SAML Unable to verify Zitadel cert
Use-case:
Use Zitadel as Identity Provider for a Splunk Search Head instance.
Environment:
Self hosted.
Version:
2.70.0
Stack:
Apache proxy in front of 3 Zitadel boxes. Each one runs etcd and patroni to create a HA database.
What I expected to happen:
Splunk to use Zitadel to sign in using SAML.
What went wrong:
When I attempt to log in to the splunk instance I receive the following error on the splunk website: "Verification of SAML assertion using the IDP's certificate provided failed. Error: failed to verify signature with cert".
When I change the SAML configuration for the signedAssertion variable to false, I am successfully logged on. HOWEVER I want this setting to be set to true for security reasons.
Please note that the certificate I have placed on the Splunk host to use is the one from /saml/v2/certificate endpoint on Zitadel.
When I do an openssl verify on the cert, it returns with the following error "unable to get local issuer certificate"
So, how do I use the Zitadel cert without any verification issues?
2 Replies
Unknown User•7mo ago
Message Not Public
Sign In & Join Server To View
Can't fix the cert when it's the one that's issued by zitadel itself. Is there any option to regenerate the SAML cert or set my own in the Zitadel instance?