From bfeefeea2fa0dfff048e8212857a6927f72f2560 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Thu, 19 Mar 2026 14:36:05 -0400 Subject: [PATCH] ensure bool sliders for kratos --- salt/kratos/soc_kratos.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/salt/kratos/soc_kratos.yaml b/salt/kratos/soc_kratos.yaml index d64ac6d47..1cd2728c8 100644 --- a/salt/kratos/soc_kratos.yaml +++ b/salt/kratos/soc_kratos.yaml @@ -6,8 +6,9 @@ kratos: helpLink: kratos oidc: - enabled: + enabled: description: Set to True to enable OIDC / Single Sign-On (SSO) to SOC. Requires a valid Security Onion license key. + forcedType: bool global: True helpLink: oidc config: @@ -81,6 +82,7 @@ kratos: email: essential: description: Specifies whether the email claim is necessary. Typically leave this value set to true. + forcedType: bool advanced: True global: True helpLink: oidc @@ -108,19 +110,22 @@ kratos: selfservice: methods: password: - enabled: + enabled: description: Set to True to enable traditional password authentication to SOC. Typically set to true, except when exclusively using OIDC authentication. Some external tool interfaces may not be accessible if local password authentication is disabled. + forcedType: bool global: True advanced: True helpLink: oidc config: haveibeenpwned_enabled: description: Set to True to check if a newly chosen password has ever been found in a published list of previously-compromised passwords. Requires outbound Internet connectivity when enabled. + forcedType: bool global: True helpLink: kratos totp: - enabled: + enabled: description: Set to True to enable Time-based One-Time Password (TOTP) multi-factor authentication (MFA) to SOC. Enable to ensure proper security protections remain in place. Be aware that disabling this setting, after users have already setup TOTP, may prevent users from logging in. + forcedType: bool global: True helpLink: kratos config: @@ -131,11 +136,13 @@ kratos: webauthn: enabled: description: Set to True to enable Security Keys (WebAuthn / PassKeys) for passwordless or multi-factor authentication (MFA) SOC logins. Security Keys are a Public-Key Infrastructure (PKI) based authentication method, typically involving biometric hardware devices, such as laptop fingerprint scanners and USB hardware keys. Be aware that disabling this setting, after users have already setup their accounts with Security Keys, may prevent users from logging in. + forcedType: bool global: True helpLink: kratos config: - passwordless: + passwordless: description: Set to True to utilize Security Keys (WebAuthn / PassKeys) for passwordless logins. Set to false to utilize Security Keys as a multi-factor authentication (MFA) method supplementing password logins. Be aware that changing this value, after users have already setup their accounts with the previous value, may prevent users from logging in. + forcedType: bool global: True helpLink: kratos rp: