Skip to content

Custom CA support for Auth/SSO in ui-server #2957

New issue
New issue
Open
Open
Custom CA support for Auth/SSO in ui-server#2957
Labels
enhancementNew feature or request
@lgutter

Description

@lgutter
lgutter
opened on Oct 16, 2025

Is your feature request related to a problem? Please describe.

When using a self-hosted SSO Provider (i.e. Keycloak) that is set up with a TLS certificate signed by a custom internal Certificate Authority, it is currently impossible to provide the CA certificate to the auth module to verify the certificate.

This makes configuration of SSO in this situation impossible.

Describe the solution you'd like

implement a way to provide a CA certificate to the auth module through configuration / environment values similar to the TLS config for temporal server connection.

I have already made this change for our own use, so can have a PR ready right away.

Describe alternatives you've considered

I have explored other ways to provide the CA certificate, but go-oidc does not seem to have a built-in way to do this.

Additional context

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions