providers/saml: configuration for default NameID Policy

[BeryJu]

Details

Allow specifying a default NameID Policy for IDP-initiated login requests or when AuthN requests don't have a NameID policy. Fixes issues with IDP-initiated logins for things like Notion and AWS Identity Center

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	88b261c
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/688f3b03e7ac45000811672c

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	88b261c
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/688f3b0363b8fb00087ce0af
😎 Deploy Preview	https://deploy-preview-15109--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 90.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 92.75%. Comparing base (56ff8b1) to head (88b261c).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/providers/saml/processors/assertion.py	50.00%	1 Missing ⚠️
.../providers/saml/processors/authn_request_parser.py	83.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #15109      +/-   ##
==========================================
+ Coverage   92.70%   92.75%   +0.04%     
==========================================
  Files         831      831              
  Lines       44471    44488      +17     
==========================================
+ Hits        41225    41263      +38     
+ Misses       3246     3225      -21     

Flag	Coverage Δ
e2e	46.86% <50.00%> (+0.07%)	⬆️
integration	23.62% <15.00%> (-0.01%)	⬇️
unit	90.82% <90.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-88b261c9fed845fbb7c6d3a0886bb96072b2271f
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-88b261c9fed845fbb7c6d3a0886bb96072b2271f

Afterwards, run the upgrade commands from the latest release notes.

[netlify]

✅ Deploy Preview for authentik-integrations canceled.

Name	Link
🔨 Latest commit	88b261c
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/688f3b0330aeb0000801a732