From 4c078c147403e39f578a7dc35040bdcc640540d0 Mon Sep 17 00:00:00 2001
From: Stefan Benz <46600784+stebenz@users.noreply.github.com>
Date: Tue, 7 Oct 2025 16:58:55 +0200
Subject: [PATCH] fix: add CommonName to SAML SP certificate (#10700)

# Which Problems Are Solved

There is no CN (CommonName) defined in the certificates to use an
external SAML IDP.

# How the Problems Are Solved

Add Issuer and CommonName to the certificate information.

# Additional Changes

None

# Additional Context

Closes #9048

Co-authored-by: Gayathri Vijayan <66356931+grvijayan@users.noreply.github.com>
---
 internal/command/command.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/internal/command/command.go b/internal/command/command.go
index 060892a646a..a40038ef802 100644
--- a/internal/command/command.go
+++ b/internal/command/command.go
@@ -294,8 +294,13 @@ func samlCertificateAndKeyGenerator(keySize int, lifetime time.Duration) func(id
 			SerialNumber: big.NewInt(int64(serial)),
 			Subject: pkix.Name{
 				Organization: []string{"ZITADEL"},
+				CommonName:   fmt.Sprintf("ZITADEL SP %s", id),
 				SerialNumber: id,
 			},
+			Issuer: pkix.Name{
+				Organization: []string{"ZITADEL"},
+				CommonName:   "ZITADEL",
+			},
 			NotBefore:             now,
 			NotAfter:              now.Add(lifetime),
 			KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,