providers/saml: configurable AuthnContextClassRef

[BeryJu]

Details

AuthnContextClassRef is currently generated based on what factors the user used to authenticate. This uses standard values for password and MFA. However microsoft as always requires their own custom value to not trigger a double MFA in Azure AD, sigh.

See https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mfa-expected-inbound-assertions#using-saml-20-federated-idp

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	ef85345
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/67d9baf1a22d2d0008924d5b

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	ef85345
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/67d9baf1341dbc000808b0cf

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.72%. Comparing base (c10e4a9) to head (ef85345).
Report is 3 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13566      +/-   ##
==========================================
- Coverage   92.73%   92.72%   -0.01%     
==========================================
  Files         794      794              
  Lines       40430    40479      +49     
==========================================
+ Hits        37493    37536      +43     
- Misses       2937     2943       +6     

Flag	Coverage Δ
e2e	47.91% <29.82%> (-0.09%)	⬇️
integration	24.28% <1.75%> (-0.03%)	⬇️
unit	90.51% <100.00%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ef85345e92890b4bb797cac0fee6a3363d9cc9fc
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-ef85345e92890b4bb797cac0fee6a3363d9cc9fc

Afterwards, run the upgrade commands from the latest release notes.