Is your feature request related to a problem? Please describe.
We want to integrate the AWS Client VPN with Zitadel via SAML2 as the SSO solution to login to the VPN. However, as described in the AWS docs: "The SAML assertion and SAML documents must be signed." – and Zitadel only delivers a signed assertion in its response.
Describe the solution you'd like
The solution is quite simple, it's to sign the whole response at the same time as signing the assertion. I've provided a pull request for this.
Describe alternatives you've considered
While my PR provides a solution for this, I don't know if in the SAML spec/best-practices this should always be attached. Maybe it should be a configuration option?
Additional context
Happy to get further instructions on how to improve the PR to get it merged.
Is your feature request related to a problem? Please describe.
We want to integrate the AWS Client VPN with Zitadel via SAML2 as the SSO solution to login to the VPN. However, as described in the AWS docs: "The SAML assertion and SAML documents must be signed." – and Zitadel only delivers a signed assertion in its response.
Describe the solution you'd like
The solution is quite simple, it's to sign the whole response at the same time as signing the assertion. I've provided a pull request for this.
Describe alternatives you've considered
While my PR provides a solution for this, I don't know if in the SAML spec/best-practices this should always be attached. Maybe it should be a configuration option?
Additional context
Happy to get further instructions on how to improve the PR to get it merged.