SAML integration of ADFS and Mendix App on premise
Hi all, For a customer with on-premise Mendix apps I want to implement SSO using their AD FS. AD FS is inside their proxy and the Mendix app is as stated an on-premise one also running behind their proxy, without an SSL certificate, so http://mendix-on-premise-app.customerdomain.nl Complication After the authentication on the AD FS side, the only possible way on the identity provider side we see the redirect to work, is to redirect to the mendix app, but with HTTPS protocol, so: https://mendix-on-premise-app.customerdomain.nl/sso/assertion Since the mendix app is using the HTTP protocol, this is not working. Possible solutions - help needed I see two solutions but have no real idea of how-to. So, I am hoping that somebody can shed some light on these two ways forward: Is it possible to set on the IdP AD FS side the redirect via HTTP protocol? How easy is it to add an SSL certificate for specifically a Mendix app to the IIS webserver? Kind regards, Ivo
You should be able to enable SSL without too much trouble. The most time-consuming part is probably getting your cert signed.
It seems the steps to enable SSL on IIS for a specific web site (app) are:
Get an appropriate certificate
Create an HTTPS binding on a site
For the cert, I believe your options are:
Install the wildcard cert for *.customerdomain.nl
Create and sign a new cert for mendix-on-premise-app.customerdomain.nl
You state " After the authentication on the AD FS side, the only possible way on the identity provider side we see the redirect to work, is to redirect to the mendix app, but with HTTPS protocol" but I fail to grasp the reason why you come to that conclusion. The SAML traffic in my opinion does not need HTTPS. I have not checked the Java code but the redirect to https is because it is in the metadata on the Mendix side. I wonder what would happen if you just adjusted this manually and configured the ADFS with that version.