SAML authentication

1
Hi All,  I had a question on SAML. I know SAML can be used for the SSO authentication . But in my project we already have an application as 'OneLogin' , this helps us to authenticate for the required products and sends back an SAML reponse with few attributes. I m unable to understand how the existing SAML widget of MENDIX can consume this SAML reponse and create the session. I m bit confused with this. Could any one help me on this?
asked
2 answers
3

I recently successfully configured a Mendix app with OneLogin using SAML. You should be able to follow the SAML module documentation to configure, but there are 2 main things that are important to set specifically to the way OneLogin's SAML messages look. Both of these settings are options as you configure the identity provider settings in your app:

 

  • In the Request Authn Context tab, you need to add "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
  • Mapping -> IdP Attributes -> Identifying assertion type -> Set to "Use Name ID"

 

If you get stuck somewhere in the setup or with a specific error message, please share it here and we can help further.

answered
0

When you configuring the SSO you need to add request handlers to your app. Goto the deploy tab network and add them there

Regards,

Ronald

[EDIT]

From the error it seems that your SAML message is not correct. I always use SAML tracer in Firefox to debug SAML messages. Are you sure the the IDP metadata is set on both sides? Because your end could be ok but if the other side is not set up correctly. You should inspect the xml message you send versus the xml message you get back.

answered