MendixSSO
Overview
Add Single Sign-On functionality to your app for any user with a Mendix account. Authenticate users with either the Mendix Identity Provider (IDP) or your own IDP if you have BYOIDP enabled.
Note on CVE-2023-1370:
MendixSSO module versions 4.0.1 and lower contained the java library json-smart version 2.4.8.
Affected versions of this package version could be vulnerable to Denial of Service (DoS) due to a StackOverflowError when parsing a deeply nested JSON array or object.
The usage of this library in the MendixSSO module does not make it directly vulnerable for this reported issue, though we still advise everybody to upgrade to the latest module version. If this is not possible, we have included a pom.xml to guide in updating the json-smart version only. All versions 3.0.0 and up are compatible with json-smart 2.4.10.
Note on CVE-2022-42889:
MendixSSO module versions below 3.1.1 contained the java library commons-text version 1.9.
Although the MendixSSO module does not make use of any of the affected methods in commons-text, the version can still be flagged as critically vulnerable as reported in
Even though the module is not directly affected, we still advice everyone to update to a later MendixSSO (versions 3.1.1 and up) which contain commons-text version 1.10.
Documentation
Please see Mendix SSO in the Mendix documentation for details.
Need SSO?
Add Single Sign-On functionality to your app for any user with a Mendix account. Authenticate users with either the Mendix Identity Provider (IDP) or your own IDP if you have BYOIDP enabled.
With this module you can add Single Sign-On functionality to your app for any user with a Mendix account. When your app uses the Mendix SSO module, it will delegate authentication of your end-users to the Mendix Identity Provider (IDP). The Mendix platform will authenticate users either with their Mendix credentials on https://login.mendix.com, or it can delegate the authentication to your own IDP if you have BYOIDP enabled. End-users will only get access to a protected user role in your app when you assign a user role to the end-user via Mendix’ Developer portal.
The MendixSSO implementation is based on the well known framework OpenID Connect.
Note: The MendixSSO module has always been completely flexible towards the Mendix developer in which user entity specialization you choose to use in your app, to suit your app’s specific needs.
For instructions how to setup BYOIDP, please you can read the BYOIDP documentation here: setup-byoidp
For an extensive overview of all the possibilities this module offers and instructions how to add this module to your application, see this Developer Portal Guide on Mendix Single Sign-On