Multiple idps using SAML20 module

0
Hello Everyone, I have added multiple Idps in SAML module For eg: 1. Entra 2.One login and etc. Now I am facing a challenge when I toggle off the Azure SSO, and when i hit the specific url for the Azure sso, It automatically pops up the login page for the other enabled Onelogin login. I basically want to show the error page instead of showing the other login. Any help would be greatly appreciated.
asked
2 answers
0

Dear Amal,

 

I've achieved same requirement by implementing custom logic.

 

You can use microflow or nanoflow or java action and call it in your different sso buttons, like call microflow of azure in azure sso button and microflow of okta in okta sso button.

 

The logic is to check if the configuration is active if yes redirect to sso/login?_idp_id=[idp_alias] else show custom error page.

 

Hope my answer helps. Reach me out for any queries.

answered
0

Hi Amal,

  • The Mendix SAML module automatically falls back to any other enabled IdP when the requested IdP is disabled.→ This is default SAML behavior (not a bug).

  • When Azure SSO (IdP A) is turned off, and its SSO URL is accessed, the module redirects to the next active IdP (e.g., OneLogin).

  • If you want to stop fallback, you must add a check in the SAML microflow:

    • Open SAML20/ProcessRequest

    • Before redirecting, check:

      $IDPConfiguration/IsActive = false

    • If false → show a custom “SSO Disabled / Invalid IdP” error page.

  • Optional deeper control:

    • Modify the Java action SAML20.Helpers.getIDPConfiguration()

    • If an IdP is disabled, throw an exception instead of returning another IdP.

  • Result:Instead of redirecting the user to another IdP, Mendix will show your custom error page when a disabled IdP URL is accessed.

answered