How does policy ordering work ? #9358
Unanswered
paulchabanon
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I am currently testing Authentik on my server and I really like it!
Big props to all the team !
I have been doing a bit of testing and there is some fundamental logic that I seem to miss.
Here is my case:
I followed the instructions at the bottom of this page https://docs.goauthentik.io/integrations/sources/google/ to do the username mapping and it works like a charm but, I am wondering what is going on when they are multiple policies conditioning a stage.
I have here two policies with orders 0 and 1.
Here is the corresponding diagram:
I was expecting a "first matched" policy system, especially because I have selected "any" for the policy matching option in the stage binding, which I understand as: if the first policy doesn't match the second is tried, then the third, and so on.
But, in the diagram my policies appear on the same "level" (or hight) which I found confusing.
I don't really understand why that is and why they are both connected to the flow start.
My tests seam to show that, because default-source-enrollment-if-username is "order 1", it appears to be never evaluated.
In the diagram we can see that non of the outputs of dz-google-sso-username-mapping-policy are going back to default-source-enrollment-if-username. Is their even a scenario where default-source-enrollment-if-username is evaluated ?
Thank you in advance for those clarifications.
Beta Was this translation helpful? Give feedback.
All reactions