SAML Mendix 9.24 Encryption / Keystore issue

Just updated to Mendix 9.24.3 to get the latest SAML module version. This module has a migration to set an encryption for every SAML configuration instead of an overall encryption. The reason I am diving into this is because my ADFS profile worked fine before and now it says ‘Initializing SSO..’ after logging in. When turning off encryption in the SAML configuration and logging in, it works.    Checked with the IDP and they indeed see no encryption/certificate for our app and mention we need to provide this (automagically?) to them from the app. The only thing I can do is put the boolean from false to true.  Also added a datagrid to see all keystore objects. There were about 15. Deleted them all. Then put the boolean for encryption back in the SAML configuration and when pressing save there are keystores made for all active configurations. However this is still not send out to the IDP.   So I am missing the ‘sending out / sync’ part for the certificate/keystore to get the IDP to know the certifice my app has generated and will use upon receiving the response. Anyone? :) 
1 answers



When updating from a single IDP SAML version to multiple IDP SAML version, please note your metadata file location changes. This means your IDP needs to change the SP Metadata URL specific to the alias name.


If not changed it will point to http://<Application Root URL>/SSO/metadata/and will not get the encryption information specific for your configuration.


The SP metadata for your app can be obtained by clicking Download SP Metadata on the final configuration step to download the XML file or by opening http://<Application Root URL>/SSO/metadata/<IDP-Alias> for your app’s URL.