I configure the SAML with azure AD using this tutorial: https://brownbot.com/2020/01/16/mendix-saml-sso-to-azure-ad/ Using the SAML Version 1.13.0 the authentication works fine. But after update the SAML version to Version 2.1.4 (due to security problems reported) the same configuration do not work anymore. When I try to loggin with my user, the xml is returned correctly with my data from azure ad, but the mendix show the error below on console. Can someone help me? I’m using Mendix 9.1.0. org.opensaml.saml.common.assertion.AssertionValidationException: Assertion Conditions are not met. This Service Provider application is not part of the designated audience list. at saml20.implementation.wrapper.MxSAMLAssertionStrictValidator.validate(MxSAMLAssertionStrictValidator.java:57) at saml20.implementation.wrapper.MxSAMLAssertion.validateAssertion(MxSAMLAssertion.java:44) at saml20.implementation.ArtifactHandler.handleSAMLResponse(ArtifactHandler.java:79) at saml20.implementation.ArtifactHandler.handleRequest(ArtifactHandler.java:49) at saml20.implementation.SAMLRequestHandler.processRequest(SAMLRequestHandler.java:165) at com.mendix.externalinterface.connector.RequestHandler.doProcessRequest(RequestHandler.java:35) at com.mendix.external.connector.MxRuntimeConnector.lambda$processRequest$0(MxRuntimeConnector.java:74) at com.mendix.util.classloading.Runner.withContextClassLoader(Runner.java:19) at com.mendix.external.connector.MxRuntimeConnector.processRequest(MxRuntimeConnector.java:73) at com.mendix.basis.impl.MxRuntimeImplBase.processRequest(MxRuntimeImplBase.java:809) at com.mendix.m2ee.appcontainer.server.handler.RuntimeServlet.service(RuntimeServlet.scala:25) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:791) at org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1626) at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:228) at org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193) at org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1601) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:548) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1435) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:501) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1350) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127) at org.eclipse.jetty.server.Server.handle(Server.java:516) at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:388) at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:633) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:380) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:279) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105) at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:383) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:882) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1036) at java.base/java.lang.Thread.run(Thread.java:834)
asked
Rafael Carvalho
1 answers
0
This might not help initially however, in the marketplace it shows specific SAML versions for specific Mendix Versions.
As per their documentation: Please follow the below version compatibility guidance:
# v.1.15.x upwards versions are for Mx7 apps
# v.2.1.x upwards versions are for Mx8 apps
# v.3.0.x upwards versions is the Mx9 Upgrade track (Mx8 apps upgraded to Mx9)
# v.3.1.x upwards versions is the Mx9 New track (for apps newly built on Mx9)