authentik
authentik copied to clipboard
Published
20 hours ago •
goauthentik
goauthentik
Property Mapping Exception error in User Settings
Describe your question
I'm getting a property_mapping_exception error when I view /if/user/#/settings in the User interface. This is my first time setting up Authentik (thank you very much for this amazing project!) and I've got it working behind Traefik and have set up SAML SSO with NextCloud. I just need to figure out this property mapping exception error.
In the Admin interface, under Users, my admin user and test user both have Username, Name, Email defined but in the User interface, all those fields are blank. What am I missing?
Relevant info
Authentik docker-compose.yml
version: '3.7'
networks:
ingress:
external: true
authentik:
internal: true
services:
authentik:
container_name: ${SERVICE_NAME}-app
image: ${AUTHENTIK_IMAGE}:${AUTHENTIK_TAG}
depends_on: [db, cache, authentik-worker]
command: server
env_file: [.env]
environment:
AUTHENTIK_POSTGRESQL__USER: ${DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
# WORKERS: 2
networks: [authentik, ingress]
security_opt: [no-new-privileges:true]
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.routers.${SERVICE_NAME}.rule=Host(`${DOMAIN}`)
- traefik.http.routers.${SERVICE_NAME}.entrypoints=websecure
- traefik.http.routers.${SERVICE_NAME}.tls.certresolver=le
- traefik.http.routers.${SERVICE_NAME}.service=${SERVICE_NAME}
- traefik.http.routers.${SERVICE_NAME}.middlewares=sslheader
- traefik.http.services.${SERVICE_NAME}.loadbalancer.server.port=${SERVICE_PORT}
- traefik.http.services.${SERVICE_NAME}.loadbalancer.server.scheme=http
- traefik.http.services.${SERVICE_NAME}.loadbalancer.passhostheader=true
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
volumes:
- ./media:/media # mkdir, then sudo chown 1000:1000 media templates backups certs
- ./templates:/templates
# - ./geoip:/geoip
authentik-worker:
container_name: ${SERVICE_NAME}-worker
image: ${AUTHENTIK_IMAGE}:${AUTHENTIK_TAG}
depends_on: [db, cache]
command: worker
env_file: [.env]
environment:
AUTHENTIK_POSTGRESQL__USER: ${DB_USER}
AUTHENTIK_POSTGRESQL__NAME: ${DB_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${DB_PASSWORD}
networks: [authentik]
security_opt: [no-new-privileges:true]
restart: unless-stopped
# user:root is optional, and can be removed. If you remove this, the following will happen
# - The permissions for the /backups and /media folders aren't fixed, so make sure they are 1000:1000
# - The docker socket can't be accessed anymore
user: root
volumes:
- ./backups:/backups
- ./media:/media
- ./certs:/certs
- /var/run/docker.sock:/var/run/docker.sock
- ./templates:/templates
# - ./geoip:/geoip
# geoipupdate:
# container_name: ${SERVICE_NAME}-geoip
# image: 'maxmindinc/geoipupdate:latest'
# volumes:
# - './geoip:/usr/share/GeoIP'
# environment:
# GEOIPUPDATE_EDITION_IDS: 'GeoLite2-City'
# GEOIPUPDATE_FREQUENCY: '8'
# env_file:
# - .env
db:
container_name: ${SERVICE_NAME}-db
image: postgres:${DB_VERSION}
environment:
- POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_USER=${DB_USER}
- POSTGRES_DB=${DB_NAME}
networks: [authentik]
healthcheck:
test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}']
start_period: 20s
interval: 30s
retries: 5
timeout: 5s
restart: unless-stopped
volumes: [./db:/var/lib/postgresql/data]
cache:
container_name: ${SERVICE_NAME}-cache
image: redis:${CACHE_VERSION}
networks: [authentik]
healthcheck:
test: ['CMD-SHELL', 'redis-cli ping | grep PONG']
start_period: 20s
interval: 30s
retries: 5
timeout: 3s
restart: unless-stopped
volumes: [./cache:/data]
.env
INTERNAL_NETWORK=authentik
EXTERNAL_NETWORK=ingress
SERVICE_NAME=authentik
SERVICE_PORT=9000
DOMAIN=authtest.domain.tld
DB_VERSION=14.5-alpine
DB_NAME=authentik
DB_USER=authentik
