SAML Unable to verify Zitadel cert
Use-case:
Use Zitadel as Identity Provider for a Splunk Search Head instance.
Environment:
Self hosted.
Version:
2.70.0
Stack:
Apache proxy in front of 3 Zitadel boxes. Each one runs etcd and patroni to create a HA database.
What I expected to happen:
Splunk to use Zitadel to sign in using SAML.
What went wrong:
When I attempt to log in to the splunk instance I receive the following error on the splunk website: "Verification of SAML assertion using the IDP's certificate provided failed. Error: failed to verify signature with cert".
When I change the SAML configuration for the signedAssertion variable to false, I am successfully logged on. HOWEVER I want this setting to be set to true for security reasons.
Please note that the certificate I have placed on the Splunk host to use is the one from /saml/v2/certificate endpoint on Zitadel.
When I do an openssl verify on the cert, it returns with the following error "unable to get local issuer certificate"
So, how do I use the Zitadel cert without any verification issues?
Use Zitadel as Identity Provider for a Splunk Search Head instance.
Environment:
Self hosted.
Version:
2.70.0
Stack:
Apache proxy in front of 3 Zitadel boxes. Each one runs etcd and patroni to create a HA database.
What I expected to happen:
Splunk to use Zitadel to sign in using SAML.
What went wrong:
When I attempt to log in to the splunk instance I receive the following error on the splunk website: "Verification of SAML assertion using the IDP's certificate provided failed. Error: failed to verify signature with cert".
When I change the SAML configuration for the signedAssertion variable to false, I am successfully logged on. HOWEVER I want this setting to be set to true for security reasons.
Please note that the certificate I have placed on the Splunk host to use is the one from /saml/v2/certificate endpoint on Zitadel.
When I do an openssl verify on the cert, it returns with the following error "unable to get local issuer certificate"
So, how do I use the Zitadel cert without any verification issues?
