https://harshanu.space/en/tags/opensearch/ Recent content in Opensearch on Harshanu Hugo en Mon, 06 Apr 2026 00:00:00 +0000 https://harshanu.space/en/tech/wazuh-zitadel-sso/ Mon, 06 Apr 2026 00:00:00 +0000 https://harshanu.space/en/tech/wazuh-zitadel-sso/ <h2 id="introduction">Introduction</h2> <p>Wazuh is a solid open-source SIEM, but when it comes to SSO the documentation is thin. The official docs cover Keycloak, OneLogin and a few others but not Zitadel. There is even an <a href="https://github.com/wazuh/wazuh/issues/18630" target="_blank" rel="noopener">open issue</a> requesting Zitadel support and it has been sitting there for a while.</p> <p>I run Zitadel as my identity provider and needed SAML-based SSO for my Wazuh Dashboard. The biggest pain point was that Zitadel does NOT include project roles in SAML assertions by default. Unlike OIDC where you get <code>urn:zitadel:iam:org:project:roles</code> for free, SAML gets nothing. You have to create a Zitadel Action to inject roles into the SAML response. Many people get stuck at this exact point — SSO login works but the user lands with zero permissions because the roles never arrive.</p>