证阈值 + + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + 如果上面所选类型的任意设备在此期限内被使用,此阶段会被跳过。 + + + + Not configured action + 未配置操作 + + + + Force the user to configure an authenticator + 强制用户配置身份验证器 + + + + Deny the user access + 拒绝用户访问 + + + + WebAuthn User verification + WebAuthn 用户验证 + + + + User verification must occur. + 必须进行用户验证。 + + + + User verification is preferred if available, but not required. + 如果可用,则首选用户验证,但不是必需的。 + + + + User verification should not occur. + 不应进行用户验证。 + + + + Configuration stages + 配置阶段 + + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + 当用户没有任何兼容的设备时,用来配置身份验证器的阶段。此阶段通过后,将不再请求此用户。 + + + + When multiple stages are selected, the user can choose which one they want to enroll. + 选中多个阶段时,用户可以选择要注册哪个。 + + + + User verification + 用户验证 + + + + Resident key requirement + 常驻钥匙要求 + + + + Authenticator Attachment + 身份验证器附件 + + + + No preference is sent + 不发送偏好 + + + + A non-removable authenticator, like TouchID or Windows Hello + 不可移除的身份验证器,例如 TouchID 或 Windows Hello + + + + A "roaming" authenticator, like a YubiKey + 像 YubiKey 这样的“漫游”身份验证器 + + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + 此阶段会根据 Google reCaptcha(或兼容的)服务检查用户的当前会话。 + + + + Public Key + 公钥 + + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + 公钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 + + + + Private Key + 私钥 + + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + 私钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 + + + + Advanced settings + 高级设置 + + + + JS URL + JS URL + + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + 拉取 JavaScript 的 URL,默认为 recaptcha。可以替换为任何兼容替代。 + + + + API URL + API URL + + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + 用于校验验证码响应的 URL,默认为 recaptcha。可以替换为任何兼容替代。 + + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + 请求用户同意授权。同意授权可以是永久性的,也可以在规定的时间后过期。 + + + + Always require consent + 始终需要征得同意授权 + + + + Consent given last indefinitely + 无限期同意授权 + + + + Consent expires. + 同意授权会过期。 + + + + Consent expires in + 同意授权过期时间 + + + + Offset after which consent expires. + 同意过期后的偏移。 + + + + Dummy stage used for testing. Shows a simple continue button and always passes. + 用于测试的虚拟阶段。显示一个简单的“继续”按钮,并且始终通过。 + + + + Throw error? + 抛出错误? + + + + SMTP Host + SMTP 主机 + + + + SMTP Port + SMTP 端口 + + + + SMTP Username + SMTP 用户名 + + + + SMTP Password + SMTP 密码 + + + + Use TLS + 使用 TLS + + + + Use SSL + 使用 SSL + + + + From address + 发件人地址 + + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + 通过向用户发送一次性链接来验证用户的电子邮件地址。也可用于在恢复时验证用户的真实性。 + + + + Activate pending user on success + 成功时激活待处理用户 + + + + When a user returns from the email successfully, their account will be activated. + 当用户成功自电子邮件中返回时,其账户将被激活。 + + + + Use global settings + 使用全局设置 + + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + 启用后,将使用全局电子邮件连接设置,下面的连接设置将被忽略。 + + + + Token expiry + 令牌过期 + + + + Time in minutes the token sent is valid. + 发出令牌的有效时间(单位为分钟)。 + + + + Template + 模板 + + + + Let the user identify themselves with their username or Email address. + 让用户使用用户名或电子邮件地址来标识自己。 + + + + User fields + 用户字段 + + + + UPN + UPN + + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + 用户可以用来标识自己的字段。如果未选择任何字段,则用户将只能使用源。 + + + + Password stage + 密码阶段 + + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + 选中后,密码字段将显示在同一页面,而不是单独的页面上。这样可以防止用户名枚举攻击。 + + + + Case insensitive matching + 不区分大小写的匹配 + + + + When enabled, user fields are matched regardless of their casing. + 启用后,无论大小写如何,都将匹配用户字段。 + + + + Show matched user + 显示匹配的用户 + + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + 如果输入了有效的用户名/电子邮箱,并且启用了此选项,则会显示用户的用户名和头像。否则,将显示用户输入的文本。 + + + + Source settings + 源设置 + + + + Sources + + + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + 选择的源应显示给用户进行身份验证。这只会影响基于 Web 的源,而不影响 LDAP。 + + + + Show sources' labels + 显示源的标签 + + + + By default, only icons are shown for sources. Enable this to show their full names. + 默认情况下,只为源显示图标。启用此选项可显示它们的全名。 + + + + Passwordless flow + 无密码流程 + + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + 可选的无密码流程,链接在页面底部。配置后,用户可以使用此流程通过 WebAuthn 身份验证器进行验证,无需输入任何详细信息。 + + + + Optional enrollment flow, which is linked at the bottom of the page. + 可选注册流程,链接在页面底部。 + + + + Optional recovery flow, which is linked at the bottom of the page. + 可选的恢复流程,链接在页面底部。 + + + + This stage can be included in enrollment flows to accept invitations. + 此阶段可以包含在注册流程中以接受邀请。 + + + + Continue flow without invitation + 在没有邀请的情况下继续流程 + + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + 如果设置了此标志,则当没有发出邀请时,此阶段将跳转到下一个阶段。默认情况下,当没有发出邀请时,此阶段将取消流程。 + + + + Validate the user's password against the selected backend(s). + 根据选定的后端验证用户的密码。 + + + + Backends + 后端 + + + + User database + standard password + 用户数据库 + 标准密码 + + + + User database + app passwords + 用户数据库 + 应用程序密码 + + + + User database + LDAP password + 用户数据库 + LDAP 密码 + + + + Selection of backends to test the password against. + 选择用于测试密码的后端。 + + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + 经过身份验证的用户用来配置其密码的流程。如果为空,用户将无法配置更改其密码。 + + + + Failed attempts before cancel + 取消前的的尝试失败 + + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + 在取消流程之前,用户可以尝试多少次。要锁定用户,请使用信誉策略和 user_write 阶段。 + + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + 向用户显示任意输入字段,例如在注册期间。数据保存在流程上下文中的 'prompt_data' 变量下。 + + + + Fields + 字段 + + + + ("", of type ) + + (" + ",类型为 + + + + + Validation Policies + 验证策略 + + + + Selected policies are executed when the stage is submitted to validate the data. + 当阶段被提交以验证数据时,执行选定的策略。 + + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + 删除当前待处理的用户。注意,这个阶段不要求确认。使用同意授权阶段来确保用户知道自己的行为。 + + + Log the currently pending user in. + 登录当前待处理的用户。 + + + + Session duration + 会话持续时间 + + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + 确定会话持续多长时间。默认为 0 秒意味着会话持续到浏览器关闭为止。 + + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + 不同浏览器处理会话 Cookie 的方式不同,即使关闭浏览器,也不能保证它们会被删除。 + + + + See here. + 详见这里。 + + + + Stay signed in offset + 保持登录偏移量 + + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + 如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。 + + + + Terminate other sessions + 终止其他会话 + + + + When enabled, all previous sessions of the user will be terminated. + 启用时,此用户的所有过往会话将会被终止。 + + + + Remove the user from the current session. + 从当前会话中移除用户。 + + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + 将流程上下文的 'prompt_data' 中的任何数据写入当前待处理的用户。 +如果没有用户处于待处理状态,则会创建新用户并向其写入数据。 + + + Never create users + 从不创建用户 + + + + When no user is present in the flow context, the stage will fail. + 如果流程上下文中没有出现用户,此阶段失败。 + + + + Create users when required + 如果需要则创建用户 + + + + When no user is present in the the flow context, a new user is created. + 如果流程上下文中没有出现用户,则创建新用户。 + + + + Always create new users + 总是创建新用户 + + + + Create a new user even if a user is in the flow context. + 即使用户在流程上下文中,仍然创建新用户。 + + + + Create users as inactive + 创建未激活用户 + + + + Mark newly created users as inactive. + 将新创建的用户标记为未激活。 + + + + User path template + 用户路径模板 + + + + Path new users will be created under. If left blank, the default path will be used. + 新用户将会在此路径下创建。如果留空,则使用默认路径。 + + + + Newly created users are added to this group, if a group is selected. + 如果选择了组,则会将新创建的用户添加到该组。 + + + + New stage + 新建阶段 + + + + Create a new stage. + 创建一个新阶段。 + + + + Successfully imported device. + 已成功导入设备。 + + + + The user in authentik this device will be assigned to. + 此设备要绑定的 authentik 用户。 + + + + Duo User ID + Duo 用户 ID + + + + The user ID in Duo, can be found in the URL after clicking on a user. + Duo 中的用户 ID,可以点击用户之后,在 URL 中找到。 + + + + Automatic import + 自动导入 + + + + Successfully imported devices. + 已成功导入 + 个设备。 + + + + Start automatic import + 开始自动导入 + + + + Or manually import + 或者手动导入 + + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + 阶段是引导用户完成流程的单个步骤。阶段只能在流程内部执行。 + + + + Flows + 流程 + + + + Stage(s) + 阶段 + + + + Import + 导入 + + + + Import Duo device + 导入 Duo 设备 + + + + Successfully updated flow. + 已成功更新流程。 + + + + Successfully created flow. + 已成功创建流程。 + + + + Shown as the Title in Flow pages. + 显示为流程页面中的标题。 + + + + Visible in the URL. + 在 URL 中可见。 + + + + Designation + 指定 + + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + 决定此流程的用途。例如,当未经身份验证的用户访问 authentik 时,会重定向到身份验证流程。 + + + + No requirement + 无要求 + + + + Require authentication + 需要身份验证 + + + + Require no authentication. + 需要无身份验证。 + + + + Require superuser. + 需要管理员用户。 + + + + Required authentication level for this flow. + 此流程需要身份验证等级。 + + + + Behavior settings + 行为设置 + + + + Compatibility mode + 兼容模式 + + + + Increases compatibility with password managers and mobile devices. + 增强与移动设备与密码管理器的兼容性。 + + + + Denied action + 拒绝操作 + + + + Will follow the ?next parameter if set, otherwise show a message + 将会首先遵循 ?next 参数,如果不存在则显示一条消息 + + + + Will either follow the ?next parameter or redirect to the default interface + 将会遵循 ?next 参数或者重定向到默认接口 + + + + Will notify the user the flow isn't applicable + 将会通知用户此流程不适用 + + + + Decides the response when a policy denies access to this flow for a user. + 当一条策略拒绝用户访问此流程时决定响应。 + + + + Appearance settings + 外观设置 + + + + Layout + 布局 + + + + Background + 背景 + + + + Background shown during execution. + 执行过程中显示的背景。 + + + + Clear background + 清除背景 + + + + Delete currently set background image. + 删除当前设置的背景图片。 + + + + Successfully imported flow. + 已成功导入流程。 + + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + .yaml 文件,可以在 goauthentik.io 上找到,也可以通过 authentik 导出。 + + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + 流程描述了一系列用于对用户进行身份验证、注册或恢复的阶段。阶段是根据应用于它们的策略来选择的。 + + + + Flow(s) + 流程 + + + + Update Flow + 更新流程 + + + + Create Flow + 创建流程 + + + + Import Flow + 导入流程 + + + + Successfully cleared flow cache + 已成功清除流程缓存 + + + + Failed to delete flow cache + 删除流程缓存失败 + + + + Clear Flow cache + 清除流程缓存 + + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + 确实要清除流程缓存吗? +这将导致所有流程在下次使用时重新评估。 + + + Stage binding(s) + 阶段绑定 + + + + Stage type + 阶段类型 + + + + Edit Stage + 编辑阶段 + + + + Update Stage binding + 更新阶段绑定 + + + + These bindings control if this stage will be applied to the flow. + 这些绑定控制是否将此阶段应用于流程。 + + + + No Stages bound + 未绑定阶段 + + + + No stages are currently bound to this flow. + 目前没有阶段绑定到此流程。 + + + + Create Stage binding + 创建阶段绑定 + + + + Bind stage + 绑定阶段 + + + + Bind existing stage + 绑定已有阶段 + + + + Flow Overview + 流程总览 + + + + Related actions + 相关操作 + + + + Execute flow + 执行流程 + + + + Normal + 正常 + + + + with current user + 以当前用户 + + + + with inspector + 附加检视器 + + + + Export flow + 导出流程 + + + + Export + 导出 + + + + Stage Bindings + 阶段绑定 + + + + These bindings control which users can access this flow. + 这些绑定控制哪些用户可以访问此流程。 + + + + Event Log + 事件日志 + + + + Event + 事件 + + + + + Event info + 事件信息 + + + + Created + 创建时间 + + + + Successfully updated transport. + 已成功更新传输。 + + + + Successfully created transport. + 已成功创建传输。 + + + + Local (notifications will be created within authentik) + 本地(通知在 authentik 内创建) + + + + Webhook (generic) + Webhook(通用) + + + + Webhook (Slack/Discord) + Webhook(Slack/Discord) + + + + Webhook URL + Webhook URL + + + + Webhook Mapping + Webhook 映射 + + + + Send once + 发送一次 + + + + Only send notification once, for example when sending a webhook into a chat channel. + 仅发送一次通知,例如在向聊天频道发送 Webhook 时。 + + + + Notification Transports + 通知传输 + + + + Define how notifications are sent to users, like Email or Webhook. + 定义如何向用户发送通知,例如电子邮件或 Webhook。 + + + + Notification transport(s) + 通知传输 + + + + Update Notification Transport + 更新通知传输 + + + + Create Notification Transport + 创建通知传输 + + + + Successfully updated rule. + 已成功更新规则。 + + + + Successfully created rule. + 已成功创建规则。 + + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + 选择一组用于发送警告的用户。如果未选择组,则此规则被禁用。 + + + + Transports + 传输 + + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + 选择应使用哪些传输方式来通知用户。如果未选择任何内容,则通知将仅显示在 authentik UI 中。 + + + + Severity + 严重程度 + + + + Notification Rules + 通知规则 + + + + Send notifications whenever a specific Event is created and matched by policies. + 每当特定事件被创建并匹配策略时,都会发送通知。 + + + + Sent to group + 已发送到组 + + + + Notification rule(s) + 通知规则 + + + + None (rule disabled) + 无(规则已禁用) + + + + Update Notification Rule + 更新通知规则 + + + + Create Notification Rule + 创建通知规则 + + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + 这些绑定控制此规则触发的事件。 +针对组/用户的绑定会检查与事件相关的用户。 + + + Outpost Deployment Info + 前哨部署信息 + + + + View deployment documentation + 查看部署文档 + + + + Click to copy token + 点击复制令牌 + + + + If your authentik Instance is using a self-signed certificate, set this value. + 如果您的 authentik 实例正在使用自签名证书,请设置此值。 + + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + 如果您的 authentik_host 设置与您要登录时使用的网址不匹配,请添加此设置。 + + + + Successfully updated outpost. + 已成功更新前哨。 + + + + Successfully created outpost. + 已成功创建前哨。 + + + + Radius + Radius + + + + Integration + 集成 + + + + Selecting an integration enables the management of the outpost by authentik. + 选择集成使 authentik 能够管理前哨。 + + + + You can only select providers that match the type of the outpost. + 您只能选择与前哨类型匹配的提供程序。 + + + + Configuration + 配置 + + + + See more here: + 了解更多: + + + + Documentation + 文档 + + + + Last seen + 上次出现 + + + + , should be + + ,应该是 + + + + + Hostname + 主机名 + + + + Not available + 不可用 + + + + Last seen: + 上次出现: + + + + + Unknown type + 未知类型 + + + + Outposts + 前哨 + + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + 前哨是对 authentik 组件的部署,用于支持不同的环境和协议,例如反向代理。 + + + + Health and Version + 健康状态与版本 + + + + Warning: authentik Domain is not configured, authentication will not work. + 警告:未配置 authentik 域名,身份验证将不起作用。 + + + + Logging in via . + 通过 + 登录。 + + + + No integration active + 没有激活的集成 + + + + Update Outpost + 更新前哨 + + + + View Deployment Info + 查看部署信息 + + + + Detailed health (one instance per column, data is cached so may be out of date) + 详细健康状况(每列一个实例,数据经过缓存,因此可能会过时) + + + + Outpost(s) + 前哨 + + + + Create Outpost + 创建前哨 + + + + Successfully updated integration. + 已成功更新集成。 + + + + Successfully created integration. + 已成功创建集成。 + + + + Local + 本地 + + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + 如果启用,请使用本地连接。需要 Docker Socket/Kubernetes 集成。 + + + + Docker URL + Docker URL + + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + 连接到本地 Docker 守护进程时可以采用 'unix://' 格式,通过 SSH 连接时采用 'ssh://' 格式,或者在连接到远程系统时采用 'https://:2376' 格式。 + + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + 验证端点证书所依据的 CA。可以留空,表示不进行验证。 + + + + TLS Authentication Certificate/SSH Keypair + TLS 身份验证证书/SSH 密钥对 + + + + Certificate/Key used for authentication. Can be left empty for no authentication. + 用于身份验证的证书/密钥。可以留空表示不验证。 + + + + When connecting via SSH, this keypair is used for authentication. + 通过 SSH 连接时,此密钥对用于身份验证。 + + + + Kubeconfig + Kubeconfig + + + + Verify Kubernetes API SSL Certificate + 验证 Kubernetes API SSL 证书 + + + + New outpost integration + 新建前哨集成 + + + + Create a new outpost integration. + 创建一个新前哨集成。 + + + + State + 状态 + + + + Unhealthy + 不健康 + + + + Outpost integration(s) + 前哨集成 + + + + Successfully generated certificate-key pair. + 已成功生成证书密钥对。 + + + + Common Name + 常用名 + + + + Subject-alt name + 替代名称 + + + + Optional, comma-separated SubjectAlt Names. + 可选,逗号分隔的替代名称。 + + + + Validity days + 有效天数 + + + + Successfully updated certificate-key pair. + 已成功更新证书密钥对。 + + + + Successfully created certificate-key pair. + 已成功创建证书密钥对。 + + + + PEM-encoded Certificate data. + PEM 编码的证书数据。 + + + + Optional Private Key. If this is set, you can use this keypair for encryption. + 可选私钥。如果设置,则可以使用此密钥对来加密。 + + + + Certificate-Key Pairs + 证书密钥对 + + + + Import certificates of external providers or create certificates to sign requests with. + 导入外部提供商的证书或创建用于签名请求的证书。 + + + + Private key available? + 私钥可用吗? + + + + Certificate-Key Pair(s) + 证书密钥对 + + + + Managed by authentik + 由 authentik 管理 + + + + Managed by authentik (Discovered) + 由 authentik 管理(已发现) + + + + Yes () + 是( + + + + + No + + + + + Update Certificate-Key Pair + 更新证书密钥对 + + + + Certificate Fingerprint (SHA1) + 证书指纹(SHA1) + + + + Certificate Fingerprint (SHA256) + 证书指纹(SHA256) + + + + Certificate Subject + 证书主题 + + + + Download Certificate + 下载证书 + + + + Download Private key + 下载私钥 + + + + Create Certificate-Key Pair + 创建证书密钥对 + + + + Generate + 生成 + + + + Generate Certificate-Key Pair + 生成证书密钥对 + + + + Successfully updated instance. + 已成功更新实例。 + + + + Successfully created instance. + 已成功创建实例。 + + + + Disabled blueprints are never applied. + 禁用的蓝图永远不会应用。 + + + + Local path + 本地路径 + + + + OCI Registry + OCI Registry + + + + Internal + 内部 + + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + OCI URL,格式为 oci://registry.domain.tld/path/to/manifest。 + + + + See more about OCI support here: + 在这里了解更多 OCI 支持: + + + + Blueprint + 蓝图 + + + + Configure the blueprint context, used for templating. + 配置蓝图上下文,用于模板操作。 + + + + Orphaned + 孤立 + + + + Blueprints + 蓝图 + + + + Automate and template configuration within authentik. + 在 authentik 内的自动化与模板配置。 + + + + Last applied + 上次应用 + + + + Blueprint(s) + 蓝图 + + + + Update Blueprint + 更新蓝图 + + + + Create Blueprint Instance + 创建蓝图实例 + + + + API Requests + API 请求 + + + + Open API Browser + 打开 API 浏览器 + + + + Notifications + 通知 + + + + unread + + 未读 + + + + Successfully cleared notifications + 已成功清除通知 + + + + Clear all + 全部清除 + + + + A newer version of the frontend is available. + 有较新版本的前端可用。 + + + + You're currently impersonating . Click to stop. + 您目前正在模拟 + 的身份。点击以停止。 + + + + User interface + 用户界面 + + + + Dashboards + 仪表板 + + + + Events + 事件 + + + + Logs + 日志 + + + + Customisation + 自定义 + + + + Directory + 目录 + + + + System + 系统 + + + + Certificates + 证书 + + + + Outpost Integrations + 前哨集成 + + + + API request failed + API 请求失败 + + + + User's avatar + 用户的头像 + + + + Something went wrong! Please try again later. + 发生了某些错误!请稍后重试。 + + + + Request ID + 请求 ID + + + + You may close this page now. + 您可以关闭此页面了。 + + + + You're about to be redirect to the following URL. + 您将被重定向到以下 URL。 + + + + Follow redirect + 跟随重定向 + + + + Request has been denied. + 请求被拒绝。 + + + + Not you? + 不是您? + + + + Need an account? + 需要一个账户? + + + + Sign up. + 注册。 + + + + Forgot username or password? + 忘记用户名或密码? + + + + Select one of the sources below to login. + 选择以下源之一进行登录。 + + + + Or + 或者 + + + + Use a security key + 使用安全密钥 + + + + Login to continue to . + 登录以继续前往 + + + + + Please enter your password + 请输入您的密码 + + + + Forgot password? + 忘记密码了吗? + + + + Application requires following permissions: + 应用程序需要以下权限: + + + + Application already has access to the following permissions: + 应用程序已经获得以下权限: + + + + Application requires following new permissions: + 应用程序需要以下新权限: + + + + Check your Inbox for a verification email. + 检查您的收件箱是否有验证电子邮件。 + + + + Send Email again. + 再次发送电子邮件。 + + + + Successfully copied TOTP Config. + 已成功复制 TOTP 配置。 + + + + Copy + 复制 + + + + Code + 代码 + + + + Please enter your TOTP Code + 请输入您的 TOTP 代码 + + + + Duo activation QR code + Duo 激活二维码 + + + + Alternatively, if your current device has Duo installed, click on this link: + 或者,如果您当前的设备已安装 Duo,请点击此链接: + + + + Duo activation + Duo 激活 + + + + Check status + 检查状态 + + + + Make sure to keep these tokens in a safe place. + 确保将这些令牌保存在安全的地方。 + + + + Phone number + 电话号码 + + + + Please enter your Phone number. + 请输入您的电话号码。 + + + + Please enter the code you received via SMS + 请输入您通过短信收到的验证码 + + + + A code has been sent to you via SMS. + 验证码已通过短信发送给您。 + + + + Open your two-factor authenticator app to view your authentication code. + 打开您的两步验证应用查看身份验证代码。 + + + + Static token + 静态令牌 + + + + Authentication code + 身份验证代码 + + + + Please enter your code + 请输入您的代码 + + + + Return to device picker + 返回设备选择器 + + + + Sending Duo push notification + 发送 Duo 推送通知 + + + + Assertions is empty + 断言为空 + + + + Error when creating credential: + 创建凭据时出错: + + + + + Error when validating assertion on server: + 在服务器上验证断言时出错: + + + + + Retry authentication + 重试身份验证 + + + + Duo push-notifications + Duo 推送通知 + + + + Receive a push notification on your device. + 在您的设备上接收推送通知。 + + + + Authenticator + 身份验证器 + + + + Use a security key to prove your identity. + 使用安全密钥证明您的身份。 + + + + Traditional authenticator + 传统身份验证器 + + + + Use a code-based authenticator. + 使用基于代码的身份验证器。 + + + + Recovery keys + 恢复密钥 + + + + In case you can't access any other method. + 以防万一您无法使用任何其他方法。 + + + + SMS + 短信 + + + + Tokens sent via SMS. + 通过短信发送的令牌。 + + + + Select an authentication method. + 选择一种身份验证方法。 + + + + Stay signed in? + 保持登录? + + + + Select Yes to reduce the number of times you're asked to sign in. + 选择“是”以减少您被要求登录的次数。 + + + + Authenticating with Plex... + 正在使用 Plex 进行身份验证... + + + + Waiting for authentication... + 正在等待身份验证… + + + + If no Plex popup opens, click the button below. + 如果 Plex 没有弹出窗口,则点击下面的按钮。 + + + + Open login + 打开登录 + + + + Authenticating with Apple... + 正在使用 Apple 进行身份验证... + + + + Retry + 重试 + + + + Enter the code shown on your device. + 请输入您设备上显示的代码。 + + + + Please enter your Code + 请输入您的验证码 + + + + You've successfully authenticated your device. + 您成功验证了此设备的身份。 + + + + Flow inspector + 流程检视器 + + + + Next stage + 下一阶段 + + + + Stage name + 阶段名称 + + + + Stage kind + 阶段种类 + + + + Stage object + 阶段对象 + + + + This flow is completed. + 此流程已完成。 + + + + Plan history + 规划历史记录 + + + + Current plan context + 当前计划上下文 + + + + Session ID + 会话 ID + + + + Powered by authentik + 由 authentik 强力驱动 + + + + Background image + 背景图片 + + + + Error creating credential: + 创建凭据时出错: + + + + + Server validation of credential failed: + 服务器验证凭据失败: + + + + + Register device + 注册设备 + + + + Refer to documentation + 查阅文档 + + + No Applications available. + 没有可用的应用程序。 + + + + Either no applications are defined, or you don’t have access to any. + 没有定义应用程序,或者您无权访问任何应用程序。 + + + My Applications + 我的应用 + + + + My applications + 我的应用 + + + + Change your password + 更改您的密码 + + + + Change password + 更改密码 + + + + + + + + + + + Save + 保存 + + + + Delete account + 删除账户 + + + + Successfully updated details + 已成功更新详情 + + + + Open settings + 打开设置 + + + + No settings flow configured. + 未配置设置流程 + + + + Update details + 更新详情 + + + + Successfully disconnected source + 解绑成功 + + + + Failed to disconnected source: + 解绑失败: + + + + + Disconnect + 断开连接 + + + + Connect + 连接 + + + + Error: unsupported source settings: + 错误:不支持的源设置: + + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + 将您的用户账户连接到下面列出的服务,以允许您使用该服务而不是传统凭据登录。 + + + + No services available. + 没有可用的服务。 + + + + Create App password + 创建应用密码 + + + + User details + 用户详情 + + + + Consent + 同意授权 + + + + MFA Devices + MFA 设备 + + + + Connected services + 已连接服务 + + + + Tokens and App passwords + 令牌和应用程序密码 + + + + Unread notifications + 未读通知 + + + + Admin interface + 管理员界面 + + + + Stop impersonation + 停止模拟身份 + + + + Avatar image + 头像图片 + + + + Failed + 已失败 + + + + Unsynced / N/A + 未同步 / N/A + + + + Outdated outposts + 过时的前哨 + + + + Unhealthy outposts + 不健康的前哨 + + + + Next + 下一步 + + + + Inactive + 未激活 + + + + Regular user + 普通用户 + + + + Activate + 激活 + + + + Use Server URI for SNI verification + SNI 验证时使用服务器 URI + + + Required for servers using TLS 1.3+ + 使用 TLS 1.3+ 的服务器必需 + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + 基于 LDAP 服务端证书进行身份验证的客户端证书密钥对。 The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate + 为上方配置 Base DN 提供的证书。作为回退,提供程序使用一个自签名证书。 TLS Server name + TLS 服务器名称 - - UID start number + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + 上方配置证书应该使用的 DNS 名称。无法基于 Base DN 检测证书,因为 SSL/TLS 协商发生在此类数据交换之前。 - - GID start number + + TLS Client authentication certificate + TLS 客户端身份验证证书 - - Successfully updated provider. + + Model + 模型 - - Successfully created provider. + + Match events created by selected model. When left empty, all models are matched. + 匹配选定模型创建的事件。如果留空,则匹配所有模型。 - - (Format: hours=-1;minutes=-2;seconds=-3). + + Code-based MFA Support + 基于代码的 MFA 支持 - - (Format: hours=1;minutes=2;seconds=3). + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + 启用时,可以通过在密码后添加分号和 TOTP 代码来使用基于代码的多因素身份验证。仅在所有绑定到此提供程序的用户都已配置 TOTP 设备的情况下才应该启用,否则密码可能会因为包含分号而被错误地拒绝。 - - The following keywords are supported: + + User type + 用户类型 - - Confidential + + Successfully updated license. + 已成功更新许可证。 - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + Successfully created license. + 已成功创建许可证。 - - Public + + Install ID + 安装 ID - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + License key + 许可证密钥 - - Based on the User's hashed ID + + Licenses + 许可证 - - Based on the User's ID + + License(s) + 许可证 - - Based on the User's UUID + + Enterprise is in preview. + 企业版目前处于预览状态。 - - Based on the User's username + + Cumulative license expiry + 累计许可证过期时间 - - Based on the User's Email + + Update License + 更新许可证 - - This is recommended over the UPN mode. + + Warning: The current user count has exceeded the configured licenses. + 警告:当前用户数超过了配置的许可证限制 - - Based on the User's UPN + + Click here for more info. + 点击这里了解更多。 - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + Enterprise + 企业版 - - Each provider has a different issuer, based on the application slug + + Manage enterprise licenses + 管理企业版许可证 - - Same identifier is used for all providers + + No licenses found. + 未找到许可证。 - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + + Send us feedback! + 给我们发送反馈! - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + + Get a license + 获取许可证 - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + Go to Customer Portal + 前往客户中心 - - Authentication flow + + Forecast internal users + 预测内部用户 - - Flow used when a user access this provider and is not authenticated. + + Estimated user count one year from now based on current internal users and forecasted internal users. + 根据当前 名内部用户和 名预测的内部用户,估算从此时起一年后的用户数。 - - Authorization flow + + Forecast external users + 预测外部用户 - - Flow used when authorizing this provider. + + Estimated user count one year from now based on current external users and forecasted external users. + 根据当前 名外部用户和 名预测的外部用户,估算从此时起一年后的用户数。 - - Client type + + Install + 安装 - - Client ID + + Install License + 安装许可证 - - Client Secret + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + 内部用户可能是企业员工等,有权访问完整的企业版功能。 - - Redirect URIs/Origins (RegEx) + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + 外部用户可能是外部顾问或 B2C 客户等。这些用户无权访问企业版功能。 - - Signing Key + + Service accounts should be used for machine-to-machine authentication or other automations. + 服务账户应该用于机器到机器(M2M)身份验证或其他自动化操作。 - - Key used to sign the tokens. + + Less details + 显示更少 - - Advanced protocol settings + + More details + 显示更多 - - Access code validity + + Remove item + 删除项目 - - Configure how long access codes are valid for. + + Open API drawer + 打开 API 抽屉 - - Access Token validity + + Open Notification drawer + 打开通知抽屉 - - Configure how long access tokens are valid for. + + Restart task + 重新开始任务 - - Refresh Token validity + + Add provider + 添加提供程序 - - Configure how long refresh tokens are valid for. + + Open + 打开 - - Scopes + + Copy token + 复制令牌 - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. + + Add users + 添加用户 - - Hold control/command to select multiple items. + + Add group + 添加组 - - Subject mode + + Import devices + 导入设备 - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + + Execute + 执行 - - Include claims in id_token + + Show details + 显示详情 - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + + Apply + 应用 - - Issuer mode + + Settings + 设置 - - Configure how the issuer field of the ID Token should be filled. + + Sign out + 登出 - - Machine-to-Machine authentication settings + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. + 使用此阶段时生成的令牌数量。每次阶段执行中生成的每个令牌都会被附加到单个静态设备上。 - - Trusted OIDC Sources + + Token length + 令牌长度 - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + The length of the individual generated tokens. Can be increased to improve security. + 每个生成令牌的长度。可以增加以增强安全性。 - - Configure OAuth2/OpenId Provider + + Internal: + 内部: - - HTTP-Basic Username Key + + External: + 外部: - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + 静态拒绝流。要有效地使用此阶段,请在相应的绑定上禁用*规划时进行评估*。 - - HTTP-Basic Password Key + + Create and bind Policy + 创建与绑定策略 - - User/Group Attribute used for the password part of the HTTP-Basic Header. + + Federation and Social login + 联结与社交登录 - - Configure Proxy Provider + + Create and bind Stage + 创建与绑定阶段 - - Token validity + + Flows and Stages + 流程与阶段 - - Configure how long tokens are valid for. + + New version available + 新版本可用 - - AdditionalScopes + + Failure result + 失败结果 - - Additional scope mappings, which are passed to the proxy. + + Pass + 通过 - - Unauthenticated URLs + + Don't pass + 不通过 - - Unauthenticated Paths + + Result used when policy execution fails. + 策略执行失败时的结果。 - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + + Required: User verification must occur. + 必需:必须进行用户验证。 - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + + Preferred: User verification is preferred if available, but not required. + 首选:尽可能进行用户验证,但不是必须。 - - Authentication settings + + Discouraged: User verification should not occur. + 避免:不应该进行用户验证。 - - Intercept header authentication + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur + 必需:身份验证器必须创建专用凭据。如果不能,RP 预期会发生错误 - - When enabled, authentik will intercept the Authorization header to authenticate the request. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too + 首选:身份验证器可以创建和存储专用凭据,但不创建也可以 - - Send HTTP-Basic Authentication + + Discouraged: The authenticator should not create a dedicated credential + 避免:身份验证器不应该创建专用凭据 - - Send a custom HTTP-Basic Authentication header based on values from authentik. + + Lock the user out of this system + 在此系统中锁定用户 - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + + Allow the user to log in and use this system + 允许用户登录并使用此系统 - - An example setup can look like this: + + Temporarily assume the identity of this user + 临时假定此用户的身份 - - authentik running on auth.example.com + + Enter a new password for this user + 为此用户输入新密码 - - app1 running on app1.example.com + + Create a link for this user to reset their password + 为此用户创建一个重置密码链接 - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + + WebAuthn requires this page to be accessed via HTTPS. + WebAuthn 需要此页面通过 HTTPS 访问。 - - External host + + WebAuthn not supported by browser. + 浏览器不支持 WebAuthn。 - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + 与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用此提供程序。每个应用程序/域名都需要自己的提供程序。此外,在每个域名上,/outpost.goauthentik.io 必须路由到前哨(在使用托管的 Outpost 时,这已经为您处理好了)。 - - Cookie domain + + Default relay state + 默认中继状态 - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + + When using IDP-initiated logins, the relay state will be set to this value. + 当使用 IDP 发起的登录时,中继状态会被设置为此值。 - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + + Flow Info + 流程信息 - - The external URL you'll access the application at. Include any non-standard port. + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). + 用来配置 WebAuthn 身份验证器(即 Yubikey、FaceID/Windows Hello)的阶段。 - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. +<<<<<<< HEAD + + Internal application name used in URLs. + 在 URL 中使用的应用内部名称。 + + + Submit + 提交 + + + UI Settings + 用户界面设置 + + + Transparent Reverse Proxy + 透明反向代理 + + + For transparent reverse proxies with required authentication + 适用于需要验证身份的透明反向代理 + + + Configure SAML provider manually + 手动配置 SAML 提供程序 + + + Configure RADIUS provider manually + 手动配置 RADIUS 提供程序 + + + Configure SCIM provider manually + 手动配置 SCIM 提供程序 + + + Saving Application... + 正在保存应用程序… + + + Authentik was unable to save this application: + Authentik 无法保存此应用程序: + + + Your application has been saved + 您的应用程序已保存 + + + Method's display Name. + 方法的显示名称。 Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + 此提供程序需要与 nginx 的 auth_request 或 traefik 的 forwardAuth + 一起使用。每个应用/域名需要独立的提供程序。 + 此外,在每个域名上,/outpost.goauthentik.io 必须被路由到 + 前哨(如果使用托管前哨,则已自动帮您完成)。 - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application + + Custom attributes + 自定义属性 Don't show this message again. + 不要再显示此消息。 - - One hint, 'New Application Wizard', is currently hidden + + Failed to fetch + 拉取失败 - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application + + Failed to fetch data. + 拉取数据失败。 Successfully assigned permission. + 已成功分配权限。 Role + 角色 Assign + 分配 Assign permission to role + 为角色分配权限 Assign to new role - - - Permission(s) - - - Permission + 分配到新角色 Directly assigned + 直接分配 Assign permission to user + 为用户分配权限 Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! + 分配到新用户 User Object Permissions + 用户对象权限 Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - - - Open - - - Successfully sent test-request. - - - Log messages - - - No log messages. - - - Active - - - Last login - - - Select users to add - - - Successfully updated group. - - - Successfully created group. - - - Is superuser - - - Users added to this group will be superusers. - - - Parent + 角色对象权限 Roles + 角色 Select roles to grant this groups' users' permissions from the selected roles. - - - Attributes - - - Set custom attributes using YAML or JSON. - - - Successfully updated binding. - - - Successfully created binding. - - - Policy - - - Group mappings can only be checked if a user is already logged in when trying to access this source. - - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout - - - Failure result - - - Pass - - - Don't pass - - - Result used when policy execution fails. - - - Successfully updated policy. - - - Successfully created policy. - - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. - - - Execution logging - - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. - - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. + 选择角色,为该组内用户授予所选角色的权限。 Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token + 更新权限 Editing is disabled for managed tokens + 托管令牌的编辑已被禁用 - - Copy token + + Select permissions to grant + 选择权限以授予 + + + Permissions to add + 要添加的权限 + + + Select permissions + 选择权限 + + + Assign permission + 分配权限 + + + Permission(s) + 权限 + + + Permission + 权限 + + + User doesn't have view permission so description cannot be retrieved. + 用户不具有查看权限,所以无法获取描述。 + + + Assigned permissions + 分配的权限 + + + Assigned global permissions + 分配的全局权限 + + + Assigned object permissions + 分配的对象权限 + + + Successfully updated role. + 已成功更新角色。 + + + Successfully created role. + 已成功创建角色。 + + + Manage roles which grant permissions to objects within authentik. + 管理向 authentik 中的对象授予权限的角色。 + + + Role(s) + 角色 + + + Update Role + 更新角色 + + + Create Role + 创建角色 + + + Role doesn't have view permission so description cannot be retrieved. + 角色不具有查看权限,所以无法获取描述。 + + + Role + 角色 + + + Role Info + 角色信息 + + + Pseudolocale (for testing) + 伪区域(测试用) + + + Create With Wizard + 通过向导创建 + + + One hint, 'New Application Wizard', is currently hidden + “新应用程序向导”提示目前已隐藏 + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + 通过 OAuth2 和 SAML 等协议,使用 authentik 作为身份提供程序的外部应用程序。此处显示了所有应用程序,即使您无法访问的也包括在内。 + + + Deny message + 拒绝消息 + + + Message shown when this stage is run. + 此阶段运行时显示的消息。 + + + Open Wizard + 打开向导 + + + Demo Wizard + 演示向导 + + + Run the demo wizard + 运行演示向导 + + + OAuth2/OIDC (Open Authorization/OpenID Connect) + OAuth2/OIDC(Open Authorization/OpenID Connect) + + + LDAP (Lightweight Directory Access Protocol) + LDAP(轻型目录访问协议) + + + Forward Auth (Single Application) + Forward Auth(单应用) + + + Forward Auth (Domain Level) + Forward Auth(域名级) + + + SAML (Security Assertion Markup Language) + SAML(安全断言标记语言) + + + RADIUS (Remote Authentication Dial-In User Service) + RADIUS(远程身份验证拨入用户服务) + + + SCIM (System for Cross-domain Identity Management) + SCIM(跨域标识管理系统) + + + The token has been copied to your clipboard + 令牌已被复制到剪贴板 + + + The token was displayed because authentik does not have permission to write to the clipboard + 令牌已被显示,因为 authentik 缺少写入剪贴板的权限 + + + A copy of this recovery link has been placed in your clipboard + 一份恢复链接拷贝已被写入剪贴板 + + + Create recovery link + 创建恢复链接 + + + Create Recovery Link + 创建恢复链接 + + + External + 外部 + + + Service account + 服务账户 + + + Service account (internal) + 服务账户(内部) + + + Check the release notes + 查看发行日志 + + + User Statistics + 用户统计 + + + <No name set> + <未设置名称> + + + For nginx's auth_request or traefik's forwardAuth + 适用于 nginx 的 auth_request 或 traefik 的 forwardAuth + + + For nginx's auth_request or traefik's forwardAuth per root domain + 适用于按根域名配置的 nginx 的 auth_request 或 traefik 的 forwardAuth + + + RBAC is in preview. + RBAC 目前处于预览状态。 + + + User type used for newly created users. + 新创建用户使用的用户类型。 + + + Users created + 已创建用户 + + + Failed logins + 失败登录 + + + Also known as Client ID. + 也称为客户端 ID。 + + + Also known as Client Secret. + 也称为客户端密钥。 + + + Global status + 全局状态 + + + Vendor + 供应商 + + + No sync status. + 无同步状态。 + + + Sync currently running. + 当前正在同步。 + + + Connectivity + 连接性 + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + 0:过于易猜测:密码有风险。(猜测次数 &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + 1:非常易猜测:可以防范受限的在线攻击。(猜测次数 &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + 2:有些易猜测:可以防范不受限的在线攻击。(猜测次数 &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + 3:难以猜测:适度防范离线慢速哈希场景。(猜测次数 &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + 4:非常难以猜测:高度防范离线慢速哈希场景。(猜测次数 &gt;= 10^10) + + + Successfully created user and added to group + 成功创建用户并添加到组 + + + This user will be added to the group "". + 此用户将会被添加到组 &quot;&quot;。 + + + Pretend user exists + 假作用户存在 + + + When enabled, the stage will always accept the given user identifier and continue. + 启用时,此阶段总是会接受指定的用户 ID 并继续。 + + + There was an error in the application. + 应用程序中存在一个错误。 + + + Review the application. + 检查此应用程序。 + + + There was an error in the provider. + 提供程序中存在一个错误。 + + + Review the provider. + 检查此提供程序。 + + + There was an error + 存在一个错误 + + + There was an error creating the application, but no error message was sent. Please review the server logs. + 创建应用程序时存在一个错误,但未发送错误消息。请检查服务器日志。 + + + Configure LDAP Provider + 配置 LDAP 提供程序 + + + Configure OAuth2/OpenId Provider + 配置 OAuth2/OpenID 提供程序 + + + Configure Proxy Provider + 配置代理提供程序 + + + AdditionalScopes + 额外的作用域 + + + Configure Radius Provider + 配置 Radius 提供程序 + + + Configure SAML Provider + 配置 SAML 提供程序 + + + Property mappings used for user mapping. + 用于用户映射的属性映射。 + + + Configure SCIM Provider + 配置 SCIM 提供程序 + + + Property mappings used for group creation. + 用于创建组的属性映射。 + + + Event volume + 事件容量 + + + Require Outpost (flow can only be executed from an outpost). + 需要前哨(流程只能从前哨执行)。 + + + Connection settings. + 连接设置。 + + + Successfully updated endpoint. + 已成功更新端点。 + + + Successfully created endpoint. + 已成功创建端点。 + + + Protocol + 协议 + + + RDP + RDP + + + SSH + SSH + + + VNC + VNC + + + Host + 主机 + + + Hostname/IP to connect to. + 要连接的主机名/IP。 + + + Endpoint(s) + 端点 + + + Update Endpoint + 更新端点 + + + These bindings control which users will have access to this endpoint. Users must also have access to the application. + 这些绑定控制哪些用户能够访问此端点。用户必须也能访问此应用程序。 + + + Create Endpoint + 创建端点 + + + RAC is in preview. + RAC 目前处于预览状态。 + + + Update RAC Provider + 更新 RAC 提供程序 + + + Endpoints + 端点 + + + General settings + 常规设置 + + + RDP settings + RDP 设置 + + + Ignore server certificate + 忽略服务器证书 + + + Enable wallpaper + 启用壁纸 + + + Enable font-smoothing + 启用字体平滑 + + + Enable full window dragging + 启用完整窗口拖拽 + + + Network binding + 网络绑定 + + + No binding + 无绑定 + + + Bind ASN + 绑定 ASN + + + Bind ASN and Network + 绑定 ASN 和网络 + + + Bind ASN, Network and IP + 绑定 ASN、网络和 IP + + + Configure if sessions created by this stage should be bound to the Networks they were created in. + 配置由此阶段创建的会话是否应该绑定到创建它们的网络。 + + + GeoIP binding + GeoIP 绑定 + + + Bind Continent + 绑定大陆 + + + Bind Continent and Country + 绑定大陆和国家 + + + Bind Continent, Country and City + 绑定大陆、国家和城市 + + + Configure if sessions created by this stage should be bound to their GeoIP-based location + 配置由此阶段创建的会话是否应该绑定到基于 GeoIP 的位置。 + + + RAC + RAC + + + Connection failed after attempts. + 连接在 次尝试后失败。 + + + Re-connecting in second(s). + 将在 秒后重新连接。 + + + Connecting... + 正在连接… + + + Select endpoint to connect to + 选择要连接到的端点 + + + Connection expiry + 连接过期 + + + Determines how long a session lasts before being disconnected and requiring re-authorization. + 设置会话在被断开连接并需要重新授权之前持续的时间。 + + + Brand Successfully updated brand. @@ -2521,93 +8154,15 @@ doesn't pass when either or both of the selected options are equal or above the Successfully created brand. - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - Use this brand for each domain that doesn't have a dedicated brand. - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. Brands - - Configure visual settings and defaults for different domains. - - - Default? - Brand(s) @@ -2617,1855 +8172,12 @@ doesn't pass when either or both of the selected options are equal or above the Create Brand - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - The current brand must have a recovery flow configured to use a recovery link - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info - - - Lock the user out of this system - - - Allow the user to log in and use this system - - - Temporarily assume the identity of this user - - - Enter a new password for this user - - - Create a link for this user to reset their password - - - Create Recovery Link - - - Actions over the last week (per 8 hours) - - - Edit the notes attribute of this user to add notes here. - - - Sessions - - - User events - - - Explicit Consent - - - OAuth Refresh Tokens - - - MFA Authenticators - - - Assigned permissions - - - Assigned global permissions - - - Assigned object permissions - - - Successfully updated role. - - - Successfully created role. - - - Manage roles which grant permissions to objects within authentik. - - - Role(s) - - - Update Role - - - Create Role - - - Role doesn't have view permission so description cannot be retrieved. - - - Role - - - Role Info - - - Successfully updated invitation. - - - Successfully created invitation. - - - Flow - - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - - Deny message - - - Message shown when this stage is run. - - - Dummy stage used for testing. Shows a simple continue button and always passes. - - - Throw error? - - - SMTP Host - - - SMTP Port - - - SMTP Username - - - SMTP Password - - - Use TLS - - - Use SSL - - - From address - - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. - - - Activate pending user on success - - - When a user returns from the email successfully, their account will be activated. - - - Use global settings - - - When enabled, global Email connection settings will be used and connection settings below will be ignored. - - - Token expiry - - - Time in minutes the token sent is valid. - - - Template - - - Let the user identify themselves with their username or Email address. - - - User fields - - - UPN - - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. - - - Password stage - - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. - - - Case insensitive matching - - - When enabled, user fields are matched regardless of their casing. - - - Pretend user exists - - - When enabled, the stage will always accept the given user identifier and continue. - - - Show matched user - - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. - - - Source settings - - - Sources - - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. - - - Show sources' labels - - - By default, only icons are shown for sources. Enable this to show their full names. - - - Passwordless flow - - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. - - - Optional enrollment flow, which is linked at the bottom of the page. - - - Optional recovery flow, which is linked at the bottom of the page. - - - This stage can be included in enrollment flows to accept invitations. - - - Continue flow without invitation - - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. - - - Validate the user's password against the selected backend(s). - - - Backends - - - User database + standard password - - - User database + app passwords - - - User database + LDAP password - - - Selection of backends to test the password against. - - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. - - - Failed attempts before cancel - - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. - - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. - - - Fields - - - ("", of type ) - - - Validation Policies - - - Selected policies are executed when the stage is submitted to validate the data. - - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. - - - Log the currently pending user in. - - - Session duration - - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. - - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. - - - See here. - - - Stay signed in offset - - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. - - - Network binding - - - No binding - - - Bind ASN - - - Bind ASN and Network - - - Bind ASN, Network and IP - - - Configure if sessions created by this stage should be bound to the Networks they were created in. - - - GeoIP binding - - - Bind Continent - - - Bind Continent and Country - - - Bind Continent, Country and City - - - Configure if sessions created by this stage should be bound to their GeoIP-based location - - - Terminate other sessions - - - When enabled, all previous sessions of the user will be terminated. - - - Remove the user from the current session. - - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. - - - Never create users - - - When no user is present in the flow context, the stage will fail. - - - Create users when required - - - When no user is present in the the flow context, a new user is created. - - - Always create new users - - - Create a new user even if a user is in the flow context. - - - Create users as inactive - - - Mark newly created users as inactive. - - - User path template - - - User type used for newly created users. - - - Path new users will be created under. If left blank, the default path will be used. - - - Newly created users are added to this group, if a group is selected. - - - New stage - - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair - Successfully updated settings. @@ -4528,18 +8240,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +8261,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/zh-Hant.xlf b/web/xliff/zh-Hant.xlf index d92acd4f9..8ed4da7a0 100644 --- a/web/xliff/zh-Hant.xlf +++ b/web/xliff/zh-Hant.xlf @@ -1,9 +1,5540 @@ - + - - - - Admin + + + + English + 英语 + + + French + 法语 + + + Turkish + 土耳其语 + + + Spanish + 西班牙的 + + + Polish + 波兰语 + + + Taiwanese Mandarin + Taiwanese Mandarin + + + Chinese (simplified) + 简体中文 + + + Chinese (traditional) + 繁体中文 + + + German + 德语 + + + Loading... + 载入中…… + + + Application + 应用程序 + + + Logins + 登入 + + + Show less + 显示更少 + + + Show more + 显示更多 + + + UID + UID + + + Name + 姓名 + + + App + App + + + Model Name + 型号名称 + + + Message + 信息 + + + Subject + Subject + + + From + 来自 + + + To + To + + + Context + 上下文 + + + User + 用户 + + + Affected model: + 受影响的模型: + + + Authorized application: + 授权应用程序: + + + Using flow + 使用 Flow + + + Email info: + 电子邮件信息: + + + Secret: + Secret: + + + Open issue on GitHub... + 在 GitHub 上打开问题... + + + Exception + 例外 + + + Expression + 表情 + + + Binding + 绑定 + + + Request + 请求 + + + Object + 对象 + + + Result + 结果 + + + Passing + 通过 + + + Messages + 信息 + + + Using source + 使用源 + + + Attempted to log in as + 已尝试以 + 身份登入 + + + No additional data available. + 没有其他可用数据。 + + + Click to change value + 单击以更改值 + + + Select an object. + 选择一个对象。 + + + Loading options... + + + Connection error, reconnecting... + 连接错误,正在重新连接... + + + Login + 登入 + + + Failed login + 登入失败 + + + Logout + 退出 + + + User was written to + 用户被写入 + + + Suspicious request + 可疑请求 + + + Password set + 密码已设置 + + + Secret was viewed + 已查看 Secret + + + Secret was rotated + 秘密被轮换了 + + + Invitation used + 已使用邀请 + + + Application authorized + 应用程序已授权 + + + Source linked + 源链接 + + + Impersonation started + 模拟已开始 + + + Impersonation ended + 模拟已结束 + + + Flow execution + 流程执行 + + + Policy execution + 策略执行 + + + Policy exception + 策略例外 + + + Property Mapping exception + 属性映射异常 + + + System task execution + 系统任务执行 + + + System task exception + 系统任务异常 + + + General system exception + 一般系统异常 + + + Configuration error + 配置错误 + + + Model created + 模型已创建 + + + Model updated + 模型已更新 + + + Model deleted + 模型已删除 + + + Email sent + 电子邮件已发送 + + + Update available + 更新可用 + + + Unknown severity + + + Alert + 注意 + + + Notice + 注意 + + + Warning + 警告 + + + no tabs defined + 未定义选项卡 + + + - of + + - + of + + + + Go to previous page + 转到上一页 + + + Go to next page + 转到下一页 + + + Search... + 搜索... + + + Loading + 正在加载 + + + No objects found. + 未找到任何对象。 + + + Failed to fetch objects. + + + Refresh + 刷新 + + + Select all rows + 选择所有行 + + + Action + 操作 + + + Creation Date + 创建日期 + + + Client IP + 客户端 IP + + + Recent events + + + On behalf of + 代表 + + + + - + - + + + No Events found. + 未找到任何事件。 + + + No matching events could be found. + 找不到匹配的事件。 + + + Embedded outpost is not configured correctly. + 嵌入式 outpost 配置不正确。 + + + Check outposts. + 检查 outposts. + + + HTTPS is not detected correctly + 未正确检测到 HTTPS + + + Server and client are further than 5 seconds apart. + 服务器和客户端之间的距离超过5秒。 + + + OK + OK + + + Everything is ok. + 一切正常。 + + + System status + 系统状态 + + + Based on + + + is available! + + 可用! + + + Up-to-date! + 最新! + + + Version + 版本 + + + Workers + Workers + + + No workers connected. Background tasks will not run. + 没有 workers 连接。后台任务将无法运行。 + + + hour(s) ago + + + day(s) ago + + + Authorizations + 授权 + + + Failed Logins + 登入失败 + + + Successful Logins + 成功登入 + + + : + + : + + + + Cancel + 取消 + + + LDAP Source + LDAP 源 + + + SCIM Provider + + + Healthy + + + Healthy outposts + 健康的 Outposts + + + Admin + 管理员 + + + Not found + 未找到 + + + The URL "" was not found. + 找不到网址 “ + ”。 + + + Return home + 返回主页 + + + General system status + 常规系统状态 + + + Welcome, . + 欢迎, + + + + Quick actions + 快速行动 + + + Create a new application + 创建新应用程序 + + + Check the logs + 检查日志 + + + Explore integrations + 探索集成 + + + Manage users + + + Outpost status + Outpost 状态 + + + Sync status + 同步状态 + + + Logins and authorizations over the last week (per 8 hours) + + + Apps with most usage + 使用率最高的应用 + + + days ago + + 天前 + + + Objects created + 已创建对象 + + + Users created per day in the last month + 上个月每天创建的用户 + + + Logins per day in the last month + 上个月每天的登入次数 + + + Failed Logins per day in the last month + 上个月每天的失败登入次数 + + + Clear search + + + System Tasks + 系统任务 + + + Long-running operations which authentik executes in the background. + authentik 在后台执行的长时间运行的操作。 + + + Identifier + 标识符 + + + Description + 描述 + + + Last run + 上次运行 + + + Status + 状态 + + + Actions + 操作 + + + Successful + 成功 + + + Error + 错误 + + + Unknown + 未知 + + + Duration + + + seconds + + + Authentication + 身份验证 + + + Authorization + 授权 + + + Enrollment + 注册 + + + Invalidation + 失效 + + + Recovery + 恢复 + + + Stage Configuration + 阶段配置 + + + Unenrollment + 取消注册 + + + Unknown designation + + + Stacked + + + Content left + + + Content right + + + Sidebar left + + + Sidebar right + + + Unknown layout + + + Successfully updated provider. + 已成功更新提供程序。 + + + Successfully created provider. + 已成功创建提供商。 + + + Bind flow + Bind 流程 + + + Flow used for users to authenticate. + + + Search group + 搜索组 + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + 所选组中的用户可以执行搜索查询。如果未选择任何组,则不允许 LDAP 搜索。 + + + Bind mode + + + Cached binding + + + Flow is executed and session is cached in memory. Flow is executed when session expires + + + Direct binding + + + Always execute the configured bind flow to authenticate the user + + + Configure how the outpost authenticates requests. + + + Search mode + 搜索模式 + + + Cached querying + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + + + Direct querying + + + Always returns the latest data, but slower than cached querying + + + Configure how the outpost queries the core authentik server's users. + 配置前哨如何查询核心 authentik 服务器的用户。 + + + Protocol settings + 协议设置 + + + Base DN + Base DN + + + LDAP DN under which bind requests and search requests can be made. + 可以发出绑定请求和搜索请求的 LDAP DN。 + + + Certificate + 证书 + + + UID start number + UID 起始编号 + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + 对于UIDNumbers来说,这个数字被添加到User.pk中,以确保对于POSIX用户来说,这个数字不会太低。默认值为 2000,以确保我们不会与本地用户 uidNumber 发生冲突 + + + GID start number + GID 起始编号 + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + 对于 GIDNumbers 来说,这个数字被添加到从 group.pk 生成的数字中,以确保对于 POSIX 组来说,这个数字不会太低。默认值为 4000,以确保我们不会与本地组或用户主组 GIDNumber 发生冲突 + + + (Format: hours=-1;minutes=-2;seconds=-3). + (格式: hours=-1;minutes=-2;seconds=-3). + + + (Format: hours=1;minutes=2;seconds=3). + (格式: hours=1;minutes=2;seconds=3). + + + The following keywords are supported: + + + Authentication flow + 身份验证流程 + + + Flow used when a user access this provider and is not authenticated. + + + Authorization flow + 授权流程 + + + Flow used when authorizing this provider. + 授权此请求发起端时使用的Flow。 + + + Client type + 客户机类型 + + + Confidential + 机密 + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + + + Public + 公开 + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + + + Client ID + 客户端 ID + + + Client Secret + 客户端密钥 + + + Redirect URIs/Origins (RegEx) + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + 授权流成功后有效的重定向 URL。还可以在此处为隐式流指定任何来源。 + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + 如果未指定显式重定向 URI,则将保存第一个成功使用的重定向 URI。 + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + + + Signing Key + 签名密钥 + + + Key used to sign the tokens. + 用于对令牌进行签名的密钥。 + + + Advanced protocol settings + 高级协议设置 + + + Access code validity + 访问代码有效性 + + + Configure how long access codes are valid for. + 配置访问代码的有效期限。 + + + Access Token validity + + + Configure how long access tokens are valid for. + 配置访问令牌的有效时间。 + + + Refresh Token validity + + + Configure how long refresh tokens are valid for. + + + Scopes + 范围 + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + 选择客户端可以使用哪些作用域。客户端仍然需要指定访问数据的范围。 + + + Hold control/command to select multiple items. + 按住 ctrl/command 键可选择多个项目。 + + + Subject mode + Subject 模式 + + + Based on the User's hashed ID + + + Based on the User's ID + + + Based on the User's UUID + + + Based on the User's username + + + Based on the User's Email + + + This is recommended over the UPN mode. + + + Based on the User's UPN + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + 配置应将哪些数据用作唯一用户标识符。在大多数情况下,默认值应该没问题。 + + + Include claims in id_token + 在 id_token 中包含声明 + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + 对于不访问userinfo端点的应用程序,将来自作用域的用户声明包含在id_token中。 + + + Issuer mode + Issuer mode + + + Each provider has a different issuer, based on the application slug + + + Same identifier is used for all providers + 所有提供商都使用相同的标识符 + + + Configure how the issuer field of the ID Token should be filled. + 配置如何填写 ID 令牌的颁发者字段。 + + + Machine-to-Machine authentication settings + + + Trusted OIDC Sources + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + + + HTTP-Basic Username Key + HTTP-Basic 用户名密钥 + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + 用于 HTTP-Basic 标头用户部分的用户/组属性。如果未设置,则使用用户的电子邮件地址。 + + + HTTP-Basic Password Key + HTTP-Basic 密码密钥 + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + 用于 HTTP-Basic 标头的密码部分的用户/组属性。 + + + Proxy + 代理 + + + Forward auth (single application) + 转发身份验证(单个应用程序) + + + Forward auth (domain level) + 转发身份验证(域级别) + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + 除了请求必须经过身份验证外,此提供程序的行为类似于透明的反向代理。如果您的上游应用程序使用 HTTPS,请确保也使用 HTTPS 连接到 Outpost。 + + + External host + 外部主机 + + + The external URL you'll access the application at. Include any non-standard port. + 您将通过其访问应用程序的外部 URL。包括任何非标准端口。 + + + Internal host + 内部主机 + + + Upstream host that the requests are forwarded to. + 请求被转发到的上游主机。 + + + Internal host SSL Validation + 内部主机 SSL 验证 + + + Validate SSL Certificates of upstream servers. + 验证上游服务器的 SSL 证书。 + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + 将此提供程序与 nginx 的 auth_request 或 traefik 的 ForwardAuth 一起使用。每个根域只需要一个提供程序。您无法执行每个应用程序的授权,但不必为每个应用程序创建提供程序。 + + + An example setup can look like this: + 设置示例如下所示: + + + authentik running on auth.example.com + auth.example.com 上运行的 authentik + + + app1 running on app1.example.com + app1 在 app1.example.com 上运行 + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + 在这种情况下,您需要将身份验证网址设置为 auth.example.com,将 Cookie 域设置为 example.com。 + + + Authentication URL + 身份验证 URL + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + 您将在其中进行身份验证的外部 URL。在此 URL 下应该可以访问身份验证核心服务器。 + + + Cookie domain + Cookie 域名 + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + 将此设置为您希望身份验证有效的域。必须是上述 URL 的父域名。如果你以 app1.domain.tld、app2.domain.tld 的身份运行应用程序,请将其设置为 “domain.tld”。 + + + Unknown proxy mode + + + Token validity + 令牌有效性 + + + Configure how long tokens are valid for. + 配置令牌的有效期限。 + + + Additional scopes + + + Additional scope mappings, which are passed to the proxy. + 传递给代理的其他作用域映射。 + + + Unauthenticated URLs + 未经身份验证的 URL + + + Unauthenticated Paths + 未经身份验证的路径 + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + 不需要身份验证的正则表达式。每个新行都被解释为一个新表达式。 + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + 使用代理或转发身份验证(单个应用程序)模式时,将根据正则表达式检查请求的 URL 路径。使用前向身份验证(域模式)时,请求的完整 URL(包括 scheme 和 host)将与正则表达式进行匹配。 + + + Authentication settings + + + Intercept header authentication + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + + + Send HTTP-Basic Authentication + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + + + ACS URL + ACS URL + + + Issuer + Issuer + + + Also known as EntityID. + + + Service Provider Binding + 服务提供商绑定 + + + Redirect + 重定向 + + + Post + Post + + + Determines how authentik sends the response back to the Service Provider. + 确定 authentik 如何将响应发送回服务提供商。 + + + Audience + Audience + + + Signing Certificate + 签名证书 + + + Certificate used to sign outgoing Responses going to the Service Provider. + 用于签署发送给服务提供商的外发响应的证书。 + + + Verification Certificate + 验证证书 + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + 选中后,传入声明的签名将根据此证书进行验证。要允许未签名的请求,请保留默认值。 + + + Property mappings + 属性映射 + + + NameID Property Mapping + nameID 属性映射 + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + 配置如何创建 NameID 值。如果留空,将遵守传入请求的 NameIdPolicy。 + + + Assertion valid not before + 断言之前无效 + + + Configure the maximum allowed time drift for an assertion. + 为断言配置允许的最大时间漂移。 + + + Assertion valid not on or after + 断言不在当天或之后有效 + + + Assertion not valid on or after current time + this value. + + + Session valid not on or after + 会话不在当天或之后有效 + + + Session not valid on or after current time + this value. + + + Digest algorithm + 摘要算法 + + + Signature algorithm + 签名算法 + + + Successfully imported provider. + 已成功导入提供程序。 + + + Metadata + 元数据 + + + Apply changes + + + Close + 关闭 + + + Finish + 完成 + + + Back + 返回 + + + No form found + 找不到表格 + + + Form didn't return a promise for submitting + 表单未返回提交承诺 + + + Select type + 选择类型 + + + Try the new application wizard + + + The new application wizard greatly simplifies the steps required to create applications and providers. + + + Try it now + + + Create + 创建 + + + New provider + 新建提供程序 + + + Create a new provider. + 创建一个新提供程序 + + + Create + 创建 + + + + Shared secret + + + Client Networks + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + + + URL + + + SCIM base url, usually ends in /v2. + + + Token + 令牌 + + + Token to authenticate with. Currently only bearer authentication is supported. + + + User filtering + + + Exclude service accounts + + + Group + + + + Only sync users within the selected group. + + + Attribute mapping + + + User Property Mappings + 用户属性映射 + + + Property mappings used to user mapping. + + + Group Property Mappings + 组属性映射 + + + Property mappings used to group creation. + 用于组创建的属性映射。 + + + Not used by any other object. + 不被任何其他对象使用。 + + + object will be DELETED + 对象将被删除 + + + connection will be deleted + 连接将被删除 + + + reference will be reset to default value + 引用将被重置为默认值 + + + reference will be set to an empty value + 引用将被设置为空值 + + + () + + ( + ) + + + ID + ID + + + Successfully deleted + + + Failed to delete : + 无法删除 + : + + + + Delete + 删除 + + + + Are you sure you want to delete ? + + + Delete + 删除 + + + Providers + 提供商 + + + Provide support for protocols like SAML and OAuth to assigned applications. + 为分配的应用程序提供对 SAML 和 OAuth 等协议的支持。 + + + Type + 类型 + + + Provider(s) + 提供商 + + + Assigned to application + 分配给应用程序 + + + Assigned to application (backchannel) + + + Warning: Provider not assigned to any application. + 警告:提供程序未分配给任何应用程序。 + + + Update + 更新 + + + Update + 更新 + + + + Select providers to add to application + + + Add + 添加 + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + 输入完整的网址、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 “fa-test”。 + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + + + Successfully updated application. + 已成功更新应用程序。 + + + Successfully created application. + 已成功创建应用程序。 + + + Application's display Name. + 应用的显示名称。 + + + Slug + Slug + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + 输入可选的分组名称。分组相同的应用程序会显示在一起。 + + + Provider + 提供商 + + + Select a provider that this application should use. + + + Select backchannel providers which augment the functionality of the main provider. + + + Policy engine mode + 策略引擎模式 + + + Any policy must match to grant access + + + All policies must match to grant access + + + UI settings + 用户界面设置 + + + Launch URL + 启动 URL + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + 如果留空,authentik 将尝试根据选定的提供商提取启动网址。 + + + Open in new tab + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + + + Icon + 图标 + + + Currently set to: + 当前设置为: + + + Clear icon + 清除图标 + + + Publisher + 发行人 + + + Create Application + 创建应用程序 + + + Overview + 概述 + + + Changelog + 更新日志 + + + Warning: Provider is not used by any Outpost. + 警告:提供者未被任何 Outpos 使用。 + + + Assigned to application + 分配给应用程序 + + + Update LDAP Provider + 更新 LDAP 提供程序 + + + Edit + 编辑 + + + How to connect + 如何连接 + + + Connect to the LDAP Server on port 389: + 通过端口 389 连接到 LDAP 服务器: + + + Check the IP of the Kubernetes service, or + 检查 Kubernetes 服务的 IP,或者 + + + The Host IP of the docker host + docker 主机的主机 IP + + + Bind DN + Bind DN + + + Bind Password + Bind 密码 + + + Search base + 搜索基础 + + + Preview + + + Warning: Provider is not used by an Application. + 警告:应用程序不使用提供程序。 + + + Redirect URIs + 重定向 URI + + + Update OAuth2 Provider + 更新 OAuth2 提供程序 + + + OpenID Configuration URL + OpenID 配置网址 + + + OpenID Configuration Issuer + OpenID 配置发行者 + + + Authorize URL + 授权 URL + + + Token URL + 令牌网址 + + + Userinfo URL + 用户信息网址 + + + Logout URL + 退出 URL + + + JWKS URL + + + Example JWT payload (for currently authenticated user) + + + Forward auth (domain-level) + 转发身份验证(域级) + + + Nginx (Ingress) + Nginx (Ingress) + + + Nginx (Proxy Manager) + Nginx(代理管理器) + + + Nginx (standalone) + Nginx (standalone) + + + Traefik (Ingress) + Traefik (Ingress) + + + Traefik (Compose) + Traefik (Compose) + + + Traefik (Standalone) + Traefik (Standalone) + + + Caddy (Standalone) + + + Internal Host + 内部主机 + + + External Host + 外部主机 + + + Basic-Auth + 基本身份验证 + + + Yes + Yes + + + Mode + 模式 + + + Update Proxy Provider + 更新代理提供程序 + + + Protocol Settings + 协议设置 + + + Allowed Redirect URIs + 允许的重定向 URI + + + Setup + 设置 + + + No additional setup is required. + 无需进行其他设置。 + + + Update Radius Provider + + + Download + 下載 + + + Copy download URL + 复制下载 URL + + + Download signing certificate + 下载签名证书 + + + Related objects + 相关对象 + + + Update SAML Provider + 更新 SAML 提供程序 + + + SAML Configuration + + + EntityID/Issuer + + + SSO URL (Post) + + + SSO URL (Redirect) + + + SSO URL (IdP-initiated Login) + + + SLO URL (Post) + + + SLO URL (Redirect) + + + SAML Metadata + SAML 元数据 + + + Example SAML attributes + + + NameID attribute + + + Warning: Provider is not assigned to an application as backchannel provider. + + + Update SCIM Provider + + + Run sync again + 再次运行同步 + + + Modern applications, APIs and Single-page applications. + + + LDAP + LDAP + + + Provide an LDAP interface for applications and users to authenticate against. + + + New application + + + Applications + 应用程序 + + + Provider Type + 提供商类型 + + + Application(s) + 应用程序 + + + Application Icon + 应用程序图标 + + + Update Application + 更新应用程序 + + + Successfully sent test-request. + 已成功发送测试请求。 + + + Log messages + 日志消息 + + + No log messages. + 没有日志消息。 + + + Active + 激活 + + + Last login + 上次登录 + + + Select users to add + 选择要添加的用户 + + + Successfully updated group. + 已成功更新组。 + + + Successfully created group. + 已成功创建组。 + + + Is superuser + 是超级用户 + + + Users added to this group will be superusers. + 添加到该组的用户均为超级用户。 + + + Parent + 家长 + + + Attributes + 属性 + + + Set custom attributes using YAML or JSON. + 使用 YAML 或 JSON 设置自定义属性。 + + + Successfully updated binding. + 已成功更新绑定。 + + + Successfully created binding. + 成功创建绑定。 + + + Policy + 策略 + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + 组绑定仅会在已登录用户访问此源时检查。 + + + User mappings can only be checked if a user is already logged in when trying to access this source. + 用户绑定仅会在已登录用户访问此源时检查。 + + + Enabled + 已启用 + + + Negate result + 否定结果 + + + Negates the outcome of the binding. Messages are unaffected. + 否定绑定的结果。消息不受影响。 + + + Order + 订购 + + + Timeout + 超时 + + + Successfully updated policy. + 已成功更新策略。 + + + Successfully created policy. + 已成功创建策略。 + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + 用于测试的策略。等待随机持续时间后,始终返回与下面指定的结果相同的结果。 + + + Execution logging + 执行日志记录 + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + 启用此选项后,将记录此策略的所有执行。默认情况下,只记录执行错误。 + + + Policy-specific settings + 特定于策略的设置 + + + Pass policy? + 通行证政策? + + + Wait (min) + 等待 (最短) + + + The policy takes a random time to execute. This controls the minimum time it will take. + 策略需要一段随机时间才能执行。这将控制所需的最短时间。 + + + Wait (max) + 等待 (最多) + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + 根据一组条件匹配事件。如果任何配置的值匹配,则策略将通过。 + + + Match created events with this action type. When left empty, all action types will be matched. + 将创建的事件与此操作类型匹配。留空时,所有操作类型都将匹配。 + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + 匹配事件的客户端 IP(严格匹配),对于网络匹配,请使用表达式策略。 + + + Match events created by selected application. When left empty, all applications are matched. + 匹配选定应用程序创建的事件。如果留空,则匹配所有应用程序。 + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + 检查过去 x 天内请求的用户密码是否已更改,并根据设置拒绝。 + + + Maximum age (in days) + 最长使用期限(以天为单位) + + + Only fail the policy, don't invalidate user's password + + + Executes the python snippet to determine whether to allow or deny a request. + 执行 python 代码段以确定是允许还是拒绝请求。 + + + Expression using Python. + 使用 Python 的表达式。 + + + See documentation for a list of all variables. + 有关所有变量的列表,请参阅文档。 + + + Static rules + + + Minimum length + 最小长度 + + + Minimum amount of Uppercase Characters + 大写字符的最小数量 + + + Minimum amount of Lowercase Characters + 小写字符的最小数量 + + + Minimum amount of Digits + 最低位数 + + + Minimum amount of Symbols Characters + 符号字符的最小数量 + + + Error message + 错误消息 + + + Symbol charset + 符号字符集 + + + Characters which are considered as symbols. + 被视为符号的字符。 + + + HaveIBeenPwned settings + + + Allowed count + 允许计数 + + + Allow up to N occurrences in the HIBP database. + HIBP 数据库中最多允许 N 次出现。 + + + zxcvbn settings + + + Score threshold + + + If the password's score is less than or equal this value, the policy will fail. + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + 根据多条规则检查策略请求中的值,这些规则主要用于确保密码强度。 + + + Password field + “密码” 字段 + + + Field key to check, field keys defined in Prompt stages are available. + 要检查的字段键,提示阶段中定义的字段键可用。 + + + Check static rules + + + Check haveibeenpwned.com + + + For more info see: + + + Check zxcvbn + + + Password strength estimator created by Dropbox, see: + + + Allows/denys requests based on the users and/or the IPs reputation. + 根据用户和/或 IP 信誉允许/拒绝请求。 + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + + + Check IP + 检查 IP + + + Check Username + 检查用户名 + + + Threshold + 阈值 + + + New policy + 新建策略 + + + Create a new policy. + 创建一个新策略。 + + + Create Binding + 创建绑定 + + + Superuser + 超级用户 + + + Members + 成员 + + + Select groups to add user to + 选择要向其添加用户的组 + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + + + Successfully updated user. + 已成功更新用户。 + + + Successfully created user. + 已成功创建用户。 + + + Username + 用户名 + + + User's primary identifier. 150 characters or fewer. + + + User's display name. + 用户的显示名称。 + + + Email + 电子邮箱 + + + Is active + 处于激活状态 + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + 指定是否应将此用户视为活动用户。取消选择此选项,而不是删除帐户。 + + + Path + + + Policy / User / Group + 策略/用户/组 + + + Policy + 策略 + + + + Group + 组 + + + + User + 用户 + + + + Edit Policy + 编辑策略 + + + Update Group + 更新组 + + + Edit Group + 编辑组 + + + Update User + 更新用户 + + + Edit User + 编辑用户 + + + Policy binding(s) + 策略绑定 + + + Update Binding + 更新绑定 + + + Edit Binding + 编辑绑定 + + + No Policies bound. + 没有策略约束。 + + + No policies are currently bound to this object. + 当前没有策略绑定到此对象。 + + + Bind existing policy + + + Warning: Application is not used by any Outpost. + 警告:应用程序未被任何 Outpost 使用。 + + + Related + 相关 + + + Backchannel Providers + + + Check access + 检查访问权限 + + + Check + 查看 + + + Check Application access + 检查应用程序访问权限 + + + Test + 测试 + + + Launch + 启动 + + + Logins over the last week (per 8 hours) + + + Policy / Group / User Bindings + 策略/组/用户绑定 + + + These policies control which users can access this application. + 这些策略控制哪些用户可以访问此应用程序。 + + + Successfully updated source. + 已成功更新源。 + + + Successfully created source. + 已成功创建源。 + + + Sync users + 同步用户 + + + User password writeback + 用户密码写回 + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + 登入密码会自动从 LDAP 同步到 authentik。启用此选项可将 authentik 中的密码更改回写至 LDAP。 + + + Sync groups + 同步组 + + + Connection settings + 连接设置 + + + Server URI + 服务器 URI + + + Specify multiple server URIs by separating them with a comma. + 通过用逗号分隔多个服务器 URI 来指定它们。 + + + Enable StartTLS + 启用 StartTLS + + + To use SSL instead, use 'ldaps://' and disable this option. + 要改用 SSL,请使用 'ldaps: //' 并禁用此选项。 + + + TLS Verification Certificate + TLS 验证证书 + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + 使用 TLS 连接到 LDAP 服务器时,默认情况下不检查证书。指定密钥对以验证远程证书。 + + + Bind CN + Bind CN + + + LDAP Attribute mapping + LDAP 属性映射 + + + Property mappings used to user creation. + 用于创建用户的属性映射。 + + + Additional settings + 其他设置 + + + Parent group for all the groups imported from LDAP. + 从 LDAP 导入的所有组的父组。 + + + User path + + + Addition User DN + 额外的用户 DN + + + Additional user DN, prepended to the Base DN. + 额外的User DN,优先于Base DN。 + + + Addition Group DN + 额外的 Group DN + + + Additional group DN, prepended to the Base DN. + 额外的Group DN,优先于Base DN。 + + + User object filter + 用户对象筛选器 + + + Consider Objects matching this filter to be Users. + 将与此筛选器匹配的对象视为用户。 + + + Group object filter + 分组对象过滤器 + + + Consider Objects matching this filter to be Groups. + 将与此过滤器匹配的对象视为组。 + + + Group membership field + 组成员资格字段 + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + 包含组成员的字段。请注意,如果使用 “memberUID” 字段,则假定该值包含相对可分辨名称。例如,'memberUID=some-user' 而不是 'memberuid=cn=some-user、ou=groups、... ' + + + Object uniqueness field + 对象唯一性字段 + + + Field which contains a unique Identifier. + 包含唯一标识符的字段。 + + + Link users on unique identifier + 使用唯一标识符链接用户 + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + 链接到具有相同电子邮件地址的用户。当源不验证电子邮件地址时,可能会产生安全隐患 + + + Use the user's email address, but deny enrollment when the email address already exists + + + Link to a user with identical username. Can have security implications when a username is used with another source + + + Use the user's username, but deny enrollment when the username already exists + + + Unknown user matching mode + + + URL settings + URL 设置 + + + Authorization URL + 授权网址 + + + URL the user is redirect to to consent the authorization. + 用户被重定向到以同意授权的 URL。 + + + Access token URL + 访问令牌 URL + + + URL used by authentik to retrieve tokens. + authentik 用来检索令牌的 URL。 + + + Profile URL + 个人资料网址 + + + URL used by authentik to get user information. + authentik 用来获取用户信息的 URL。 + + + Request token URL + 请求令牌 URL + + + URL used to request the initial token. This URL is only required for OAuth 1. + 用于请求初始令牌的 URL。只有 OAuth 1 才需要此网址。 + + + OIDC Well-known URL + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + + + OIDC JWKS URL + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + + + OIDC JWKS + + + Raw JWKS data. + + + User matching mode + 用户匹配模式 + + + Delete currently set icon. + 删除当前设置的图标。 + + + Consumer key + 消费者密钥 + + + Consumer secret + 消费者机密 + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + + + Flow settings + 流程设置 + + + Flow to use when authenticating existing users. + 认证已存在用户时所使用的流程。 + + + Enrollment flow + 注册流程 + + + Flow to use when enrolling new users. + 新用户注册时所使用的流程。 + + + Load servers + 加载服务器 + + + Re-authenticate with plex + 使用 plex 重新进行身份验证 + + + Allow friends to authenticate via Plex, even if you don't share any servers + 允许好友通过Plex进行身份验证,即使您不共享任何服务器 + + + Allowed servers + 允许的服务器 + + + Select which server a user has to be a member of to be allowed to authenticate. + 选择用户必须是哪个服务器的成员才能进行身份验证。 + + + SSO URL + SSO 网址 + + + URL that the initial Login request is sent to. + 初始登录请求发送到的URL。 + + + SLO URL + SLO URL + + + Optional URL if the IDP supports Single-Logout. + 如果 IDP 支持单点注销,则为可选 URL。 + + + Also known as Entity ID. Defaults the Metadata URL. + 也称为实体 ID。 默认为 Metadata URL。 + + + Binding Type + 绑定类型 + + + Redirect binding + 重定向绑定 + + + Post-auto binding + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + + + Post binding + Post binding + + + Signing keypair + 签名密钥对 + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + 用于签署传出请求的密钥对。留空则禁用签名。 + + + Allow IDP-initiated logins + 允许 IDP 发起的登入 + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + 允许由 IdP 启动的身份验证流。这可能存在安全风险,因为未对请求 ID 进行验证。 + + + NameID Policy + NameID 政策 + + + Persistent + 持久 + + + Email address + 邮箱地址 + + + Windows + Windows + + + X509 Subject + X509 Subject + + + Transient + 暂时的 + + + Delete temporary users after + 之后删除临时用户 + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + + + Pre-authentication flow + 身份验证前流程 + + + Flow used before authentication. + 身份验证之前使用的流程。 + + + New source + 新建身份来源 + + + Create a new source. + 创建一个新身份来源。 + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + 身份来源,既可以同步到authentik的数据库中,也可以被用户用来进行身份验证和注册。 + + + Source(s) + + + + Disabled + 已禁用 + + + Built-in + 内置 + + + Update LDAP Source + 更新 LDAP 源 + + + Not synced yet. + 尚未同步。 + + + Task finished with warnings + 任务已完成,但出现警告 + + + Task finished with errors + 任务已完成,但出现错误 + + + Last sync: + 上次同步: + + + + OAuth Source + + + Generic OpenID Connect + 通用 OpenID 连接 + + + Unknown provider type + + + Details + + + Callback URL + 回调 URL + + + Access Key + 访问密钥 + + + Update OAuth Source + 更新 OAuth 源 + + + Diagram + 示意图 + + + Policy Bindings + 策略绑定 + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + + + Update Plex Source + 更新 Plex 源 + + + Update SAML Source + 更新 SAML 源 + + + Successfully updated mapping. + 已成功更新映射。 + + + Successfully created mapping. + 已成功创建映射。 + + + Object field + 对象字段 + + + Field of the user object this value is written to. + 写入此值的用户对象的字段。 + + + SAML Attribute Name + SAML 属性名称 + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + 用于 SAML 断言的属性名称。可以是 URN OID, 模式引用或任何其他字符串。如果此属性映射用于 NameID 属性,则会丢弃此字段。 + + + Friendly Name + 友好显示名称 + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + (可选)设置 “断言” 属性的'友好名称'值。 + + + Scope name + 作用域名称 + + + Scope which the client can specify to access these properties. + 客户端可以指定的访问这些属性的范围。 + + + Description shown to the user when consenting. If left empty, the user won't be informed. + 同意时向用户显示的描述。如果留空,则不会通知用户。 + + + Example context data + + + Active Directory User + + + Active Directory Group + + + New property mapping + 新建属性映射 + + + Create a new property mapping. + 创建一个新属性映射。 + + + Property Mappings + 属性映射 + + + Control how authentik exposes and interprets information. + 控制 authentik 如何公开和解释信息。 + + + Property Mapping(s) + 属性映射 + + + Test Property Mapping + 测试属性映射 + + + Hide managed mappings + 隐藏托管映射 + + + Successfully updated token. + 已成功更新令牌。 + + + Successfully created token. + 已成功创建令牌。 + + + Unique identifier the token is referenced by. + 引用令牌的唯一标识符。 + + + Intent + 意图 + + + API Token + + + Used to access the API programmatically + + + App password. + + + Used to login using a flow executor + + + Expiring + 即将到期 + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + 如果选择此选项,令牌将过期。到期后,令牌将被轮换。 + + + Expires on + 过期时间 + + + API Access + API 访问权限 + + + App password + 应用密码 + + + Verification + 验证 + + + Unknown intent + + + Tokens + 令牌 + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + 令牌在整个authentik中用于电子邮件验证阶段、恢复密钥和API访问。 + + + Expires? + 过期? + + + Expiry date + 到期日 + + + Token(s) + 令牌 + + + Create Token + 创建令牌 + + + Token is managed by authentik. + 令牌由 authentik 管理。 + + + Update Token + 更新令牌 + + + Domain + + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + 匹配是根据域名后缀完成的,因此,如果您输入 domain.tld,foo.domain.tld 仍将匹配。 + + + Default + 默认 + + + Branding settings + 品牌设置 + + + Title + 标题 + + + Branding shown in page title and several other places. + 品牌信息显示在页面标题和其他几个地方。 + + + Logo + Logo + + + Icon shown in sidebar/header and flow executor. + 在侧边栏/标题和流程执行器中显示的图标。 + + + Favicon + 网站图标 + + + Icon shown in the browser tab. + 浏览器选项卡中显示的图标。 + + + Default flows + 默认流程 + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + 用于对用户进行身份验证的流程。如果留空,则使用按辅助信息块排序的第一个适用流程。 + + + Invalidation flow + 失效流程 + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + 用于注销的流程。如果留空,则使用按辅助信息块排序的第一个适用流程。 + + + Recovery flow + 恢复流程 + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + 恢复流程。如果留空,则使用按辅助信息块排序的第一个适用流程。 + + + Unenrollment flow + 取消注册流程 + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + 如果已设置,则用户可以使用此流程自行取消注册。如果未设置流量,则不显示选项。 + + + User settings flow + 用户设置流程 + + + If set, users are able to configure details of their profile. + 设置后,用户可以配置他们个人资料的详细信息。 + + + Device code flow + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + + + Other global settings + 其他全局设置 + + + Web Certificate + 网络证书 + + + Event retention + 事件保留 + + + Duration after which events will be deleted from the database. + 事件将从数据库中删除的持续时间。 + + + When using an external logging solution for archiving, this can be set to "minutes=5". + 使用外部日志记录解决方案进行存档时,可以将其设置为 “minutes=5”。 + + + This setting only affects new Events, as the expiration is saved per-event. + 此设置仅影响新事件,因为过期时间是按事件保存的。 + + + Configure visual settings and defaults for different domains. + 配置不同域的可视化设置和默认值。 + + + Default? + 默认? + + + Policies + 策略 + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + 允许用户根据属性使用应用程序、强制使用密码标准以及有选择地应用阶段。 + + + Assigned to object(s). + 已分配给 + 个对象。 + + + Warning: Policy is not assigned. + 警告:策略未分配。 + + + Test Policy + 测试策略 + + + Policy / Policies + 政策/策略 + + + Successfully cleared policy cache + 已成功清除策略缓存 + + + Failed to delete policy cache + 未能删除策略缓存 + + + Clear cache + 清除缓存 + + + Clear Policy cache + 清除策略缓存 + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + + + Reputation scores + 声誉得分 + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + IP 和用户标识符的声誉。每次登入失败的分数都会降低,每次成功登入的分数都会增加。 + + + IP + IP + + + Score + 得分 + + + Updated + 已更新 + + + Reputation + 声誉 + + + Groups + + + + Group users together and give them permissions based on the membership. + 将用户分组在一起,并根据成员资格为他们授予权限。 + + + Superuser privileges? + 超级用户权限? + + + Group(s) + + + + Create Group + 创建组 + + + Create group + 创建组 + + + Enabling this toggle will create a group named after the user, with the user as member. + 启用此开关将创建一个以用户命名的组,用户为成员。 + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + 使用下面的用户名和密码进行身份验证。稍后可以在令牌页面上检索密码。 + + + Password + 密码 + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + 有效期为360天,之后密码将自动轮换。您可以从令牌列表中复制密码。 + + + The following objects use + 以下对象使用 + + + + connecting object will be deleted + 连接对象将被删除 + + + Successfully updated + + + Failed to update : + 更新失败 + : + + + + Are you sure you want to update ""? + 你确定要更新 + " + " 吗? + + + Successfully updated password. + 已成功更新密码。 + + + Successfully sent email. + 已成功发送电子邮件。 + + + Email stage + 电子邮件阶段 + + + Successfully added user(s). + + + Users to add + + + User(s) + 用户 + + + Remove Users(s) + + + Are you sure you want to remove the selected users from the group ? + + + Remove + + + Impersonate + 模仿 + + + User status + 用户状态 + + + Change status + 更改状态 + + + Deactivate + 停用 + + + Update password + 更新密码 + + + Set password + 设置密码 + + + Successfully generated recovery link + 成功生成恢复链接 + + + No recovery flow is configured. + 未配置任何恢复流程。 + + + Copy recovery link + 复制恢复链接 + + + Send link + 发送链接 + + + Send recovery link to user + 向用户发送恢复链接 + + + Email recovery link + 电子邮件恢复链接 + + + Recovery link cannot be emailed, user has no email address saved. + 无法通过电子邮件发送恢复链接,用户没有保存电子邮件地址。 + + + Add User + + + Warning: This group is configured with superuser access. Added users will have superuser access. + + + Add existing user + + + Create user + + + Create User + 创建用户 + + + Create Service account + 创建服务账户 + + + Hide service-accounts + 隐藏服务账户 + + + Group Info + 组信息 + + + Notes + + + Edit the notes attribute of this group to add notes here. + + + Users + 用户 + + + Root + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + 警告:你即将删除登录的用户 ( + )。继续,风险自负。 + + + Hide deactivated user + + + User folders + + + Successfully added user to group(s). + + + Groups to add + + + Remove from Group(s) + + + Are you sure you want to remove user from the following groups? + + + Add Group + + + Add to existing group + + + Add new group + + + Application authorizations + 应用程序授权 + + + Revoked? + 已吊销? + + + Expires + 过期 + + + ID Token + ID 令牌 + + + Refresh Tokens(s) + + + Last IP + 最后的 IP + + + Session(s) + 会话 + + + Expiry + 到期 + + + (Current session) + + + Permissions + + + Consent(s) + 同意 + + + Successfully updated device. + 已成功更新设备。 + + + Static tokens + 静态令牌 + + + TOTP Device + TOTP 设备 + + + Enroll + 注册 + + + Device(s) + 设备 + + + Update Device + 更新设备 + + + Confirmed + + + User Info + 用户信息 + + + Actions over the last week (per 8 hours) + + + Edit the notes attribute of this user to add notes here. + + + Sessions + 会话 + + + User events + 用户事件 + + + Explicit Consent + 明确同意 + + + OAuth Refresh Tokens + + + MFA Authenticators + + + Successfully updated invitation. + 已成功更新邀请。 + + + Successfully created invitation. + 已成功创建邀请。 + + + Flow + 流程 + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + 加载到流程的 “prompt_data” 上下文变量中的可选数据。YAML 或 JSON。 + + + Single use + 一次性使用 + + + When enabled, the invitation will be deleted after usage. + 启用后,邀请将在使用后被删除。 + + + Select an enrollment flow + 选择注册流程 + + + Link to use the invitation. + 使用邀请的链接。 + + + Invitations + 邀请 + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + 创建邀请链接以注册用户,并可选择强制使用其帐户的特定属性。 + + + Created by + 由... 创建 + + + Invitation(s) + 邀请 + + + Invitation not limited to any flow, and can be used with any enrollment flow. + + + Update Invitation + 更新邀请 + + + Create Invitation + 创建邀请 + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + 警告:没有邀请阶段绑定到任何流程。邀请将无法按预期工作。 + + + Auto-detect (based on your browser) + 自动检测(基于您的浏览器) + + + Required. + 必需。 + + + Continue + 继续 + + + Successfully updated prompt. + 已成功更新提示。 + + + Successfully created prompt. + 已成功创建提示。 + + + Text: Simple Text input + 文本:简单文本输入 + + + Text Area: Multiline text input + + + Text (read-only): Simple Text input, but cannot be edited. + 文本(只读):简单文本输入,但无法编辑。 + + + Text Area (read-only): Multiline text input, but cannot be edited. + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + 用户名:与文本输入相同,但检查并防止用户名重复。 + + + Email: Text field with Email type. + 电子邮件:具有电子邮件类型的文本字段。 + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + + + Number + 编号 + + + Checkbox + 复选框 + + + Radio Button Group (fixed choice) + + + Dropdown (fixed choice) + + + Date + 日期 + + + Date Time + 日期时间 + + + File + + + Separator: Static Separator Line + 分隔符:静态分隔线 + + + Hidden: Hidden field, can be used to insert data into form. + 隐藏:隐藏字段,可用于将数据插入表单。 + + + Static: Static value, displayed as-is. + 静态:静态值,按原样显示。 + + + authentik: Locale: Displays a list of locales authentik supports. + authentik:语言:显示 authentik 支持的语言设置。 + + + Preview errors + + + Data preview + + + Unique name of this field, used for selecting fields in prompt stages. + + + Field Key + 字段键 + + + Name of the form field, also used to store the value. + 表单域的名称,也用于存储值。 + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + 当与用户写入阶段结合使用时,请使用 attributes.foo 来编写属性。 + + + Label + 标签 + + + Label shown next to/above the prompt. + 标签显示在提示符旁边/上方。 + + + Required + 必需 + + + Interpret placeholder as expression + 将占位符解释为表达式 + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + + + Placeholder + 占位符 + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + + + Interpret initial value as expression + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + + + Initial value + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + + + Help text + 帮助文本 + + + Any HTML can be used. + 任何HTML都可以使用。 + + + Prompts + 提示 + + + Single Prompts that can be used for Prompt Stages. + 可用于提示阶段的单个提示符。 + + + Field + 字段 + + + Stages + 阶段 + + + Prompt(s) + 提示 + + + Update Prompt + 更新提示 + + + Create Prompt + 创建提示 + + + Target + 目标 + + + Stage + 阶段 + + + Evaluate when flow is planned + + + Evaluate policies during the Flow planning process. + + + Evaluate when stage is run + + + Evaluate policies before the Stage is present to the user. + 在阶段呈现给用户之前评估策略。 + + + Invalid response behavior + + + Returns the error message and a similar challenge to the executor + + + Restarts the flow from the beginning + + + Restarts the flow from the beginning, while keeping the flow context + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + + + Successfully updated stage. + 已成功更新阶段。 + + + Successfully created stage. + 已成功创建阶段。 + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + Stage 用于配置基于二重奏的身份验证器。此阶段应该用于配置流程。 + + + Authenticator type name + + + Display name of this authenticator, used by users when they enroll an authenticator. + + + API Hostname + API 主机名 + + + Duo Auth API + + + Integration key + 集成密钥 + + + Secret key + 密钥 + + + Duo Admin API (optional) + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + + + Stage-specific settings + 阶段特定的设置 + + + Configuration flow + 配置流程 + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + 经过身份验证的用户用来配置此阶段的流程。如果为空,用户将无法配置此阶段。 + + + Twilio Account SID + Twilio 账户 SID + + + Get this value from https://console.twilio.com + 从 https://console.twilio.com 获取此值 + + + Twilio Auth Token + Twilio 身份验证令牌 + + + Authentication Type + 身份验证类型 + + + Basic Auth + 基本身份验证 + + + Bearer Token + 不记名令牌 + + + External API URL + 外部 API 网址 + + + This is the full endpoint to send POST requests to. + 这是向其发送 POST 请求的完整终端节点。 + + + API Auth Username + API 身份验证用户名 + + + This is the username to be used with basic auth or the token when used with bearer token + 这是用于基本身份验证的用户名,或者与不记名令牌一起使用时的令牌 + + + API Auth password + API 身份验证密码 + + + This is the password to be used with basic auth + 这是用于基本身份验证的密码 + + + Mapping + + + Modify the payload sent to the custom provider. + + + Stage used to configure an SMS-based TOTP authenticator. + 用于配置基于短信的 TOTP 身份验证器的阶段。 + + + Twilio + Twilio + + + Generic + 通用的 + + + From number + 发件人号码 + + + Number the SMS will be sent from. + 发送短信的来源号码。 + + + Hash phone number + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + Stage 用于配置静态身份验证器(即静态令牌)。此阶段应该用于配置流程。 + + + Token count + Token count + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + 用于配置 TOTP 身份验证器(即 Auth/Google 身份验证器)的阶段。 + + + Digits + 数字 + + + 6 digits, widely compatible + 6位数字,广泛兼容 + + + 8 digits, not compatible with apps like Google Authenticator + 8位数字,与谷歌身份验证器等应用不兼容 + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + Stage 用于验证任何身份验证器。此阶段应在身份验证或授权流程中使用。 + + + Device classes + 设备类别 + + + Static Tokens + 静态令牌 + + + TOTP Authenticators + TOTP 身份验证器 + + + WebAuthn Authenticators + WebAuthn 身份验证器 + + + Duo Authenticators + Duo 身份验证器 + + + SMS-based Authenticators + 基于短信的身份验证器 + + + Device classes which can be used to authenticate. + 可用于进行身份验证的设备类别。 + + + Last validation threshold + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + + + Not configured action + 未配置操作 + + + Force the user to configure an authenticator + 强制用户配置身份验证器 + + + Deny the user access + 拒绝用户访问 + + + WebAuthn User verification + + + User verification must occur. + 必须进行用户验证。 + + + User verification is preferred if available, but not required. + 如果可用,则首选用户验证,但不是必需的。 + + + User verification should not occur. + 不应进行用户验证。 + + + Configuration stages + 配置阶段 + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + 当用户没有任何兼容的设备时,用来配置身份验证器的阶段。此阶段通过后,将不再请求此用户。 + + + When multiple stages are selected, the user can choose which one they want to enroll. + 选中多个阶段时,用户可以选择要注册哪个。 + + + User verification + 用户验证 + + + Resident key requirement + 常驻钥匙要求 + + + Authenticator Attachment + 身份验证器附件 + + + No preference is sent + 不发送首选项 + + + A non-removable authenticator, like TouchID or Windows Hello + 不可移除的身份验证器,例如 TouchID 或 Windows Hello + + + A "roaming" authenticator, like a YubiKey + 像 YubiKey 这样的 “漫游” 身份验证器 + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + + + Public Key + 公钥 + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + 公钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 + + + Private Key + 私钥 + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + 私钥,从 https://www.google.com/recaptcha/intro/v3.html 获取。 + + + Advanced settings + 高级设置 + + + JS URL + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + + + API URL + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + 提示用户同意。同意可以是永久性的,也可以在规定的时间内过期。 + + + Always require consent + 始终需要征得同意 + + + Consent given last indefinitely + 无限期地给予同意 + + + Consent expires. + 同意过期。 + + + Consent expires in + 同意到期时间 + + + Offset after which consent expires. + + + Dummy stage used for testing. Shows a simple continue button and always passes. + 用于测试的虚拟阶段。显示一个简单的 “继续” 按钮,并且始终通过。 + + + Throw error? + + + SMTP Host + SMTP 主机 + + + SMTP Port + SMTP 端口 + + + SMTP Username + SMTP 用户名 + + + SMTP Password + SMTP 密码 + + + Use TLS + 使用 TLS + + + Use SSL + 使用 SSL + + + From address + 发件人地址 + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + 通过向用户发送一次性链接来验证用户的电子邮件地址。也可用于恢复,以验证用户的真实性。 + + + Activate pending user on success + 成功时启用待处理用户 + + + When a user returns from the email successfully, their account will be activated. + 当用户成功从电子邮件中返回时,其帐户将被激活。 + + + Use global settings + 使用全局设置 + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + 启用后,将使用全局电子邮件连接设置,而下面的连接设置将被忽略。 + + + Token expiry + 令牌到期 + + + Time in minutes the token sent is valid. + 发送的令牌的有效时间(以分钟为单位)。 + + + Template + “模板” + + + Let the user identify themselves with their username or Email address. + 让用户使用其用户名或电子邮件地址来标识自己。 + + + User fields + 用户字段 + + + UPN + UPN + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + 用户可以用来标识自己的字段。如果未选择任何字段,则用户将只能使用源。 + + + Password stage + 密码阶段 + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + 选中后,密码字段将显示在同一页面上,而不是单独的页面上。这样可以防止用户名枚举攻击。 + + + Case insensitive matching + 不区分大小写的匹配 + + + When enabled, user fields are matched regardless of their casing. + 启用后,无论用户字段大小写如何,都将匹配用户字段。 + + + Show matched user + 显示匹配的用户 + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + 如果输入了有效的用户名/电子邮件,并且启用了此选项,则会显示用户的用户名和头像。否则,将显示用户输入的文本。 + + + Source settings + + + Sources + + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + 应显示选择的源以供用户进行身份验证。这只会影响基于 Web 的源,而不影响 LDAP。 + + + Show sources' labels + 显示源的标签 + + + By default, only icons are shown for sources. Enable this to show their full names. + 默认情况下,只为源显示图标。启用此选项可显示他们的全名。 + + + Passwordless flow + 无密码流 + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + 可选的无密码流程,链接在页面底部。配置后,用户可以使用此流程向 WebAuthn 身份验证器进行身份验证,而无需输入任何详细信息。 + + + Optional enrollment flow, which is linked at the bottom of the page. + 可选注册流程,链接在页面底部。 + + + Optional recovery flow, which is linked at the bottom of the page. + 可选的恢复流程,链接在页面底部。 + + + This stage can be included in enrollment flows to accept invitations. + 此阶段可以包含在注册流程中以接受邀请。 + + + Continue flow without invitation + 在没有邀请的情况下继续流动 + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + 如果设置了此标志,则当没有发出邀请时,此舞台将跳转到下一个阶段。默认情况下,当没有发出邀请时,此阶段将取消流程。 + + + Validate the user's password against the selected backend(s). + 根据选定的后端验证用户的密码。 + + + Backends + 后端 + + + User database + standard password + 用户数据库+标准密码 + + + User database + app passwords + 用户数据库+应用程序密码 + + + User database + LDAP password + 用户数据库 + LDAP 密码 + + + Selection of backends to test the password against. + 选择用于测试密码的后端。 + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + 经过身份验证的用户用来配置其密码的流程。如果为空,用户将无法配置更改其密码。 + + + Failed attempts before cancel + 取消前尝试失败 + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + 在取消流程之前,用户有多少次尝试。要锁定用户,请使用信誉策略和 user_write 阶段。 + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + 向用户显示任意输入字段,例如在注册期间。数据保存在流程上下文中的 “prompt_data” 变量下。 + + + Fields + 字段 + + + ("", of type ) + + (“ + ”, 类型为 + ) + + + Validation Policies + 验证策略 + + + Selected policies are executed when the stage is submitted to validate the data. + 在提交阶段以验证数据时,将执行选定的策略。 + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + + Log the currently pending user in. + 将当前待处理的用户登录。 + + + Session duration + 会话持续时间 + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + 确定会话持续多长时间。默认为 0 秒意味着会话持续到浏览器关闭为止。 + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + + See here. + + + Stay signed in offset + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + + Terminate other sessions + + + When enabled, all previous sessions of the user will be terminated. + + + Remove the user from the current session. + 从当前会话中移除用户。 + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + + + Never create users + + + When no user is present in the flow context, the stage will fail. + + + Create users when required + + + When no user is present in the the flow context, a new user is created. + + + Always create new users + + + Create a new user even if a user is in the flow context. + + + Create users as inactive + 将用户创建为非活动用户 + + + Mark newly created users as inactive. + 将新创建的用户标记为非活动用户。 + + + User path template + + + Path new users will be created under. If left blank, the default path will be used. + + + Newly created users are added to this group, if a group is selected. + 如果选择了组,则会将新创建的用户添加到该组。 + + + New stage + 新建阶段 + + + Create a new stage. + 创建一个新阶段。 + + + Successfully imported device. + + + The user in authentik this device will be assigned to. + + + Duo User ID + + + The user ID in Duo, can be found in the URL after clicking on a user. + + + Automatic import + + + Successfully imported devices. + + + Start automatic import + + + Or manually import + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + 阶段是引导用户完成的流程的单个步骤。阶段只能在流程内部执行。 + + + Flows + 流程 + + + Stage(s) + 阶段 + + + Import + 导入 + + + Import Duo device + + + Successfully updated flow. + 已成功更新流程。 + + + Successfully created flow. + 已成功创建流程。 + + + Shown as the Title in Flow pages. + 显示为 “Flow” 页面中的标题。 + + + Visible in the URL. + 在 URL 中可见。 + + + Designation + 指定 + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + 决定此 Flow 的用途。例如,当未经身份验证的用户访问 authentik 时,身份验证流程将重定向到。 + + + No requirement + + + Require authentication + + + Require no authentication. + + + Require superuser. + + + Required authentication level for this flow. + + + Behavior settings + + + Compatibility mode + 兼容模式 + + + Increases compatibility with password managers and mobile devices. + + + Denied action + + + Will follow the ?next parameter if set, otherwise show a message + + + Will either follow the ?next parameter or redirect to the default interface + + + Will notify the user the flow isn't applicable + + + Decides the response when a policy denies access to this flow for a user. + + + Appearance settings + + + Layout + + + Background + 背景 + + + Background shown during execution. + 执行过程中显示背景。 + + + Clear background + + + Delete currently set background image. + 删除当前设置的背景图片。 + + + Successfully imported flow. + 已成功导入流程。 + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + .yaml 文件,这些文件可以在 goauthentik.io 上找到,也可以通过 authentik 导出。 + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + 流程描述了一系列用于对用户进行身份验证、注册或恢复的阶段。阶段是根据应用于它们的策略来选择的。 + + + Flow(s) + 流程 + + + Update Flow + 更新流程 + + + Create Flow + 创建流程 + + + Import Flow + 导入流程 + + + Successfully cleared flow cache + 已成功清除流程缓存 + + + Failed to delete flow cache + 无法删除流程缓存 + + + Clear Flow cache + 清除流程缓存 + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + + + Stage binding(s) + 阶段绑定 + + + Stage type + 阶段类型 + + + Edit Stage + 编辑 Stage + + + Update Stage binding + 更新阶段绑定 + + + These bindings control if this stage will be applied to the flow. + 这些绑定控制是否将此阶段应用于流程。 + + + No Stages bound + 没有阶段绑定 + + + No stages are currently bound to this flow. + 目前没有阶段绑定到此流程。 + + + Create Stage binding + 创建 Stage 绑定 + + + Bind stage + Bind 阶段 + + + Bind existing stage + + + Flow Overview + 流程概述 + + + Related actions + + + Execute flow + 执行流程 + + + Normal + 正常 + + + with current user + 以当前用户 + + + with inspector + 和检查员一起 + + + Export flow + 出口流程 + + + Export + 出口 + + + Stage Bindings + 阶段绑定 + + + These bindings control which users can access this flow. + 这些绑定控制哪些用户可以访问此流程。 + + + Event Log + 事件日志 + + + Event + 事件 + + + + Event info + 事件信息 + + + Created + + + Successfully updated transport. + 已成功更新传输。 + + + Successfully created transport. + 已成功创建传输。 + + + Local (notifications will be created within authentik) + + + Webhook (generic) + Webhook (generic) + + + Webhook (Slack/Discord) + Webhook(Slack/Discord) + + + Webhook URL + Webhook URL + + + Webhook Mapping + Webhook 映射 + + + Send once + 发送一次 + + + Only send notification once, for example when sending a webhook into a chat channel. + 仅发送一次通知,例如在向聊天频道发送 Webhook 时。 + + + Notification Transports + 通知传输 + + + Define how notifications are sent to users, like Email or Webhook. + 定义如何向用户发送通知,例如电子邮件或 Webhook。 + + + Notification transport(s) + 通知传输 + + + Update Notification Transport + 更新通知传输 + + + Create Notification Transport + 创建通知传输 + + + Successfully updated rule. + 已成功更新规则。 + + + Successfully created rule. + 已成功创建规则。 + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + + + Transports + 传输 + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + 选择应使用哪些传输来通知用户。如果未选择任何内容,则通知将仅显示在 authentik UI 中。 + + + Severity + 严重程度 + + + Notification Rules + 通知规则 + + + Send notifications whenever a specific Event is created and matched by policies. + 每当策略创建并匹配特定事件时,都会发送通知。 + + + Sent to group + 已发送到组 + + + Notification rule(s) + 通知规则 + + + None (rule disabled) + 无(规则已禁用) + + + Update Notification Rule + 更新通知规则 + + + Create Notification Rule + 创建通知规则 + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + + + Outpost Deployment Info + Outpost 部署信息 + + + View deployment documentation + 查看部署文档 + + + Click to copy token + 点击复制令牌 + + + If your authentik Instance is using a self-signed certificate, set this value. + 如果您的 authentik 实例正在使用自签名证书,请设置此值。 + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + 如果您的 authentik_host 设置与您要登录时使用的网址不匹配,请添加此设置。 + + + Successfully updated outpost. + 已成功更新 Outpost。 + + + Successfully created outpost. + 已成功创建 Outpost。 + + + Radius + + + Integration + 整合 + + + Selecting an integration enables the management of the outpost by authentik. + 选择集成可以使authentik对 Outpost 进行管理。 + + + You can only select providers that match the type of the outpost. + 您只能选择与 Outpost 类型匹配的提供商。 + + + Configuration + 配置 + + + See more here: + + + Documentation + + + Last seen + + + , should be + + ,应该是 + + + + Hostname + + + Not available + 不可用 + + + Last seen: + 最后显示: + + + + Unknown type + + + Outposts + Outposts + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Outpost 是对 authentik 组件的部署,以支持不同的环境和协议,例如反向代理。 + + + Health and Version + 运行状况和版本 + + + Warning: authentik Domain is not configured, authentication will not work. + 警告:未配置 authentik 域,身份验证将不起作用。 + + + Logging in via . + 通过 + 登录。 + + + No integration active + 没有激活的集成 + + + Update Outpost + 更新 Outpost + + + View Deployment Info + 查看部署信息 + + + Detailed health (one instance per column, data is cached so may be out of date) + + + Outpost(s) + Outpost(s) + + + Create Outpost + 创建 Outpost + + + Successfully updated integration. + 已成功更新集成。 + + + Successfully created integration. + 已成功创建集成。 + + + Local + 本地 + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + 如果启用,请使用本地连接。需要的 Docker Socket/Kubernetes 集成。 + + + Docker URL + Docker URL + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + 连接到本地 docker 守护进程时可以采用 'unix: //' 的格式,通过 SSH 连接时使用 'ssh: //',或者在连接到远程系统时使用 'https://:2376' 的格式。 + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + 验证终端节点证书所依据的 CA。可以留空以表示不进行验证。 + + + TLS Authentication Certificate/SSH Keypair + TLS 身份验证证书/SSH 密钥对 + + + Certificate/Key used for authentication. Can be left empty for no authentication. + 用于身份验证的证书/密钥。可以留空,留空表示不进行身份验证。 + + + When connecting via SSH, this keypair is used for authentication. + 通过 SSH 连接时,此密钥对用于身份验证。 + + + Kubeconfig + Kubeconfig + + + Verify Kubernetes API SSL Certificate + + + New outpost integration + 新前哨集成 + + + Create a new outpost integration. + 创建一个新前哨集成。 + + + State + + + + Unhealthy + 不健康 + + + Outpost integration(s) + Outpost 集成 + + + Successfully generated certificate-key pair. + 成功生成证书密钥对。 + + + Common Name + 常用名 + + + Subject-alt name + 替代名称 + + + Optional, comma-separated SubjectAlt Names. + 可选,逗号分隔的 subjectAlt 名称。 + + + Validity days + 有效天数 + + + Successfully updated certificate-key pair. + 已成功更新证书密钥对。 + + + Successfully created certificate-key pair. + 已成功创建证书密钥对。 + + + PEM-encoded Certificate data. + PEM 编码的证书数据。 + + + Optional Private Key. If this is set, you can use this keypair for encryption. + 可选私钥。如果设置了此设置,则可以使用此密钥对进行加密。 + + + Certificate-Key Pairs + 证书密钥对 + + + Import certificates of external providers or create certificates to sign requests with. + 导入外部提供商的证书或创建用于签署请求的证书。 + + + Private key available? + 私钥可用吗? + + + Certificate-Key Pair(s) + 证书密钥对 + + + Managed by authentik + 由 authentik 管理 + + + Managed by authentik (Discovered) + 由 authentik 管理(已发现) + + + Yes () + Yes ( + ) + + + No + No + + + Update Certificate-Key Pair + 更新证书密钥对 + + + Certificate Fingerprint (SHA1) + 证书指纹 (SHA1) + + + Certificate Fingerprint (SHA256) + 证书指纹 (SHA256) + + + Certificate Subject + 证书主题 + + + Download Certificate + 下载证书 + + + Download Private key + 下载私钥 + + + Create Certificate-Key Pair + 创建证书密钥对 + + + Generate + 生成 + + + Generate Certificate-Key Pair + 生成证书密钥对 + + + Successfully updated instance. + + + Successfully created instance. + + + Disabled blueprints are never applied. + + + Local path + + + OCI Registry + + + Internal + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + + + See more about OCI support here: + + + Blueprint + + + Configure the blueprint context, used for templating. + + + Orphaned + + + Blueprints + + + Automate and template configuration within authentik. + + + Last applied + + + Blueprint(s) + + + Update Blueprint + + + Create Blueprint Instance + + + API Requests + API 请求 + + + Open API Browser + 打开 API 浏览器 + + + Notifications + 通知 + + + unread + + 未读 + + + Successfully cleared notifications + 已成功清除通知 + + + Clear all + 全部清除 + + + A newer version of the frontend is available. + 有较新版本的前端可用。 + + + You're currently impersonating . Click to stop. + 你目前正在模拟 + 。单击停止。 + + + User interface + 用户界面 + + + Dashboards + 仪表板 + + + Events + 事件 + + + Logs + 日志 + + + Customisation + 定制 + + + Directory + 目录 + + + System + 系统 + + + Certificates + 证书 + + + Outpost Integrations + Outpost 集成 + + + API request failed + API 请求失败 + + + User's avatar + 用户的头像 + + + Something went wrong! Please try again later. + 发生错误,请稍后重试。 + + + Request ID + + + You may close this page now. + + + You're about to be redirect to the following URL. + 您将被重定向到以下 URL。 + + + Follow redirect + 跟随重定向 + + + Request has been denied. + 请求被拒绝。 + + + Not you? + 不是你? + + + Need an account? + 需要一个账户? + + + Sign up. + 注册。 + + + Forgot username or password? + 忘记用户名或密码? + + + Select one of the sources below to login. + 选择以下源之一进行登入。 + + + Or + + + Use a security key + 使用安全密钥 + + + Login to continue to . + 登入以继续 + + + + Please enter your password + 请输入你的密码 + + + Forgot password? + 忘记密码了吗? + + + Application requires following permissions: + 应用程序需要以下权限: + + + Application already has access to the following permissions: + + + Application requires following new permissions: + + + Check your Inbox for a verification email. + 检查您的收件箱是否有验证电子邮件。 + + + Send Email again. + 再次发送电子邮件。 + + + Successfully copied TOTP Config. + 成功复制 TOTP 配置。 + + + Copy + 复制 + + + Code + 代码 + + + Please enter your TOTP Code + 请输入您的 TOTP 代码 + + + Duo activation QR code + + + Alternatively, if your current device has Duo installed, click on this link: + 或者,如果您当前的设备已安装 Duo,请单击此链接: + + + Duo activation + Duo 激活 + + + Check status + 检查状态 + + + Make sure to keep these tokens in a safe place. + 确保将这些令牌保存在安全的地方。 + + + Phone number + 电话号码 + + + Please enter your Phone number. + 请输入您的电话号码。 + + + Please enter the code you received via SMS + + + A code has been sent to you via SMS. + 验证码已通过短信发送给您。 + + + Open your two-factor authenticator app to view your authentication code. + + + Static token + 静态令牌 + + + Authentication code + + + Please enter your code + + + Return to device picker + 返回设备选择器 + + + Sending Duo push notification + + + Assertions is empty + 断言为空 + + + Error when creating credential: + 创建凭证时出错: + + + + Error when validating assertion on server: + 在服务器上验证断言时出错: + + + + Retry authentication + 重试身份验证 + + + Duo push-notifications + 二重奏推送通知 + + + Receive a push notification on your device. + 在您的设备上接收推送通知。 + + + Authenticator + 身份验证器 + + + Use a security key to prove your identity. + 使用安全密钥证明您的身份。 + + + Traditional authenticator + 传统身份验证器 + + + Use a code-based authenticator. + 使用基于代码的身份验证器。 + + + Recovery keys + 恢复密钥 + + + In case you can't access any other method. + 万一你无法访问任何其他方法。 + + + SMS + 短信 + + + Tokens sent via SMS. + 通过短信发送的令牌。 + + + Select an authentication method. + 选择一种身份验证方法。 + + + Stay signed in? + + + Select Yes to reduce the number of times you're asked to sign in. + + + Authenticating with Plex... + 正在使用 Plex 进行身份验证... + + + Waiting for authentication... + + + If no Plex popup opens, click the button below. + + + Open login + + + Authenticating with Apple... + 正在使用Apple进行身份验证... + + + Retry + 重试 + + + Enter the code shown on your device. + + + Please enter your Code + 请输入您的验证码 + + + You've successfully authenticated your device. + + + Flow inspector + 流程检查器 + + + Next stage + 下一阶段 + + + Stage name + 阶段名 + + + Stage kind + 阶段种类 + + + Stage object + 阶段对象 + + + This flow is completed. + 此流程已完成。 + + + Plan history + 计划历史记录 + + + Current plan context + 当前计划上下文 + + + Session ID + 会话 ID + + + Powered by authentik + 由 authentik 强力驱动 + + + Background image + 背景图片 + + + Error creating credential: + 创建凭证时出错: + + + + Server validation of credential failed: + 服务器验证凭据失败: + + + + Register device + 注册设备 + + + Refer to documentation + + + No Applications available. + 没有可用的应用程序。 + + + Either no applications are defined, or you don’t have access to any. + + + My Applications + 我的应用 + + + My applications + 我的应用 + + + Change your password + 更改你的密码 + + + Change password + 修改密码 + + + + + + + + + Save + 保存 + + + Delete account + 删除账户 + + + Successfully updated details + 已成功更新详情 + + + Open settings + 打开设置 + + + No settings flow configured. + 未配置设置流程 + + + Update details + 更新详情 + + + Successfully disconnected source + + + Failed to disconnected source: + + + Disconnect + 断开连接 + + + Connect + 连接 + + + Error: unsupported source settings: + 错误:不支持的源设置: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + 将您的用户帐户连接到下面列出的服务,以允许您使用该服务而不是传统凭据登录。 + + + No services available. + 没有可用的服务。 + + + Create App password + 创建应用程序密码 + + + User details + 用户详细信息 + + + Consent + 同意 + + + MFA Devices + MFA 设备 + + + Connected services + 连接服务 + + + Tokens and App passwords + 令牌和应用程序密码 + + + Unread notifications + 未读通知 + + + Admin interface + 管理员界面 + + + Stop impersonation + 停止模拟 + + + Avatar image + Avatar image + + + Failed + + + Unsynced / N/A + + + Outdated outposts + 过时的 Outposts + + + Unhealthy outposts + 不健康的 Outposts + + + Next + 下一步 + + + Inactive + 不活跃 + + + Regular user + 普通用户 + + + Activate + 启用 + + + Use Server URI for SNI verification + + + Required for servers using TLS 1.3+ + + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + + + TLS Server name + + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + + + TLS Client authentication certificate + + + Model + + + Match events created by selected model. When left empty, all models are matched. + + + Code-based MFA Support + + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + + + User type + + + Successfully updated license. + + + Successfully created license. + + + Install ID + + + License key + + + Licenses + + + License(s) + + + Enterprise is in preview. + + + Cumulative license expiry + + + Update License + + + Warning: The current user count has exceeded the configured licenses. + + + Click here for more info. + + + Enterprise + + + Manage enterprise licenses + + + No licenses found. + + + Send us feedback! + + + Get a license + + + Go to Customer Portal + + + Forecast internal users + + + Estimated user count one year from now based on current internal users and forecasted internal users. + + + Forecast external users + + + Estimated user count one year from now based on current external users and forecasted external users. + + + Install + + + Install License + + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + + + Service accounts should be used for machine-to-machine authentication or other automations. + + + Less details + + + More details + + + Remove item Open API drawer @@ -11,1702 +5542,74 @@ Open Notification drawer - - Connection error, reconnecting... - - - Loading... - - - Application - - - Logins - - - Failed to fetch - - - Click to change value - - - Select an object. - - - Loading options... - - - API Access - - - App password - - - Recovery - - - Verification - - - Unknown intent - - - Login - - - Failed login - - - Logout - - - User was written to - - - Suspicious request - - - Password set - - - Secret was viewed - - - Secret was rotated - - - Invitation used - - - Application authorized - - - Source linked - - - Impersonation started - - - Impersonation ended - - - Flow execution - - - Policy execution - - - Policy exception - - - Property Mapping exception - - - System task execution - - - System task exception - - - General system exception - - - Configuration error - - - Model created - - - Model updated - - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined - - - Remove item - - - - of - - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds - Restart task - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. - Add provider - - Policy engine mode - - - UI settings - - - Launch URL - - - If left empty, authentik will try to extract the launch URL based on the selected provider. - - - Open in new tab - - - If checked, the launch URL will open in a new browser tab or window from the user's application library. - - - Icon - - - Clear icon - - - Delete currently set icon. - - - Publisher - - - UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. - - - Transparent Reverse Proxy - - - For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) - - - Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) - - - Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) - - - Configure SCIM provider manually - - - Saving Application... - - - Authentik was unable to save this application: - - - Your application has been saved - - - There was an error in the application. - - - Review the application. - - - There was an error in the provider. - - - Review the provider. - - - There was an error - - - There was an error creating the application, but no error message was sent. Please review the server logs. - - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber - - - The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - - - Configure LDAP Provider - - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate - - - TLS Server name - - - UID start number - - - GID start number - - - Successfully updated provider. - - - Successfully created provider. - - - (Format: hours=-1;minutes=-2;seconds=-3). - - - (Format: hours=1;minutes=2;seconds=3). - - - The following keywords are supported: - - - Confidential - - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets - - - Public - - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. - - - Based on the User's hashed ID - - - Based on the User's ID - - - Based on the User's UUID - - - Based on the User's username - - - Based on the User's Email - - - This is recommended over the UPN mode. - - - Based on the User's UPN - - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. - - - Each provider has a different issuer, based on the application slug - - - Same identifier is used for all providers - - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. - - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. - - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - - - Authentication flow - - - Flow used when a user access this provider and is not authenticated. - - - Authorization flow - - - Flow used when authorizing this provider. - - - Client type - - - Client ID - - - Client Secret - - - Redirect URIs/Origins (RegEx) - - - Signing Key - - - Key used to sign the tokens. - - - Advanced protocol settings - - - Access code validity - - - Configure how long access codes are valid for. - - - Access Token validity - - - Configure how long access tokens are valid for. - - - Refresh Token validity - - - Configure how long refresh tokens are valid for. - - - Scopes - - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. - - - Hold control/command to select multiple items. - - - Subject mode - - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - - - Include claims in id_token - - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. - - - Issuer mode - - - Configure how the issuer field of the ID Token should be filled. - - - Machine-to-Machine authentication settings - - - Trusted OIDC Sources - - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. - - - Configure OAuth2/OpenId Provider - - - HTTP-Basic Username Key - - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. - - - HTTP-Basic Password Key - - - User/Group Attribute used for the password part of the HTTP-Basic Header. - - - Configure Proxy Provider - - - Token validity - - - Configure how long tokens are valid for. - - - AdditionalScopes - - - Additional scope mappings, which are passed to the proxy. - - - Unauthenticated URLs - - - Unauthenticated Paths - - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. - - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. - - - Authentication settings - - - Intercept header authentication - - - When enabled, authentik will intercept the Authorization header to authenticate the request. - - - Send HTTP-Basic Authentication - - - Send a custom HTTP-Basic Authentication header based on values from authentik. - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. - - - An example setup can look like this: - - - authentik running on auth.example.com - - - app1 running on app1.example.com - - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. - - - External host - - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. - - - Cookie domain - - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. - - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. - - - The external URL you'll access the application at. Include any non-standard port. - - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. - - - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - - - Configure Radius Provider - - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - - - Configure SAML Provider - - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - - - Property mappings used for user mapping. - - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - - - Configure SCIM Provider - - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - - - Property mappings used for group creation. - - - Create With Wizard - - - New application - - - Don't show this message again. - - - One hint, 'New Application Wizard', is currently hidden - - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. - - - Proxy - - - Forward auth (single application) - - - Forward auth (domain level) - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - - Authentication URL - - - Unknown proxy mode - - - Additional scopes - - - Property mappings - - - Default relay state - - - When using IDP-initiated logins, the relay state will be set to this value. - - - Successfully imported provider. - - - Metadata - - - Apply changes - - - Finish - - - Select type - - - Try the new application wizard - - - The new application wizard greatly simplifies the steps required to create applications and providers. - - - Try it now - - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - Open - - Successfully sent test-request. + + Copy token - - Log messages + + Add users - - No log messages. + + Add group - - Active + + Import devices - - Last login + + Execute - - Select users to add + + Show details - - Successfully updated group. + + Apply - - Successfully created group. + + Settings - - Is superuser + + Sign out - - Users added to this group will be superusers. + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - Parent + + Token length - - Roles + + The length of the individual generated tokens. Can be increased to improve security. - - Select roles to grant this groups' users' permissions from the selected roles. + + Internal: - - Attributes + + External: - - Set custom attributes using YAML or JSON. + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - Successfully updated binding. + + Create and bind Policy - - Successfully created binding. + + Federation and Social login - - Policy + + Create and bind Stage - - Group mappings can only be checked if a user is already logged in when trying to access this source. + + Flows and Stages - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout + + New version available Failure result @@ -1720,1346 +5623,23 @@ Result used when policy execution fails. - - Successfully updated policy. + + Required: User verification must occur. - - Successfully created policy. + + Preferred: User verification is preferred if available, but not required. - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. + + Discouraged: User verification should not occur. - - Execution logging + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info + + Discouraged: The authenticator should not create a dedicated credential Lock the user out of this system @@ -3076,29 +5656,144 @@ doesn't pass when either or both of the selected options are equal or above the Create a link for this user to reset their password - - Create Recovery Link + + WebAuthn requires this page to be accessed via HTTPS. - - Actions over the last week (per 8 hours) + + WebAuthn not supported by browser. - - Edit the notes attribute of this user to add notes here. + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). - - Sessions + + Default relay state - - User events + + When using IDP-initiated logins, the relay state will be set to this value. - - Explicit Consent + + Flow Info - - OAuth Refresh Tokens + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - MFA Authenticators +<<<<<<< HEAD + + Internal application name used in URLs. + + + Submit + + + UI Settings + + + Transparent Reverse Proxy + + + For transparent reverse proxies with required authentication + + + Configure SAML provider manually + + + Configure RADIUS provider manually + + + Configure SCIM provider manually + + + Saving Application... + + + Authentik was unable to save this application: + + + Your application has been saved + + + Method's display Name. + + + Use this provider with nginx's auth_request or traefik's + forwardAuth. Each application/domain needs its own provider. + Additionally, on each domain, /outpost.goauthentik.io must be + routed to the outpost (when using a managed outpost, this is done for you). + + + Custom attributes + + + Don't show this message again. + + + Failed to fetch + + + Failed to fetch data. + + + Successfully assigned permission. + + + Role + + + Assign + + + Assign permission to role + + + Assign to new role + + + Directly assigned + + + Assign permission to user + + + Assign to new user + + + User Object Permissions + + + Role Object Permissions + + + Roles + + + Select roles to grant this groups' users' permissions from the selected roles. + + + Update Permissions + + + Editing is disabled for managed tokens + + + Select permissions to grant + + + Permissions to add + + + Select permissions + + + Assign permission + + + Permission(s) + + + Permission + + + User doesn't have view permission so description cannot be retrieved. Assigned permissions @@ -3136,519 +5831,17 @@ doesn't pass when either or both of the selected options are equal or above the Role Info - - Successfully updated invitation. + + Pseudolocale (for testing) - - Successfully created invitation. + + Create With Wizard - - Flow + + One hint, 'New Application Wizard', is currently hidden - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. Deny message @@ -3656,80 +5849,128 @@ doesn't pass when either or both of the selected options are equal or above the Message shown when this stage is run. - - Dummy stage used for testing. Shows a simple continue button and always passes. + + Open Wizard - - Throw error? + + Demo Wizard - - SMTP Host + + Run the demo wizard - - SMTP Port + + OAuth2/OIDC (Open Authorization/OpenID Connect) - - SMTP Username + + LDAP (Lightweight Directory Access Protocol) - - SMTP Password + + Forward Auth (Single Application) - - Use TLS + + Forward Auth (Domain Level) - - Use SSL + + SAML (Security Assertion Markup Language) - - From address + + RADIUS (Remote Authentication Dial-In User Service) - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + + SCIM (System for Cross-domain Identity Management) - - Activate pending user on success + + The token has been copied to your clipboard - - When a user returns from the email successfully, their account will be activated. + + The token was displayed because authentik does not have permission to write to the clipboard - - Use global settings + + A copy of this recovery link has been placed in your clipboard - - When enabled, global Email connection settings will be used and connection settings below will be ignored. + + Create recovery link - - Token expiry + + Create Recovery Link - - Time in minutes the token sent is valid. + + External - - Template + + Service account - - Let the user identify themselves with their username or Email address. + + Service account (internal) - - User fields + + Check the release notes - - UPN + + User Statistics - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + + <No name set> - - Password stage + + For nginx's auth_request or traefik's forwardAuth - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + + For nginx's auth_request or traefik's forwardAuth per root domain - - Case insensitive matching + + RBAC is in preview. - - When enabled, user fields are matched regardless of their casing. + + User type used for newly created users. + + + Users created + + + Failed logins + + + Also known as Client ID. + + + Also known as Client Secret. + + + Global status + + + Vendor + + + No sync status. + + + Sync currently running. + + + Connectivity + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + + + Successfully created user and added to group + + + This user will be added to the group "". Pretend user exists @@ -3737,113 +5978,122 @@ doesn't pass when either or both of the selected options are equal or above the When enabled, the stage will always accept the given user identifier and continue. - - Show matched user + + There was an error in the application. - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + + Review the application. - - Source settings + + There was an error in the provider. - - Sources + + Review the provider. - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + + There was an error - - Show sources' labels + + There was an error creating the application, but no error message was sent. Please review the server logs. - - By default, only icons are shown for sources. Enable this to show their full names. + + Configure LDAP Provider - - Passwordless flow + + Configure OAuth2/OpenId Provider - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + + Configure Proxy Provider - - Optional enrollment flow, which is linked at the bottom of the page. + + AdditionalScopes - - Optional recovery flow, which is linked at the bottom of the page. + + Configure Radius Provider - - This stage can be included in enrollment flows to accept invitations. + + Configure SAML Provider - - Continue flow without invitation + + Property mappings used for user mapping. - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + + Configure SCIM Provider - - Validate the user's password against the selected backend(s). + + Property mappings used for group creation. - - Backends + + Event volume - - User database + standard password + + Require Outpost (flow can only be executed from an outpost). - - User database + app passwords + + Connection settings. - - User database + LDAP password + + Successfully updated endpoint. - - Selection of backends to test the password against. + + Successfully created endpoint. - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + + Protocol - - Failed attempts before cancel + + RDP - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + + SSH - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + + VNC - - Fields + + Host - - ("", of type ) + + Hostname/IP to connect to. - - Validation Policies + + Endpoint(s) - - Selected policies are executed when the stage is submitted to validate the data. + + Update Endpoint - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - Log the currently pending user in. + + Create Endpoint - - Session duration + + RAC is in preview. - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + + Update RAC Provider - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + + Endpoints - - See here. + + General settings - - Stay signed in offset + + RDP settings - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Ignore server certificate + + + Enable wallpaper + + + Enable font-smoothing + + + Enable full window dragging Network binding @@ -3878,593 +6128,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +6244,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +6265,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/web/xliff/zh_CN.xlf b/web/xliff/zh_CN.xlf index 15ba558f0..ea9939a67 100644 --- a/web/xliff/zh_CN.xlf +++ b/web/xliff/zh_CN.xlf @@ -2217,11 +2217,6 @@ Update SCIM Provider 更新 SCIM 提供程序 - - - Sync not run yet. - 尚未同步过。 - Run sync again @@ -8048,6 +8043,166 @@ Bindings to groups/users are checked against the user of the event. Require Outpost (flow can only be executed from an outpost). 需要前哨(流程只能从前哨执行)。 + + + Connection settings. + 连接设置。 + + + Successfully updated endpoint. + 已成功更新端点。 + + + Successfully created endpoint. + 已成功创建端点。 + + + Protocol + 协议 + + + RDP + RDP + + + SSH + SSH + + + VNC + VNC + + + Host + 主机 + + + Hostname/IP to connect to. + 要连接的主机名/IP。 + + + Endpoint(s) + 端点 + + + Update Endpoint + 更新端点 + + + These bindings control which users will have access to this endpoint. Users must also have access to the application. + 这些绑定控制哪些用户能够访问此端点。用户必须也能访问此应用程序。 + + + Create Endpoint + 创建端点 + + + RAC is in preview. + RAC 目前处于预览状态。 + + + Update RAC Provider + 更新 RAC 提供程序 + + + Endpoints + 端点 + + + General settings + 常规设置 + + + RDP settings + RDP 设置 + + + Ignore server certificate + 忽略服务器证书 + + + Enable wallpaper + 启用壁纸 + + + Enable font-smoothing + 启用字体平滑 + + + Enable full window dragging + 启用完整窗口拖拽 + + + Network binding + 网络绑定 + + + No binding + 无绑定 + + + Bind ASN + 绑定 ASN + + + Bind ASN and Network + 绑定 ASN 和网络 + + + Bind ASN, Network and IP + 绑定 ASN、网络和 IP + + + Configure if sessions created by this stage should be bound to the Networks they were created in. + 配置由此阶段创建的会话是否应该绑定到创建它们的网络。 + + + GeoIP binding + GeoIP 绑定 + + + Bind Continent + 绑定大陆 + + + Bind Continent and Country + 绑定大陆和国家 + + + Bind Continent, Country and City + 绑定大陆、国家和城市 + + + Configure if sessions created by this stage should be bound to their GeoIP-based location + 配置由此阶段创建的会话是否应该绑定到基于 GeoIP 的位置。 + + + RAC + RAC + + + Connection failed after attempts. + 连接在 次尝试后失败。 + + + Re-connecting in second(s). + 将在 秒后重新连接。 + + + Connecting... + 正在连接… + + + Select endpoint to connect to + 选择要连接到的端点 + + + Connection expiry + 连接过期 + + + Determines how long a session lasts before being disconnected and requiring re-authorization. + 设置会话在被断开连接并需要重新授权之前持续的时间。 diff --git a/web/xliff/zh_TW.xlf b/web/xliff/zh_TW.xlf index 5404ad5e3..192a55da5 100644 --- a/web/xliff/zh_TW.xlf +++ b/web/xliff/zh_TW.xlf @@ -1,681 +1,7858 @@ - - - - - - Admin + + + + + English + 英語 + + + + French + 法語 + + + + Turkish + 土耳其語 + + + + Spanish + 西班牙語 + + + + Polish + 波蘭語 + + + + Taiwanese Mandarin + 繁體中文(台灣) + + + + Chinese (simplified) + 簡體中文 + + + + Chinese (traditional) + 繁體中文 + + + + German + 德語 + + + + Loading... + 載入中…… + + + + Application + 應用程式 + + + + Logins + 登入 + + + + Show less + 顯示更少 + + + + Show more + 顯示更多 + + + + UID + UID + + + + Name + 姓名 + + + + App + App + + + + Model Name + 型號名稱 + + + + Message + 訊息 + + + + Subject + Subject + + + + From + 来自 + + + + To + + + + + Context + 上下文 + + + + User + 使用者 + + + + Affected model: + 受影響的模型: + + + + Authorized application: + 已授權的應用程式: + + + + Using flow + 使用流程 + + + + Email info: + 電子郵件訊息: + + + + Secret: + 機密密碼: + + + + Open issue on GitHub... + 前往 GitHub 回報問題…… + + + + Exception + 例外 + + + + Expression + 表示式 + + + + Binding + 附加 + + + + Request + 要求 + + + + Object + 物件 + + + + Result + 結果 + + + + Passing + 通過 + + + + Messages + 訊息 + + + + Using source + 使用來源 + + + + Attempted to log in as + 已嘗試以 的身份登入 + + + + No additional data available. + 没有其他可用資料。 + + + + Click to change value + 點擊以更改數值 + + + + Select an object. + 選擇一個物件。 + + + + Loading options... + 載入選項中…… + + + + Connection error, reconnecting... + 連線錯誤,正在重新連線…… + + + + Login + 登入 + + + + Failed login + 登入失敗 + + + + Logout + 登出 + + + + User was written to + 使用者已經被寫入到 + + + + Suspicious request + 可疑的要求 + + + + Password set + 密碼設定完成 + + + + Secret was viewed + 機密密碼已被查看 + + + + Secret was rotated + 機密密碼已被輪替 + + + + Invitation used + 已使用邀請函 + + + + Application authorized + 已成功授權應用程式 + + + + Source linked + 已連接來源 + + + + Impersonation started + 已開始模擬 + + + + Impersonation ended + 已結束模擬 + + + + Flow execution + 流程的執行事件 + + + + Policy execution + 政策的執行事件 + + + + Policy exception + 政策的例外事件 + + + + Property Mapping exception + 屬性對應例外事件 + + + + System task execution + 系統工作執行事件 + + + + System task exception + 系統工作例外事件 + + + + General system exception + 一般系統例外事件 + + + + Configuration error + 設定錯誤 + + + + Model created + 已建立模型 + + + + Model updated + 已更新模型 + + + + Model deleted + 已刪除模型 + + + + Email sent + 已發送電子郵件 + + + + Update available + 有可用更新 + + + + Unknown severity + 嚴重程度未知 + + + + Alert + 警報 + + + + Notice + 注意 + + + + Warning + 警告 + + + + no tabs defined + 未定義的標籤頁 + + + + - of + 個項目中的 - 項目 + + + + Go to previous page + 回到上一頁 + + + + Go to next page + 前往下一頁 + + + + Search... + 搜尋中…… + + + + Loading + 載入中 + + + + No objects found. + 找不到任何物件。 + + + + Failed to fetch objects. + 無法擷取物件。 + + + + Refresh + 重新整理 + + + + Select all rows + 選擇所有列 + + + + Action + 動作 + + + + Creation Date + 建立日期 + + + + Client IP + 用戶端 IP + + + + Recent events + 最近的事件 + + + + On behalf of + 代表 + + + + - + - + + + + No Events found. + 未找到任何事件。 + + + + No matching events could be found. + 找不到符合的事件。 + + + + Embedded outpost is not configured correctly. + 嵌入式 outpost 設定不正確。 + + + + Check outposts. + 檢查 outposts. + + + + HTTPS is not detected correctly + 未正確的偵測到 HTTPS + + + + Server and client are further than 5 seconds apart. + 伺服器和用戶端的時間差距超過5秒。 + + + + OK + OK + + + + Everything is ok. + 一切正常。 + + + + System status + 系統狀態 + + + + Based on + 基於 + + + + is available! + 新版本 可用! + + + + Up-to-date! + 最新版本! + + + + Version + 版本 + + + + Workers + Workers + + + + No workers connected. Background tasks will not run. + 沒有已連線的 workers,無法執行背景工作。 + + + + hour(s) ago + 小時以前 + + + + day(s) ago + 天以前 + + + + Authorizations + 授權 + + + + Failed Logins + 登入失敗 + + + + Successful Logins + 登入成功 + + + + : + + : + + + + + Cancel + 取消 + + + + LDAP Source + LDAP 來源 + + + + SCIM Provider + SCIM 供應商 + + + + Healthy + 健康 + + + + Healthy outposts + 健康的 Outposts + + + + Admin + 系統管理員 + + + + Not found + 找不到 + + + + The URL "" was not found. + 找不到網址 ""。 + + + + Return home + 回到首頁 + + + + General system status + 一般系統狀態 + + + + Welcome, . + 歡迎, + + + + Quick actions + 快速動作 + + + + Create a new application + 建立新的應用程式 + + + + Check the logs + 檢查日誌 + + + + Explore integrations + 探索整合方案 + + + + Manage users + 管理使用者 + + + + Outpost status + Outpost 狀態 + + + + Sync status + 同步狀態 + + + + Logins and authorizations over the last week (per 8 hours) + 一周的登入和授權狀態(每 8 小時) + + + + Apps with most usage + 使用頻率最高的應用程式 + + + + days ago + 天前 + + + + Objects created + 已建立物件 + + + + Users created per day in the last month + 上個月每天的建立使用者數量 + + + + Logins per day in the last month + 上個月每天的登入次數 + + + + Failed Logins per day in the last month + 上個月每天的登入失敗次數 + + + + Clear search + 清除搜尋結果 + + + + System Tasks + 系統工作 + + + + Long-running operations which authentik executes in the background. + authentik 在背景執行的長時間工作。 + + + + Identifier + 識別碼 + + + + Description + 描述 + + + + Last run + 最後執行 + + + + Status + 狀態 + + + + Actions + 動作 + + + + Successful + 成功 + + + + Error + 錯誤 + + + + Unknown + 未知 + + + + Duration + 持續時間 + + + + seconds + + + + + Authentication + 身分認證 + + + + Authorization + 授權 + + + + Enrollment + 註冊 + + + + Invalidation + 失效 + + + + Recovery + 救援 + + + + Stage Configuration + 階段設定 + + + + Unenrollment + 取消註冊 + + + + Unknown designation + 未知命名 + + + + Stacked + 堆疊 + + + + Content left + 內容置左 + + + + Content right + 內容置右 + + + + Sidebar left + 側邊攔置左 + + + + Sidebar right + 側邊攔置右 + + + + Unknown layout + 未知的版面設計 + + + + Successfully updated provider. + 成功更新供應商。 + + + + Successfully created provider. + 成功建立供應商。 + + + + Bind flow + 附加流程 + + + + Flow used for users to authenticate. + 用於使用者認證的流程 + + + + Search group + 搜尋群組 + + + + Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + 選中的群組中的使用者可以搜尋查詢,如果未選擇任何群組,則無法執行 LDAP 搜尋。 + + + + Bind mode + 附加模式 + + + + Cached binding + 儲存在快取的附加 + + + + Flow is executed and session is cached in memory. Flow is executed when session expires + 當流程執行後,會談訊息將儲存在記憶體中。一旦會談過期,該流程將重新執行 + + + + Direct binding + 直接附加 + + + + Always execute the configured bind flow to authenticate the user + 總是執行設定的附加流程來驗證使用者 + + + + Configure how the outpost authenticates requests. + 設定 Outpost 如何驗證要求。 + + + + Search mode + 搜尋模式 + + + + Cached querying + 快取中的查詢 + + + + The outpost holds all users and groups in-memory and will refresh every 5 Minutes + Outpost 將所有使用者和群組保存在記憶體中,並每5分鐘重新整理。 + + + + Direct querying + 直接查詢 + + + + Always returns the latest data, but slower than cached querying + 總是回傳最新的資料,但這會比快取查詢慢上許多 + + + + Configure how the outpost queries the core authentik server's users. + 設定 Outpost 如何查詢 authentik core 伺服器上的使用者。 + + + + Protocol settings + 通訊協定設定 + + + + Base DN + Base DN + + + + LDAP DN under which bind requests and search requests can be made. + 可以進行附加和搜尋要求的 LDAP DN。 + + + + Certificate + 憑證 + + + + UID start number + UID 起始編號 + + + + The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber + 對於 uidNumbers 的起始值,這個數字會加到 user.Pk 上,以確保對於 POSIX 使用者來說,這個數字不會太低。預設值是 2000,以確保我們不會和本機使用者的 uidNumber 產生衝突 + + + + GID start number + GID 起始編號 + + + + The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber + 對於 gidNumbers 的起始值,這個數字會加到從 group.Pk 生成的數字上,以確保對於 POSIX 群組來說,這個數字不會太低。預設值是 4000,以確保我們不會和本地群組或使用者的主要群組的 gidNumber 產生衝突 + + + + (Format: hours=-1;minutes=-2;seconds=-3). + (格式: hours=-1;minutes=-2;seconds=-3). + + + + (Format: hours=1;minutes=2;seconds=3). + (格式: hours=1;minutes=2;seconds=3). + + + + The following keywords are supported: + 支援以下的關鍵字: + + + + Authentication flow + 身分認證流程 + + + + Flow used when a user access this provider and is not authenticated. + 使用者存取此供應商但未獲授權時的流程 + + + + Authorization flow + 授權流程 + + + + Flow used when authorizing this provider. + 授權此供應商時的流程。 + + + + Client type + 用戶端類型 + + + + Confidential + 機密 + + + + Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets + 機密用戶端能夠維護其憑證的機密性,如:用戶端金鑰。 + + + + Public + 公開 + + + + Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. + 公開用戶端能夠使用如 PKCE 等方式維護其機密性。 + + + + Client ID + 用戶端 ID + + + + Client Secret + 用戶端金鑰 + + + + Redirect URIs/Origins (RegEx) + 重新導向到 URI 或 原始來源 (正規表示式) + + + + Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. + 成功授權流程後的有效重新導向的網址。對於隱式流程,也在此處指定任何來源。 + + + + If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. + 如果未指定明確的重新導向 URI,將儲存第一個成功重新導向的 URI。 + + + + To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. + 欲允許任何重新導向的 URI,輸入 ".*" ,但請注意這個可會有安全性風險。 + + + + Signing Key + 簽署金鑰 + + + + Key used to sign the tokens. + 用於對權杖進行簽署的金鑰。 + + + + Advanced protocol settings + 進階通訊協定設定 + + + + Access code validity + 存取認證碼的有效性 + + + + Configure how long access codes are valid for. + 設定存取認證碼的有效期限。 + + + + Access Token validity + 存取權杖的有效性 + + + + Configure how long access tokens are valid for. + 設定存取權杖的有效期限。 + + + + Refresh Token validity + 重新整理權杖的有效性 + + + + Configure how long refresh tokens are valid for. + 設定重新整理權杖的有效期限。 + + + + Scopes + 範疇 + + + + Select which scopes can be used by the client. The client still has to specify the scope to access the data. + 選擇用戶端可以使用的範疇,用戶端仍然需要指定範疇才能存取資料。 + + + + Hold control/command to select multiple items. + 按住 ctrl/command 鍵選擇多個項目。 + + + + Subject mode + Subject 模式 + + + + Based on the User's hashed ID + 基於使用者雜湊 ID + + + + Based on the User's ID + 基於使用者 ID + + + + Based on the User's UUID + 基於使用者 UUID + + + + Based on the User's username + 基於使用者名稱 + + + + Based on the User's Email + 基於使用者的電子郵件 + + + + This is recommended over the UPN mode. + 這比 UPN 模式更推薦。 + + + + Based on the User's UPN + 基於使用者的 UPN + + + + Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. + 需要使用者設定了「upn」特徵項,備選將使用使用者雜湊 ID。只有您有不同的 UPN 和郵件網域時才使用本模式。 + + + + Configure what data should be used as unique User Identifier. For most cases, the default should be fine. + 設定應該使用哪些資料作為唯一的使用者識別碼。在大多數情況下使用預設值即可。 + + + + Include claims in id_token + 在 id_token 中包含身分聲明 + + + + Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. + 對於那些不存取 userinfo 端點的應用程式,在 id_token 中將包含來自範疇的使用者身分聲明。 + + + + Issuer mode + 發行者模式 + + + + Each provider has a different issuer, based on the application slug + 基於應用程式的縮寫,每個供應商都有一個不同的發行者 + + + + Same identifier is used for all providers + 所有供應商都使用相同的識別碼 + + + + Configure how the issuer field of the ID Token should be filled. + 設定該如何填寫 ID 權杖的發行者欄位。 + + + + Machine-to-Machine authentication settings + 機器對機器的認證設定 + + + + Trusted OIDC Sources + 受信任的 OIDC 來源 + + + + JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. + 透過所選來源中的憑證來簽署的 JWT ,可用於對此供應商進行身份認證。 + + + + HTTP-Basic Username Key + HTTP 基本認證的使用者金鑰 + + + + User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. + 用於 HTTP 基本認證標頭中,使用者區塊中的使用者/群組特徵項。如果未設定則套用使用者的電子郵件地址。 + + + + HTTP-Basic Password Key + HTTP 基本認證的密碼金鑰 + + + + User/Group Attribute used for the password part of the HTTP-Basic Header. + 用於 HTTP 基本認證標頭中,密碼區塊中的使用者/群組特徵項。 + + + + Proxy + 代理 + + + + Forward auth (single application) + 轉發身分認證(單一應用程式) + + + + Forward auth (domain level) + 轉發身分認證(網域級別) + + + + This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. + 此供應商將充當透明的反向代理,唯一的區別是請求必須通過身份認證。如果您的上游應用程式使用 HTTPS,請確保也使用 HTTPS 連接到 Outpost。 + + + + External host + 外部主機 + + + + The external URL you'll access the application at. Include any non-standard port. + 您欲存取應用程式的外部網址,包含任何非標準的連接埠。 + + + + Internal host + 內部主機 + + + + Upstream host that the requests are forwarded to. + 要求轉發到上游主機。 + + + + Internal host SSL Validation + 內部主機的 SSL 驗證 + + + + Validate SSL Certificates of upstream servers. + 驗證上游主機的 SSL 憑證。 + + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. + 將此供應商與 nginx 的 auth_request 或 traefik 的 forwardAuth 一起使用。每個主網域只需要一個提供者。您無法執行每個應用程式的授權,但您不必為每個應用程式建立提供者。 + + + + An example setup can look like this: + 設定的範例如下: + + + + authentik running on auth.example.com + authentik 運行於 auth.example.com + + + + app1 running on app1.example.com + app1 運行於 app1.example.com + + + + In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. + 在這種情況下,您需要將身分認證網址設定為 auth.example.com 並將 Cookie 的網域設定為 example.com。 + + + + Authentication URL + 身分認證網址 + + + + The external URL you'll authenticate at. The authentik core server should be reachable under this URL. + 您身分認證的外部網址,該網址應該要能夠連線到 authentik Core 伺服器。 + + + + Cookie domain + Cookie 網域 + + + + Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. + 將此設定為用於使身分認證為有效的網域。必須是上述網址的上級網域。如果您的應用程式運行於 app1.domain.tld、app2.domain.tld 等等,則將其設定為「domain.tld」。 + + + + Unknown proxy mode + 未知的代理模式 + + + + Token validity + 權杖的有效性 + + + + Configure how long tokens are valid for. + 設定權杖的有效期限。 + + + + Additional scopes + 額外的範疇 + + + + Additional scope mappings, which are passed to the proxy. + 額外範疇的對應,用於傳遞給代理服務。 + + + + Unauthenticated URLs + 未經身分認證的網址 + + + + Unauthenticated Paths + 未經身分認證的路徑 + + + + Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. + 不需要身分認證的正規表示式,每一行區隔為新的表示式。 + + + + When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. + 當使用代理或轉發認證(單一應用程式)模式時,會根據正規表示式檢查要求的網址路徑。在使用轉發認證(網域模式)時,包含方案和主機在內的完整要求網址將與正規表示式進行配對。 + + + + Authentication settings + 身分認證設定 + + + + Intercept header authentication + 擷取標頭的身分認證 + + + + When enabled, authentik will intercept the Authorization header to authenticate the request. + 啟用時,authentik 將會擷取授權標頭來認證要求。 + + + + Send HTTP-Basic Authentication + 傳送 HTTP 基本身分認證 + + + + Send a custom HTTP-Basic Authentication header based on values from authentik. + 傳送一個基於 authentik 數值客製化的 HTTP 基本身分認證標頭。 + + + + ACS URL + ACS 網址 + + + + Issuer + 發行者 + + + + Also known as EntityID. + 也稱為 EntityID。 + + + + Service Provider Binding + 服務供應商附加 + + + + Redirect + 重新導向 + + + + Post + Post + + + + Determines how authentik sends the response back to the Service Provider. + 決定 authentik 如何將回應送回給服務供應商。 + + + + Audience + Audience + + + + Signing Certificate + 簽署憑證 + + + + Certificate used to sign outgoing Responses going to the Service Provider. + 用於簽署外送回應給服務供應商的憑證。 + + + + Verification Certificate + 驗證憑證 + + + + When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. + 選擇時,傳入斷言的簽章將依據這個憑證進行認證。若要允許未簽署的要求,請表留預設值。 + + + + Property mappings + 屬性對應 + + + + NameID Property Mapping + nameID 屬性對應 + + + + Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. + 設定如何建立 NameID 數值。如果為空則將遵守傳入要求的 NameIdPolicy。 + + + + Assertion valid not before + 斷言的有效期限不早於 + + + + Configure the maximum allowed time drift for an assertion. + 設定斷言的允許最大時間偏移量。 + + + + Assertion valid not on or after + 斷言在這個的時間及之後無效: + + + + Assertion not valid on or after current time + this value. + 斷言的有效期限為當前時間加上此值 + + + + Session valid not on or after + 會談在這個時間及之後無效: + + + + Session not valid on or after current time + this value. + 會談的有效期限是當前時間加上此值 + + + + Digest algorithm + 摘要演算法 + + + + Signature algorithm + 簽章演算法 + + + + Successfully imported provider. + 成功匯入供應商。 + + + + Metadata + 中繼資料 + + + + Apply changes + 套用變更 + + + + Close + 關閉 + + + + Finish + 完成 + + + + Back + 返回 + + + + No form found + 找不到表單 + + + + Form didn't return a promise for submitting + 表單提交時沒有回傳一個 promise 物件 + + + + Select type + 選擇類型 + + + + Try the new application wizard + 試試看新的應用程式精靈 + + + + The new application wizard greatly simplifies the steps required to create applications and providers. + 新的應用程式精靈大量簡化了建立應用程式和供應商的所需步驟。 + + + + Try it now + 立即嘗試 + + + + Create + 建立 + + + + New provider + 新增供應商 + + + + Create a new provider. + 建立一個新的供應商。 + + + + Create + 建立 + + + + Shared secret + 共享密鑰 + + + + Client Networks + 用戶端網路 + + + + List of CIDRs (comma-seperated) that clients can connect from. A more specific + CIDR will match before a looser one. Clients connecting from a non-specified CIDR + will be dropped. + 用戶端可以連線的 CIDR 列表(以逗號分隔)。 + 更具體的 CIDR 會在較寬鬆的 CIDR 之前優先套用。 + 來自未指定 CIDR 的用戶端連線將被拒絕。 + + + URL + 網址 + + + + SCIM base url, usually ends in /v2. + SCIM 的基礎網址,通常以 /v2 結尾。 + + + + Token + 權杖 + + + + Token to authenticate with. Currently only bearer authentication is supported. + 用於身份認證的權杖,目前只支援 bearer 認證。 + + + + User filtering + 使用者篩選 + + + + Exclude service accounts + 排除服務帳號 + + + + Group + 群組 + + + + Only sync users within the selected group. + 只同步選中群組的使用者。 + + + + Attribute mapping + 特徵項對應 + + + + User Property Mappings + 使用者屬性對應 + + + + Property mappings used to user mapping. + 用於使用者對應的屬性對應 + + + + Group Property Mappings + 群組屬性對應 + + + + Property mappings used to group creation. + 用於建立群組的屬性對應 + + + + Not used by any other object. + 未被其他物件使用。 + + + + object will be DELETED + 物件將被刪除 + + + + connection will be deleted + 連線將被刪除 + + + + reference will be reset to default value + 引用將被重設為預設值 + + + + reference will be set to an empty value + 引用將被設為空值 + + + + () + () + + + + ID + ID + + + + Successfully deleted + 成功刪除 + + + Failed to delete : + 無法刪除 : + + + + Delete + 刪除 + + + + Are you sure you want to delete ? + 您確定要刪除 嗎? + + + Delete + 刪除 + + + + Providers + 供應商 + + + + Provide support for protocols like SAML and OAuth to assigned applications. + 為分配的應用程式提供如 SAML 和 OAuth 等協定的支援。 + + + + Type + 類型 + + + + Provider(s) + 供應商 + + + + Assigned to application + 分配給應用程式: + + + + Assigned to application (backchannel) + 分配給應用程式(背景通道): + + + + Warning: Provider not assigned to any application. + 警告:供應商未分配給任何應用程式。 + + + + Update + 更新 + + + + Update + 更新 + + + + Select providers to add to application + 選擇要加入到應用程式的供應商 + + + + Add + 加入 + + + + Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". + 輸入完整網址、相對路徑,或者使用 'fa://fa-test' 來使用 Font Awesome 圖示 「fa-test」。 + + + + Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. + 使用者建立的路徑範本,使用預置內容例如「%(slug)s」來插入來源縮寫。 + + + + Successfully updated application. + 成功更新應用程式。 + + + + Successfully created application. + 成功建立應用程式。 + + + + Application's display Name. + 應用程式的顯示名稱。 + + + + Slug + Slug + + + + Optionally enter a group name. Applications with identical groups are shown grouped together. + 可選:輸入群組名稱。具有相同群組的應用程式會排列在同一分組。 + + + + Provider + 供應商 + + + + Select a provider that this application should use. + 選擇一個應用程式應該使用的供應商。 + + + + Select backchannel providers which augment the functionality of the main provider. + 選擇背景通道供應商,以增強主要提供者的功能。 + + + + Policy engine mode + 政策引擎模式 + + + + Any policy must match to grant access + 必須符合任一政策才能取得存取權 + + + + All policies must match to grant access + 必須符合全部政策才能取得存取權 + + + + UI settings + 使用者介面設定 + + + + Launch URL + 啟動的網址 + + + + If left empty, authentik will try to extract the launch URL based on the selected provider. + 如果為空,authentik 將會嘗試從選擇的供應商取得啟動網址。 + + + + Open in new tab + 另開新分頁 + + + + If checked, the launch URL will open in a new browser tab or window from the user's application library. + 如果勾選此項,將從使用者的應用程式庫中,在瀏覽器新的分頁或視窗中打開啟動的網址。 + + + + Icon + 圖示 + + + + Currently set to: + 目前設定為: + + + + Clear icon + 清除圖示 + + + + Publisher + 發行人 + + + + Create Application + 建立應用程式 + + + + Overview + 概述 + + + + Changelog + 更新日誌 + + + + Warning: Provider is not used by any Outpost. + 警告:供應商未被任何 Outpost 使用。 + + + + Assigned to application + 分配給應用程式 + + + + Update LDAP Provider + 更新 LDAP 供應商 + + + + Edit + 編輯 + + + + How to connect + 如何連線 + + + + Connect to the LDAP Server on port 389: + 使用連接埠 389 連線到 LDAP 伺服器: + + + + Check the IP of the Kubernetes service, or + 檢查 Kubernetes 服務的 IP,或者 + + + + The Host IP of the docker host + docker 服務的主機 IP + + + + Bind DN + Bind DN + + + + Bind Password + Bind 密碼 + + + + Search base + 搜尋基礎 + + + + Preview + 預覽 + + + + Warning: Provider is not used by an Application. + 警告:供應商未被任何應用程式使用。 + + + + Redirect URIs + 重新導向 URI + + + + Update OAuth2 Provider + 更新 OAuth2 供應商 + + + + OpenID Configuration URL + OpenID 設定網址 + + + + OpenID Configuration Issuer + OpenID 設定發行者 + + + + Authorize URL + 授權網址 + + + + Token URL + 權杖網址 + + + + Userinfo URL + 使用者資訊網址 + + + + Logout URL + 登出網址 + + + + JWKS URL + JWKS 網址 + + + + Example JWT payload (for currently authenticated user) + 範例 JWT 酬載(給目前已認證的使用者) + + + + Forward auth (domain-level) + 轉發身分認證(網域級別) + + + + Nginx (Ingress) + Nginx (Ingress) + + + + Nginx (Proxy Manager) + Nginx Prxoxy Manager + + + + Nginx (standalone) + Nginx (獨立應用程式) + + + + Traefik (Ingress) + Traefik (Ingress) + + + + Traefik (Compose) + Traefik (Compose) + + + + Traefik (Standalone) + Traefik (獨立應用程式) + + + + Caddy (Standalone) + Caddy (獨立應用程式) + + + + Internal Host + 內部主機 + + + + External Host + 外部主機 + + + + Basic-Auth + 基本身分認證 + + + + Yes + + + + + Mode + 模式 + + + + Update Proxy Provider + 更新代理供應商 + + + + Protocol Settings + 通訊協定設定 + + + + Allowed Redirect URIs + 允許的重新導向 URI + + + + Setup + 設定 + + + + No additional setup is required. + 無須額外設定。 + + + + Update Radius Provider + 更新 Radius 供應商 + + + + Download + 下載 + + + + Copy download URL + 複製下載連結網址 + + + + Download signing certificate + 下載簽章憑證 + + + + Related objects + 有關聯的物件 + + + + Update SAML Provider + 更新 SAML 供應商 + + + + SAML Configuration + SAML 設定 + + + + EntityID/Issuer + SEntityID/發行者 + + + + SSO URL (Post) + SSO 網址(Post方法) + + + + SSO URL (Redirect) + SSO 網址(重新導向) + + + + SSO URL (IdP-initiated Login) + SSO 網址(識別提供者Idp發起的登入) + + + + SLO URL (Post) + SLO 網址(Post方法) + + + + SLO URL (Redirect) + SLO 網址(重新導向) + + + + SAML Metadata + SAML 中繼資料 + + + + Example SAML attributes + SAML 的特徵項範例 + + + + NameID attribute + NameID 特徵項 + + + + Warning: Provider is not assigned to an application as backchannel provider. + 警告:供應商未作為背景通道分配給任何應用程式。 + + + + Update SCIM Provider + 更新 SCIM 供應商 + + + + Run sync again + 再次執行同步 + + + + Modern applications, APIs and Single-page applications. + 新一代的應用程式,API 和單頁式應用程式 + + + + LDAP + LDAP + + + + Provide an LDAP interface for applications and users to authenticate against. + 提供一個 LDAP 介面,供應用程式和用戶進行身份認證。 + + + + New application + 新增應用程式 + + + + Applications + 應用程式 + + + + Provider Type + 供應商類型 + + + + Application(s) + 應用程式 + + + + Application Icon + 應用程式圖示 + + + + Update Application + 更新應用程式 + + + + Successfully sent test-request. + 成功發送測試要求。 + + + + Log messages + 日誌訊息 + + + + No log messages. + 無日誌訊息。 + + + + Active + 啟用 + + + + Last login + 最近登入 + + + + Select users to add + 選擇要加入的使用者 + + + + Successfully updated group. + 成功更新群組。 + + + + Successfully created group. + 成功建立群組。 + + + + Is superuser + 成為超級使用者 + + + + Users added to this group will be superusers. + 加入到該群組的成員將會成為超級使用者。 + + + + Parent + 上級群組 + + + + Attributes + 特徵項 + + + + Set custom attributes using YAML or JSON. + 使用 YAML 或 JSON 設定客製化特徵項。 + + + + Successfully updated binding. + 成功更新附加。 + + + + Successfully created binding. + 成功建立附加。 + + + + Policy + 政策 + + + + Group mappings can only be checked if a user is already logged in when trying to access this source. + 僅當已登入的使用者在存取此來源時,才能檢查群組對應。 + + + + User mappings can only be checked if a user is already logged in when trying to access this source. + 僅當已登入的使用者在存取此來源時,才能檢查使用者對應。 + + + + Enabled + 啟用中 + + + + Negate result + 反向结果 + + + + Negates the outcome of the binding. Messages are unaffected. + 反轉附加的結果。訊息不受影響。 + + + + Order + 執行順序 + + + + Timeout + 逾時過期 + + + + Successfully updated policy. + 成功更新政策。 + + + + Successfully created policy. + 成功建立政策。 + + + + A policy used for testing. Always returns the same result as specified below after waiting a random duration. + 用於測試的政策。等待隨機的時間後回傳相同的結果。 + + + + Execution logging + 執行的日誌紀錄 + + + + When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. + 啟用此選項時,將會記錄這個政策所有的日誌。預設只會記錄錯誤日誌。 + + + + Policy-specific settings + 政策詳細設定 + + + + Pass policy? + 政策通過? + + + + Wait (min) + 等待時間 (最短) + + + + The policy takes a random time to execute. This controls the minimum time it will take. + 政策需要一段隨機時間才能執行。這個設定控制最短等待時間。 + + + + Wait (max) + 等待時間 (最長) + + + + Matches an event against a set of criteria. If any of the configured values match, the policy passes. + 根據一系列標準配對事件。如果符合任何設定的數值,則政策通過。 + + + + Match created events with this action type. When left empty, all action types will be matched. + 將此動作類型與建立的事件配對。如果為空則將符合所有動作類型。 + + + + Matches Event's Client IP (strict matching, for network matching use an Expression Policy. + 配對事件的用戶端 IP(嚴格篩選,如要配對網路請使用表示式政策)。 + + + + Match events created by selected application. When left empty, all applications are matched. + 將選擇的應用程式與建立的事件配對。如果為空則將符合所有應用程式。 + + + + Checks if the request's user's password has been changed in the last x days, and denys based on settings. + 檢查要求中的使用者密碼在過去幾個天內是否已更改,並根據設定決定是否拒絕。 + + + + Maximum age (in days) + 最長有效期限(以天為單位) + + + + Only fail the policy, don't invalidate user's password + 僅不通過政策,不取消使用者密碼的有效性 + + + + Executes the python snippet to determine whether to allow or deny a request. + 執行 Python 程式片段以決定是否允許或拒絕要求。 + + + + Expression using Python. + 使用 Python 的表示式。 + + + + See documentation for a list of all variables. + 有關所有變數列表請參考官方文件。 + + + + Static rules + 靜態規則 + + + + Minimum length + 最短密碼長度 + + + + Minimum amount of Uppercase Characters + 最少大寫字母數量 + + + + Minimum amount of Lowercase Characters + 最少小寫字母數量 + + + + Minimum amount of Digits + 最少數字數量 + + + + Minimum amount of Symbols Characters + 最少特殊符號數量 + + + + Error message + 錯誤訊息 + + + + Symbol charset + 特殊符號字元編碼 + + + + Characters which are considered as symbols. + 將被視為特殊符號的字元。 + + + + HaveIBeenPwned settings + HaveIBeenPwned 設定 + + + + Allowed count + 可允許的次數 + + + + Allow up to N occurrences in the HIBP database. + 允許出現在 HIBP 資料庫的次數。 + + + + zxcvbn settings + zxcvbn 設定 + + + + Score threshold + 分數閾值 + + + + If the password's score is less than or equal this value, the policy will fail. + 如果密碼的分數不大於此數值,則未通過政策。 + + + + Checks the value from the policy request against several rules, mostly used to ensure password strength. + 依據多條規則來檢查政策要求中的值,主要用於確保密碼強度。 + + + + Password field + 密碼欄位的鍵值 + + + + Field key to check, field keys defined in Prompt stages are available. + 要檢查的鍵值,欄位鍵值可在提示階段中選取。 + + + + Check static rules + 檢查靜態規則 + + + + Check haveibeenpwned.com + 檢查 haveibeenpwned.com + + + + For more info see: + 若要更多資訊請前往: + + + + Check zxcvbn + 檢查 zxcvbn + + + + Password strength estimator created by Dropbox, see: + 由 Dropbox 建立的密碼強度指示計,請前往: + + + + Allows/denys requests based on the users and/or the IPs reputation. + 根據使用者或 IP 名譽來允許或禁止要求。 + + + + Invalid login attempts will decrease the score for the client's IP, and the +username they are attempting to login as, by one. + 無效的登入嘗試將使該用戶端 IP 和該使用者名稱的分數每次減少1分。 + + + The policy passes when the reputation score is below the threshold, and +doesn't pass when either or both of the selected options are equal or above the threshold. + 當名譽分數低於閾值時能通過政策。反之,當選項中的任何一個以上等於或高於閾值時,不通過政策。 + + + Check IP + 檢查 IP + + + + Check Username + 檢查使用者名稱 + + + + Threshold + 閾值 + + + + New policy + 新增政策 + + + + Create a new policy. + 建立一個新的政策。 + + + + Create Binding + 建立附加 + + + + Superuser + 超級使用者 + + + + Members + 成員 + + + + Select groups to add user to + 選擇要加入使用者的群組 + + + + Warning: Adding the user to the selected group(s) will give them superuser permissions. + 警告:使用者加入到所選的群組將會賦予其超級使用者的權限。 + + + + Successfully updated user. + 成功更新使用者。 + + + + Successfully created user. + 成功建立使用者。 + + + + Username + 使用者名稱 + + + + User's primary identifier. 150 characters or fewer. + 使用者的主要識別碼。150個字元以內。 + + + + User's display name. + 用使用者的顯示名稱。 + + + + Email + 電子郵件 + + + + Is active + 啟用帳戶 + + + + Designates whether this user should be treated as active. Unselect this instead of deleting accounts. + 決定是否將此使用者視為啟用的帳戶。建議取消選擇此項來停用,而不是刪除帳戶。 + + + + Path + 路徑 + + + + Policy / User / Group + 政策 / 使用者 / 群組 + + + + Policy + 政策 + + + + Group + 群組 + + + + User + 使用者 + + + + Edit Policy + 編輯政策 + + + + Update Group + 更新群組 + + + + Edit Group + 編輯群組 + + + + Update User + 更新使用者 + + + + Edit User + 編輯使用者 + + + + Policy binding(s) + 政策附加 + + + + Update Binding + 更新附加 + + + + Edit Binding + 編輯附加 + + + + No Policies bound. + 沒有已附加的政策。 + + + + No policies are currently bound to this object. + 目前沒有附加到此物件的政策。 + + + + Bind existing policy + 附加到現存的政策 + + + + Warning: Application is not used by any Outpost. + 警告:應用程式未被任何 Outpost 使用。 + + + + Related + 關聯 + + + + Backchannel Providers + 背景通道供應商 + + + + Check access + 檢查存取權限 + + + + Check + 檢查 + + + + Check Application access + 檢查應用程式存取權限 + + + + Test + 測試 + + + + Launch + 啟動 + + + + Logins over the last week (per 8 hours) + 一周的登入狀態(每 8 小時) + + + + Policy / Group / User Bindings + 政策 / 使用者 / 群組 附加 + + + + These policies control which users can access this application. + 這些政策控制了哪些使用者可以存取這個應用程式。 + + + + Successfully updated source. + 成功更新來源。 + + + + Successfully created source. + 成功建立來源。 + + + + Sync users + 同步使用者 + + + + User password writeback + 可改寫使用者密碼 + + + + Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. + 登入密碼會自動從 LDAP 同步到 authentik。啟用此選項可將 authentik 修改的密碼同步回 LDAP。 + + + + Sync groups + 同步群組 + + + + Connection settings + 連線設定 + + + + Server URI + 伺服器 URI + + + + Specify multiple server URIs by separating them with a comma. + 若要新增多個伺服器,透過逗號分隔多個伺服器 URI。 + + + + Enable StartTLS + 啟用 StartTLS + + + + To use SSL instead, use 'ldaps://' and disable this option. + 若要使用 SSL 請停用此選項,並使用「ldaps://」。 + + + + TLS Verification Certificate + TLS 驗證憑證 + + + + When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. + 使用 TLS 連線到 LDAP 時,預設不檢查憑證,選擇金鑰對來驗證遠端憑證。 + + + + Bind CN + Bind CN + + + + LDAP Attribute mapping + LDAP 特徵碼對應 + + + + Property mappings used to user creation. + 用於建立使用者的屬性對應。 + + + + Additional settings + 其他設定 + + + + Parent group for all the groups imported from LDAP. + 從 LDAP 匯入群組的上級群組。 + + + + User path + 使用者路徑 + + + + Addition User DN + 額外的使用者 DN + + + + Additional user DN, prepended to the Base DN. + 額外的使用者 DN,將優先於 Base DN。 + + + + Addition Group DN + 額外的群組 DN + + + + Additional group DN, prepended to the Base DN. + 額外的群組 DN,將優先於 Base DN。 + + + + User object filter + 使用者物件篩選器 + + + + Consider Objects matching this filter to be Users. + 符合此篩選的物件將視為使用者。 + + + + Group object filter + 群組物件篩選器 + + + + Consider Objects matching this filter to be Groups. + 符合此篩選的物件將視為群組。 + + + + Group membership field + 群組成員欄位 + + + + Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' + 包含群組成員的欄位。注意,如果使用「memberUid」欄位,則假設其值包含相對可分辨的名稱。例如,「memberUID=some-user」而不是「memberuid=cn=some-user,ou=groups,... 」 + + + + Object uniqueness field + 物件的唯一性欄位 + + + + Field which contains a unique Identifier. + 包含唯一識別碼的欄位。 + + + + Link users on unique identifier + 使用唯一識別碼連結使用者 + + + + Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses + 連結到具有相同電子郵件地址的使用者。當來源不驗證電子郵件地址時,可能會有安全風險。 + + + + Use the user's email address, but deny enrollment when the email address already exists + 使用使用者的電子郵件地址,但在電子郵件地址已存在時拒絕註冊。 + + + + Link to a user with identical username. Can have security implications when a username is used with another source + 連接到具有相同使用者名稱的使用者。當使用者名稱與其他來源一同使用時,可能會有安全風險。 + + + + Use the user's username, but deny enrollment when the username already exists + 使用使用者的使用者名稱,但在使用者名稱已存在時拒絕註冊。 + + + + Unknown user matching mode + 未知使用者配對模式 + + + + URL settings + 網址設定 + + + + Authorization URL + 授權網址 + + + + URL the user is redirect to to consent the authorization. + 使用者被重新導向到此網址以同意授權。 + + + + Access token URL + 存取權杖網址 + + + + URL used by authentik to retrieve tokens. + authentik 用來擷取權杖的網址。 + + + + Profile URL + 個人資訊網址 + + + + URL used by authentik to get user information. + authentik 用來擷取個人資訊的網址。 + + + + Request token URL + 要求權杖網址 + + + + URL used to request the initial token. This URL is only required for OAuth 1. + 用於要求初始權杖的網址,僅用於 OAuth 1。 + + + + OIDC Well-known URL + OIDC Well-known 網址 + + + + OIDC well-known configuration URL. Can be used to automatically configure the URLs above. + OIDC Well-known 設定的網址。可以用於自動設定以上網址。 + + + + OIDC JWKS URL + OIDC JWKS 網址 + + + + JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. + JSON 網路金鑰的網址。才該網址擷取的金鑰用於驗證此來源的 JWT。 + + + + OIDC JWKS + OIDC JWKS + + + + Raw JWKS data. + 原始 JWKS 資料。 + + + + User matching mode + 用戶配對模式 + + + + Delete currently set icon. + 刪除目前的圖示。 + + + + Consumer key + 客戶金鑰 + + + + Consumer secret + 客戶機密密碼 + + + + Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. + 額外的範疇將傳遞給 OAuth 供應商,用空格分隔。要替換現存範疇,請在前面加上 *。 + + + + Flow settings + 流程設定 + + + + Flow to use when authenticating existing users. + 認證現存使用者的流程。 + + + + Enrollment flow + 註冊流程 + + + + Flow to use when enrolling new users. + 新使用者註冊時的流程。 + + + + Load servers + 載入伺服器 + + + + Re-authenticate with plex + 使用 plex 重新身分認證 + + + + Allow friends to authenticate via Plex, even if you don't share any servers + 允許好友通過 Plex 進行身分認證,即便您沒有分享任何伺服器 + + + + Allowed servers + 允許的伺服器 + + + + Select which server a user has to be a member of to be allowed to authenticate. + 選擇使用者必須是其成員才能被允許進行身份認證的伺服器。 + + + + SSO URL + SSO 網址 + + + + URL that the initial Login request is sent to. + 第一次登入要求發送的網址。 + + + + SLO URL + SLO 網址 + + + + Optional URL if the IDP supports Single-Logout. + 身分識別提供者 Idp 如果支援單一登出時的可選網址。 + + + + Also known as Entity ID. Defaults the Metadata URL. + 也稱為 Entity ID,預設為中繼資料的網址。 + + + + Binding Type + 附加類型 + + + + Redirect binding + 重新導向附加 + + + + Post-auto binding + 自動 Post 附加 + + + + Post binding but the request is automatically sent and the user doesn't have to confirm. + Post 附加,但自動傳送要求,使用者無需確認。 + + + + Post binding + Post 附加 + + + + Signing keypair + 簽署的金鑰對 + + + + Keypair which is used to sign outgoing requests. Leave empty to disable signing. + 用於簽署傳出要求的金鑰對。保持為空停用簽署。 + + + + Allow IDP-initiated logins + 允許識別提供者 Idp 發起的登入 + + + + Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. + 允許由身份提供者 Idp 發起的認證流程。這可能是一個安全風險,因為不會驗證要求的 ID。 + + + + NameID Policy + NameID 政策 + + + + Persistent + 持久性 + + + + Email address + 電子郵件地址 + + + + Windows + Windows + + + + X509 Subject + X509 主體 + + + + Transient + 暫時性 + + + + Delete temporary users after + 在此之後刪除臨時使用者: + + + + Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. + 刪除臨時使用者的時間偏移量。這僅適用於您的身份提供者使用 NameID 格式「transient」,且用戶沒有手動登出的情況。 + + + + Pre-authentication flow + 身分認證前的流程 + + + + Flow used before authentication. + 在身分認證前使用的流程。 + + + + New source + 新增身分來源 + + + + Create a new source. + 建立一個新的身分來源。 + + + + Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. + 身分來源,既可以同步到 authentik 的資料庫,也能被使用者用來進行身分認證和註冊。 + + + + Source(s) + 來源 + + + + Disabled + 已停用 + + + + Built-in + 內建 + + + + Update LDAP Source + 更新 LDAP 來源 + + + + Not synced yet. + 尚未同步。 + + + + Task finished with warnings + 工作完成,但出現警告 + + + + Task finished with errors + 工作完成,但出現錯誤 + + + + Last sync: + 上次同步: + + + + OAuth Source + OAuth 來源 + + + + Generic OpenID Connect + 通用 OpenID 連線 + + + + Unknown provider type + 未知的供應商類型 + + + + Details + 詳細資訊 + + + + Callback URL + 回呼網址 + + + + Access Key + 存取金鑰 + + + + Update OAuth Source + 更新 OAuth 來源 + + + + Diagram + 示意圖 + + + + Policy Bindings + 政策附加 + + + + These bindings control which users can access this source. + You can only use policies here as access is checked before the user is authenticated. + 這些附加控制哪些使用者可以存取此來源。因為在使用者身份認證之前就會檢查存取權限,所以這裡只能使用政策。 + + + Update Plex Source + 更新 Plex 來源 + + + + Update SAML Source + 更新 SAML 來源 + + + + Successfully updated mapping. + 成功更新對應。 + + + + Successfully created mapping. + 成功建立對應。 + + + + Object field + 物件欄位 + + + + Field of the user object this value is written to. + 此值寫入到使用者物件的欄位。 + + + + SAML Attribute Name + SAML 特徵項名稱 + + + + Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. + 用於 SAML 斷言的特徵項名稱。可以是 URN OID,綱要參考或任何其他字串。如果此屬性對應用於 NameID 屬性,則此欄位將被忽略。 + + + + Friendly Name + 易記名稱 + + + + Optionally set the 'FriendlyName' value of the Assertion attribute. + 可選:設定斷言特徵項中的「FriendlyName」值。 + + + + Scope name + 範疇名稱 + + + + Scope which the client can specify to access these properties. + 用戶端可以指定存取這些屬性的範疇。 + + + + Description shown to the user when consenting. If left empty, the user won't be informed. + 當需要使用者同意時顯示的說明。如果留空將不會顯示。 + + + + Example context data + 範例上下文資料 + + + + Active Directory User + Active Directory 使用者 + + + + Active Directory Group + Active Directory 群組 + + + + New property mapping + 新增屬性對應 + + + + Create a new property mapping. + 建立一個新的屬性對應。 + + + + Property Mappings + 屬性對應 + + + + Control how authentik exposes and interprets information. + 控制 authentik 如何公開和解釋資訊。 + + + + Property Mapping(s) + 屬性對應 + + + + Test Property Mapping + 測試屬性對應 + + + + Hide managed mappings + 隱藏代管對應 + + + + Successfully updated token. + 成功更新權杖。 + + + + Successfully created token. + 成功建立權杖。 + + + + Unique identifier the token is referenced by. + 權杖參考的唯一識別碼。 + + + + Intent + 使用目的 + + + + API Token + API 權杖 + + + + Used to access the API programmatically + 用於程式化存取 API + + + + App password. + 應用程式密碼 + + + + Used to login using a flow executor + 使用流程執行器來進行登入。 + + + + Expiring + 是否會過期 + + + + If this is selected, the token will expire. Upon expiration, the token will be rotated. + 當啟用時,權杖將會過期。在過期後權杖將會被輪替。 + + + + Expires on + 有效期限 + + + + API Access + API 存取權限 + + + + App password + 應用程式密碼 + + + + Verification + 驗證 + + + + Unknown intent + 未知使用目的 + + + + Tokens + 權杖 + + + + Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. + 權杖在整個 authentik 中用於電子郵件認證階段、救援金鑰和存取 API。 + + + + Expires? + 是否會過期 + + + + Expiry date + 到期日 + + + + Token(s) + 權杖 + + + + Create Token + 建立權杖 + + + + Token is managed by authentik. + 由 authentik 管理的權杖。 + + + + Update Token + 更新權杖 + + + + Domain + 網域 + + + + Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. + 由網域的後輟配對,如果您输入 domain.tld,foo.domain.tld 仍將會符合。 + + + + Default + 設為預設 + + + + Branding settings + 品牌設定 + + + + Title + 標題 + + + + Branding shown in page title and several other places. + 品牌訊息會顯示在頁面標題和其他地方。 + + + + Logo + 品牌標誌 + + + + Icon shown in sidebar/header and flow executor. + 在側邊欄、標題和流程執行器中顯示的圖示。 + + + + Favicon + 網站圖示 + + + + Icon shown in the browser tab. + 瀏覽器頁籤上顯示的圖示。 + + + + Default flows + 預設流程 + + + + Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. + 用於對使用者進行身分認證的流程。如果為空則按縮寫順序使用第一個符合的流程。 + + + + Invalidation flow + 登出流程 + + + + Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. + 用於登出的流程。如果為空則按縮寫順序使用第一個符合的流程。 + + + + Recovery flow + 救援流程 + + + + Recovery flow. If left empty, the first applicable flow sorted by the slug is used. + 用於各類救援的流程。如果為空則按縮寫順序使用第一個符合的流程。 + + + + Unenrollment flow + 取消注册流程 + + + + If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. + 如果設定此欄位,使用者可使用這個流程自行刪除自己的帳號。如果為空則不顯示選項。 + + + + User settings flow + 使用者設定流程 + + + + If set, users are able to configure details of their profile. + 如果設定此欄位,使用者可以修改他們的個人資訊。 + + + + Device code flow + 裝置認證碼流程 + + + + If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. + 如果設定此欄位,可以使用 OAuth 裝置認證碼設定檔,並使用所選的流程來輸入認證碼。 + + + + Other global settings + 其他全域設定 + + + + Web Certificate + 網頁伺服器憑證 + + + + Event retention + 事件紀錄保存時長 + + + + Duration after which events will be deleted from the database. + 事件紀錄在被從資料庫刪除前的時長。 + + + + When using an external logging solution for archiving, this can be set to "minutes=5". + 如果使用外部日誌紀錄解決方案時,可以設定為「minutes=5」。 + + + + This setting only affects new Events, as the expiration is saved per-event. + 此設定僅會影響新的事件紀錄,舊的紀錄到期時間已經設定。 + + + + Configure visual settings and defaults for different domains. + 為不同的網域設定視覺化設定和各項預設值。 + + + + Default? + 是否為預設 + + + + Policies + 政策 + + + + Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. + 允許使用者根據屬性使用應用程式、執行密碼的標準,和有選擇性地應用在階段。 + + + + Assigned to object(s). + 已分配给 個物件。 + + + + Warning: Policy is not assigned. + 警告:政策未被分配。 + + + + Test Policy + 測試政策 + + + + Policy / Policies + 政策 + + + + Successfully cleared policy cache + 成功清除政策快取 + + + + Failed to delete policy cache + 未能清除政策快取 + + + + Clear cache + 清除快取 + + + + Clear Policy cache + 清除政策快取 + + + + Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. + 您確定要清除政策快取嗎?這將會導致所有政策在下次使用時重新評價。 + + + Reputation scores + 名譽分數 + + + + Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. + IP 和使用者識別碼的名譽。每次登入失敗都會降低分數,反之每次成功登入都會增加分數。 + + + + IP + IP + + + + Score + 分數 + + + + Updated + 最後更新時間 + + + + Reputation + 名譽 + + + + Groups + 群組 + + + + Group users together and give them permissions based on the membership. + 將使用者分組,並依照成員資格給予權限。 + + + + Superuser privileges? + 是否擁有超級使用者權限 + + + + Group(s) + 群組 + + + + Create Group + 建立群組 + + + + Create group + 建立群組 + + + + Enabling this toggle will create a group named after the user, with the user as member. + 啟用此選項時,將會建立以使用者名稱為名的群組,而使用者將會成為其成員。 + + + + Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. + 使用以下使用者名稱和密碼進行認證,密碼可以從權杖頁面中取得。 + + + + Password + 密碼 + + + + Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. + 有效期限為360天,之後密碼將會自動輪替。您可以在權杖列表中複製密碼。 + + + + The following objects use + 使用以下物件 + + + + connecting object will be deleted + 連線的物件將被刪除 + + + + Successfully updated + 成功更新 + + + Failed to update : + 無法更新 : + + + + Are you sure you want to update ""? + 您確定要更新 」嗎? + + + + Successfully updated password. + 成功更新密碼。 + + + + Successfully sent email. + 成功發送電子郵件。 + + + + Email stage + 電子郵件階段 + + + + Successfully added user(s). + 成功加入使用者 + + + + Users to add + 欲加入的使用者 + + + + User(s) + 使用者 + + + + Remove Users(s) + 移除使用者 + + + + + Remove + 移除 + + + + Impersonate + 模擬使用者 + + + + User status + 使用者狀態 + + + + Change status + 更改狀態 + + + + Deactivate + 停用 + + + + Update password + 更新密碼 + + + + Set password + 設定密碼 + + + + Successfully generated recovery link + 成功產生救援連結 + + + + No recovery flow is configured. + 未設定救援流程。 + + + + Copy recovery link + 複製救援連結 + + + + Send link + 傳送連結 + + + + Send recovery link to user + 向使用者傳送救援連結 + + + + Email recovery link + 電子郵件救援連結 + + + + Recovery link cannot be emailed, user has no email address saved. + 無法使用電子郵件傳送救援連結,因為使用者並沒有設定電子郵件。 + + + + Add User + 加入使用者 + + + + Warning: This group is configured with superuser access. Added users will have superuser access. + 警告:這個群組具有超級使用者權限,加入到此群組的使用者將會取得該權限。 + + + + Add existing user + 加入現存使用者 + + + + Create user + 建立使用者 + + + + Create User + 建立使用者 + + + + Create Service account + 建立服務帳戶 + + + + Hide service-accounts + 隱藏服務帳戶 + + + + Group Info + 群組資訊 + + + + Notes + 備註 + + + + Edit the notes attribute of this group to add notes here. + 編輯這個群組的備註特徵項來加入備註。 + + + + Users + 使用者 + + + + Root + Root + + + + Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. + 警告:您即將刪除您正在登入的使用者「」。若選擇繼續請自行承擔風險。 + + + + Hide deactivated user + 隱藏停用的使用者 + + + + User folders + 使用者資料夾 + + + + Successfully added user to group(s). + 成功加入使用者到群組。 + + + + Groups to add + 欲加入的群組 + + + + Remove from Group(s) + 從群組中移除 + + + + Are you sure you want to remove user from the following groups? + 您確定要從群組中移除使用者 嗎? + + + + Add Group + 加入群組 + + + + Add to existing group + 加入到現存的群組 + + + + Add new group + 建立群組並加入 + + + + Application authorizations + 應用程式授權 + + + + Revoked? + 是否已撤銷 + + + + Expires + 有效期限 + + + + ID Token + ID 權杖 + + + + Refresh Tokens(s) + 重新整理權杖 + + + + Last IP + 最後登入的 IP + + + + Session(s) + 會談 + + + + Expiry + 過期 + + + + (Current session) + (正在使用的會談) + + + + Permissions + 權限 + + + + Consent(s) + 同意 + + + + Successfully updated device. + 成功更新裝置。 + + + + Static tokens + 靜態權杖 + + + + TOTP Device + TOTP 裝置 + + + + Enroll + 註冊 + + + + Device(s) + 裝置 + + + + Update Device + 更新裝置 + + + + Confirmed + 裝置驗證 + + + + User Info + 使用者資訊 + + + + Actions over the last week (per 8 hours) + 一周的動作狀態(每 8 小時) + + + + Edit the notes attribute of this user to add notes here. + 編輯這個使用者的備註特徵項來加入備註。 + + + + Sessions + 會談 + + + + User events + 使用者事件 + + + + Explicit Consent + 明示同意 + + + + OAuth Refresh Tokens + OAuth 重新整理權杖 + + + + MFA Authenticators + 多重要素認證器 + + + + Successfully updated invitation. + 成功更新邀請函。 + + + + Successfully created invitation. + 成功建立邀請函。 + + + + Flow + 流程 + + + + When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. + 當選擇時,邀請只能與該流程一起使用。預設情況下,邀請在所有包含邀請階段的流程中都被接受。 + + + + Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. + 可選:載入到流程的「prompt_data」上下文變數。YAML 或 JSON 格式。 + + + + Single use + 單次使用 + + + + When enabled, the invitation will be deleted after usage. + 當啟用時,邀請函將在使用後被刪除。 + + + + Select an enrollment flow + 選擇註冊流程 + + + + Link to use the invitation. + 使用邀請函的連結。 + + + + Invitations + 邀請函 + + + + Create Invitation Links to enroll Users, and optionally force specific attributes of their account. + 建立邀請函連結來註冊使用者,可選擇強制設定其帳戶的特定特徵項。 + + + + Created by + 建立者 + + + + Invitation(s) + 邀請函 + + + + Invitation not limited to any flow, and can be used with any enrollment flow. + 邀請函並未限制用於任何流程,且可以用於任何註冊流程。 + + + + Update Invitation + 更新邀請函 + + + + Create Invitation + 建立邀請函 + + + + Warning: No invitation stage is bound to any flow. Invitations will not work as expected. + 警告:邀請流程沒有附加到任何流程。邀請將無法依照預期工作。 + + + + Auto-detect (based on your browser) + 自動偵測(基於您的瀏覽器) + + + + Required. + 必需。 + + + + Continue + 繼續 + + + + Successfully updated prompt. + 成功更新提示。 + + + + Successfully created prompt. + 成功建立提示。 + + + + Text: Simple Text input + 文字:簡單文字輸入 + + + + Text Area: Multiline text input + 文字區塊:多行文字輸入。 + + + + Text (read-only): Simple Text input, but cannot be edited. + 文字(唯讀):簡單文字輸入,但無法編輯。 + + + + Text Area (read-only): Multiline text input, but cannot be edited. + 文字區塊(唯讀):多行文字輸入。但無法編輯。 + + + + Username: Same as Text input, but checks for and prevents duplicate usernames. + 使用者名稱:與文字輸入相同,但檢查是否與現存有重複。 + + + + Email: Text field with Email type. + 電子郵件:具有電子郵件類型的文字欄位。 + + + + Password: Masked input, multiple inputs of this type on the same prompt need to be identical. + 密碼:遮罩輸入,同一提示上的多個此類輸入需要相同。 + + + + Number + 編號 + + + + Checkbox + 核取方塊 + + + + Radio Button Group (fixed choice) + 選項按鈕群組(固定選項) + + + + Dropdown (fixed choice) + 下拉式選單(固定選項) + + + + Date + 日期 + + + + Date Time + 日期時間 + + + + File + 檔案 + + + + Separator: Static Separator Line + 分隔符號:靜態分隔線 + + + + Hidden: Hidden field, can be used to insert data into form. + 隱藏:隱藏欄位,可用於將資料插入表單。 + + + + Static: Static value, displayed as-is. + 靜態:靜態數值,按原狀顯示。 + + + + authentik: Locale: Displays a list of locales authentik supports. + authentik:語言:顯示 authentik 支援的語言列表。 + + + + Preview errors + 預覽錯誤 + + + + Data preview + 資料預覽 + + + + Unique name of this field, used for selecting fields in prompt stages. + 這個欄位的獨特名稱,用於在提示階段中選擇。 + + + + Field Key + 欄位鍵值 + + + + Name of the form field, also used to store the value. + 表單名稱,也用於儲存數值。 + + + + When used in conjunction with a User Write stage, use attributes.foo to write attributes. + 當與使用者寫入階段結合使用時,請使用 attributes.foo 來撰寫特徵項。 + + + + Label + 標籤 + + + + Label shown next to/above the prompt. + 標籤顯示在提示的旁邊或上方。 + + + + Required + 必需 + + + + Interpret placeholder as expression + 將預先填入解釋為表示式 + + + + When checked, the placeholder will be evaluated in the same way a property mapping is. + If the evaluation fails, the placeholder itself is returned. + 啟用時,預先填入將以與屬性對應相同的方式進行評估。如果評估失敗,則返回預先填入本身。 + + + Placeholder + 預先填入 + + + + Optionally provide a short hint that describes the expected input value. + When creating a fixed choice field, enable interpreting as expression and return a + list to return multiple choices. + 可選:提供一個簡短提示,描述預期的輸入值。當建立一個固定選擇欄位時, + 啟用解釋為表示式,並回傳一個列表以提供多個選擇。 + + + Interpret initial value as expression + 將初始值解釋為表示式 + + + + When checked, the initial value will be evaluated in the same way a property mapping is. + If the evaluation fails, the initial value itself is returned. + 啟用時,初始值將以與屬性對應相同的方式進行評估。如果評估失敗,則返回初始值本身。 + + + Initial value + 初始值 + + + + Optionally pre-fill the input with an initial value. + When creating a fixed choice field, enable interpreting as expression and + return a list to return multiple default choices. + 可選:預先填入輸入框以一個初始值。 + 當建立一個固定選擇欄位時,啟用解釋為表示式,並回傳一個列表以提供多個預設選擇。 + + + Help text + 支援文字 + + + + Any HTML can be used. + 可使用任何 HTML。 + + + + Prompts + 提示 + + + + Single Prompts that can be used for Prompt Stages. + 可用於提示階段的單一提示。 + + + + Field + 欄位 + + + + Stages + 階段 + + + + Prompt(s) + 提示 + + + + Update Prompt + 更新提示 + + + + Create Prompt + 建立提示 + + + + Target + 目標 + + + + Stage + 階段 + + + + Evaluate when flow is planned + 在計劃流程時進行評估 + + + + Evaluate policies during the Flow planning process. + 在計劃流程執行時評估政策。 + + + + Evaluate when stage is run + 在執行階段時進行評估 + + + + Evaluate policies before the Stage is present to the user. + 在階段呈現給使用者前評估政策。 + + + + Invalid response behavior + 無效的回應行為 + + + + Returns the error message and a similar challenge to the executor + 回傳錯誤訊息以及類似的挑戰到執行器 + + + + Restarts the flow from the beginning + 從頭開始重新啟動流程 + + + + Restarts the flow from the beginning, while keeping the flow context + 從頭開始重新啟動流程,但保持流程的上下文 + + + + Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. + 設定流程執行器在遇到附加的階段中,給出挑戰但收到的無效回應時,應該處理的方式。 + + + + Successfully updated stage. + 成功更新階段。 + + + + Successfully created stage. + 成功建立階段。 + + + + Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. + 用於設定基於 Duo 身分認證器的階段。此階段應該使用在設定流程。 + + + + Authenticator type name + 身分認證器類型的名稱 + + + + Display name of this authenticator, used by users when they enroll an authenticator. + 顯示這個身分認證器,用於當使用者要註冊一個身分認證器時。 + + + + API Hostname + API 主機名稱 + + + + Duo Auth API + Duo 認證 API + + + + Integration key + 整合金鑰 + + + + Secret key + 金鑰 + + + + Duo Admin API (optional) + Duo 管理員 API(可選) + + + + When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. + This will allow authentik to import devices automatically. + 當使用 Duo MFA、Access 或 Beyond 計劃時,可以建立一個 Admin API 應用程式。這將允許 authentik 自動匯入裝置。 + + + Stage-specific settings + 階段特定的設定 + + + + Configuration flow + 設定的流程 + + + + Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. + 用於已認證的使用者設定此階段的流程,如果為空則使用者無法設定此階段。 + + + + Twilio Account SID + Twilio 帳號 SID + + + + Get this value from https://console.twilio.com + 從以下網址取得值 https://console.twilio.com + + + + Twilio Auth Token + Twilio 身分認證權杖 + + + + Authentication Type + 身分認證類型 + + + + Basic Auth + 基本身分認證 + + + + Bearer Token + 持有人權杖 + + + + External API URL + 外部 API 網址 + + + + This is the full endpoint to send POST requests to. + 這是項其發送 POST 要求的完整終端節點。 + + + + API Auth Username + API 認證使用者 + + + + This is the username to be used with basic auth or the token when used with bearer token + 這是與基本身分認證一起使用的使用者名稱,或與持有人權杖一起使用時的權杖。 + + + + API Auth password + API 認證密碼 + + + + This is the password to be used with basic auth + 這是與基本身分認證一起使用的密碼 + + + + Mapping + 對應 + + + + Modify the payload sent to the custom provider. + 修改發送至客製化供應商的酬載。 + + + + Stage used to configure an SMS-based TOTP authenticator. + 用於設定基於簡訊的 TOTP 身分認證器的階段。 + + + + Twilio + Twilio + + + + Generic + 通用的 + + + + From number + 傳送人電話號碼 + + + + Number the SMS will be sent from. + 傳送簡訊的電話號碼。 + + + + Hash phone number + 雜湊電話號碼 + + + + If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. + 啟用時,將只會儲存手機號碼的雜湊值。如果有資料保護的需求可以使用此項。啟用此選項的階段建立的裝置,將無法使用身份認證器的認證階段。 + + + + Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. + 用於設定靜態身分認證器的流程(即靜態權杖)。此階段應用於設定流程。 + + + + Token count + 權杖計數 + + + + Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). + 用於設定 TOTP 身分認證器的階段(即 Authy/Google 身分認證器)。 + + + + Digits + 位數 + + + + 6 digits, widely compatible + 6位數字,廣泛相容各類認證器 + + + + 8 digits, not compatible with apps like Google Authenticator + 8位數字,不相容於類似 Google Authenticator 等認證器 + + + + Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. + 用於驗證任何身分認證器的階段。此階段應用於身分認證或授權流程。 + + + + Device classes + 裝置類別 + + + + Static Tokens + 靜態權杖 + + + + TOTP Authenticators + TOTP 身分認證器 + + + + WebAuthn Authenticators + WebAuthn 身分認證器 + + + + Duo Authenticators + Duo 身分認證器 + + + + SMS-based Authenticators + 透過簡訊進行身分認證 + + + + Device classes which can be used to authenticate. + 可用於身分認證的類別。 + + + + Last validation threshold + 最後驗證的時間閾值 + + + + If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. + 如果上述選擇的任何裝置類型在此時長內被使用過,則將跳過此階段。 + + + + Not configured action + 未設定時的動作 + + + + Force the user to configure an authenticator + 強制使用者設定一個身分認證器 + + + + Deny the user access + 拒絕使用者存取 + + + + WebAuthn User verification + WebAuthn 使用者驗證 + + + + User verification must occur. + 使用者驗證必需發生。 + + + + User verification is preferred if available, but not required. + 使用者驗證作為可選項目而非必需。 + + + + User verification should not occur. + 使用者驗證不應發生。 + + + + Configuration stages + 設定階段 + + + + Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. + 用於當使用者沒有相容的裝置時,設定身分認證器的階段。通過此階段後,使用者將不會再收到提示。 + + + + When multiple stages are selected, the user can choose which one they want to enroll. + 當選擇多個階段時,使用者可選擇想使用哪一個註冊。 + + + + User verification + 使用者驗證 + + + + Resident key requirement + 常駐金鑰要求 + + + + Authenticator Attachment + 身分認證器外接裝置 + + + + No preference is sent + 不傳送建議選項 + + + + A non-removable authenticator, like TouchID or Windows Hello + 不可移除的身分認證器,例如 TouchID 或 Windows Hello + + + + A "roaming" authenticator, like a YubiKey + 外接式的身分認證器,例如 YubiKey + + + + This stage checks the user's current session against the Google reCaptcha (or compatible) service. + 這個階段使用 Google reCaptcha (或其他相容的)服務檢查使用者目前的會談。 + + + + Public Key + 公鑰 + + + + Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. + 公鑰,取得自以下網址 https://www.google.com/recaptcha/intro/v3.html。 + + + + Private Key + 私鑰 + + + + Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. + 私鑰,取得自以下網址 https://www.google.com/recaptcha/intro/v3.html。 + + + + Advanced settings + 進階設定 + + + + JS URL + JS 網址 + + + + URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. + 用於擷取 JavaScript 的網址,預設為 reCAPTCHA。可以替換為任何相容的替代方案。 + + + + API URL + API 網址 + + + + URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. + 用於驗證認證碼回應的網址,預設為 reCAPTCHA。可以替換為任何相容的替代方案。 + + + + Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. + 使用者同意的提示。同意可以是永久性的,也可以設定過期時間。 + + + + Always require consent + 總是需要取得同意 + + + + Consent given last indefinitely + 給予永久性的同意 + + + + Consent expires. + 給予有期限的同意 + + + + Consent expires in + 同意有效期限 + + + + Offset after which consent expires. + 同意有效期限的偏移量 + + + + Dummy stage used for testing. Shows a simple continue button and always passes. + 用於測試的假階段。顯示一個「繼續」的按鈕且永遠通過。 + + + + Throw error? + 是否顯示錯誤資訊 + + + + SMTP Host + SMTP 主機 + + + + SMTP Port + SMTP 連接埠 + + + + SMTP Username + SMTP 使用者名稱 + + + + SMTP Password + SMTP 密碼 + + + + Use TLS + 使用 TLS + + + + Use SSL + 使用 SSL + + + + From address + 寄件人地址 + + + + Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. + 通過發送一次性連結驗證使用者的電子郵件地址。也可用於救援過程中驗證使用者的真實性。 + + + + Activate pending user on success + 成功時啟用待處理的使用者 + + + + When a user returns from the email successfully, their account will be activated. + 當使用者成功透過電子郵件返回時,重新啟用他們的帳號。 + + + + Use global settings + 使用全域設定 + + + + When enabled, global Email connection settings will be used and connection settings below will be ignored. + 啟用時,將使用全域電子郵件連線設定,以下的連線設定將被忽略。 + + + + Token expiry + 權杖有效期限 + + + + Time in minutes the token sent is valid. + 發送權杖的有效期限(分鐘為單位)。 + + + + Template + 範本 + + + + Let the user identify themselves with their username or Email address. + 讓使用者利用使用者名稱或電子郵件來標示自己。 + + + + User fields + 使用者欄位 + + + + UPN + UPN + + + + Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. + 使用者可以用來標示自己的欄位。如果沒有選擇任何欄位,使用者將只能使用來源。 + + + + Password stage + 密碼階段 + + + + When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. + 當選擇時,密碼欄位將會顯示在同一頁面上,這樣可以防止使用者名稱列舉攻擊。 + + + + Case insensitive matching + 使用者名稱配對不分大小寫 + + + + When enabled, user fields are matched regardless of their casing. + 啟用時,配對使用者名稱時將無視大小寫。 + + + + Show matched user + 顯示符合的使用者 + + + + When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. + 當啟用了此選項,且輸入了有效的使用者名稱或電子郵件時,將顯示使用者的使用者名稱和個人檔案圖片。否則,將顯示使用者輸入的文字。 + + + + Source settings + 來源設定 + + + + Sources + 來源 + + + + Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. + 選擇當使用者進行認證時應顯示的來源。此選項將只會影響基於網頁的來源,LDAP 不受影響。 + + + + Show sources' labels + 顯示來源標籤 + + + + By default, only icons are shown for sources. Enable this to show their full names. + 預設的情況下,只會顯示來源的圖示,啟用這個選項來顯示全名。 + + + + Passwordless flow + 無密碼認證流程 + + + + Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. + 可選:無密碼認證的流程,連結顯示在頁面底部。設定時,使用者可以無須輸入任何詳細資訊,透過此流程搭配 WebAuthn 身分認證器來進行認證。 + + + + Optional enrollment flow, which is linked at the bottom of the page. + 可選:註冊流程,連結顯示在頁面底部。 + + + + Optional recovery flow, which is linked at the bottom of the page. + 可選:救援流程,連結顯示在頁面底部。 + + + + This stage can be included in enrollment flows to accept invitations. + 此階段可以包含在註冊流程中以接受邀請。 + + + + Continue flow without invitation + 設定無邀請函的流程 + + + + If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. + 如果啟用此旗標,當沒有邀請函時這個階段將會跳到下個階段。預設的情況下,此階段將會取消流程。 + + + + Validate the user's password against the selected backend(s). + 由選擇的後端來驗證使用者密碼。 + + + + Backends + 後端 + + + + User database + standard password + 使用者資料庫 + 標準密碼 + + + + User database + app passwords + 使用者資料庫 + 應用程式密碼 + + + + User database + LDAP password + 使用者資料庫 + LDAP 密碼 + + + + Selection of backends to test the password against. + 選擇要用於測試密碼的後端。 + + + + Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. + 經過身分認證的使用者用來設定密碼的流程,如果未設定則使用者將無法變更密碼。 + + + + Failed attempts before cancel + 取消前可嘗試的次數 + + + + How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. + 在取消流程前使用者嘗試的次數。要鎖定使用者請使用名譽政策和 user_write 階段。 + + + + Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. + 向使用者顯示任意輸入欄位,例如在註冊過程中。資料會保存在流程上下文中的「prompt_data」變數中。 + + + + Fields + 欄位 + + + + ("", of type ) + + (「」,類型為 ) + + + + Validation Policies + 驗證政策 + + + + Selected policies are executed when the stage is submitted to validate the data. + 當階段提交時,將執行所選政策以驗證資料。 + + + + Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. + 刪除目前待處理的使用者。注意,這個階段不會要求確認。使用同意階段以確保使用者意識到他們的動作。 + + + Log the currently pending user in. + 將待處理的使用者登入。 + + + + Session duration + 會談的持續時間 + + + + Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. + 決定會談將持續多久。預設值「seconds=0」表示會談會持續到關閉瀏覽器為止。 + + + + Different browsers handle session cookies differently, and might not remove them even when the browser is closed. + 不同的瀏覽器處理會談 cookies 方法各異,在關閉瀏覽器後可能不會移除它。 + + + + See here. + 更多資訊 + + + + Stay signed in offset + 登入的持續時間 + + + + If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + 如果持續時間大於零,使用者介面上將會有「保持登入」選項。這將會依照設定的時間延長會談。 + + + + Terminate other sessions + 終止其他會談 + + + + When enabled, all previous sessions of the user will be terminated. + 當啟用後,所有之前的會談將會被終止。 + + + + Remove the user from the current session. + 移除使用者目前的會談。 + + + + Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user + is pending, a new user is created, and data is written to them. + 將流程上下文中的「prompt_data」的任何資料寫入當前待處理的使用者。如果沒有待處理的使用者,則建立一個新使用者,並將資料寫入該使用者。 + + + Never create users + 不建立使用者 + + + + When no user is present in the flow context, the stage will fail. + 當流程上下文中不存在使用者時,階段將會失敗。 + + + + Create users when required + 需要時建立使用者 + + + + When no user is present in the the flow context, a new user is created. + 當流程上下文中不存在使用者時,建立使用者。 + + + + Always create new users + 總是建立使用者 + + + + Create a new user even if a user is in the flow context. + 總是建立使用者,即便流程上下文中存在使用者。 + + + + Create users as inactive + 建立停用狀態的使用者 + + + + Mark newly created users as inactive. + 將建立的使用者標記為停用狀態。 + + + + User path template + 使用者路徑範本 + + + + Path new users will be created under. If left blank, the default path will be used. + 使用者將會建立在此路徑下。如果留空則使用預設路徑。 + + + + Newly created users are added to this group, if a group is selected. + 如果有選擇群組,使用者將會被加入到該群組。 + + + + New stage + 新增階段 + + + + Create a new stage. + 建立一個階段。 + + + + Successfully imported device. + 成功匯入裝置。 + + + + The user in authentik this device will be assigned to. + 此裝置將被分配給的 authentik 中的使用者。 + + + + Duo User ID + Duo 使用者 ID + + + + The user ID in Duo, can be found in the URL after clicking on a user. + Duo 的使用者 ID,點選使用者後可以在網址列上找到。 + + + + Automatic import + 自動匯入 + + + + Successfully imported devices. + 成功匯入 個裝置。 + + + + Start automatic import + 開始自動匯入 + + + + Or manually import + 或使用手動匯入 + + + + Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. + 階段是流程中使用者被引導通過的單一步驟。階段只能在流程內部執行。 + + + + Flows + 流程 + + + + Stage(s) + 階段 + + + + Import + 匯入 + + + + Import Duo device + 匯入 Duo 裝置 + + + + Successfully updated flow. + 成功更新流程。 + + + + Successfully created flow. + 成功建立流程。 + + + + Shown as the Title in Flow pages. + 作為標題顯示在流程頁面。 + + + + Visible in the URL. + 顯示於網址列中。 + + + + Designation + 使用目的 + + + + Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. + 決定此流程的用途。例如當未經認證的使用者存取 authentik 時,將其重新導向到身分認證流程。 + + + + No requirement + 不需要 + + + + Require authentication + 需要身分認證 + + + + Require no authentication. + 需要無身分認證 + + + + Require superuser. + 需要超級使用者 + + + + Required authentication level for this flow. + 這個流程所需的身分認證等級。 + + + + Behavior settings + 行為設定 + + + + Compatibility mode + 相容模式 + + + + Increases compatibility with password managers and mobile devices. + 提升對密碼管理器和行動裝置的相容性。 + + + + Denied action + 拒絕時動作 + + + + Will follow the ?next parameter if set, otherwise show a message + 如果有設定「?next」參數則重新導向,反之則顯示訊息 + + + + Will either follow the ?next parameter or redirect to the default interface + 如果有設定「?next」參數則重新導向,反之則重新導向到預設介面 + + + + Will notify the user the flow isn't applicable + 將會通知使用者流程無法適用 + + + + Decides the response when a policy denies access to this flow for a user. + 決定當這個流程的使用者被政策拒絕存取時的回應。 + + + + Appearance settings + 外觀設定 + + + + Layout + 版面設計 + + + + Background + 背景 + + + + Background shown during execution. + 執行過程中顯示的背景。 + + + + Clear background + 清除背景 + + + + Delete currently set background image. + 刪除目前設定的背景圖片。 + + + + Successfully imported flow. + 成功匯入流程。 + + + + .yaml files, which can be found on goauthentik.io and can be exported by authentik. + .yaml 檔案,可以在 goauthentik.io 中找到且可以從 authentik 中匯出。 + + + + Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. + 流程描述了一系列階段,用於認證、註冊或救援使用者。根據應用於它們的政策選擇階段。 + + + + Flow(s) + 流程 + + + + Update Flow + 更新流程 + + + + Create Flow + 建立流程 + + + + Import Flow + 匯入流程 + + + + Successfully cleared flow cache + 成功清除流程的快取 + + + + Failed to delete flow cache + 無法刪除流程的快取 + + + + Clear Flow cache + 清除流程的快取 + + + + Are you sure you want to clear the flow cache? + This will cause all flows to be re-evaluated on their next usage. + 您確定要清除流程快取嗎?這將導致所有流程在下次使用時重新評估。 + + + Stage binding(s) + 階段附加 + + + + Stage type + 階段類型 + + + + Edit Stage + 編輯階段 + + + + Update Stage binding + 更新階段附加 + + + + These bindings control if this stage will be applied to the flow. + 這些附加控制此階段是否將應用於流程。 + + + + No Stages bound + 沒有已附加的階段 + + + + No stages are currently bound to this flow. + 目前沒有階段附加到此流程。 + + + + Create Stage binding + 建立階段附加 + + + + Bind stage + 附加階段 + + + + Bind existing stage + 附加已存在的階段 + + + + Flow Overview + 流程概覽 + + + + Related actions + 關聯的動作 + + + + Execute flow + 執行流程 + + + + Normal + 正常執行 + + + + with current user + 使用目前使用者執行 + + + + with inspector + 和流程檢閱器一起執行 + + + + Export flow + 匯出這個流程 + + + + Export + 匯出 + + + + Stage Bindings + 階段附加 + + + + These bindings control which users can access this flow. + 這些附加控制哪些使用者可以存取此流程。 + + + + Event Log + 事件日誌 + + + + Event + 事件 + + + + Event info + 事件資訊 + + + + Created + 已建立 + + + + Successfully updated transport. + 成功更新通道。 + + + + Successfully created transport. + 成功建立通道。 + + + + Local (notifications will be created within authentik) + 本機(通知將會透過 authentik 建立) + + + + Webhook (generic) + Webhook (通用) + + + + Webhook (Slack/Discord) + Webhook(Slack/Discord) + + + + Webhook URL + Webhook 網址 + + + + Webhook Mapping + Webhook 對應 + + + + Send once + 僅發送一次 + + + + Only send notification once, for example when sending a webhook into a chat channel. + 僅發送一次通知,例如在將 webhook 發送到聊天頻道時。 + + + + Notification Transports + 通知通道 + + + + Define how notifications are sent to users, like Email or Webhook. + 定義如何向使用者傳送通知,例如電子郵件或 Webhook。 + + + + Notification transport(s) + 通知通道 + + + + Update Notification Transport + 更新通知通道 + + + + Create Notification Transport + 建立通知通道 + + + + Successfully updated rule. + 成功更新規則。 + + + + Successfully created rule. + 成功建立規則。 + + + + Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. + 選擇接收警報的使用者群組。如果沒有選擇群組,則規則將被停用。 + + + + Transports + 通道 + + + + Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. + 選擇應使用哪些通道來通知使用者。如果沒有選擇任何通道,通知將只會在 authentik 使用者介面中顯示。 + + + + Severity + 嚴重程度 + + + + Notification Rules + 通知規則 + + + + Send notifications whenever a specific Event is created and matched by policies. + 當特定事件被建立並符合政策時都會發送通知。 + + + + Sent to group + 已發送到群組 + + + + Notification rule(s) + 通知規則 + + + + None (rule disabled) + 無(停用規則) + + + + Update Notification Rule + 更新通知規則 + + + + Create Notification Rule + 建立通知規則 + + + + These bindings control upon which events this rule triggers. +Bindings to groups/users are checked against the user of the event. + 這些附加控制了此規則觸發的事件。附加到群組或使用者的條件會根據事件的使用者來檢查。 + + + Outpost Deployment Info + Outpost 部署資訊 + + + + View deployment documentation + 檢視部署文件 + + + + Click to copy token + 點選這裡複製權杖 + + + + If your authentik Instance is using a self-signed certificate, set this value. + 如果您的 authentik 執行個體使用自簽憑證,請設定此項。 + + + + If your authentik_host setting does not match the URL you want to login with, add this setting. + 如果您的 authentik_host 設定與您登入的網址不同,請加入此設定。 + + + + Successfully updated outpost. + 成功更新 Outpost。 + + + + Successfully created outpost. + 成功建立 Outpost。 + + + + Radius + Radius + + + + Integration + 整合 + + + + Selecting an integration enables the management of the outpost by authentik. + 選擇一個整合讓 authentik 對 Outpost 進行管理。 + + + + You can only select providers that match the type of the outpost. + 您只能選擇與 Outpost 類型相符的供應商。 + + + + Configuration + 設定 + + + + See more here: + 更多資訊請參考: + + + + Documentation + 官方文件 + + + + Last seen + 最後上線時間 + + + + , should be + ,應該是 + + + + Hostname + 主機名稱 + + + + Not available + 無法使用 + + + + Last seen: + 最後上線時間: + + + + Unknown type + 未知的類型 + + + + Outposts + Outposts + + + + Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. + Outposts 是 authentik 系統中的一部分,負責部署組件以適應各種環境和協議需求,例如作為反向代理。 + + + + Health and Version + 執行狀態和版本 + + + + Warning: authentik Domain is not configured, authentication will not work. + 警告:未設定 authentik 的網域,身分認證將無法使用。 + + + + Logging in via . + 透過以下網址登入。 + + + + No integration active + 沒有啟用的整合 + + + + Update Outpost + 更新 Outpost + + + + View Deployment Info + 檢視部署資訊 + + + + Detailed health (one instance per column, data is cached so may be out of date) + 健康狀態詳細資訊(每一列一個執行個體,使用快取資料所以可能是過時資訊) + + + + Outpost(s) + Outpost(s) + + + + Create Outpost + 建立 Outpost + + + + Successfully updated integration. + 成功更新整合。 + + + + Successfully created integration. + 成功建立整合。 + + + + Local + 本機端連線 + + + + If enabled, use the local connection. Required Docker socket/Kubernetes Integration. + 啟用時,請使用本機連線。需要整合 docker / Kubernetes 的 socket。 + + + + Docker URL + Docker 網址 + + + + Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. + 當連接到本機 Docker 常駐程式時,將會是「unix: //」的格式,通過 SSH 連線時使用「ssh: //」,或者當連接到遠端系統時,將會是「https://:2376」的格式。 + + + + CA which the endpoint's Certificate is verified against. Can be left empty for no validation. + 驗證終端節點的憑證所需的 CA 憑證。如果為空則不驗證憑證。 + + + + TLS Authentication Certificate/SSH Keypair + TLS 身分認證憑證或 SSH 金鑰對 + + + + Certificate/Key used for authentication. Can be left empty for no authentication. + 用於身分認證的憑證或金鑰。如果為空則不進行身分認證。 + + + + When connecting via SSH, this keypair is used for authentication. + 當使用 SSH 連線時,此金鑰對將用於身分認證。 + + + + Kubeconfig + Kubeconfig + + + + Verify Kubernetes API SSL Certificate + 驗證 Kubernetes API 的 SSL 憑證 + + + + New outpost integration + 新增 Outpost 整合 + + + + Create a new outpost integration. + 建立一個 Outpost 整合。 + + + + State + 狀態 + + + + Unhealthy + 不健康 + + + + Outpost integration(s) + Outpost 整合 + + + + Successfully generated certificate-key pair. + 成功產生金鑰對。 + + + + Common Name + 主體名稱 + + + + Subject-alt name + 主體別名 + + + + Optional, comma-separated SubjectAlt Names. + 可選:使用逗號分隔多個主體別名。 + + + + Validity days + 有效天數 + + + + Successfully updated certificate-key pair. + 成功更新金鑰對。 + + + + Successfully created certificate-key pair. + 成功建立金鑰對。 + + + + PEM-encoded Certificate data. + PEM 編碼的憑證資料。 + + + + Optional Private Key. If this is set, you can use this keypair for encryption. + 可選:私鑰。如果設定此項,您可以使用金鑰對來加密。 + + + + Certificate-Key Pairs + 憑證金鑰對 + + + + Import certificates of external providers or create certificates to sign requests with. + 匯入外部供應商的憑證或建立用於簽署請求的憑證。 + + + + Private key available? + 是否含有私鑰 + + + + Certificate-Key Pair(s) + 憑證金鑰對 + + + + Managed by authentik + 由 authentik 管理 + + + + Managed by authentik (Discovered) + 由 authentik 管理(已發現) + + + + Yes () + 是 () + + + + No + + + + + Update Certificate-Key Pair + 更新憑證金鑰對 + + + + Certificate Fingerprint (SHA1) + 憑證指紋 (SHA1) + + + + Certificate Fingerprint (SHA256) + 憑證指紋 (SHA256) + + + + Certificate Subject + 憑證主題名稱 + + + + Download Certificate + 下載憑證 + + + + Download Private key + 下載私鑰 + + + + Create Certificate-Key Pair + 建立憑證金鑰對 + + + + Generate + 產生憑證 + + + + Generate Certificate-Key Pair + 產生憑證金鑰對 + + + + Successfully updated instance. + 成功更新執行個體 + + + + Successfully created instance. + 成功建立執行個體 + + + + Disabled blueprints are never applied. + 停用的藍圖將永遠不會被應用。 + + + + Local path + 本機路徑 + + + + OCI Registry + OCI Registry + + + + Internal + 內部位置 + + + + OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. + OCI 網址,格式為「oci://registry.domain.tld/path/to/manifest」。 + + + + See more about OCI support here: + 關於更多 OCI 支援請參考: + + + + Blueprint + 藍圖 + + + + Configure the blueprint context, used for templating. + 設定藍圖的上下文,用於作為範本。 + + + + Orphaned + 孤立 + + + + Blueprints + 藍圖 + + + + Automate and template configuration within authentik. + 在 authentik 中自動化和範本化設定。 + + + + Last applied + 最後應用時間 + + + + Blueprint(s) + 藍圖 + + + + Update Blueprint + 更新藍圖 + + + + Create Blueprint Instance + 建立藍圖執行個體 + + + + API Requests + API 要求 + + + + Open API Browser + 打開 API 瀏覽器 + + + + Notifications + 通知 + + + + unread + 封尚未讀取 + + + + Successfully cleared notifications + 成功清除通知 + + + + Clear all + 清除全部 + + + + A newer version of the frontend is available. + 有可用的新版本前端網頁。 + + + + You're currently impersonating . Click to stop. + 您現在正在模擬 +。點擊停止模擬。 + + + + User interface + 使用者介面 + + + + Dashboards + 儀表板 + + + + Events + 事件 + + + + Logs + 日誌 + + + + Customisation + 客製化設定 + + + + Directory + 使用者目錄 + + + + System + 系統 + + + + Certificates + 憑證 + + + + Outpost Integrations + Outpost 整合 + + + + API request failed + API 要求失敗 + + + + User's avatar + 使用者的個人檔案圖片 + + + + Something went wrong! Please try again later. + 發生錯誤,請稍後再次嘗試。 + + + + Request ID + 要求 ID + + + + You may close this page now. + 您現在可以關閉這個頁面。 + + + + You're about to be redirect to the following URL. + 您即將被重新導向到以下網址。 + + + + Follow redirect + 跟隨重新導向 + + + + Request has been denied. + 要求被拒。 + + + + Not you? + 不是您? + + + + Need an account? + 需要一個帳號嗎? + + + + Sign up. + 註冊。 + + + + Forgot username or password? + 忘記使用者名稱或密碼? + + + + Select one of the sources below to login. + 選擇一下來源進行登入。 + + + + Or + + + + + Use a security key + 使用安全金鑰登入 + + + + Login to continue to . + 登入以繼續前往 + + + + Please enter your password + 請輸入您的密碼 + + + + Forgot password? + 忘記密碼 + + + + Application requires following permissions: + 應用程式需要以下權限: + + + + Application already has access to the following permissions: + 應用程式已用擁有已下存取權限: + + + + Application requires following new permissions: + 應用程式需要新增以下權限: + + + + Check your Inbox for a verification email. + 檢查您的收件夾確認是否收到驗證電子郵件。 + + + + Send Email again. + 再次傳送電子郵件。 + + + + Successfully copied TOTP Config. + 成功複製 TOTP 設定。 + + + + Copy + 複製 + + + + Code + 認證碼 + + + + Please enter your TOTP Code + 請輸入您的 TOTP 認證碼 + + + + Duo activation QR code + Duo 啟用的二維條碼 + + + + Alternatively, if your current device has Duo installed, click on this link: + 或者如果您目前裝置已安裝 Duo,請點擊此連結: + + + + Duo activation + Duo 啟用 + + + + Check status + 檢查狀態 + + + + Make sure to keep these tokens in a safe place. + 請將這些權杖保存在安全的地方。 + + + + Phone number + 電話號碼 + + + + Please enter your Phone number. + 請輸入您的電話號碼。 + + + + Please enter the code you received via SMS + 請輸入您簡訊收到的認證碼。 + + + + A code has been sent to you via SMS. + 認證碼已透過簡訊傳送。 + + + + Open your two-factor authenticator app to view your authentication code. + 開啟您的雙重身份認證器應用程式,檢視您的認證碼。 + + + + Static token + 靜態權杖 + + + + Authentication code + 認證碼 + + + + Please enter your code + 請輸入您的認證碼 + + + + Return to device picker + 回到選擇裝置頁面 + + + + Sending Duo push notification + 傳送到 Duo 推播通知 + + + + Assertions is empty + 斷言為空 + + + + Error when creating credential: + 建立憑證時發生錯誤: + + + + Error when validating assertion on server: + 在伺服器上驗證斷言發生錯誤: + + + + Retry authentication + 重試身分認證 + + + + Duo push-notifications + Duo 推播通知 + + + + Receive a push notification on your device. + 在您的裝置上接收推播通知。 + + + + Authenticator + 身分認證器 + + + + Use a security key to prove your identity. + 使用您的安全金鑰證明身分。 + + + + Traditional authenticator + 傳統身分認證器 + + + + Use a code-based authenticator. + 使用基於認證碼的身分認證器。 + + + + Recovery keys + 救援金鑰 + + + + In case you can't access any other method. + 萬一您無法存取其他方法。 + + + + SMS + 簡訊 + + + + Tokens sent via SMS. + 通過簡訊傳送權杖。 + + + + Select an authentication method. + 選擇一種身分認證方法。 + + + + Stay signed in? + 繼續保持登入? + + + + Select Yes to reduce the number of times you're asked to sign in. + 選擇「是」來減少詢問登入的次數。 + + + + Authenticating with Plex... + 使用 Plex 進行身分認證中…… + + + + Waiting for authentication... + 等待身分認證中…… + + + + If no Plex popup opens, click the button below. + 如果 Plex 彈出視窗未開啟,請點選以下按鈕前往。 + + + + Open login + 開啟登入頁面 + + + + Authenticating with Apple... + 使用 Apple 進行身分認證中…… + + + + Retry + 重試 + + + + Enter the code shown on your device. + 輸入顯示在您裝置上的認證碼。 + + + + Please enter your Code + 請輸入認證碼 + + + + You've successfully authenticated your device. + 您已成功透過裝置認證。 + + + + Flow inspector + 流程檢閱器 + + + + Next stage + 下一個階段 + + + + Stage name + 階段名稱 + + + + Stage kind + 階段類型 + + + + Stage object + 階段物件 + + + + This flow is completed. + 此流程已執行完成。 + + + + Plan history + 計劃歷史紀錄 + + + + Current plan context + 目前計劃的上下文 + + + + Session ID + 會談 ID + + + + Powered by authentik + 由 authentik 技術支援 + + + + Background image + 背景圖片 + + + + Error creating credential: + 建立憑證時發生錯誤: + + + + Server validation of credential failed: + 伺服器驗證憑證失敗: + + + + Register device + 註冊裝置 + + + + Refer to documentation + 請參考文件 + + + No Applications available. + 沒有可用的應用程式。 + + + + Either no applications are defined, or you don’t have access to any. + 尚未有已定義的應用程式,或是您沒有存取任何應用程式的權限。 + + + My Applications + 我的應用程式 + + + + My applications + 我的應用程式 + + + + Change your password + 變更您的密碼 + + + + Change password + 變更密碼 + + + + + + + + + + + Save + 儲存 + + + + Delete account + 刪除帳號 + + + + Successfully updated details + 成功更新個人資訊 + + + + Open settings + 開啟設定 + + + + No settings flow configured. + 未設定設定流程 + + + + Update details + 更新個人資訊 + + + + Successfully disconnected source + 成功解除來源的連線 + + + + Failed to disconnected source: + 無法解除來自以下來源的連線: + + + + Disconnect + 解除連線 + + + + Connect + 連線 + + + + Error: unsupported source settings: + 錯誤:不支援的來源設定: + + + + Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. + 將您的使用者帳號與下方的服務連線,讓您可以直接使用該服務而不使用傳統認證登入。 + + + + No services available. + 沒有可用的服務。 + + + + Create App password + 建立應用程式密碼 + + + + User details + 使用者個人資訊 + + + + Consent + 同意 + + + + MFA Devices + 多重要素認證裝置 + + + + Connected services + 已連接的服務 + + + + Tokens and App passwords + 權杖和應用程式密碼 + + + + Unread notifications + 未讀取通知 + + + + Admin interface + 管理員介面 + + + + Stop impersonation + 離開模擬模式 + + + + Avatar image + 個人檔案圖片 + + + + Failed + 失敗 + + + + Unsynced / N/A + 未同步或無法使用 + + + + Outdated outposts + 過時的 Outposts + + + + Unhealthy outposts + 不健康的 Outposts + + + + Next + 下一步 + + + + Inactive + 停用 + + + + Regular user + 一般使用者 + + + + Activate + 啟用 + + + + Use Server URI for SNI verification + 使用伺服器 URI 進行 SNI 驗證 - - Open API drawer + + Required for servers using TLS 1.3+ + 伺服器需啟用 TLS 1.3版以上 - - Open Notification drawer + + Client certificate keypair to authenticate against the LDAP Server's Certificate. + 用於對 LDAP 伺服器的憑證進行認證的用戶端憑證金鑰對。 - - Connection error, reconnecting... + + The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. + 針對上述設定的 Base DN 的憑證。作為備援方案,供應商使用自簽憑證。 - - Loading... + + TLS Server name + TLS 伺服器名稱 - - Application + + DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. + 應使用上述設定憑證的 DNS 名稱。Base DN 無法檢測憑證,因為 SSL/TLS 協商發生在此類資料交換之前。 - - Logins + + TLS Client authentication certificate + TLS 用戶端認證憑證 - - Failed to fetch + + Model + 模型 - - Click to change value + + Match events created by selected model. When left empty, all models are matched. + 將選擇的模型與建立的事件配對。如果為空則將符合所有模型。 - - Select an object. + + Code-based MFA Support + 基於認證碼多重要素認證支援 - - Loading options... + + When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. + 當啟用此功能時,可以透過在密碼後加上分號及TOTP認證碼(範例:password:totp認證碼)來使用多重要素驗證。您應只有在所有要連線到此服務的使用者都已設定TOTP裝置的情況下,才啟用此功能。如果使用者的密碼中恰好包含分號,可能會因誤判而被拒絕存取。 - - API Access + + User type + 使用者類型 - - App password + + Successfully updated license. + 成功更新授權許可證 - - Recovery + + Successfully created license. + 成功建立授權許可證 - - Verification + + Install ID + 安裝 ID - - Unknown intent + + License key + 授權金鑰 - - Login + + Licenses + 授權許可證 - - Failed login + + License(s) + 授權許可證 - - Logout + + Enterprise is in preview. + 企業版正處於預覽版本。 - - User was written to + + Cumulative license expiry + 累計授權到期人數 - - Suspicious request + + Update License + 更新授權許可證 - - Password set + + Warning: The current user count has exceeded the configured licenses. + 警告:目前的使用者人數已抵達設設定的授權許可上限。 - - Secret was viewed + + Click here for more info. + 點擊這裡取得更多資訊。 - - Secret was rotated + + Enterprise + 企業版 - - Invitation used + + Manage enterprise licenses + 管理企業版授權許可證 - - Application authorized + + No licenses found. + 找不到授權許可證。 - - Source linked + + Send us feedback! + 提供建議給我們! - - Impersonation started + + Get a license + 取得授權許可證。 - - Impersonation ended + + Go to Customer Portal + 前往客戶入口網站 - - Flow execution + + Forecast internal users + 內部使用者預測 - - Policy execution + + Estimated user count one year from now based on current internal users and forecasted internal users. + 基於目前 名內部使用者和預估的 名內部使用者來估計一年後的使用者總數。 - - Policy exception + + Forecast external users + 外部使用者預測 - - Property Mapping exception + + Estimated user count one year from now based on current external users and forecasted external users. + 基於目前 名外部使用者和預估的 名外部使用者來估計一年後的使用者總數。 - - System task execution + + Install + 安裝 - - System task exception + + Install License + 安裝授權許可證 - - General system exception + + Internal users might be users such as company employees, which will get access to the full Enterprise feature set. + 內部使用者可能是像公司員工這樣的使用者,他們將取得全部企業版功能的存取權限。 - - Configuration error + + External users might be external consultants or B2C customers. These users don't get access to enterprise features. + 外部使用者可能是像顧問或是 B2C 客戶這樣的使用者,這些使用者不會取得企業版功能的存取權限。 - - Model created + + Service accounts should be used for machine-to-machine authentication or other automations. + 服務帳號應用於機器對機器的身份認證或其他自動化操作。 - - Model updated + + Less details + 顯示更少資訊 - - Model deleted - - - Email sent - - - Update available - - - Alert - - - Notice - - - Warning - - - Unknown severity - - - Static tokens - - - TOTP Device - - - Internal - - - External - - - Service account - - - Service account (internal) - - - Show less - - - Show more - - - UID - - - Name - - - App - - - Model Name - - - Message - - - Subject - - - From - - - To - - - Context - - - User - - - Affected model: - - - Authorized application: - - - Using flow - - - Email info: - - - Secret: - - - Exception - - - Open issue on GitHub... - - - Expression - - - Binding - - - Request - - - Object - - - Result - - - Passing - - - Messages - - - New version available - - - Using source - - - Attempted to log in as - - - No additional data available. - - - no tabs defined + + More details + 顯示更多資訊 Remove item + 移除物件 - - - of + + Open API drawer + 開啟 API 下拉選單 - - Go to previous page - - - Go to next page - - - Search... - - - Loading - - - No objects found. - - - Failed to fetch objects. - - - Refresh - - - Select all rows - - - Action - - - Creation Date - - - Client IP - - - Brand - - - Recent events - - - On behalf of - - - - - - - No Events found. - - - No matching events could be found. - - - Embedded outpost is not configured correctly. - - - Check outposts. - - - HTTPS is not detected correctly - - - Server and client are further than 5 seconds apart. - - - OK - - - Everything is ok. - - - System status - - - Based on - - - is available! - - - Up-to-date! - - - Version - - - Workers - - - No workers connected. Background tasks will not run. - - - hour(s) ago - - - Failed to fetch data. - - - day(s) ago - - - Authorizations - - - Failed Logins - - - Successful Logins - - - : - - - Cancel - - - LDAP Source - - - SCIM Provider - - - Healthy - - - Failed - - - Unsynced / N/A - - - Healthy outposts - - - Outdated outposts - - - Unhealthy outposts - - - Not found - - - The URL "" was not found. - - - Return home - - - General system status - - - Welcome, . - - - Quick actions - - - Create a new application - - - Check the logs - - - Explore integrations - - - Manage users - - - Check the release notes - - - Outpost status - - - Sync status - - - Logins and authorizations over the last week (per 8 hours) - - - Apps with most usage - - - days ago - - - Objects created - - - User Statistics - - - Users created per day in the last month - - - Users created - - - Logins per day in the last month - - - Failed Logins per day in the last month - - - Failed logins - - - Clear search - - - System Tasks - - - Long-running operations which authentik executes in the background. - - - Identifier - - - Description - - - Last run - - - Status - - - Actions - - - Successful - - - Error - - - Unknown - - - Duration - - - seconds + + Open Notification drawer + 開啟通知下拉選單 Restart task - - - Close - - - Create - - - Next - - - Back - - - Submit - - - Type - - - Select providers to add to application - - - Add - - - Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test". - - - Path template for users created. Use placeholders like `%(slug)s` to insert the source slug. - - - Currently set to: - - - No form found - - - Form didn't return a promise for submitting - - - Any policy must match to grant access - - - All policies must match to grant access - - - Successfully updated application. - - - Successfully created application. - - - Application's display Name. - - - Slug - - - Internal application name used in URLs. - - - Group - - - Optionally enter a group name. Applications with identical groups are shown grouped together. - - - Provider - - - Select a provider that this application should use. - - - Backchannel Providers - - - Select backchannel providers which augment the functionality of the main provider. + 重新啟動工作 Add provider + 新增供應商 - - Policy engine mode + + Open + 開啟 - - UI settings + + Copy token + 複製權杖 - - Launch URL + + Add users + 新增使用者 - - If left empty, authentik will try to extract the launch URL based on the selected provider. + + Add group + 新增群組 - - Open in new tab + + Import devices + 匯入裝置 - - If checked, the launch URL will open in a new browser tab or window from the user's application library. + + Execute + 執行 - - Icon + + Show details + 顯示詳細資訊 - - Clear icon + + Apply + 套用 - - Delete currently set icon. + + Settings + 設定 - - Publisher + + Sign out + 登出 + + + The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. + 每當使用此階段時產生的權杖數量。每次階段執行產生的每個權杖都將附加到一個固定裝置上。 + + + Token length + 權杖長度 + + + The length of the individual generated tokens. Can be increased to improve security. + 每個產生的權杖長度。可以增加以提高安全性。 + + + Internal: + 內部使用者: + + + External: + 外部使用者: + + + Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. + 靜態拒絕的流程。要有效使用此階段,請在相應的附加上停用「在計劃流程時進行評估」。 + + + Create and bind Policy + 建立政策並附加 + + + Federation and Social login + 聯邦式認證和社群登入 + + + Create and bind Stage + 建立階段並附加 + + + Flows and Stages + 流程與階段 + + + New version available + 有可用的新版本 + + + Failure result + 失敗的結果 + + + Pass + 通過 + + + Don't pass + 不要通過 + + + Result used when policy execution fails. + 當政策執行失敗所使用的結果 + + + Required: User verification must occur. + 必需:使用者驗證必需發生。 + + + Preferred: User verification is preferred if available, but not required. + 推薦:使用者驗證作為可選項目而非必需。 + + + Discouraged: User verification should not occur. + 不建議:使用者驗證不應發生。 + + + Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur + 必須:身份認證器必須建立專屬憑證。如果無法建立,依賴方已準備好應對可能發生的錯誤。 + + + Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too + 推薦:身份認證器可以建立並儲存專屬憑證,但如果沒有建立也沒關係。 + + + Discouraged: The authenticator should not create a dedicated credential + 不建議:身份認證器不應建立專屬憑證。 + + + Lock the user out of this system + 從這個系統中鎖定使用者 + + + Allow the user to log in and use this system + 允許使用者登入並使用這個系統 + + + Temporarily assume the identity of this user + 臨時扮演該使用者的身份 + + + Enter a new password for this user + 為這個使用者輸入新密碼 + + + Create a link for this user to reset their password + 為這個使用者建立連結來重設他們的密碼 + + + WebAuthn requires this page to be accessed via HTTPS. + WebAuthn 需要使用 HTTPS 存取這個頁面。 + + + WebAuthn not supported by browser. + 不支援 WebAuthn 的瀏覽器。 + + + Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + 將此供應商與 nginx 的 auth_request 或 traefik 的 forwardAuth 一起使用。每個應用程式或網域需要其自己的供應商。此外,在每個網域上,/outpost.goauthentik.io 必須路由到 Outpost(當使用代管的 Outpost 時,這將會自動完成)。 + + + Default relay state + 預設中繼狀態 + + + When using IDP-initiated logins, the relay state will be set to this value. + 當使用 Idp 發起的登入時,中繼狀態將會設定為這個值。 + + + Flow Info + 流程資訊 + + + Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). + 用於設定 WebAuthn 身份認證器的階段(例如 Yubikey、FaceID/Windows Hello)。 + +<<<<<<< HEAD + + Internal application name used in URLs. + 用於網址的應用程式內部名稱。 + + + Submit + 提交 UI Settings - - - OAuth2/OIDC (Open Authorization/OpenID Connect) - - - Modern applications, APIs and Single-page applications. - - - LDAP (Lightweight Directory Access Protocol) - - - Provide an LDAP interface for applications and users to authenticate against. + 使用者介面設定 Transparent Reverse Proxy + 透明反向代理 For transparent reverse proxies with required authentication - - - Forward Auth (Single Application) - - - For nginx's auth_request or traefik's forwardAuth - - - Forward Auth (Domain Level) - - - For nginx's auth_request or traefik's forwardAuth per root domain - - - SAML (Security Assertion Markup Language) + 用於需要身份認證的透明反向代理 Configure SAML provider manually - - - RADIUS (Remote Authentication Dial-In User Service) + 手動設定 SAML 供應商 Configure RADIUS provider manually - - - SCIM (System for Cross-domain Identity Management) + 手動設定 RADIUS 供應商 Configure SCIM provider manually + 手動設定 SCIM 供應商 Saving Application... + 儲存應用程式中…… Authentik was unable to save this application: + authentik 無法儲存這個應用程式: Your application has been saved + 已經儲存您的應用程式 + + + Method's display Name. + 方法的顯示名稱。 + + + Use this provider with nginx's auth_request or traefik's + forwardAuth. Each application/domain needs its own provider. + Additionally, on each domain, /outpost.goauthentik.io must be + routed to the outpost (when using a managed outpost, this is done for you). + 將此供應商與 nginx 的auth_request或 traefik 的forwardAuth一起使用。 + 每個應用程式或網域需要其自己的供應商。此外,在每個網域上,/outpost.goauthentik.io必須路由到 Outpost(當使用代管的 Outpost 時,這將會自動完成)。 + + + Custom attributes + 客製化特徵項 + + + Don't show this message again. + 不要再顯示這個通知。 + + + Failed to fetch + 擷取失敗 + + + Failed to fetch data. + 擷取資料失敗。 + + + Successfully assigned permission. + 成功分配權限。 + + + Role + 角色 + + + Assign + 分配 + + + Assign permission to role + 分配權限到角色 + + + Assign to new role + 分配給新增角色 + + + Directly assigned + 直接分配 + + + Assign permission to user + 分配權限給使用者 + + + Assign to new user + 分配權限給新增使用者 + + + User Object Permissions + 使用者物件權限 + + + Role Object Permissions + 角色物件權限 + + + Roles + 角色 + + + Select roles to grant this groups' users' permissions from the selected roles. + 選擇角色以授予此群組或使用者從所選角色中的權限。 + + + Update Permissions + 更新權限 + + + Editing is disabled for managed tokens + 代管權杖的編輯功能已停用 + + + Select permissions to grant + 選擇要取得的權限 + + + Permissions to add + 選擇要加入的權限 + + + Select permissions + 選擇權限 + + + Assign permission + 分配權限 + + + Permission(s) + 權限 + + + Permission + 權限 + + + User doesn't have view permission so description cannot be retrieved. + 使用者沒有讀取權限,所以無法取得描述。 + + + Assigned permissions + 已分配的權限 + + + Assigned global permissions + 已分配的全域權限 + + + Assigned object permissions + 已分配的物件權限 + + + Successfully updated role. + 成功更新角色 + + + Successfully created role. + 成功建立角色 + + + Manage roles which grant permissions to objects within authentik. + 在 authentik 中管理角色來賦予物件權限。 + + + Role(s) + 角色 + + + Update Role + 更新角色 + + + Create Role + 建立角色 + + + Role doesn't have view permission so description cannot be retrieved. + 角色沒有讀取權限,所以無法取得描述。 + + + Role + 角色 + + + Role Info + 角色資訊 + + + Pseudolocale (for testing) + 虛擬翻譯語言(用於測試) + + + Create With Wizard + 使用設定精靈建立 + + + One hint, 'New Application Wizard', is currently hidden + 提示:「新增應用程式設定精靈」目前處於隱藏中 + + + External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. + 使用 authentik 作為身份供應商的外部應用程式,透過像 OAuth2 和 SAML 這樣的協議。此處顯示所有應用程式,即使是您無法存取的應用程式也包括在內。 + + + Deny message + 拒絕的訊息 + + + Message shown when this stage is run. + 當這個階段執行時會顯示的訊息。 + + + Open Wizard + 開啟設定精靈 + + + Demo Wizard + 設定精靈示範 + + + Run the demo wizard + 執行設定精靈示範 + + + OAuth2/OIDC (Open Authorization/OpenID Connect) + OAuth2/OIDC (Open Authorization/OpenID Connect) + + + LDAP (Lightweight Directory Access Protocol) + LDAP (Lightweight Directory Access Protocol) + + + Forward Auth (Single Application) + 轉發認證(單一應用程式) + + + Forward Auth (Domain Level) + 轉發認證(網域層級) + + + SAML (Security Assertion Markup Language) + SAML (Security Assertion Markup Language) + + + RADIUS (Remote Authentication Dial-In User Service) + RADIUS (Remote Authentication Dial-In User Service) + + + SCIM (System for Cross-domain Identity Management) + SCIM (System for Cross-domain Identity Management) + + + The token has been copied to your clipboard + 權杖已經複製到您的剪貼簿 + + + The token was displayed because authentik does not have permission to write to the clipboard + 因為 authentik 無法複製到您的剪貼簿,權杖資訊顯示在畫面上 + + + A copy of this recovery link has been placed in your clipboard + 救援連結已經複製到您的剪貼簿中 + + + Create recovery link + 建立救援連結 + + + Create Recovery Link + 建立救援連結 + + + External + 外部 + + + Service account + 服務帳號 + + + Service account (internal) + 服務帳號(內部) + + + Check the release notes + 檢視版本資訊 + + + User Statistics + 使用者統計資料 + + + <No name set> + <No name set> + + + For nginx's auth_request or traefik's forwardAuth + 適用於 nginx 的「auth_request」或 traefik 的「forwardAuth」 + + + For nginx's auth_request or traefik's forwardAuth per root domain + 適用於每個主網域的 nginx 的「auth_request」或 traefik 的「forwardAuth」 + + + RBAC is in preview. + RBAC 正處於預覽版本。 + + + User type used for newly created users. + 用於建立使用者的使用者類型。 + + + Users created + 已建立使用者。 + + + Failed logins + 登入失敗 + + + Also known as Client ID. + 也稱為用戶端 ID + + + Also known as Client Secret. + 也稱為用戶端密碼 + + + Global status + 全域狀態 + + + Vendor + 製造商 + + + No sync status. + 無同步的狀態。 + + + Sync currently running. + 正在進行同步。 + + + Connectivity + 連接性 + + + 0: Too guessable: risky password. (guesses &lt; 10^3) + 0: 極為容易猜測,高風險密碼。(猜測次數 &lt; 10^3) + + + 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) + 1: 非常容易猜測:可抵抗受限的線上攻擊。(猜測次數 &lt; 10^6) + + + 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) + 2: 普通容易猜測:可抵抗不受限的線上攻擊。(猜測次數 &lt; 10^8) + + + 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) + 3: 安全難以猜測:在離線的慢速雜湊情境提供中等保護。(猜測次數 &lt; 10^10) + + + 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) + 4: 非常難以猜測:在離線的慢速雜湊情境提供強力保護。(猜測次數 &gt;= 10^10) + + + Successfully created user and added to group + 成功建立使用者並加入到群組 + + + This user will be added to the group "". + 這個使用者將會被加入到「」群組。 + + + Pretend user exists + 存在模擬的使用者 + + + When enabled, the stage will always accept the given user identifier and continue. + 啟用時,該階段將始終接受給定的使用者識別碼並繼續執行。 + + + Are you sure you want to remove the selected users from the group ? There was an error in the application. @@ -695,3155 +7872,104 @@ There was an error creating the application, but no error message was sent. Please review the server logs. - - Authentication - - - Authorization - - - Enrollment - - - Invalidation - - - Stage Configuration - - - Unenrollment - - - Unknown designation - - - Stacked - - - Content left - - - Content right - - - Sidebar left - - - Sidebar right - - - Unknown layout - - - Cached binding - - - Flow is executed and session is cached in memory. Flow is executed when session expires - - - Direct binding - - - Always execute the configured bind flow to authenticate the user - - - Cached querying - - - The outpost holds all users and groups in-memory and will refresh every 5 Minutes - - - Direct querying - - - Always returns the latest data, but slower than cached querying - - - When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon. - - - The start for gidNumbers, this number is added to a number generated from the group.Pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber - - - The certificate for the above configured Base DN. As a fallback, the provider uses a self-signed certificate. - - - DNS name for which the above configured certificate should be used. The certificate cannot be detected based on the base DN, as the SSL/TLS negotiation happens before such data is exchanged. - - - The start for uidNumbers, this number is added to the user.Pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber - Configure LDAP Provider - - Method's display Name. - - - Bind flow - - - Flow used for users to authenticate. - - - Search group - - - Bind mode - - - Configure how the outpost authenticates requests. - - - Search mode - - - Configure how the outpost queries the core authentik server's users. - - - Code-based MFA Support - - - Protocol settings - - - Base DN - - - LDAP DN under which bind requests and search requests can be made. - - - Certificate - - - TLS Server name - - - UID start number - - - GID start number - - - Successfully updated provider. - - - Successfully created provider. - - - (Format: hours=-1;minutes=-2;seconds=-3). - - - (Format: hours=1;minutes=2;seconds=3). - - - The following keywords are supported: - - - Confidential - - - Confidential clients are capable of maintaining the confidentiality of their credentials such as client secrets - - - Public - - - Public clients are incapable of maintaining the confidentiality and should use methods like PKCE. - - - Based on the User's hashed ID - - - Based on the User's ID - - - Based on the User's UUID - - - Based on the User's username - - - Based on the User's Email - - - This is recommended over the UPN mode. - - - Based on the User's UPN - - - Requires the user to have a 'upn' attribute set, and falls back to hashed user ID. Use this mode only if you have different UPN and Mail domains. - - - Each provider has a different issuer, based on the application slug - - - Same identifier is used for all providers - - - Valid redirect URLs after a successful authorization flow. Also specify any origins here for Implicit flows. - - - If no explicit redirect URIs are specified, the first successfully used redirect URI will be saved. - - - To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have. - - - Authentication flow - - - Flow used when a user access this provider and is not authenticated. - - - Authorization flow - - - Flow used when authorizing this provider. - - - Client type - - - Client ID - - - Client Secret - - - Redirect URIs/Origins (RegEx) - - - Signing Key - - - Key used to sign the tokens. - - - Advanced protocol settings - - - Access code validity - - - Configure how long access codes are valid for. - - - Access Token validity - - - Configure how long access tokens are valid for. - - - Refresh Token validity - - - Configure how long refresh tokens are valid for. - - - Scopes - - - Select which scopes can be used by the client. The client still has to specify the scope to access the data. - - - Hold control/command to select multiple items. - - - Subject mode - - - Configure what data should be used as unique User Identifier. For most cases, the default should be fine. - - - Include claims in id_token - - - Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint. - - - Issuer mode - - - Configure how the issuer field of the ID Token should be filled. - - - Machine-to-Machine authentication settings - - - Trusted OIDC Sources - - - JWTs signed by certificates configured in the selected sources can be used to authenticate to this provider. - Configure OAuth2/OpenId Provider - - HTTP-Basic Username Key - - - User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used. - - - HTTP-Basic Password Key - - - User/Group Attribute used for the password part of the HTTP-Basic Header. - Configure Proxy Provider - - Token validity - - - Configure how long tokens are valid for. - AdditionalScopes - - Additional scope mappings, which are passed to the proxy. - - - Unauthenticated URLs - - - Unauthenticated Paths - - - Regular expressions for which authentication is not required. Each new line is interpreted as a new expression. - - - When using proxy or forward auth (single application) mode, the requested URL Path is checked against the regular expressions. When using forward auth (domain mode), the full requested URL including scheme and host is matched against the regular expressions. - - - Authentication settings - - - Intercept header authentication - - - When enabled, authentik will intercept the Authorization header to authenticate the request. - - - Send HTTP-Basic Authentication - - - Send a custom HTTP-Basic Authentication header based on values from authentik. - - - Use this provider with nginx's auth_request or traefik's forwardAuth. Only a single provider is required per root domain. You can't do per-application authorization, but you don't have to create a provider for each application. - - - An example setup can look like this: - - - authentik running on auth.example.com - - - app1 running on app1.example.com - - - In this case, you'd set the Authentication URL to auth.example.com and Cookie domain to example.com. - - - External host - - - The external URL you'll authenticate at. The authentik core server should be reachable under this URL. - - - Cookie domain - - - Set this to the domain you wish the authentication to be valid for. Must be a parent domain of the URL above. If you're running applications as app1.domain.tld, app2.domain.tld, set this to 'domain.tld'. - - - This provider will behave like a transparent reverse-proxy, except requests must be authenticated. If your upstream application uses HTTPS, make sure to connect to the outpost using HTTPS as well. - - - The external URL you'll access the application at. Include any non-standard port. - - - Internal host - - - Upstream host that the requests are forwarded to. - - - Internal host SSL Validation - - - Validate SSL Certificates of upstream servers. - - - Use this provider with nginx's auth_request or traefik's - forwardAuth. Each application/domain needs its own provider. - Additionally, on each domain, /outpost.goauthentik.io must be - routed to the outpost (when using a managed outpost, this is done for you). - Configure Radius Provider - - Shared secret - - - Client Networks - - - List of CIDRs (comma-seperated) that clients can connect from. A more specific - CIDR will match before a looser one. Clients connecting from a non-specified CIDR - will be dropped. - - - Redirect - - - Post - Configure SAML Provider - - ACS URL - - - Issuer - - - Also known as EntityID. - - - Service Provider Binding - - - Determines how authentik sends the response back to the Service Provider. - - - Audience - - - Signing Certificate - - - Certificate used to sign outgoing Responses going to the Service Provider. - - - Verification Certificate - - - When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default. - - - Property Mappings - Property mappings used for user mapping. - - NameID Property Mapping - - - Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected. - - - Assertion valid not before - - - Configure the maximum allowed time drift for an assertion. - - - Assertion valid not on or after - - - Assertion not valid on or after current time + this value. - - - Session valid not on or after - - - Session not valid on or after current time + this value. - - - Digest algorithm - - - Signature algorithm - Configure SCIM Provider - - URL - - - SCIM base url, usually ends in /v2. - - - Token - - - Token to authenticate with. Currently only bearer authentication is supported. - - - User filtering - - - Exclude service accounts - - - Only sync users within the selected group. - - - Attribute mapping - - - User Property Mappings - - - Group Property Mappings - Property mappings used for group creation. - - Create With Wizard + + Event volume - - New application + + Require Outpost (flow can only be executed from an outpost). - - Don't show this message again. + + Connection settings. - - One hint, 'New Application Wizard', is currently hidden + + Successfully updated endpoint. - - Users in the selected group can do search queries. If no group is selected, no LDAP Searches are allowed. + + Successfully created endpoint. - - Proxy + + Protocol - - Forward auth (single application) + + RDP - - Forward auth (domain level) + + SSH - - Use this provider with nginx's auth_request or traefik's forwardAuth. Each application/domain needs its own provider. Additionally, on each domain, /outpost.goauthentik.io must be routed to the outpost (when using a managed outpost, this is done for you). + + VNC - - Authentication URL + + Host - - Unknown proxy mode + + Hostname/IP to connect to. - - Additional scopes + + Endpoint(s) - - Property mappings + + Update Endpoint - - Default relay state + + These bindings control which users will have access to this endpoint. Users must also have access to the application. - - When using IDP-initiated logins, the relay state will be set to this value. + + Create Endpoint - - Successfully imported provider. + + RAC is in preview. - - Metadata + + Update RAC Provider - - Apply changes + + Endpoints - - Finish + + General settings - - Select type + + RDP settings - - Try the new application wizard + + Ignore server certificate - - The new application wizard greatly simplifies the steps required to create applications and providers. + + Enable wallpaper - - Try it now + + Enable font-smoothing - - New provider - - - Create a new provider. - - - Create - - - Property mappings used to user mapping. - - - Property mappings used to group creation. - - - Not used by any other object. - - - object will be DELETED - - - connection will be deleted - - - reference will be reset to default value - - - reference will be set to an empty value - - - () - - - ID - - - Successfully deleted - - - Failed to delete : - - - Delete - - - Are you sure you want to delete ? - - - Delete - - - Providers - - - Provide support for protocols like SAML and OAuth to assigned applications. - - - Provider(s) - - - Assigned to application - - - Assigned to application (backchannel) - - - Warning: Provider not assigned to any application. - - - Update - - - Update - - - Edit - - - Create Application - - - Successfully assigned permission. - - - Role - - - Assign - - - Assign permission to role - - - Assign to new role - - - Permission(s) - - - Permission - - - Directly assigned - - - Assign permission to user - - - Assign to new user - - - Superuser - - - RBAC is in preview. - - - Send us feedback! - - - User Object Permissions - - - Role Object Permissions - - - Overview - - - Changelog - - - Permissions - - - Warning: Provider is not used by any Outpost. - - - Assigned to application - - - Update LDAP Provider - - - How to connect - - - Connect to the LDAP Server on port 389: - - - Check the IP of the Kubernetes service, or - - - The Host IP of the docker host - - - Bind DN - - - Bind Password - - - Search base - - - Preview - - - Warning: Provider is not used by an Application. - - - Redirect URIs - - - Update OAuth2 Provider - - - OpenID Configuration URL - - - OpenID Configuration Issuer - - - Authorize URL - - - Token URL - - - Userinfo URL - - - Logout URL - - - JWKS URL - - - Example JWT payload (for currently authenticated user) - - - Yes - - - No - - - Forward auth (domain-level) - - - Nginx (Ingress) - - - Nginx (Proxy Manager) - - - Nginx (standalone) - - - Traefik (Ingress) - - - Traefik (Compose) - - - Traefik (Standalone) - - - Caddy (Standalone) - - - Internal Host - - - External Host - - - Basic-Auth - - - Mode - - - Update Proxy Provider - - - Protocol Settings - - - Allowed Redirect URIs - - - Setup - - - No additional setup is required. - - - Update Radius Provider - - - Download - - - Copy download URL - - - Download signing certificate - - - Related objects - - - Update SAML Provider - - - SAML Configuration - - - EntityID/Issuer - - - SSO URL (Post) - - - SSO URL (Redirect) - - - SSO URL (IdP-initiated Login) - - - SLO URL (Post) - - - SLO URL (Redirect) - - - SAML Metadata - - - Example SAML attributes - - - NameID attribute - - - No sync status. - - - Sync currently running. - - - Not synced yet. - - - Task finished with warnings - - - Task finished with errors - - - Last sync: - - - Warning: Provider is not assigned to an application as backchannel provider. - - - Update SCIM Provider - - - Run sync again - - - Application Icon - - - Applications - - - External applications that use authentik as an identity provider via protocols like OAuth2 and SAML. All applications are shown here, even ones you cannot access. - - - Provider Type - - - Application(s) - - - Update Application - - - Open - - - Successfully sent test-request. - - - Log messages - - - No log messages. - - - Active - - - Last login - - - Select users to add - - - Successfully updated group. - - - Successfully created group. - - - Is superuser - - - Users added to this group will be superusers. - - - Parent - - - Roles - - - Select roles to grant this groups' users' permissions from the selected roles. - - - Attributes - - - Set custom attributes using YAML or JSON. - - - Successfully updated binding. - - - Successfully created binding. - - - Policy - - - Group mappings can only be checked if a user is already logged in when trying to access this source. - - - User mappings can only be checked if a user is already logged in when trying to access this source. - - - Enabled - - - Negate result - - - Negates the outcome of the binding. Messages are unaffected. - - - Order - - - Timeout - - - Failure result - - - Pass - - - Don't pass - - - Result used when policy execution fails. - - - Successfully updated policy. - - - Successfully created policy. - - - A policy used for testing. Always returns the same result as specified below after waiting a random duration. - - - Execution logging - - - When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged. - - - Policy-specific settings - - - Pass policy? - - - Wait (min) - - - The policy takes a random time to execute. This controls the minimum time it will take. - - - Wait (max) - - - Matches an event against a set of criteria. If any of the configured values match, the policy passes. - - - Match created events with this action type. When left empty, all action types will be matched. - - - Matches Event's Client IP (strict matching, for network matching use an Expression Policy. - - - Match events created by selected application. When left empty, all applications are matched. - - - Model - - - Match events created by selected model. When left empty, all models are matched. - - - Checks if the request's user's password has been changed in the last x days, and denys based on settings. - - - Maximum age (in days) - - - Only fail the policy, don't invalidate user's password - - - Executes the python snippet to determine whether to allow or deny a request. - - - Expression using Python. - - - See documentation for a list of all variables. - - - Static rules - - - Minimum length - - - Minimum amount of Uppercase Characters - - - Minimum amount of Lowercase Characters - - - Minimum amount of Digits - - - Minimum amount of Symbols Characters - - - Error message - - - Symbol charset - - - Characters which are considered as symbols. - - - HaveIBeenPwned settings - - - Allowed count - - - Allow up to N occurrences in the HIBP database. - - - zxcvbn settings - - - Score threshold - - - If the password's score is less than or equal this value, the policy will fail. - - - 0: Too guessable: risky password. (guesses &lt; 10^3) - - - 1: Very guessable: protection from throttled online attacks. (guesses &lt; 10^6) - - - 2: Somewhat guessable: protection from unthrottled online attacks. (guesses &lt; 10^8) - - - 3: Safely unguessable: moderate protection from offline slow-hash scenario. (guesses &lt; 10^10) - - - 4: Very unguessable: strong protection from offline slow-hash scenario. (guesses &gt;= 10^10) - - - Checks the value from the policy request against several rules, mostly used to ensure password strength. - - - Password field - - - Field key to check, field keys defined in Prompt stages are available. - - - Check static rules - - - Check haveibeenpwned.com - - - For more info see: - - - Check zxcvbn - - - Password strength estimator created by Dropbox, see: - - - Allows/denys requests based on the users and/or the IPs reputation. - - - Invalid login attempts will decrease the score for the client's IP, and the -username they are attempting to login as, by one. - - - The policy passes when the reputation score is below the threshold, and -doesn't pass when either or both of the selected options are equal or above the threshold. - - - Check IP - - - Check Username - - - Threshold - - - New policy - - - Create a new policy. - - - Create Binding - - - Members - - - Select groups to add user to - - - Warning: Adding the user to the selected group(s) will give them superuser permissions. - - - Successfully updated user. - - - Successfully created user and added to group - - - Successfully created user. - - - Username - - - User's primary identifier. 150 characters or fewer. - - - User's display name. - - - User type - - - Internal users might be users such as company employees, which will get access to the full Enterprise feature set. - - - External users might be external consultants or B2C customers. These users don't get access to enterprise features. - - - Service accounts should be used for machine-to-machine authentication or other automations. - - - Email - - - Is active - - - Designates whether this user should be treated as active. Unselect this instead of deleting accounts. - - - Path - - - Policy / User / Group - - - Policy - - - Group - - - User - - - Edit Policy - - - Update Group - - - Edit Group - - - Update User - - - Edit User - - - Policy binding(s) - - - Update Binding - - - Edit Binding - - - No Policies bound. - - - No policies are currently bound to this object. - - - Create and bind Policy - - - Bind existing policy - - - Warning: Application is not used by any Outpost. - - - Related - - - Check access - - - Check - - - Check Application access - - - Test - - - Launch - - - Logins over the last week (per 8 hours) - - - Policy / Group / User Bindings - - - These policies control which users can access this application. - - - Successfully updated source. - - - Successfully created source. - - - Sync users - - - User password writeback - - - Login password is synced from LDAP into authentik automatically. Enable this option only to write password changes in authentik back to LDAP. - - - Sync groups - - - Connection settings - - - Server URI - - - Specify multiple server URIs by separating them with a comma. - - - Enable StartTLS - - - To use SSL instead, use 'ldaps://' and disable this option. - - - Use Server URI for SNI verification - - - Required for servers using TLS 1.3+ - - - TLS Verification Certificate - - - When connecting to an LDAP Server with TLS, certificates are not checked by default. Specify a keypair to validate the remote certificate. - - - TLS Client authentication certificate - - - Client certificate keypair to authenticate against the LDAP Server's Certificate. - - - Bind CN - - - LDAP Attribute mapping - - - Property mappings used to user creation. - - - Additional settings - - - Parent group for all the groups imported from LDAP. - - - User path - - - Addition User DN - - - Additional user DN, prepended to the Base DN. - - - Addition Group DN - - - Additional group DN, prepended to the Base DN. - - - User object filter - - - Consider Objects matching this filter to be Users. - - - Group object filter - - - Consider Objects matching this filter to be Groups. - - - Group membership field - - - Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...' - - - Object uniqueness field - - - Field which contains a unique Identifier. - - - Link users on unique identifier - - - Link to a user with identical email address. Can have security implications when a source doesn't validate email addresses - - - Use the user's email address, but deny enrollment when the email address already exists - - - Link to a user with identical username. Can have security implications when a username is used with another source - - - Use the user's username, but deny enrollment when the username already exists - - - Unknown user matching mode - - - URL settings - - - Authorization URL - - - URL the user is redirect to to consent the authorization. - - - Access token URL - - - URL used by authentik to retrieve tokens. - - - Profile URL - - - URL used by authentik to get user information. - - - Request token URL - - - URL used to request the initial token. This URL is only required for OAuth 1. - - - OIDC Well-known URL - - - OIDC well-known configuration URL. Can be used to automatically configure the URLs above. - - - OIDC JWKS URL - - - JSON Web Key URL. Keys from the URL will be used to validate JWTs from this source. - - - OIDC JWKS - - - Raw JWKS data. - - - User matching mode - - - Consumer key - - - Also known as Client ID. - - - Consumer secret - - - Also known as Client Secret. - - - Additional scopes to be passed to the OAuth Provider, separated by space. To replace existing scopes, prefix with *. - - - Flow settings - - - Flow to use when authenticating existing users. - - - Enrollment flow - - - Flow to use when enrolling new users. - - - Load servers - - - Re-authenticate with plex - - - Allow friends to authenticate via Plex, even if you don't share any servers - - - Allowed servers - - - Select which server a user has to be a member of to be allowed to authenticate. - - - SSO URL - - - URL that the initial Login request is sent to. - - - SLO URL - - - Optional URL if the IDP supports Single-Logout. - - - Also known as Entity ID. Defaults the Metadata URL. - - - Binding Type - - - Redirect binding - - - Post-auto binding - - - Post binding but the request is automatically sent and the user doesn't have to confirm. - - - Post binding - - - Signing keypair - - - Keypair which is used to sign outgoing requests. Leave empty to disable signing. - - - Allow IDP-initiated logins - - - Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done. - - - NameID Policy - - - Persistent - - - Email address - - - Windows - - - X509 Subject - - - Transient - - - Delete temporary users after - - - Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. - - - Pre-authentication flow - - - Flow used before authentication. - - - New source - - - Create a new source. - - - Federation and Social login - - - Sources of identities, which can either be synced into authentik's database, or can be used by users to authenticate and enroll themselves. - - - Source(s) - - - Disabled - - - Built-in - - - Global status - - - Vendor - - - Update LDAP Source - - - Connectivity - - - OAuth Source - - - Generic OpenID Connect - - - Unknown provider type - - - Details - - - Callback URL - - - Access Key - - - Update OAuth Source - - - Diagram - - - Policy Bindings - - - These bindings control which users can access this source. - You can only use policies here as access is checked before the user is authenticated. - - - Update Plex Source - - - Update SAML Source - - - Successfully updated mapping. - - - Successfully created mapping. - - - Object field - - - Field of the user object this value is written to. - - - SAML Attribute Name - - - Attribute name used for SAML Assertions. Can be a URN OID, a schema reference, or a any other string. If this property mapping is used for NameID Property, this field is discarded. - - - Friendly Name - - - Optionally set the 'FriendlyName' value of the Assertion attribute. - - - Scope name - - - Scope which the client can specify to access these properties. - - - Description shown to the user when consenting. If left empty, the user won't be informed. - - - Example context data - - - Active Directory User - - - Active Directory Group - - - New property mapping - - - Create a new property mapping. - - - Update Permissions - - - Control how authentik exposes and interprets information. - - - Property Mapping(s) - - - Test Property Mapping - - - Hide managed mappings - - - Successfully updated token. - - - Successfully created token. - - - Expires on - - - Unique identifier the token is referenced by. - - - Intent - - - API Token - - - Used to access the API programmatically - - - App password. - - - Used to login using a flow executor - - - Expiring - - - If this is selected, the token will expire. Upon expiration, the token will be rotated. - - - The token has been copied to your clipboard - - - The token was displayed because authentik does not have permission to write to the clipboard - - - Tokens - - - Tokens are used throughout authentik for Email validation stages, Recovery keys and API access. - - - Expires? - - - Expiry date - - - Token(s) - - - Create Token - - - Token is managed by authentik. - - - Update Token - - - Editing is disabled for managed tokens - - - Copy token - - - Successfully updated brand. - - - Successfully created brand. - - - Domain - - - Matching is done based on domain suffix, so if you enter domain.tld, foo.domain.tld will still match. - - - Default - - - Use this brand for each domain that doesn't have a dedicated brand. - - - Branding settings - - - Title - - - Branding shown in page title and several other places. - - - Logo - - - Icon shown in sidebar/header and flow executor. - - - Favicon - - - Icon shown in the browser tab. - - - Default flows - - - Flow used to authenticate users. If left empty, the first applicable flow sorted by the slug is used. - - - Invalidation flow - - - Flow used to logout. If left empty, the first applicable flow sorted by the slug is used. - - - Recovery flow - - - Recovery flow. If left empty, the first applicable flow sorted by the slug is used. - - - Unenrollment flow - - - If set, users are able to unenroll themselves using this flow. If no flow is set, option is not shown. - - - User settings flow - - - If set, users are able to configure details of their profile. - - - Device code flow - - - If set, the OAuth Device Code profile can be used, and the selected flow will be used to enter the code. - - - Other global settings - - - Web Certificate - - - Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - - Brands - - - Configure visual settings and defaults for different domains. - - - Default? - - - Brand(s) - - - Update Brand - - - Create Brand - - - Policies - - - Allow users to use Applications based on properties, enforce Password Criteria and selectively apply Stages. - - - Assigned to object(s). - - - Warning: Policy is not assigned. - - - Test Policy - - - Policy / Policies - - - Successfully cleared policy cache - - - Failed to delete policy cache - - - Clear cache - - - Clear Policy cache - - - Are you sure you want to clear the policy cache? This will cause all policies to be re-evaluated on their next usage. - - - Reputation scores - - - Reputation for IP and user identifiers. Scores are decreased for each failed login and increased for each successful login. - - - IP - - - Score - - - Updated - - - Reputation - - - Groups - - - Group users together and give them permissions based on the membership. - - - Superuser privileges? - - - Group(s) - - - Create Group - - - Create group - - - Enabling this toggle will create a group named after the user, with the user as member. - - - Use the username and password below to authenticate. The password can be retrieved later on the Tokens page. - - - Password - - - Valid for 360 days, after which the password will automatically rotate. You can copy the password from the Token List. - - - The following objects use - - - connecting object will be deleted - - - Successfully updated - - - Failed to update : - - - Are you sure you want to update ""? - - - Successfully updated password. - - - Successfully sent email. - - - Email stage - - - Successfully added user(s). - - - Users to add - - - Add users - - - User(s) - - - Remove Users(s) - - - Are you sure you want to remove the selected users from the group ? - - - Remove - - - Impersonate - - - User status - - - Inactive - - - Regular user - - - Change status - - - Deactivate - - - Activate - - - Update password - - - Set password - - - Successfully generated recovery link - - - No recovery flow is configured. - - - Copy recovery link - - - Send link - - - Send recovery link to user - - - Email recovery link - - - Recovery link cannot be emailed, user has no email address saved. - - - To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - - Add User - - - Warning: This group is configured with superuser access. Added users will have superuser access. - - - Add existing user - - - Create user - - - Create User - - - This user will be added to the group "". - - - Create Service account - - - Hide service-accounts - - - Group Info - - - Notes - - - Edit the notes attribute of this group to add notes here. - - - Users - - - Pseudolocale (for testing) - - - English - - - Spanish - - - German - - - French - - - Polish - - - Turkish - - - Chinese (traditional) - - - Taiwanese Mandarin - - - Chinese (simplified) - - - Warning: The current user count has exceeded the configured licenses. - - - Click here for more info. - - - API Requests - - - Open API Browser - - - Show details - - - Notifications - - - unread - - - Successfully cleared notifications - - - Clear all - - - User interface - - - Dashboards - - - Outposts - - - Events - - - Logs - - - Notification Rules - - - Notification Transports - - - Customisation - - - Blueprints - - - Flows and Stages - - - Flows - - - Stages - - - Prompts - - - Directory - - - Tokens and App passwords - - - Invitations - - - System - - - Certificates - - - Outpost Integrations - - - Settings - - - A newer version of the frontend is available. - - - You're currently impersonating . Click to stop. - - - Enterprise - - - Licenses - - - Root - - - A copy of this recovery link has been placed in your clipboard - - - The current brand must have a recovery flow configured to use a recovery link - - - Warning: You're about to delete the user you're logged in as (). Proceed at your own risk. - - - Hide deactivated user - - - <No name set> - - - Create recovery link - - - User folders - - - Successfully added user to group(s). - - - Groups to add - - - Add group - - - Remove from Group(s) - - - Are you sure you want to remove user from the following groups? - - - Add Group - - - Add to existing group - - - Add new group - - - Application authorizations - - - Select permissions to grant - - - Permissions to add - - - Select permissions - - - Assign permission - - - User doesn't have view permission so description cannot be retrieved. - - - Revoked? - - - Expires - - - ID Token - - - Refresh Tokens(s) - - - Last IP - - - Session(s) - - - Expiry - - - (Current session) - - - Consent(s) - - - Confirmed - - - Device(s) - - - User Info - - - Lock the user out of this system - - - Allow the user to log in and use this system - - - Temporarily assume the identity of this user - - - Enter a new password for this user - - - Create a link for this user to reset their password - - - Create Recovery Link - - - Actions over the last week (per 8 hours) - - - Edit the notes attribute of this user to add notes here. - - - Sessions - - - User events - - - Explicit Consent - - - OAuth Refresh Tokens - - - MFA Authenticators - - - Assigned permissions - - - Assigned global permissions - - - Assigned object permissions - - - Successfully updated role. - - - Successfully created role. - - - Manage roles which grant permissions to objects within authentik. - - - Role(s) - - - Update Role - - - Create Role - - - Role doesn't have view permission so description cannot be retrieved. - - - Role - - - Role Info - - - Successfully updated invitation. - - - Successfully created invitation. - - - Flow - - - When selected, the invite will only be usable with the flow. By default the invite is accepted on all flows with invitation stages. - - - Custom attributes - - - Optional data which is loaded into the flow's 'prompt_data' context variable. YAML or JSON. - - - Single use - - - When enabled, the invitation will be deleted after usage. - - - Select an enrollment flow - - - Link to use the invitation. - - - Create Invitation Links to enroll Users, and optionally force specific attributes of their account. - - - Created by - - - Invitation(s) - - - Invitation not limited to any flow, and can be used with any enrollment flow. - - - Update Invitation - - - Create Invitation - - - Warning: No invitation stage is bound to any flow. Invitations will not work as expected. - - - Auto-detect (based on your browser) - - - Required. - - - Continue - - - Successfully updated prompt. - - - Successfully created prompt. - - - Text: Simple Text input - - - Text Area: Multiline text input - - - Text (read-only): Simple Text input, but cannot be edited. - - - Text Area (read-only): Multiline text input, but cannot be edited. - - - Username: Same as Text input, but checks for and prevents duplicate usernames. - - - Email: Text field with Email type. - - - Password: Masked input, multiple inputs of this type on the same prompt need to be identical. - - - Number - - - Checkbox - - - Radio Button Group (fixed choice) - - - Dropdown (fixed choice) - - - Date - - - Date Time - - - File - - - Separator: Static Separator Line - - - Hidden: Hidden field, can be used to insert data into form. - - - Static: Static value, displayed as-is. - - - authentik: Locale: Displays a list of locales authentik supports. - - - Preview errors - - - Data preview - - - Unique name of this field, used for selecting fields in prompt stages. - - - Field Key - - - Name of the form field, also used to store the value. - - - When used in conjunction with a User Write stage, use attributes.foo to write attributes. - - - Label - - - Label shown next to/above the prompt. - - - Required - - - Interpret placeholder as expression - - - When checked, the placeholder will be evaluated in the same way a property mapping is. - If the evaluation fails, the placeholder itself is returned. - - - Placeholder - - - Optionally provide a short hint that describes the expected input value. - When creating a fixed choice field, enable interpreting as expression and return a - list to return multiple choices. - - - Interpret initial value as expression - - - When checked, the initial value will be evaluated in the same way a property mapping is. - If the evaluation fails, the initial value itself is returned. - - - Initial value - - - Optionally pre-fill the input with an initial value. - When creating a fixed choice field, enable interpreting as expression and - return a list to return multiple default choices. - - - Help text - - - Any HTML can be used. - - - Single Prompts that can be used for Prompt Stages. - - - Field - - - Prompt(s) - - - Update Prompt - - - Create Prompt - - - Target - - - Stage - - - Evaluate when flow is planned - - - Evaluate policies during the Flow planning process. - - - Evaluate when stage is run - - - Evaluate policies before the Stage is present to the user. - - - Invalid response behavior - - - Returns the error message and a similar challenge to the executor - - - Restarts the flow from the beginning - - - Restarts the flow from the beginning, while keeping the flow context - - - Configure how the flow executor should handle an invalid response to a challenge given by this bound stage. - - - Successfully updated stage. - - - Successfully created stage. - - - Stage used to configure a duo-based authenticator. This stage should be used for configuration flows. - - - Authenticator type name - - - Display name of this authenticator, used by users when they enroll an authenticator. - - - API Hostname - - - Duo Auth API - - - Integration key - - - Secret key - - - Duo Admin API (optional) - - - When using a Duo MFA, Access or Beyond plan, an Admin API application can be created. - This will allow authentik to import devices automatically. - - - Stage-specific settings - - - Configuration flow - - - Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage. - - - Twilio Account SID - - - Get this value from https://console.twilio.com - - - Twilio Auth Token - - - Authentication Type - - - Basic Auth - - - Bearer Token - - - External API URL - - - This is the full endpoint to send POST requests to. - - - API Auth Username - - - This is the username to be used with basic auth or the token when used with bearer token - - - API Auth password - - - This is the password to be used with basic auth - - - Mapping - - - Modify the payload sent to the custom provider. - - - Stage used to configure an SMS-based TOTP authenticator. - - - Twilio - - - Generic - - - From number - - - Number the SMS will be sent from. - - - Hash phone number - - - If enabled, only a hash of the phone number will be saved. This can be done for data-protection reasons. Devices created from a stage with this enabled cannot be used with the authenticator validation stage. - - - Stage used to configure a static authenticator (i.e. static tokens). This stage should be used for configuration flows. - - - Token count - - - The number of tokens generated whenever this stage is used. Every token generated per stage execution will be attached to a single static device. - - - Token length - - - The length of the individual generated tokens. Can be increased to improve security. - - - Stage used to configure a TOTP authenticator (i.e. Authy/Google Authenticator). - - - Digits - - - 6 digits, widely compatible - - - 8 digits, not compatible with apps like Google Authenticator - - - Stage used to validate any authenticator. This stage should be used during authentication or authorization flows. - - - Device classes - - - Static Tokens - - - TOTP Authenticators - - - WebAuthn Authenticators - - - Duo Authenticators - - - SMS-based Authenticators - - - Device classes which can be used to authenticate. - - - Last validation threshold - - - If any of the devices user of the types selected above have been used within this duration, this stage will be skipped. - - - Not configured action - - - Force the user to configure an authenticator - - - Deny the user access - - - WebAuthn User verification - - - User verification must occur. - - - User verification is preferred if available, but not required. - - - User verification should not occur. - - - Configuration stages - - - Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again. - - - When multiple stages are selected, the user can choose which one they want to enroll. - - - Stage used to configure a WebAuthn authenticator (i.e. Yubikey, FaceID/Windows Hello). - - - User verification - - - Required: User verification must occur. - - - Preferred: User verification is preferred if available, but not required. - - - Discouraged: User verification should not occur. - - - Resident key requirement - - - Required: The authenticator MUST create a dedicated credential. If it cannot, the RP is prepared for an error to occur - - - Preferred: The authenticator can create and store a dedicated credential, but if it doesn't that's alright too - - - Discouraged: The authenticator should not create a dedicated credential - - - Authenticator Attachment - - - No preference is sent - - - A non-removable authenticator, like TouchID or Windows Hello - - - A "roaming" authenticator, like a YubiKey - - - This stage checks the user's current session against the Google reCaptcha (or compatible) service. - - - Public Key - - - Public key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Private Key - - - Private key, acquired from https://www.google.com/recaptcha/intro/v3.html. - - - Advanced settings - - - JS URL - - - URL to fetch JavaScript from, defaults to recaptcha. Can be replaced with any compatible alternative. - - - API URL - - - URL used to validate captcha response, defaults to recaptcha. Can be replaced with any compatible alternative. - - - Prompt for the user's consent. The consent can either be permanent or expire in a defined amount of time. - - - Always require consent - - - Consent given last indefinitely - - - Consent expires. - - - Consent expires in - - - Offset after which consent expires. - - - Statically deny the flow. To use this stage effectively, disable *Evaluate when flow is planned* on the respective binding. - - - Deny message - - - Message shown when this stage is run. - - - Dummy stage used for testing. Shows a simple continue button and always passes. - - - Throw error? - - - SMTP Host - - - SMTP Port - - - SMTP Username - - - SMTP Password - - - Use TLS - - - Use SSL - - - From address - - - Verify the user's email address by sending them a one-time-link. Can also be used for recovery to verify the user's authenticity. - - - Activate pending user on success - - - When a user returns from the email successfully, their account will be activated. - - - Use global settings - - - When enabled, global Email connection settings will be used and connection settings below will be ignored. - - - Token expiry - - - Time in minutes the token sent is valid. - - - Template - - - Let the user identify themselves with their username or Email address. - - - User fields - - - UPN - - - Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources. - - - Password stage - - - When selected, a password field is shown on the same page instead of a separate page. This prevents username enumeration attacks. - - - Case insensitive matching - - - When enabled, user fields are matched regardless of their casing. - - - Pretend user exists - - - When enabled, the stage will always accept the given user identifier and continue. - - - Show matched user - - - When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown. - - - Source settings - - - Sources - - - Select sources should be shown for users to authenticate with. This only affects web-based sources, not LDAP. - - - Show sources' labels - - - By default, only icons are shown for sources. Enable this to show their full names. - - - Passwordless flow - - - Optional passwordless flow, which is linked at the bottom of the page. When configured, users can use this flow to authenticate with a WebAuthn authenticator, without entering any details. - - - Optional enrollment flow, which is linked at the bottom of the page. - - - Optional recovery flow, which is linked at the bottom of the page. - - - This stage can be included in enrollment flows to accept invitations. - - - Continue flow without invitation - - - If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given. - - - Validate the user's password against the selected backend(s). - - - Backends - - - User database + standard password - - - User database + app passwords - - - User database + LDAP password - - - Selection of backends to test the password against. - - - Flow used by an authenticated user to configure their password. If empty, user will not be able to configure change their password. - - - Failed attempts before cancel - - - How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage. - - - Show arbitrary input fields to the user, for example during enrollment. Data is saved in the flow context under the 'prompt_data' variable. - - - Fields - - - ("", of type ) - - - Validation Policies - - - Selected policies are executed when the stage is submitted to validate the data. - - - Delete the currently pending user. CAUTION, this stage does not ask for confirmation. Use a consent stage to ensure the user is aware of their actions. - - - Log the currently pending user in. - - - Session duration - - - Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed. - - - Different browsers handle session cookies differently, and might not remove them even when the browser is closed. - - - See here. - - - Stay signed in offset - - - If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here. + + Enable full window dragging Network binding @@ -3878,593 +8004,59 @@ doesn't pass when either or both of the selected options are equal or above the Configure if sessions created by this stage should be bound to their GeoIP-based location - - Terminate other sessions + + RAC - - When enabled, all previous sessions of the user will be terminated. + + Connection failed after attempts. - - Remove the user from the current session. + + Re-connecting in second(s). - - Write any data from the flow's context's 'prompt_data' to the currently pending user. If no user - is pending, a new user is created, and data is written to them. + + Connecting... - - Never create users + + Select endpoint to connect to - - When no user is present in the flow context, the stage will fail. + + Connection expiry - - Create users when required + + Determines how long a session lasts before being disconnected and requiring re-authorization. - - When no user is present in the the flow context, a new user is created. + + Brand - - Always create new users + + Successfully updated brand. - - Create a new user even if a user is in the flow context. + + Successfully created brand. - - Create users as inactive + + Use this brand for each domain that doesn't have a dedicated brand. - - Mark newly created users as inactive. + + Set custom attributes using YAML or JSON. Any attributes set here will be inherited by users, if the request is handled by this brand. - - User path template + + Brands - - User type used for newly created users. + + Brand(s) - - Path new users will be created under. If left blank, the default path will be used. + + Update Brand - - Newly created users are added to this group, if a group is selected. + + Create Brand - - New stage + + To let a user directly reset a their password, configure a recovery flow on the currently active brand. - - Create a new stage. - - - Successfully imported device. - - - The user in authentik this device will be assigned to. - - - Duo User ID - - - The user ID in Duo, can be found in the URL after clicking on a user. - - - Automatic import - - - Successfully imported devices. - - - Start automatic import - - - Or manually import - - - Stages are single steps of a Flow that a user is guided through. A stage can only be executed from within a flow. - - - Stage(s) - - - Import - - - Import Duo device - - - Import devices - - - Successfully updated flow. - - - Successfully created flow. - - - Shown as the Title in Flow pages. - - - Visible in the URL. - - - Designation - - - Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik. - - - No requirement - - - Require authentication - - - Require no authentication. - - - Require superuser. - - - Require Outpost (flow can only be executed from an outpost). - - - Required authentication level for this flow. - - - Behavior settings - - - Compatibility mode - - - Increases compatibility with password managers and mobile devices. - - - Denied action - - - Will follow the ?next parameter if set, otherwise show a message - - - Will either follow the ?next parameter or redirect to the default interface - - - Will notify the user the flow isn't applicable - - - Decides the response when a policy denies access to this flow for a user. - - - Appearance settings - - - Layout - - - Background - - - Background shown during execution. - - - Clear background - - - Delete currently set background image. - - - Successfully imported flow. - - - .yaml files, which can be found on goauthentik.io and can be exported by authentik. - - - Flows describe a chain of Stages to authenticate, enroll or recover a user. Stages are chosen based on policies applied to them. - - - Flow(s) - - - Update Flow - - - Execute - - - Export - - - Create Flow - - - Import Flow - - - Successfully cleared flow cache - - - Failed to delete flow cache - - - Clear Flow cache - - - Are you sure you want to clear the flow cache? - This will cause all flows to be re-evaluated on their next usage. - - - Stage binding(s) - - - Stage type - - - Edit Stage - - - Update Stage binding - - - These bindings control if this stage will be applied to the flow. - - - No Stages bound - - - No stages are currently bound to this flow. - - - Create Stage binding - - - Bind stage - - - Create and bind Stage - - - Bind existing stage - - - Flow Overview - - - Flow Info - - - Related actions - - - Execute flow - - - Normal - - - with current user - - - with inspector - - - Export flow - - - Stage Bindings - - - These bindings control which users can access this flow. - - - Event volume - - - Event Log - - - Event - - - Event info - - - Created - - - Successfully updated transport. - - - Successfully created transport. - - - Local (notifications will be created within authentik) - - - Webhook (generic) - - - Webhook (Slack/Discord) - - - Webhook URL - - - Webhook Mapping - - - Send once - - - Only send notification once, for example when sending a webhook into a chat channel. - - - Define how notifications are sent to users, like Email or Webhook. - - - Notification transport(s) - - - Update Notification Transport - - - Create Notification Transport - - - Successfully updated rule. - - - Successfully created rule. - - - Select the group of users which the alerts are sent to. If no group is selected the rule is disabled. - - - Transports - - - Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI. - - - Severity - - - Send notifications whenever a specific Event is created and matched by policies. - - - Sent to group - - - Notification rule(s) - - - None (rule disabled) - - - Update Notification Rule - - - Create Notification Rule - - - These bindings control upon which events this rule triggers. -Bindings to groups/users are checked against the user of the event. - - - Outpost Deployment Info - - - View deployment documentation - - - Click to copy token - - - If your authentik Instance is using a self-signed certificate, set this value. - - - If your authentik_host setting does not match the URL you want to login with, add this setting. - - - Successfully updated outpost. - - - Successfully created outpost. - - - LDAP - - - Radius - - - Integration - - - Selecting an integration enables the management of the outpost by authentik. - - - You can only select providers that match the type of the outpost. - - - Configuration - - - See more here: - - - Documentation - - - Last seen - - - , should be - - - Hostname - - - Not available - - - Last seen: - - - Unknown type - - - Outposts are deployments of authentik components to support different environments and protocols, like reverse proxies. - - - Health and Version - - - Warning: authentik Domain is not configured, authentication will not work. - - - Logging in via . - - - No integration active - - - Update Outpost - - - View Deployment Info - - - Detailed health (one instance per column, data is cached so may be out of date) - - - Outpost(s) - - - Create Outpost - - - Successfully updated integration. - - - Successfully created integration. - - - Local - - - If enabled, use the local connection. Required Docker socket/Kubernetes Integration. - - - Docker URL - - - Can be in the format of 'unix://' when connecting to a local docker daemon, using 'ssh://' to connect via SSH, or 'https://:2376' when connecting to a remote system. - - - CA which the endpoint's Certificate is verified against. Can be left empty for no validation. - - - TLS Authentication Certificate/SSH Keypair - - - Certificate/Key used for authentication. Can be left empty for no authentication. - - - When connecting via SSH, this keypair is used for authentication. - - - Kubeconfig - - - Verify Kubernetes API SSL Certificate - - - New outpost integration - - - Create a new outpost integration. - - - State - - - Unhealthy - - - Outpost integration(s) - - - Successfully generated certificate-key pair. - - - Common Name - - - Subject-alt name - - - Optional, comma-separated SubjectAlt Names. - - - Validity days - - - Successfully updated certificate-key pair. - - - Successfully created certificate-key pair. - - - PEM-encoded Certificate data. - - - Optional Private Key. If this is set, you can use this keypair for encryption. - - - Certificate-Key Pairs - - - Import certificates of external providers or create certificates to sign requests with. - - - Private key available? - - - Certificate-Key Pair(s) - - - Managed by authentik - - - Managed by authentik (Discovered) - - - Yes () - - - Update Certificate-Key Pair - - - Certificate Fingerprint (SHA1) - - - Certificate Fingerprint (SHA256) - - - Certificate Subject - - - Download Certificate - - - Download Private key - - - Create Certificate-Key Pair - - - Generate - - - Generate Certificate-Key Pair + + The current brand must have a recovery flow configured to use a recovery link Successfully updated settings. @@ -4528,18 +8120,6 @@ Bindings to groups/users are checked against the user of the event. Enable the ability for users to change their username. - - Event retention - - - Duration after which events will be deleted from the database. - - - When using an external logging solution for archiving, this can be set to "minutes=5". - - - This setting only affects new Events, as the expiration is saved per-event. - Footer links @@ -4561,483 +8141,6 @@ Bindings to groups/users are checked against the user of the event. System settings - - Save - - - Successfully updated instance. - - - Successfully created instance. - - - Disabled blueprints are never applied. - - - Local path - - - OCI Registry - - - OCI URL, in the format of oci://registry.domain.tld/path/to/manifest. - - - See more about OCI support here: - - - Blueprint - - - Configure the blueprint context, used for templating. - - - Orphaned - - - Automate and template configuration within authentik. - - - Last applied - - - Blueprint(s) - - - Update Blueprint - - - Apply - - - Create Blueprint Instance - - - Successfully updated license. - - - Successfully created license. - - - Install ID - - - License key - - - Manage enterprise licenses - - - No licenses found. - - - License(s) - - - Enterprise is in preview. - - - Get a license - - - Go to Customer Portal - - - Forecast internal users - - - Estimated user count one year from now based on current internal users and forecasted internal users. - - - Forecast external users - - - Estimated user count one year from now based on current external users and forecasted external users. - - - Cumulative license expiry - - - Internal: - - - External: - - - Update License - - - Install - - - Install License - - - WebAuthn requires this page to be accessed via HTTPS. - - - WebAuthn not supported by browser. - - - Open Wizard - - - Demo Wizard - - - Run the demo wizard - - - API request failed - - - Authenticating with Apple... - - - Retry - - - Authenticating with Plex... - - - Waiting for authentication... - - - If no Plex popup opens, click the button below. - - - Open login - - - User's avatar - - - Something went wrong! Please try again later. - - - Request ID - - - You may close this page now. - - - You're about to be redirect to the following URL. - - - Follow redirect - - - Request has been denied. - - - Not you? - - - Need an account? - - - Sign up. - - - Forgot username or password? - - - Select one of the sources below to login. - - - Or - - - Use a security key - - - Login to continue to . - - - Please enter your password - - - Forgot password? - - - Application requires following permissions: - - - Application already has access to the following permissions: - - - Application requires following new permissions: - - - Check your Inbox for a verification email. - - - Send Email again. - - - Successfully copied TOTP Config. - - - Copy - - - Code - - - Please enter your TOTP Code - - - Duo activation QR code - - - Alternatively, if your current device has Duo installed, click on this link: - - - Duo activation - - - Check status - - - Make sure to keep these tokens in a safe place. - - - Phone number - - - Please enter your Phone number. - - - Please enter the code you received via SMS - - - A code has been sent to you via SMS. - - - Open your two-factor authenticator app to view your authentication code. - - - Static token - - - Authentication code - - - Please enter your code - - - Return to device picker - - - Sending Duo push notification - - - Assertions is empty - - - Error when creating credential: - - - Error when validating assertion on server: - - - Retry authentication - - - Duo push-notifications - - - Receive a push notification on your device. - - - Authenticator - - - Use a security key to prove your identity. - - - Traditional authenticator - - - Use a code-based authenticator. - - - Recovery keys - - - In case you can't access any other method. - - - SMS - - - Tokens sent via SMS. - - - Select an authentication method. - - - Stay signed in? - - - Select Yes to reduce the number of times you're asked to sign in. - - - Enter the code shown on your device. - - - Please enter your Code - - - You've successfully authenticated your device. - - - Flow inspector - - - Next stage - - - Stage name - - - Stage kind - - - Stage object - - - This flow is completed. - - - Plan history - - - Current plan context - - - Session ID - - - Powered by authentik - - - Background image - - - Error creating credential: - - - Server validation of credential failed: - - - Register device - - - Unread notifications - - - Sign out - - - Admin interface - - - Stop impersonation - - - Avatar image - - - Less details - - - More details - - - Refer to documentation - - - No Applications available. - - - Either no applications are defined, or you don’t have access to any. - - - My Applications - - - My applications - - - Change your password - - - Change password - - - - - - Delete account - - - Successfully updated details - - - Open settings - - - No settings flow configured. - - - Update details - - - Successfully updated device. - - - Enroll - - - Update Device - - - Successfully disconnected source - - - Failed to disconnected source: - - - Disconnect - - - Connect - - - Error: unsupported source settings: - - - Connect your user account to the services listed below, to allow you to login using the service instead of traditional credentials. - - - No services available. - - - Create App password - - - User details - - - Consent - - - MFA Devices - - - Connected services - - - + + diff --git a/website/docs/outposts/index.mdx b/website/docs/outposts/index.mdx index bd3d7744c..b5ffe1c25 100644 --- a/website/docs/outposts/index.mdx +++ b/website/docs/outposts/index.mdx @@ -7,6 +7,7 @@ An outpost is a single deployment of an authentik component, which can be deploy - [LDAP Provider](../providers/ldap/index.md) - [Proxy Provider](../providers/proxy/index.md) - [RADIUS Provider](../providers/radius/index.md) +- [RAC Provider](../providers/rac/index.md) ![](outposts.png) diff --git a/website/docs/outposts/integrations/kubernetes.md b/website/docs/outposts/integrations/kubernetes.md index 0a94f9893..f50d48a50 100644 --- a/website/docs/outposts/integrations/kubernetes.md +++ b/website/docs/outposts/integrations/kubernetes.md @@ -2,7 +2,7 @@ title: Kubernetes --- -The kubernetes integration with automatically deploy outposts on any Kubernetes Cluster. +The kubernetes integration will automatically deploy outposts on any Kubernetes Cluster. This integration has the advantage over manual deployments of automatic updates (whenever authentik is updated, it updates the outposts), and authentik can (in a future version) automatically rotate the token that the outpost uses to communicate with the core authentik server. diff --git a/website/docs/providers/rac/index.md b/website/docs/providers/rac/index.md new file mode 100644 index 000000000..67e3b74da --- /dev/null +++ b/website/docs/providers/rac/index.md @@ -0,0 +1,47 @@ +--- +title: Remote Access (RAC) Provider +--- + +Enterprise + +--- + +:::info +This feature is in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues) +::: + +The Remote access provider allows users to access Windows/macOS/Linux machines via [RDP](https://en.wikipedia.org/wiki/Remote_Desktop_Protocol)/[SSH](https://en.wikipedia.org/wiki/Secure_Shell)/[VNC](https://en.wikipedia.org/wiki/Virtual_Network_Computing). + +:::info +This provider requires the deployment of the [RAC Outpost](../../outposts/) +::: + +## Endpoints + +Unlike other providers, where one provider-application pair must be created for each resource you wish to access, the RAC provider handles this slightly differently. For each machine (computer/server) that should be accessible, an _Endpoint_ object must be created within an RAC provider. + +The _Endpoint_ object specifies the hostname/IP of the machine to connect to, as well as the protocol to use. Additionally it is possible to bind policies to _endpoint_ objects to restrict access. Users must have access to both the application the RAC Provider is using as well as the individual endpoint. + +Configuration like credentials can be specified through _settings_, which can be specified on different levels and are all merged together when connecting: + +1. Provider settings +2. Endpoint settings +3. Connection settings (see [Connections](#connections)) +4. Provider property mapping settings +5. Endpoint property mapping settings + +## Connections + +Each connection is authorized through the policies bound to the application and the endpoint, and additional verification can be done with the authorization flow. + +Additionally it is possible to modify the connection settings through the authorization flow. Configuration set in `connection_settings` in the flow plan context will be merged with other settings as shown above. + +A new connection is created every time an endpoint is selected in the [User Interface](../../interfaces/user/customization.mdx). Once the user's authentik session expires, the connection is terminated. Additionally, the connection timeout can be specified in the provider, which applies even if the user is still authenticated. The connection can also be terminated manually. + +## Capabilities + +The following features are currently supported: + +- Bi-directional clipboard +- Audio redirection (from remote machine to browser) +- Resizing diff --git a/website/docs/providers/radius/index.md b/website/docs/providers/radius/index.md index f9f0b5403..f7966ef2f 100644 --- a/website/docs/providers/radius/index.md +++ b/website/docs/providers/radius/index.md @@ -2,10 +2,6 @@ title: Radius Provider --- -:::info -This feature is still in technical preview, so please report any Bugs you run into on [GitHub](https://github.com/goauthentik/authentik/issues) -::: - You can configure a Radius Provider for applications that don't support any other protocols or require Radius. :::info diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx index a79730ea0..2de91535a 100644 --- a/website/integrations/services/grafana/index.mdx +++ b/website/integrations/services/grafana/index.mdx @@ -24,6 +24,16 @@ Create an application in authentik. Create an OAuth2/OpenID provider with the fo - Signing Key: Select any available key - Redirect URIs: `https://grafana.company/login/generic_oauth` +Additionally, because Grafana has its own concept of groups, we need to create a custom Scope Mapping to ensure Grafana can read the user's groups assigned within authentik. It should contain the following expression: + +```json +return { + "info": { "groups": [group.name for group in request.user.ak_groups.all()] }, +} +``` + +This ensures that groups are available under `info.groups[]`, which can be used later in [Role Mapping](#role-mappings). + Note the Client ID and Client Secret values. Create an application, using the provider you've created above. Note the slug of the application you've created. ## Terraform provider @@ -46,6 +56,16 @@ data "authentik_scope_mapping" "scope-openid" { name = "authentik default OAuth Mapping: OpenID 'openid'" } +resource "authentik_scope_mapping" "scope-grafana-roles" { + name = "Grafana Groups" + scope_name = "grafana-groups" + expression = < @@ -138,7 +159,7 @@ auth_url = https://authentik.company/application/o/authorize/ token_url = https://authentik.company/application/o/token/ api_url = https://authentik.company/application/o/userinfo/ # Optionally map user groups to Grafana roles -role_attribute_path = contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' +role_attribute_path = contains(info.groups[*], 'Grafana Admins') && 'Admin' || contains(info.groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' ``` @@ -160,7 +181,7 @@ grafana.ini: token_url: "https://authentik.company/application/o/token/" api_url: "https://authentik.company/application/o/userinfo/" # Optionally map user groups to Grafana roles - role_attribute_path: contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' + role_attribute_path: contains(info.groups[*], 'Grafana Admins') && 'Admin' || contains(info.groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' ``` :::note @@ -178,8 +199,8 @@ In the example shown above, one of the specified group names is "Grafana Admins" If the user is not a member of the "Grafana Admins" group, it moves on to see if the user is a member of the "Grafana Editors" group. If they are, they are granted the "Editor" role. Finally, if the user is not found to be a member of either of these groups, it fails back to granting the "Viewer" role. ```text -contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' -^ attribute to search ^ group to search for ^ role to grant ^ or grant "Viewer" role. +contains(info.groups[*], 'Grafana Admins') && 'Admin' || contains(info.groups[*], 'Grafana Editors') && 'Editor' || 'Viewer' + ^ attribute ^ group to search for^ role to grant ^ or grant "Viewer" role. ``` For more information on group/role mappings, see [Grafana's docs](https://grafana.com/docs/grafana/latest/auth/generic-oauth/#role-mapping). diff --git a/website/package-lock.json b/website/package-lock.json index 5a0562f33..743f24714 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -16,7 +16,7 @@ "@docusaurus/theme-common": "^3.0.1", "@docusaurus/theme-mermaid": "^3.0.1", "@mdx-js/react": "^3.0.0", - "clsx": "^2.0.0", + "clsx": "^2.1.0", "disqus-react": "^1.1.5", "postcss": "^8.4.32", "prism-react-renderer": "^2.3.1", @@ -26,14 +26,14 @@ "react-dom": "^18.2.0", "react-feather": "^2.0.10", "react-toggle": "^4.1.3", - "react-tooltip": "^5.25.0", + "react-tooltip": "^5.25.1", "remark-github": "^12.0.0" }, "devDependencies": { "@docusaurus/module-type-aliases": "3.0.1", "@docusaurus/tsconfig": "3.0.1", "@docusaurus/types": "3.0.1", - "@types/react": "^18.2.45", + "@types/react": "^18.2.46", "prettier": "3.1.1", "typescript": "~5.3.3" }, @@ -4373,9 +4373,9 @@ "integrity": "sha512-+0autS93xyXizIYiyL02FCY8N+KkKPhILhcUSA276HxzreZ16kl+cmwvV2qAM/PuCCwPXzOXOWhiPcw20uSFcA==" }, "node_modules/@types/react": { - "version": "18.2.45", - "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.45.tgz", - "integrity": "sha512-TtAxCNrlrBp8GoeEp1npd5g+d/OejJHFxS3OWmrPBMFaVQMSN0OFySozJio5BHxTuTeug00AVXVAjfDSfk+lUg==", + "version": "18.2.46", + "resolved": "https://registry.npmjs.org/@types/react/-/react-18.2.46.tgz", + "integrity": "sha512-nNCvVBcZlvX4NU1nRRNV/mFl1nNRuTuslAJglQsq+8ldXe5Xv0Wd2f7WTE3jOxhLH2BFfiZGC6GCp+kHQbgG+w==", "dependencies": { "@types/prop-types": "*", "@types/scheduler": "*", @@ -5696,9 +5696,9 @@ } }, "node_modules/clsx": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.0.0.tgz", - "integrity": "sha512-rQ1+kcj+ttHG0MKVGBUXwayCCF1oh39BF5COIpRzuCEv8Mwjv0XucrI2ExNTOn9IlLifGClWQcU9BrZORvtw6Q==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.0.tgz", + "integrity": "sha512-m3iNNWpd9rl3jvvcBnu70ylMdrXt8Vlq4HYadnU5fwcOtvkSQWPmj7amUcDT2qYI7risszBjI5AUIUox9D16pg==", "engines": { "node": ">=6" } @@ -14365,9 +14365,9 @@ } }, "node_modules/react-tooltip": { - "version": "5.25.0", - "resolved": "https://registry.npmjs.org/react-tooltip/-/react-tooltip-5.25.0.tgz", - "integrity": "sha512-/eGhmlwbHlJrVoUe75fb58rJfAy9aZnTvQAK9ZUPM0n9mmBGpEk13vDPiQVCeUuax+fBej+7JPsUXlhzaySc7w==", + "version": "5.25.1", + "resolved": "https://registry.npmjs.org/react-tooltip/-/react-tooltip-5.25.1.tgz", + "integrity": "sha512-GDD0hrfbwGr2C6zEzVzzDzXSKeHM55cRFZQv2/EFmiFKVxWZk8hzOO5FNcwCpPyqVxQKUtYckReU5bXMd63alQ==", "dependencies": { "@floating-ui/dom": "^1.0.0", "classnames": "^2.3.0" diff --git a/website/package.json b/website/package.json index 418f9e87f..7773daee1 100644 --- a/website/package.json +++ b/website/package.json @@ -23,7 +23,7 @@ "@docusaurus/theme-common": "^3.0.1", "@docusaurus/theme-mermaid": "^3.0.1", "@mdx-js/react": "^3.0.0", - "clsx": "^2.0.0", + "clsx": "^2.1.0", "disqus-react": "^1.1.5", "postcss": "^8.4.32", "prism-react-renderer": "^2.3.1", @@ -32,7 +32,7 @@ "react-dom": "^18.2.0", "react-feather": "^2.0.10", "react-toggle": "^4.1.3", - "react-tooltip": "^5.25.0", + "react-tooltip": "^5.25.1", "react": "^18.2.0", "remark-github": "^12.0.0" }, @@ -52,7 +52,7 @@ "@docusaurus/module-type-aliases": "3.0.1", "@docusaurus/tsconfig": "3.0.1", "@docusaurus/types": "3.0.1", - "@types/react": "^18.2.45", + "@types/react": "^18.2.46", "prettier": "3.1.1", "typescript": "~5.3.3" }, diff --git a/website/sidebars.js b/website/sidebars.js index 992c7bf1d..a68ab6564 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -111,6 +111,7 @@ const docsSidebar = { items: ["providers/ldap/generic_setup"], }, "providers/scim/index", + "providers/rac/index", ], }, {