Add privileged session config option to kratos config UI

2025-12-06 17:22:49 +01:00 · 2023-04-28 13:14:30 -04:00
parent 8459054ff8
commit 4c58aa2ccf
2 changed files with 7 additions and 1 deletions
--- a/salt/kratos/defaults.yaml
+++ b/salt/kratos/defaults.yaml
@@ -5,6 +5,8 @@ kratos:
      whoami:
        required_aal: highest_available
    selfservice:
+      settings:
+        privileged_session_max_age: 5m
      methods:
        password:
          enabled: true
--- a/salt/kratos/soc_kratos.yaml
+++ b/salt/kratos/soc_kratos.yaml
@@ -12,6 +12,11 @@ kratos:
          advanced: True
          helpLink: kratos.html
    selfservice:
+      settings:
+        privileged_session_max_age:
+          description: The length of time after a successful authentication for a user's session to be elevated to a privileged session. Privileged sessions are able to change passwords and MFA settings for that user. If a session is no longer privileged then the user is sent to the login form first, before the security settings can be adjusted.
+          global: True
+          helpLink: kratos.html
      methods:
        password:
          enabled: 
@@ -23,7 +28,6 @@ kratos:
            haveibeenpwned_enabled:
              description: Set to True to check if a newly chosen password has ever been found in a published list of previously-compromised passwords. Requires outbound Internet connectivity when enabled.
              global: True
-              advanced: True
              helpLink: kratos.html
        totp:
          enabled: