sources/saml: prevent authnrequest signature being inside body on redirect

[PeshekDotDev]

Details

When sending an authnrequest, the signature must go inside of the url parameter. The body cannot be signed, as this can effect the xml size, the signatures will not match each other in the url and the saml body, and some idp's can have parsing errors due to not expecting this in the body

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make docs)

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	aba0ba5
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/6984f6f15ea49c0008a66dc8
😎 Deploy Preview	https://deploy-preview-19898--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	aba0ba5
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/6984f6f192a612000869903b
😎 Deploy Preview	https://deploy-preview-19898--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.24%. Comparing base (9721c4f) to head (bb78d73).
⚠️ Report is 7 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #19898      +/-   ##
==========================================
+ Coverage   93.21%   93.24%   +0.02%     
==========================================
  Files         968      968              
  Lines       53438    53567     +129     
==========================================
+ Hits        49813    49946     +133     
+ Misses       3625     3621       -4     

Flag	Coverage Δ
conformance	37.97% <20.00%> (-0.09%)	⬇️
e2e	43.98% <60.00%> (-0.06%)	⬇️
integration	22.71% <0.00%> (-0.06%)	⬇️
unit	91.40% <100.00%> (+0.01%)	⬆️
unit-migrate	91.41% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	aba0ba5
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/6984f6f138ad270008662035
😎 Deploy Preview	https://deploy-preview-19898--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-bb78d73713645b00dab75cb5d88562329eda5b29
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-bb78d73713645b00dab75cb5d88562329eda5b29

Afterwards, run the upgrade commands from the latest release notes.