Consider implementing SAML authentication request signing on GitLab.com

Proposal

In GitLab, we already support signing SAML authentication requests, but this feature is not available on GitLab.com. As organizations focus more on security, this often includes strengthening their sign-in processes to ensure that there is a heightened level of trust between service providers and identity providers.

Recently, Support received this ticket (GitLab internal) where SAML authentication request signing is a requirement for the organization to integrate their SAML SSO. Since we do not currently offer this ability, they will either have to make an exception specifically for GitLab.com, or they will not be able to use SAML SSO for GitLab.com at all.

I didn't see any other issues related to this, so I would like to formally request that we explore implementing SAML authentication request signing for GitLab.com. It may also be reasonable to explore assertion encryption at the same time.

I suspect that we do not currently offer this feature due to technical limitations. In a self-managed GitLab instance, authentication request signing is configured for the entire instance. If we cannot support authentication request signing for GitLab.com for this, we should:

1. Document a detailed explanation stating why this feature is not available
2. Provide any alternative methods for improving SAML security
3. Link to this issue in documentation

Since this is dependent on SAML SSO, I am labeling this for Premium and Ultimate customers, as Free users will be unaffected.