Merge pull request #7982 from Security-Onion-Solutions/kilo

Upgrade to Kratos 0.9.0-alpha.3

salt/common/tools/sbin/so-user

@@ -44,7 +44,7 @@ operation=$1
 email=$2
 role=$3
 
-kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434}
+kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434/admin}
 databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
 databaseTimeout=${KRATOS_DB_TIMEOUT:-5000}
 bcryptRounds=${BCRYPT_ROUNDS:-12}
@@ -408,7 +408,7 @@ function migrateLockedUsers() {
   # This is a migration function to convert locked users from prior to 2.3.90
   # to inactive users using the newer Kratos functionality. This should only
   # find locked users once.
-  lockedEmails=$(curl -s http://localhost:4434/identities | jq -r '.[] | select(.traits.status == "locked") | .traits.email')
+  lockedEmails=$(curl -s ${kratosUrl}/identities | jq -r '.[] | select(.traits.status == "locked") | .traits.email')
   if [[ -n "$lockedEmails" ]]; then
     echo "Disabling locked users..."
     for email in $lockedEmails; do

salt/kratos/files/kratos.yaml

@@ -37,7 +37,7 @@ selfservice:
       ui_url: https://{{ WEBACCESS }}/login/
     
   default_browser_return_url: https://{{ WEBACCESS }}/
-  whitelisted_return_urls:
+  allowed_return_urls:
     - http://127.0.0.1
 
 log:
@@ -59,7 +59,10 @@ hashers:
     cost: 12
 
 identity:
-  default_schema_url: file:///kratos-conf/schema.json
+  default_schema_id: default
+  schemas:
+    - id: default
+      url: file:///kratos-conf/schema.json
 
 courier:
   smtp: