Jens L.

Nvm I can reproduce it now, I think the machine I tested on wasn't actually safari 16

Yes, when using an LDAP Source, after the first successful authentication, authentik will hash and save the password into its own database, this is mostly done to speed up further...

Actually, and I keep forgetting about this, you can configure the password stage of the authentication flow and only select the LDAP backend, in that case it will always try...

Indeed that is the option I was thinking of Sadly not as it requires the Duo Admin API which can only be used on non-free Duo plans.

There was some previous discussion about this setup that required always binding to LDAP in a GitHub issue I cant find, and there was also the reasoning why even when...

For the first part, the outpost uses the standard Go HTTP Client which should respect the CA certificates in the container, and since those are based on debian, you should...

The screenshot in the harbor documentation is a bit outdated, you dont have to create anything for this you can just set the groups claim to `groups`

No, the `groups` claim is included in the default `profile` scope, see https://github.com/goauthentik/authentik/blob/main/blueprints/system/providers-oauth2.yaml#L47

What do you mean with `has logged in with the corresponding group`?

In the admin interface, under Flows & Stages -> Prompts, edit the Prompt with the label `Name` and ensure `Interpret placeholder as expression` isn't checked (This will automatically be fixed...