fix: Remove auto-login from enrollment flow to avoid redirect issue

- Removed user login stage from enrollment flow
- Users now see completion page instead of being auto-logged in
- Prevents redirect to /if/user/ which requires internal user permissions
- Users can manually go to Nextcloud and log in with OIDC after registration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

ansible/roles/authentik/files/enrollment-flow.yaml

@@ -12,6 +12,7 @@ entries:
       name: Default enrollment Flow
       title: Welcome to authentik!
       authentication: none
+      denied_action: message_continue
     identifiers:
       slug: default-enrollment-flow
     model: authentik_flows.flow
@@ -116,15 +117,7 @@ entries:
     id: user-write-stage
     model: authentik_stages_user_write.userwritestage
 
-  # 6. CREATE USER LOGIN STAGE
+  # 6. BIND INVITATION STAGE TO FLOW (order 0)
-  - attrs:
-      session_duration: seconds=0
-    identifiers:
-      name: default-enrollment-user-login
-    id: user-login-stage
-    model: authentik_stages_user_login.userloginstage
-
-  # 7. BIND INVITATION STAGE TO FLOW (order 0)
   - attrs:
       evaluate_on_plan: true
       re_evaluate_policies: false
@@ -153,13 +146,3 @@ entries:
       stage: !KeyOf user-write-stage
       target: !KeyOf flow
     model: authentik_flows.flowstagebinding
-
-  # 10. BIND USER LOGIN STAGE TO FLOW (order 30)
-  - attrs:
-      evaluate_on_plan: true
-      re_evaluate_policies: false
-    identifiers:
-      order: 30
-      stage: !KeyOf user-login-stage
-      target: !KeyOf flow
-    model: authentik_flows.flowstagebinding