sources/saml: properly catch InvalidSignature exception (cherry-pick #19641 to version-2025.12)

[authentik-automation]

Cherry-pick of #19641 to version-2025.12 branch.

Original PR: #19641
Original Author: @PeshekDotDev
Cherry-picked commit: e69bb40

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	4d65c97
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/697b942c14a93f000838e742
😎 Deploy Preview	https://deploy-preview-19650--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 93.26%. Comparing base (6ad4bbe) to head (4d65c97).
⚠️ Report is 2 commits behind head on version-2025.12.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/sources/saml/views.py	50.00%	1 Missing ⚠️

Additional details and impacted files

@@               Coverage Diff                @@
##           version-2025.12   #19650   +/-   ##
================================================
  Coverage            93.26%   93.26%           
================================================
  Files                  946      946           
  Lines                52331    52331           
================================================
+ Hits                 48806    48808    +2     
+ Misses                3525     3523    -2     

Flag	Coverage Δ
e2e	44.46% <50.00%> (+<0.01%)	⬆️
integration	23.58% <0.00%> (+<0.01%)	⬆️
unit	91.56% <50.00%> (+<0.01%)	⬆️
unit-migrate	91.60% <50.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-4d65c976f8e91a7017db06a2c343537a263092cd
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-4d65c976f8e91a7017db06a2c343537a263092cd

Afterwards, run the upgrade commands from the latest release notes.