Feature Request: Custom signing certificate for external SAML IdP (SP role)
βUnsolvedπͺ΅LoginβQuestionβFeature Request
When Zitadel acts as a SAML SP towards an external IdP, it only supports self-signed certificates. We're integrating with a government-grade identity provider in Denmark that requires a nationally CA-issued certificate (OCES3) for signing AuthnRequests, SP metadata, and LogoutRequests.
If Zitadel supported uploading a custom signing certificate (PEM/PKCS#12) for the SAML SP role, we could connect directly and use Zitadel's native SLO.
Two questions:
1. Is there an existing way to provide a custom signing cert for the external SAML IdP SP role that we've missed?
2. If not β is this something on the roadmap, or would a PR be welcome?
We're happy to contribute if pointed in the right direction
If Zitadel supported uploading a custom signing certificate (PEM/PKCS#12) for the SAML SP role, we could connect directly and use Zitadel's native SLO.
Two questions:
1. Is there an existing way to provide a custom signing cert for the external SAML IdP SP role that we've missed?
2. If not β is this something on the roadmap, or would a PR be welcome?
We're happy to contribute if pointed in the right direction
