providers/saml: allow encryption certificates without private keys

[PeshekDotDev]

…for saml encryption

Details

Closes #19499

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make docs)

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	7c22845
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/696a7140d32e250007642b30
😎 Deploy Preview	https://deploy-preview-19526--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	7c22845
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/696a7140f8f7d60007d26801
😎 Deploy Preview	https://deploy-preview-19526--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	7c22845
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/696a714093379a0008d07cfb
😎 Deploy Preview	https://deploy-preview-19526--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.27%. Comparing base (cbff6b1) to head (56c6913).
⚠️ Report is 53 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #19526      +/-   ##
==========================================
- Coverage   93.29%   93.27%   -0.03%     
==========================================
  Files         949      949              
  Lines       52052    52068      +16     
==========================================
  Hits        48564    48564              
- Misses       3488     3504      +16     

Flag	Coverage Δ
conformance	38.25% <0.00%> (-0.02%)	⬇️
e2e	44.19% <0.00%> (-0.06%)	⬇️
integration	23.20% <0.00%> (-0.01%)	⬇️
unit	91.50% <100.00%> (+<0.01%)	⬆️
unit-migrate	91.52% <100.00%> (-0.04%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-56c6913f0531cf2a6d607330caa31a1988c1bbaa
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-56c6913f0531cf2a6d607330caa31a1988c1bbaa

Afterwards, run the upgrade commands from the latest release notes.

[jkman340]

#19499 (comment)

[authentik-automation]

🍒 Cherry-pick to version-2025.12 created: #19612