providers/saml: generate issuer url when provider is set on app (#18022)

* providers/saml: generate issuer url in saml processors unless overridded * remove issuer * remove duplicate * Generate url when assertion is created and save to session * cleanup * Fix front-end rendering of issuer * Update web/src/admin/providers/saml/SAMLProviderViewPage.ts Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update authentik/providers/saml/models.py Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * Update authentik/providers/saml/models.py Co-authored-by: Jens L. <jens@goauthentik.io> Signed-off-by: Connor Peshek <connor@connorpeshek.me> * use reverse for urls and update tests * update issuer description * Don't absorb sp entity id * rename issuer_url to issuer_override * fix migration file to rename to override * fix migration file order * lint, fix tests * fix tests * fix once again not importing the sp issuer * build * use const for default issuer --------- Signed-off-by: Connor Peshek <connor@connorpeshek.me> Co-authored-by: connor peshek <connorpeshek@connors-MacBook-Pro.local> Co-authored-by: Jens L. <jens@goauthentik.io>
2026-06-17 19:09:11 +03:00 · 2026-04-28 17:31:12 -05:00
parent aed634734b
commit a2ca19d718
34 changed files with 307 additions and 96 deletions
@@ -39,7 +39,7 @@ class TestProviderSAML(SeleniumTestCase):
                "9009": "9009",
            },
            environment={
-                "SP_ENTITY_ID": provider.issuer,
+                "SP_ENTITY_ID": provider.issuer_override,
                "SP_SSO_BINDING": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
                "SP_METADATA_URL": metadata_url,
                **kwargs,
@@ -68,7 +68,7 @@ class TestProviderSAML(SeleniumTestCase):
            name=generate_id(),
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
-            issuer="authentik-e2e",
+            issuer_override="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            signing_kp=create_test_cert(),
@@ -147,7 +147,7 @@ class TestProviderSAML(SeleniumTestCase):
            name=generate_id(),
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
-            issuer="authentik-e2e",
+            issuer_override="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            signing_kp=create_test_cert(),
@@ -226,7 +226,7 @@ class TestProviderSAML(SeleniumTestCase):
            name=generate_id(),
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
-            issuer="authentik-e2e",
+            issuer_override="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            signing_kp=create_test_cert(),
@@ -321,7 +321,7 @@ class TestProviderSAML(SeleniumTestCase):
            name=generate_id(),
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
-            issuer="authentik-e2e",
+            issuer_override="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            signing_kp=create_test_cert(),
@@ -415,7 +415,7 @@ class TestProviderSAML(SeleniumTestCase):
            name=generate_id(),
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
-            issuer="authentik-e2e",
+            issuer_override="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            signing_kp=create_test_cert(),
@@ -503,7 +503,7 @@ class TestProviderSAML(SeleniumTestCase):
            name=generate_id(),
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
-            issuer="authentik-e2e",
+            issuer_override="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            signing_kp=create_test_cert(),
@@ -553,7 +553,7 @@ class TestProviderSAML(SeleniumTestCase):
            name=generate_id(),
            acs_url="http://localhost:9009/saml/acs",
            audience="authentik-e2e",
-            issuer="authentik-e2e",
+            issuer_override="authentik-e2e",
            sp_binding=SAMLBindings.POST,
            authorization_flow=authorization_flow,
            invalidation_flow=invalidation_flow,