ensure bool sliders for kratos

2026-03-25 05:52:41 +01:00 · 2026-03-19 14:36:05 -04:00
parent 8251d56a96
commit bfeefeea2f
1 changed files with 11 additions and 4 deletions
--- a/salt/kratos/soc_kratos.yaml
+++ b/salt/kratos/soc_kratos.yaml
@@ -6,8 +6,9 @@ kratos:
    helpLink: kratos

  oidc:
-    enabled: 
+    enabled:
      description: Set to True to enable OIDC / Single Sign-On (SSO) to SOC. Requires a valid Security Onion license key.
+      forcedType: bool
      global: True
      helpLink: oidc
    config:
@@ -81,6 +82,7 @@ kratos:
          email:
            essential:
              description: Specifies whether the email claim is necessary. Typically leave this value set to true.
+              forcedType: bool
              advanced: True
              global: True
              helpLink: oidc
@@ -108,19 +110,22 @@ kratos:
    selfservice:
      methods:
        password:
-          enabled: 
+          enabled:
            description: Set to True to enable traditional password authentication to SOC. Typically set to true, except when exclusively using OIDC authentication. Some external tool interfaces may not be accessible if local password authentication is disabled.
+            forcedType: bool
            global: True
            advanced: True
            helpLink: oidc
          config:
            haveibeenpwned_enabled:
              description: Set to True to check if a newly chosen password has ever been found in a published list of previously-compromised passwords. Requires outbound Internet connectivity when enabled.
+              forcedType: bool
              global: True
              helpLink: kratos
        totp:
-          enabled: 
+          enabled:
            description: Set to True to enable Time-based One-Time Password (TOTP) multi-factor authentication (MFA) to SOC. Enable to ensure proper security protections remain in place. Be aware that disabling this setting, after users have already setup TOTP, may prevent users from logging in.
+            forcedType: bool
            global: True
            helpLink: kratos
          config:
@@ -131,11 +136,13 @@ kratos:
        webauthn:
          enabled:
            description: Set to True to enable Security Keys (WebAuthn / PassKeys) for passwordless or multi-factor authentication (MFA) SOC logins. Security Keys are a Public-Key Infrastructure (PKI) based authentication method, typically involving biometric hardware devices, such as laptop fingerprint scanners and USB hardware keys. Be aware that disabling this setting, after users have already setup their accounts with Security Keys, may prevent users from logging in.
+            forcedType: bool
            global: True
            helpLink: kratos
          config:
-            passwordless: 
+            passwordless:
              description: Set to True to utilize Security Keys (WebAuthn / PassKeys) for passwordless logins. Set to false to utilize Security Keys as a multi-factor authentication (MFA) method supplementing password logins. Be aware that changing this value, after users have already setup their accounts with the previous value, may prevent users from logging in.
+              forcedType: bool
              global: True
              helpLink: kratos
            rp: