Skip to content

enterprise/providers: WS-Federation #19583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BeryJu wants to merge 26 commits into
base: main
Choose a base branch
from
Open

enterprise/providers: WS-Federation #19583

BeryJu wants to merge 26 commits into from
+5,815 −66

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Jan 19, 2026
edited
Loading

yep

  • Metadata works (+ Schema validation)
  • Sign-in works (+ Schema validation + Signature)
  • sign-in data validation
  • metadata signature?
  • sign-out
  • ui
  • docs

to anyone reviewing this, everything in the schemas/ folder can be skipped as these are just mirrors of .xsd files

closes #3154

@netlify
Copy link

netlify bot commented Jan 19, 2026
edited
Loading

Deploy Preview for authentik-storybook ready!

Name Link
🔨 Latest commit 70b60d8
🔍 Latest deploy log https://app.netlify.com/projects/authentik-storybook/deploys/6970c48ab0ee150008dbe2f3
😎 Deploy Preview https://deploy-preview-19583--authentik-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Jan 19, 2026
edited
Loading

Deploy Preview for authentik-integrations ready!

Name Link
🔨 Latest commit 21caa66
🔍 Latest deploy log https://app.netlify.com/projects/authentik-integrations/deploys/6970c36daa8e2400080d1b22
😎 Deploy Preview https://deploy-preview-19583--authentik-integrations.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Jan 19, 2026
edited
Loading

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 21caa66
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/6970c36dbaf9120008bc7003
😎 Deploy Preview https://deploy-preview-19583--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@BeryJu BeryJu force-pushed the enterprise/providers/wsfed branch from 474fa5a to 0e4734d Compare January 19, 2026 16:15
@codecov
Copy link

codecov bot commented Jan 19, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 88.20375% with 44 lines in your changes missing coverage. Please review.
✅ Project coverage is 93.24%. Comparing base (e7fbda7) to head (70b60d8).
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...hentik/enterprise/providers/ws_federation/views.py 69.44% 22 Missing ⚠️
...ise/providers/ws_federation/processors/sign_out.py 44.44% 15 Missing ⚠️
...nterprise/providers/ws_federation/api/providers.py 85.18% 4 Missing ⚠️
...rise/providers/ws_federation/processors/sign_in.py 96.42% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #19583      +/-   ##
==========================================
- Coverage   93.28%   93.24%   -0.05%     
==========================================
  Files         949      959      +10     
  Lines       52131    52481     +350     
==========================================
+ Hits        48633    48935     +302     
- Misses       3498     3546      +48
Flag Coverage Δ
conformance 38.29% <43.16%> (+0.02%) ⬆️
e2e 44.31% <71.04%> (+0.20%) ⬆️
integration 23.09% <7.23%> (-0.12%) ⬇️
unit 91.42% <79.08%> (-0.11%) ⬇️
unit-migrate 91.46% <79.08%> (-0.11%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

BeryJu added 10 commits January 19, 2026 17:36
@BeryJu
init
4317c1e 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix metadata
77af052 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
aight
39dc5c8 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
progress
10009e6 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix timedelta
cc987dd 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
start testing metadata
c97619f 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add some more tests and schemas
b975860 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
test signature
0ccd7e3 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
attempt to fix signed xml linebreak
77a03c1 
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#1258
robrichards/xmlseclibs#28
xmlsec/python-xmlsec#196
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
format + gen
38d74fa 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the enterprise/providers/wsfed branch from 0e4734d to 38d74fa Compare January 19, 2026 16:36
BeryJu added 5 commits January 19, 2026 17:41
@BeryJu
update web
a5c71d1 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
more validation
198f09d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
hmm
753844e 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add e2e test
861c098 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
qol fix in wait_for_url
defe0b4 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu added area:frontend Features or issues related to the browser, TypeScript, Node.js, etc area:backend area:docs labels Jan 19, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 19, 2026
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-70b60d8ef2cfc62e199ddcf6a474d8d1cc077821
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-70b60d8ef2cfc62e199ddcf6a474d8d1cc077821

Afterwards, run the upgrade commands from the latest release notes.

BeryJu added 3 commits January 19, 2026 21:04
@BeryJu
add UI
a6a6521 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
acs -> reply url
f293722 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
sign_out
1ea9acf 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
BeryJu added 8 commits January 19, 2026 22:16
@BeryJu
fix some XML typing
134323d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
Merge branch 'main' into enterprise/providers/wsfed
b8b93ee
@BeryJu
Merge branch 'main' into enterprise/providers/wsfed
5a7f25a
@BeryJu
remove verification_kp as its not used
5493378 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix reply url
4638686 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add ws-fed to tests
cc1e0b2 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix
80216d6 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
Merge branch 'main' into enterprise/providers/wsfed
70b60d8 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

# Conflicts:
#	web/src/admin/providers/saml/SAMLProviderForm.ts
@BeryJu BeryJu force-pushed the enterprise/providers/wsfed branch from 21caa66 to 70b60d8 Compare January 21, 2026 12:20
@BeryJu BeryJu marked this pull request as ready for review January 21, 2026 12:22
@BeryJu BeryJu requested review from a team as code owners January 21, 2026 12:22
@dewi-tik dewi-tik moved this from Todo to In Progress in authentik Core Jan 21, 2026
@dewi-tik
Copy link
Contributor

dewi-tik commented Jan 21, 2026

https://github.com/goauthentik/internal-customer-ref/issues/8

GirlBossRush
GirlBossRush approved these changes Jan 22, 2026
View reviewed changes
web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts
Comment on lines +55 to +74
@property({ type: Number })
providerID?: number;

@state()
provider?: WSFederationProvider;

@state()
preview?: SAMLPreviewAttribute;

@state()
metadata?: SAMLMetadata;

@state()
signer: CertificateKeyPair | null = null;

@state()
verifier: CertificateKeyPair | null = null;

@state()
previewUser?: User;
Copy link
Contributor

@GirlBossRush GirlBossRush Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
@property({ type: Number })
providerID?: number;
@state()
provider?: WSFederationProvider;
@state()
preview?: SAMLPreviewAttribute;
@state()
metadata?: SAMLMetadata;
@state()
signer: CertificateKeyPair | null = null;
@state()
verifier: CertificateKeyPair | null = null;
@state()
previewUser?: User;
@property({ type: Number })
public providerID: number | null = null;
@state()
protected provider: WSFederationProvider | null = null;
@state()
protected preview: SAMLPreviewAttribute | null = null;
@state()
protected metadata: SAMLMetadata | null = null;
@state()
protected signer: CertificateKeyPair | null = null;
@state()
protected verifier: CertificateKeyPair | null = null;
@state()
protected previewUser: User | null = null;

web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts
previewUser?: User;

static styles: CSSResult[] = [
PFBase,
Copy link
Contributor

@GirlBossRush GirlBossRush Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
PFBase,

web/src/admin/providers/wsfed/WSFederationProviderViewPage.ts
});
}

willUpdate(changedProperties: PropertyValues<this>) {
Copy link
Contributor

@GirlBossRush GirlBossRush Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
willUpdate(changedProperties: PropertyValues<this>) {
protected override willUpdate(changedProperties: PropertyValues<this>) {

@tanberry tanberry mentioned this pull request Jan 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GirlBossRush GirlBossRush GirlBossRush approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area:backend area:docs area:frontend Features or issues related to the browser, TypeScript, Node.js, etc

Projects

authentik Core
Status: In Progress

Milestone

Release 2026.2.0: Nice to have

Development

Successfully merging this pull request may close these issues.

WS-Federation (Web Services Federation)

4 participants

@BeryJu @dewi-tik @GirlBossRush