With our recent release of version 2.5.0 of ZITADEL we introduce Support for Security Assertion Markup Language (SAML) as an additional technology standard used for authentication. Our goal with ZITADEL is to build the best identity and access management platform for the serverless era. With the addition of the standard we significantly extend the range of applications you can integrate and identity providers you can use for SSO.
Until today we provided Support for the more modern authentication standard OpenID Connect (OIDC). Our zitadel/oidc library for golang, which is being used in ZITADEL, also passed the OpenID Connect certification. We still recommend to use OIDC, especially when you're working with Single-page-applications, Mobile native clients, REST APIs, or when it's stimply a tie between OIDC and SAML, as we have discussed in a previous blog.
Nevertheless, there are still a lot of enterprise applications that can only handle SAML for SSO. So if you would like to use your existing identites to sign-into tools like Atlassian, Gitlab, Google Workspace, AWS, Citrix Netscaler, etc. you need to do so via SAML. While we are hoping that OpenID Connect replaces SAML over time, we decided to offer SAML support in ZITADEL, so that you don't have to worry about this fact.
To get started you might want to checkout our guides how to integrate different applications. For more technical details you might want to refer to the SAML Endpoints.
With our implementation we follow the given open standards for SAML and support the most relevant SAML features. While we support POST- and Redirect-Binding we opted to leave out the more secure Artifact-Binding for now, as only few clients support the latter and most likely opt for the more conventient OIDC alternative.
We release SAML as an early feature. Although we have tested ZITADEL agains multiple applications, we expect to find some issues around clients being not conformant with the standard, or some technical problems over the next couple of weeks.