Error 500 with Authentik SSO

[alextrical]

Describe the bug
Im trying to setup SSO using Authentik but am having issues with the certificates required for this.
I've followed the instructions at #690 but still getting the error:

[2026-02-28T09:04:44.767087+00:00] php.ERROR: Warning: openssl_sign(): Supplied key param cannot be coerced into a private key {"exception":"[object] (ErrorException(code: 0): Warning: openssl_sign(): Supplied key param cannot be coerced into a private key at /var/www/html/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php:563)
...
...
[2026-02-28T09:04:44.771653+00:00] request.CRITICAL: Uncaught PHP Exception Exception: "Failure Signing Data: error:1E08010C:DECODER routines::unsupported - SHA256" at XMLSecurityKey.php line 564 {"exception":"[object] (Exception(code: 0): Failure Signing Data: error:1E08010C:DECODER routines::unsupported - SHA256 at /var/www/html/vendor/robrichards/xmlseclibs/src/XMLSecurityKey.php:564)

To Reproduce
Steps to reproduce the behavior:

1. Generate SAML_SP_PRIVATE_KEY and SAML_SP_X509_CERT with

openssl genpkey -algorithm RSA -out private.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key private.key -out request.csr
openssl x509 -req -days 365 -in request.csr -signkey private.key -out certificate.crt
cat private.key
cat certificate.crt
``` Also upload the Cert and Key to Authentik
2. Setup Authentik and PartDB as per '#690'
3. Click on 'Single Sign-On Login (SSO)'
4. See error

docker run
-d
--name='partdb'
--net='reverseproxy'
--pids-limit 2048
-e TZ="Europe/London"
-e HOST_OS="Unraid"
-e HOST_HOSTNAME="Tower"
-e HOST_CONTAINERNAME="partdb"
-e 'DATABASE_URL'='postgresql://partdb:mysupersecretpassword@postgres:5432/partdb?serverVersion=18.2&charset=utf8'
-e 'SAML_ENABLED'='1'
-e 'SAML_SP_ENTITY_ID'='https://partdb.mydomain.com/sp'
-e 'SAML_IDP_ENTITY_ID'='https://auth.mydomain.com'
-e 'SAML_IDP_SINGLE_SIGN_ON_SERVICE'='https://auth.mydomain.com/application/saml/partdb/sso/binding/redirect/'
-e 'SAML_IDP_SINGLE_LOGOUT_SERVICE'='https://auth.mydomain.com/application/saml/partdb/slo/binding/redirect/'
-e 'SAML_IDP_X509_CERT'='MIIFUzCCAz.....rm6LXj378='
-e 'DEFAULT_URI'='https://partdb.mydomain.com/'
-e 'SAML_ROLE_MAPPING'='{ "*": 2, "admin": 1, "editor": 3}'
-e 'SAML_SP_PRIVATE_KEY'='MIIEvgIBAD.....sU0v='
-e 'SAML_SP_X509_CERT'='MIIDITCC.....HrXSeRRSKdg=='
-e 'TRUSTED_PROXIES'='172.18.0.0/16'
-l net.unraid.docker.managed=dockerman
-l net.unraid.docker.webui='https://partdb.mydomain.com'
-l net.unraid.docker.icon='https://github.com/pawelmalak/unraid-templates/blob/master/templates/icons/partdb.png?raw=true'
-l 'traefik.enable'='true'
-l 'traefik.http.routers.partdb.entryPoints'='https'
-l 'traefik.http.routers.partdb.middlewares'=''
-v '/mnt/user/appdata/partdb/uploads/':'/var/www/html/uploads':'rw'
-v '/mnt/user/appdata/partdb/media/':'/var/www/html/public/media':'rw'
-v '/mnt/user/appdata/partdb/db/':'/var/www/html/var/db':'rw'
--restart unless-stopped 'jbtronics/part-db1:latest'

**Expected behavior**
Login to PartDB using SSO

**Server Side**
- Part-DB Version: 2.7.1
- PHP Version: [e.g. PHP 7.4.3]
- Database Server [e.g. MySQL 5.7]

**Desktop:**
 - OS: MacOS
 - Browser: Brave
 - Version 1.87.186