sources/saml: Basic support for EncryptedAssertion element. (#10099)

* source/saml: Updated backend for encrypted assertion support

* source/saml: all lint-fix checks passed

* source/saml: Used Optional type instead of union, on enc_key_descriptor type hint

* source/saml: request_encrypted_assertion model field migration

* source/saml: Added 'noqa' comment to type hint on encryption key descriptor

* small fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to UI

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add some error handling

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sources/saml: Pivot to encryption_kp model field, instead of request_encryption bool

* sources/saml: Typo fix

* re-create migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add to release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add improve error handling, add tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* test metadata with encryption and remove WantAssertionsEncrypted since it's not in the schema

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* unrelated fix to radius path

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix unrelated fix...sigh

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-migrate

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>

blueprints/schema.json

@@ -7407,6 +7407,12 @@
                     "minLength": 1,
                     "title": "Delete temporary users after",
                     "description": "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
+                },
+                "encryption_kp": {
+                    "type": "string",
+                    "format": "uuid",
+                    "title": "Encryption Keypair",
+                    "description": "When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key."
                 }
             },
             "required": []