feat(saml): add SignatureMethod config for SAML IDP (#10520)

# Which Problems Are Solved When a SAML IDP is created, the signing algorithm defaults to `RSA-SHA1`. This PR adds the functionality to configure the signing algorithm while creating or updating a SAML IDP. When nothing is specified, `RSA-SHA1` is the default. Available options: * RSA_SHA1 * RSA_SHA256 * RSA_SHA512 # How the Problems Are Solved By introducing a new optional config to specify the Signing Algorithm. # Additional Changes N/A # Additional Context - Closes #9842 An existing bug in the UpdateSAMLProvider API will be fixed as a followup in a different [PR](https://github.com/zitadel/zitadel/pull/10557). --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com> (cherry picked from commit 255d42da65)
2025-12-07 06:52:20 +00:00 · 2025-08-27 11:07:13 +02:00
parent 39c76a94a8
commit a3dac4d5cd
42 changed files with 413 additions and 7 deletions
--- a/internal/api/grpc/management/idp_converter_test.go
+++ b/internal/api/grpc/management/idp_converter_test.go
@@ -3,6 +3,8 @@ package management
 import (
 	"testing"

+	"github.com/stretchr/testify/require"
+
 	"github.com/zitadel/zitadel/internal/test"
 	"github.com/zitadel/zitadel/pkg/grpc/idp"
 	mgmt_pb "github.com/zitadel/zitadel/pkg/grpc/management"
@@ -157,3 +159,40 @@ func Test_updateOIDCConfigToDomain(t *testing.T) {
 		})
 	}
 }
+
+func Test_signatureAlgorithmToCommand(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name                   string
+		signatureAlgorithm     idp.SAMLSignatureAlgorithm
+		wantSignatureAlgorithm string
+	}{
+		{
+			name:                   "signature algorithm default value",
+			signatureAlgorithm:     11,
+			wantSignatureAlgorithm: "",
+		},
+		{
+			name:                   "RSA_SHA1",
+			signatureAlgorithm:     idp.SAMLSignatureAlgorithm_SAML_SIGNATURE_RSA_SHA1,
+			wantSignatureAlgorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1",
+		},
+		{
+			name:                   "RSA_SHA256",
+			signatureAlgorithm:     idp.SAMLSignatureAlgorithm_SAML_SIGNATURE_RSA_SHA256,
+			wantSignatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
+		},
+		{
+			name:                   "RSA_SHA512",
+			signatureAlgorithm:     idp.SAMLSignatureAlgorithm_SAML_SIGNATURE_RSA_SHA512,
+			wantSignatureAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			got := signatureAlgorithmToCommand(tt.signatureAlgorithm)
+			require.Equal(t, tt.wantSignatureAlgorithm, got)
+		})
+	}
+}