MendixSSO

Category: Modules
Subcategory: Authentication

Overview

Add Single Sign-On functionality to your app for any user with a Mendix account. Authenticate users with either the Mendix Identity Provider (IDP) or your own IDP if you have BYOIDP enabled.

Deprecation warning:
MendixSSO versions 2.0.0, 2.1.0, 2.1.1 and 2.2.0 are no longer supported and have stopped working on August 28 2022. Please update your apps to version 2.2.1 or higher.

Note:
MendixSSO module versions below 3.1.1 contained the java library commons-text version 1.9.
Although the MendixSSO module does not make use of any of the affected methods in commons-text, the version can still be flagged as critically vulnerable as reported in CVE-2022-42889.
Even though the module is not directly affected, we still advice everyone to update to the latest MendixSSO version 3.1.1 which contains commons-text version 1.10.

Documentation

Please see Mendix SSO in the Mendix documentation for details.

Need SSO?
Add Single Sign-On functionality to your app for any user with a Mendix account. Authenticate users with either the Mendix Identity Provider (IDP) or your own IDP if you have BYOIDP enabled.

With this module you can add Single Sign-On functionality to your app for any user with a Mendix account. When your app uses the Mendix SSO module, it will delegate authentication of your end-users to the Mendix Identity Provider (IDP). The Mendix platform will authenticate users either with their Mendix credentials on https://login.mendix.com, or it can delegate the authentication to your own IDP if you have BYOIDP enabled. End-users will only get access to a protected user role in your app when you assign a user role to the end-user via Mendix’ Developer portal.

The MendixSSO implementation is based on the well known framework OpenID Connect.

Note: The MendixSSO module has always been completely flexible towards the Mendix developer in which user entity specialization you choose to use in your app, to suit your app’s specific needs.

For instructions how to setup BYOIDP, please you can read the BYOIDP documentation here: setup-byoidp


For an extensive overview of all the possibilities this module offers and instructions how to add this module to your application, see this Developer Portal Guide on Mendix Single Sign-On

Releases

Version: 4.0.1
Framework Version: 9.20.0
Release Notes: - MendixSSO v4.0.1 module is upgraded to Mendix version 9.20.0 - MendixSSO v4.0.1 module prepends __Host parameter to the cookie names if the app uses Https connection
Version: 4.0.0
Framework Version: 9.18.3
Release Notes: - MendixSSO v4.0.0 module is upgraded to Mendix version 9.18.3 - Nimbus oauth2-oidc-sdk library is upgraded 10.5 - Nimbus nimbus-jose-jwt library is upgraded to 9.24.4
Version: 3.1.1
Framework Version: 8.18.11
Release Notes: The only change in this module version is the version update of the dependent java libraries: - commons-text to version 1.10 - commons-lang3 to version 3.12
Version: 3.1.0
Framework Version: 8.18.11
Release Notes: - updated the /userlib/ folder jar libraries - readded some requested utility functions - updated and improved error pages - tightened some security rules - bug fixes
Version: 3.0.0
Framework Version: 8.18.11
Release Notes: Please note the two breaking changes, see below! This version made MendixSSO independent of Atlas UI. It is compatible with Mendix 8 LTS and Mendix 9.0.5 and up. This version is now purely offering SSO functionality and no longer provides example UI pages nor snippets that your app can use to display the contents of OIDC tokens. If you want to upgrade your app to this version of MendixSSO, you can create such pages yourself using the previous versions of MendixSSO as a reference implementation. Change log MendixSSO 3.0.0 - removed all UI elements so the module is compatible with both Atlas 2 and Atlas 3 at the same time - updated the /userlib/ folder jar libraries - cleaned up unused code - added support for signup_hint as a public beta feature. Via MendixSSO, apps can request a particular kind of Mendix signup and Mendix platform onboarding process for new users. Until Mendix signup and onboarding processes support this parameterisation, the feature is considered ‘beta’. Breaking changes introduced by this release - all UI pages (to display details about users and tokens) were removed from the module. If you still need to use them, make sure to move them to your own module from a previous version of MendixSSO before importing version 3.0.0. - MendixSSO 3.0.0 introduces an update to the jar libraries that is incompatible to previous versions. Mendix projects always benefit from a clean /userlib/ folder, it should never have two versions of the same library. The dependent libraries of the previous version and this version are marked within the /userlib/ folder, make sure to clean up the old versions. Only jar versions marked with ".jar.MendixSSO.3.0.0" should remain, the ones marked with only ".jar.MendixSSO.RequiredLib" should be removed. Known issue: we received a report that the Silent Authentication feature is not compatible with the Deeplink module.