OIDC SSO or SAML across multiple apps

Anyone use OIDC SSO or SAML to authenticate the user once and then automatically log them in when they open a page from a different app? Trying to get persistent login to work and think this is the path but not sure how to get to work when the user crosses apps. Also in this - wouldn't it be better to have a centralized list of users for this instead of trying to upkeep a list of users in each app?
2 answers

Hi Jason,

I understand your requirement completely.

I have done a POC on this.

I have created three separate Mendix apps and implemented SSO in all of them.

As per your requirement, you want to handle the user list in a single application. You can manage the creation, deletion, and updating of the user list in one application, but the other applications also need to have the same user list to make your SSO work successfully. User accounts are needed in each Mendix application for SSO to function properly. I have done the same in my POC. 

I have achieved this use case by doing the following: When the user list is created, updated, or deleted in one application, I make a REST service call to the other two applications to maintain the accounts there as well. Whatever changes we make in the first application will be reflected immediately in the other apps as well.


The easiest way to achieve this may be to connect all your applications via SSO with your IdP (using SAML or OIDC SSO module); the IDP will have a session and give your enduserrs a SSO experince.


If you're building a multi-app solution and want only a single SSO integration point between your solution and your IdP, you may consider using The OIDC Provider module in a primary/core portal application.