SAML2: Signing the documents, in addition to the assertion
Use-case
SSO solution for most things
Environment
Self-hosted
Version
Current latest version.
Stack
AWS EKS
Question
We want to integrate the AWS Client VPN with Zitadel via SAML2 as the SSO solution to login to the VPN. However, as described in the AWS docs: "The SAML assertion and SAML documents must be signed." – and Zitadel only delivers a signed assertion in its response.
We've been trying to find an option for Zitadel to sign also the SAML documents to match this requirement, but as far as we can see there is no support for this. We found this code that's been commented out in the source code, was the purpose of it to support this maybe?
Is it possible to make Zitadel sign also the SAML documents? If not, is this feature on the roadmap?
SSO solution for most things
Environment
Self-hosted
Version
Current latest version.
Stack
AWS EKS
Question
We want to integrate the AWS Client VPN with Zitadel via SAML2 as the SSO solution to login to the VPN. However, as described in the AWS docs: "The SAML assertion and SAML documents must be signed." – and Zitadel only delivers a signed assertion in its response.
We've been trying to find an option for Zitadel to sign also the SAML documents to match this requirement, but as far as we can see there is no support for this. We found this code that's been commented out in the source code, was the purpose of it to support this maybe?
Is it possible to make Zitadel sign also the SAML documents? If not, is this feature on the roadmap?
Learn how single sign-on (SAML 2.0-based federated authentication) works in Client VPN.
GitHub
A SAML 2.0 server (IdP) implementation written for Go - zitadel/saml