DB_PASSWORD=SECRET
CACHE_VERSION=7.0.4-alpine
AUTHENTIK_IMAGE=beryju/authentik
AUTHENTIK_TAG=2022.8
AUTHENTIK_REDIS__HOST=cache
AUTHENTIK_POSTGRESQL__HOST=db
# generate with `openssl rand -hex 50`, don't change after first install
AUTHENTIK_SECRET_KEY=SECRET
# debug, info (default), warning, error, trace
AUTHENTIK_LOG_LEVEL=debug
AUTHENTIK_DISABLE_UPDATE_CHECK=true
AUTHENTIK_ERROR_REPORTING__ENABLED=false
# none, gravatar, <url>
AUTHENTIK_AVATARS=none
AUTHENTIK_EMAIL__HOST=smtp.sendgrid.net
AUTHENTIK_EMAIL__PORT=25
# (don't add quotation marks to you password)
AUTHENTIK_EMAIL__USERNAME=apikey
AUTHENTIK_EMAIL__PASSWORD=SECRET
AUTHENTIK_EMAIL__USE_TLS=true
AUTHENTIK_EMAIL__USE_SSL=false
AUTHENTIK_EMAIL__TIMEOUT=30
[email protected]
Screenshots
Logs
Event Info
Event info
Exception
File "BaseEvalautor", line 4, in <module>
File "BaseEvalautor", line 3, in handler
name 'Name' is not defined
Expression
Name
Show less
Context
{
"message": " File \"BaseEvalautor\", line 4, in <module>\n\n File \"BaseEvalautor\", line 3, in handler\n\nname 'Name' is not defined",
"expression": "Name",
"http_request": {
"args": {
"query": ""
},
"path": "/api/v3/flows/executor/default-user-settings-flow/",
"method": "GET"
}
}
User
{
"pk": 1,
"email": "[email protected]",
"username": "jay"
}
I get these error logs regarding a config file, not sure what this is about:
authentik-app | {"error":"Failed to load config file: open ./local.env.yml: no such file or directory","event":"failed to load config, skipping","level":"info","timestamp":"2022-09-17T21:20:10Z"}
authentik-app | 1663449612.7221007 [info ] Starting gunicorn 20.1.0 [gunicorn.error]
authentik-app | 1663449612.7274387 [info ] Listening at: http://127.0.0.1:8000 (14) [gunicorn.error]
authentik-app | 1663449612.727674 [info ] Using worker: lifecycle.worker.DjangoUvicornWorker [gunicorn.error]
authentik-app | 1663449612.7319279 [info ] Booting worker with pid: 16 [gunicorn.error]
authentik-app | 1663449612.8006082 [info ] Booting worker with pid: 17 [gunicorn.error]
authentik-worker | {"event": "e(trigger): checking if trigger applies", "level": "debug", "logger": "authentik.events.tasks", "pid": 42, "task_id": "task-4b108c1615c2428ab6a952fc7c1a38a9", "timestamp": "2022-09-17T21:20:52.528566", "trigger": "<NotificationRule: Notification Rule default-notify-configuration-error>"}
authentik-worker | {"binding": "<PolicyBinding: Binding from Notification Rule default-notify-configuration-error #0 to Policy default-match-configuration-error>", "event": "P_ENG: Evaluating policy", "level": "debug", "logger": "authentik.policies.engine", "pid": 42, "request": "<PolicyRequest user=jay obj=Notification Rule default-notify-configuration-error>", "task_id": "task-4b108c1615c2428ab6a952fc7c1a38a9", "timestamp": "2022-09-17T21:20:52.642175"}
authentik-worker | {"binding": "<PolicyBinding: Binding from Notification Rule default-notify-configuration-error #0 to Policy default-match-configuration-error>", "event": "P_ENG: Starting Process", "level": "debug", "logger": "authentik.policies.engine", "pid": 42, "request": "<PolicyRequest user=jay obj=Notification Rule default-notify-configuration-error>", "task_id": "task-4b108c1615c2428ab6a952fc7c1a38a9", "timestamp": "2022-09-17T21:20:52.679204"}
authentik-worker | {"event": "P_ENG(proc): Running policy", "level": "debug", "logger": "authentik.policies.process", "pid": 42, "policy": "<EventMatcherPolicy: default-match-configuration-error>", "process": "PolicyProcess", "task_id": "task-4b108c1615c2428ab6a952fc7c1a38a9", "timestamp": "2022-09-17T21:20:52.679797", "user": "jay"}
authentik-worker | {"event": "P_ENG(proc): finished and cached ", "level": "debug", "logger": "authentik.policies.process", "passing": false, "pid": 42, "policy": "<EventMatcherPolicy: default-match-configuration-error>", "process": "PolicyProcess", "result": "<PolicyResult passing=False>", "task_id": "task-4b108c1615c2428ab6a952fc7c1a38a9", "timestamp": "2022-09-17T21:20:52.681732", "user": "jay"}
These are the error logs when the property mapping exception is triggered
authentik-worker | {"event": "e(trigger): checking if trigger applies", "level": "debug", "logger": "authentik.events.tasks", "pid": 98, "task_id": "task-9c080d0af47a4fbcad8c2024c8b3b87d", "timestamp": "2022-09-17T21:23:50.440908", "trigger": "<NotificationRule: Notification Rule default-notify-configuration-error>"}
authentik-worker | {"binding": "<PolicyBinding: Binding from Notification Rule default-notify-configuration-error #0 to Policy default-match-configuration-error>", "event": "P_ENG: Evaluating policy", "level": "debug", "logger": "authentik.policies.engine", "pid": 98, "request": "<PolicyRequest user=jay obj=Notification Rule default-notify-configuration-error>", "task_id": "task-9c080d0af47a4fbcad8c2024c8b3b87d", "timestamp": "2022-09-17T21:23:50.464372"}
authentik-worker | {"binding": "<PolicyBinding: Binding from Notification Rule default-notify-configuration-error #0 to Policy default-match-configuration-error>", "event": "P_ENG: Starting Process", "level": "debug", "logger": "authentik.policies.engine", "pid": 98, "request": "<PolicyRequest user=jay obj=Notification Rule default-notify-configuration-error>", "task_id": "task-9c080d0af47a4fbcad8c2024c8b3b87d", "timestamp": "2022-09-17T21:23:50.478907"}
authentik-worker | {"event": "P_ENG(proc): Running policy", "level": "debug", "logger": "authentik.policies.process", "pid": 98, "policy": "<EventMatcherPolicy: default-match-configuration-error>", "process": "PolicyProcess", "task_id": "task-9c080d0af47a4fbcad8c2024c8b3b87d", "timestamp": "2022-09-17T21:23:50.479943", "user": "jay"}
authentik-worker | {"event": "P_ENG(proc): finished and cached ", "level": "debug", "logger": "authentik.policies.process", "passing": false, "pid": 98, "policy": "<EventMatcherPolicy: default-match-configuration-error>", "process": "PolicyProcess", "result": "<PolicyResult passing=False>", "task_id": "task-9c080d0af47a4fbcad8c2024c8b3b87d", "timestamp": "2022-09-17T21:23:50.481079", "user": "jay"}
Version and Deployment:
- authentik version: 2022.8.2
- Deployment: docker-compose
In the admin interface, under Flows & Stages -> Prompts, edit the Prompt with the label Name and ensure Interpret placeholder as expression isn't checked
(This will automatically be fixed in 9.0, due relatively soon)
Thanks for the prompt response, Jens! I unchecked Interpret placeholder as expression but still getting the same behavior as before, user data is not populating. I also verified that it was unchecked for all the other fields but same issue.
oh if you want the name to pre prefilled, then the option has to be enabled, and the placeholder should be set to something like
try:
return user.name
except:
return ''
Is this a custom prompt/flow setup?
Ah, thank you! I finally got it working. I set the placeholders to interpret as expressions for Name, Username and Email and now in the User Interface update details prompt, those details populate with the existing data.
No, this is not a custom prompt. This is a vanilla install. Just going to /if/user/#/settings and saw that the prefilled data was blank, which didn't make sense. Do you think, by default, these prompts should evaulate to these expressions?
try:
return user.name
except:
return ''
try:
return user.username
except:
return ''
try:
return user.email
except:
return ''
That is what the default should do https://github.com/goauthentik/authentik/blob/main/blueprints/default/30-flow-default-user-settings-flow.yaml#L28, however this should be fixed by 2022.9 which is out soon so I'll close this for now