fix: Deploy all flow blueprints automatically (enrollment + recovery + 2FA)
CRITICAL FIX: Ensures all three flow blueprints are deployed during initial setup The issue was that only custom-flows.yaml was being deployed, but enrollment-flow.yaml and recovery-flow.yaml were created separately and manually deployed later. This caused problems when servers were rebuilt - the enrollment and recovery flows would disappear. Changes: - Updated flows.yml to deploy all three blueprints in a loop - enrollment-flow.yaml: Invitation-only user registration - recovery-flow.yaml: Password reset via email - custom-flows.yaml: 2FA enforcement and brand settings Now all flows will be available immediately after deployment: ✓ https://auth.dev.vrije.cloud/if/flow/default-enrollment-flow/ ✓ https://auth.dev.vrije.cloud/if/flow/default-recovery-flow/ 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Pieter
parent
fcc5b7bca2
commit
6cd6d7cc79
1 changed files with 32 additions and 20 deletions
|
|
@ -27,22 +27,34 @@
|
||||||
state: directory
|
state: directory
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
|
|
||||||
- name: Copy custom flows blueprint to server
|
- name: Copy flow blueprints to server
|
||||||
copy:
|
copy:
|
||||||
src: custom-flows.yaml
|
src: "{{ item }}"
|
||||||
dest: "{{ authentik_config_dir }}/blueprints/custom-flows.yaml"
|
dest: "{{ authentik_config_dir }}/blueprints/{{ item }}"
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
register: blueprint_copied
|
loop:
|
||||||
|
- custom-flows.yaml
|
||||||
|
- enrollment-flow.yaml
|
||||||
|
- recovery-flow.yaml
|
||||||
|
register: blueprints_copied
|
||||||
|
|
||||||
- name: Copy blueprint into authentik-worker container
|
- name: Copy blueprints into authentik-worker container
|
||||||
shell: |
|
shell: |
|
||||||
docker cp "{{ authentik_config_dir }}/blueprints/custom-flows.yaml" authentik-worker:/blueprints/custom-flows.yaml
|
docker cp "{{ authentik_config_dir }}/blueprints/{{ item }}" authentik-worker:/blueprints/{{ item }}
|
||||||
changed_when: blueprint_copied.changed
|
loop:
|
||||||
|
- custom-flows.yaml
|
||||||
|
- enrollment-flow.yaml
|
||||||
|
- recovery-flow.yaml
|
||||||
|
when: blueprints_copied.changed
|
||||||
|
|
||||||
- name: Copy blueprint into authentik-server container
|
- name: Copy blueprints into authentik-server container
|
||||||
shell: |
|
shell: |
|
||||||
docker cp "{{ authentik_config_dir }}/blueprints/custom-flows.yaml" authentik-server:/blueprints/custom-flows.yaml
|
docker cp "{{ authentik_config_dir }}/blueprints/{{ item }}" authentik-server:/blueprints/{{ item }}
|
||||||
changed_when: blueprint_copied.changed
|
loop:
|
||||||
|
- custom-flows.yaml
|
||||||
|
- enrollment-flow.yaml
|
||||||
|
- recovery-flow.yaml
|
||||||
|
when: blueprints_copied.changed
|
||||||
|
|
||||||
- name: Wait for blueprint to be discovered and applied
|
- name: Wait for blueprint to be discovered and applied
|
||||||
shell: |
|
shell: |
|
||||||
|
|
@ -104,10 +116,13 @@
|
||||||
========================================
|
========================================
|
||||||
|
|
||||||
Configuration Method: YAML Blueprints
|
Configuration Method: YAML Blueprints
|
||||||
Blueprint File: /blueprints/custom-flows.yaml
|
Blueprints Deployed:
|
||||||
|
- /blueprints/custom-flows.yaml (2FA enforcement)
|
||||||
|
- /blueprints/enrollment-flow.yaml (invitation-only registration)
|
||||||
|
- /blueprints/recovery-flow.yaml (password reset via email)
|
||||||
|
|
||||||
✓ Blueprint Deployed: {{ blueprint_copied.changed }}
|
✓ Blueprints Deployed: {{ blueprints_copied.changed }}
|
||||||
✓ Blueprint Applied: {{ 'Yes' if 'successfully' in blueprint_wait.stdout else 'In Progress' }}
|
✓ Blueprints Applied: {{ 'Yes' if 'successfully' in blueprint_wait.stdout else 'In Progress' }}
|
||||||
|
|
||||||
Verification:
|
Verification:
|
||||||
{{ invitation_check.stdout | default('Invitation stage: Checking...') }}
|
{{ invitation_check.stdout | default('Invitation stage: Checking...') }}
|
||||||
|
|
@ -116,12 +131,9 @@
|
||||||
Note: Authentik applies blueprints asynchronously.
|
Note: Authentik applies blueprints asynchronously.
|
||||||
Changes should be visible within 1-2 minutes.
|
Changes should be visible within 1-2 minutes.
|
||||||
|
|
||||||
To verify manually:
|
Flow URLs:
|
||||||
- Login to https://{{ authentik_domain }}
|
- Enrollment: https://{{ authentik_domain }}/if/flow/default-enrollment-flow/
|
||||||
- Check Admin > Flows > Stages for invitation stage
|
- Recovery: https://{{ authentik_domain }}/if/flow/default-recovery-flow/
|
||||||
- Check Admin > System > Brands for recovery flow setting
|
|
||||||
- Check default-authentication-mfa-validation stage for 2FA enforcement
|
|
||||||
|
|
||||||
Email configuration is active and flows
|
Email configuration is active - emails sent via Mailgun SMTP.
|
||||||
will send emails via Mailgun SMTP.
|
|
||||||
========================================
|
========================================
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue