Tim Möhlmann

Discussed with @livio-a, needs to be retested against a recent version to see if the bug still exists.

You have to take care that the proxy does not add the port to the `Host` header. The `Host` **must** be the same for zitadel and the browser, or you...

@stebenz please note that we also need to add the new SAML session events to the events API examples. I added a TODO in PR #9020 : https://github.com/zitadel/zitadel/blob/274fd2db1de8bab00cc4400a548ba79ef1b08f4f/docs/docs/guides/integrate/zitadel-apis/event-api.md?plain=1#L145-L150

Also take https://github.com/zitadel/zitadel/issues/4758 into account when redesigning the storage

Regarding estimation: - The `internal/webauthn` package does not need any adaption, all functions take a `domain.UserVerificationRequirement` to distinguish between the modes. - The `command` package already reuses most of the...

I went over the traffic docs and there are a couple of things that are not clear. How does forward auth handle redirects? For example, in zitadel we use openID...

After some reading, it seems feasible to implement this in a stand-alone binary from OIDC. I would allocate / estimate 2 days to setup a small proof-of-concept, @hifabienne To the...

Thanks for the investigation and feedback. Makes my life easier :). For the redirect URL I was thinking to use a single URL that redirects into the RP, so that...

> But I understand where you take the "forbidden" from: when the spec talks about string comparison as described in RFC3986. Correct? yes, [RFC3986 section 6.2.1](https://www.rfc-editor.org/rfc/rfc3986#section-6.2.1) mentions `character-by-character` comparison., which...

I would like to note that zitadel engineers work on business-priorities and it might take a while before we pick this up. However, we do approve of the proposed functionality...