Werk #17103: Could not log in with SAML2 if signing certificate was in trust store

Component

Setup

Title

Could not log in with SAML2 if signing certificate was in trust store

Date

Jul 25, 2025

Level

Trivial Change

Class

Bug Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.5.0b1 Not yet released	Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0p9	Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Logging in via a SAML2 connection failed if the certificate configured for signing the SAML requests was also in the Checkmk CA trust store or in the global system trust store.

In this case, clicking the "Login with SAML connection" button failed with "Unable to create authentication request. Please contact your administrator". A SignatureError for trying to sign the request XML with xmlsec1 was visible in the web.log.

This is now fixed.

To the list of all Werks