SAML

Content Type: Module
Categories: Authentication

Overview

Use this module to implement single sign-on to your Mendix app using the SAML 2.0 protocol. This module manages the end-to-end SSO workflow when working with a SAML IDP. The IDP will relieve your app from logging in your end-users and optionally will also decide which roles the user gets assigned in your app, using mechanism from the SAML protocol.

The module is tested against AzureAD and providing a jump start to implementing providers such as Shibboleth and European eIDAS implementations such as Dutch eHerkenning and DigiD. Given adherence to commonly used parts of the SAML 2.0 specifications the module can be used to integrate your app with with IDaaS (Identity-as-a-Service) providers (e.g. Azure AD, Okta, Auth0, Ping and AWS IAM Identity Center) as well as IAM solutions such as ForgeRock and Keycloak.

Mendix also offers an “OIDC SSO”  module to authenticate your end-users using the OAuth / OpenID Connect protocol. 

Documentation

Please see SAML in the Mendix documentation for details.

 

 

 

Please follow the below version compatibility guidance:

 

# v.1.18.0 version for Mx7 apps

 

# v.2.4.6 version for Mx8 apps

 

# v.3.6.8 version for Mx9 apps using Atlas UI v2, we will no longer provide support for upgraded versions from # v.3.6.10 (e.g. Mx8 apps upgraded to Mx9)

 

# v.3.6.15 version for Mx 9 and Mx 10 apps using Atlas UI v3 (e.g. for apps newly built on Mx 9 or Mx 10)

 

# v.4.0.0 version for Mx10.12 apps and higher

Releases

Version: 4.0.0
Framework Version: 10.12.10
Release Notes: Version 4.0 contains the following enhancements: -Allows for SSO configurations to be set either at design time in Studio Pro or at deploy time using Application Constants set in your CI/CD pipeline such as when using Mendix Cloud Portal. -Java Dependency Management (JDM) is supported -A new mechanism for creating custom user-provisioning has been introduced. This change enhances similarity between the OIDC SSO and SAML modules, providing a more uniform and simplified developer experience. -Possible to automatically set the user type; which creates clarity on internal versus external users for user licensing. Version 4.0 contains the following fixes/improvements: -The UI screens for a local MxAdmin have been restructured -The new configuration possibilities have also fixed catch-22 situation for the exchange of SP metadata and IdP metadata. -Improved error-handling -New users without IdP-specified time zone or language will use default App settings; existing users retain their previously set values. Guidance for upgrading to version 4.0: -SAML 4.0.0 requires Studio pro version 10.12.10 or higher -Added UserCommons Module as a dependency for SAML -To resolve UI errors in upgrade scenario, it is necessary to upgrade Atlas Core to its latest version -While the previous mechanism for user provisioning is still supported for backward compatibility, it is now deprecated and will no longer be supported in the next release of the SAML module -The pre-configured possibility to use the InCommon Federation is no longer supported. Starting with SAML 4.0.0, you will need to create your own custom user-provisioning microflow
Version: 3.6.15
Framework Version: 9.24.18
Release Notes: This version contains the following fixes/improvements: -Enhanced XML parsing and improved handling of entity expansion and external entity resolution(Ticket #232023) Library upgrade: -Upgraded commons-io library to its latest version Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version. Note: We are not supporting # v.3.6.14 version for Mx9 apps using Atlas UI v2 (e.g. Mx8 apps upgraded to Mx9)
Version: 3.6.13
Framework Version: 9.24.18
Release Notes: This version contains the following fixes/improvements: -Improved strict CSP enabled(Ticket #216515) -Fixed Unreleased Resource Streams(Ticket #225643) -Supporting apps with subpath routing(Ticket #224791, Ticket #225691) -Added a constant to control continuation URL decoding.(Ticket #221356)
Version: 3.6.11
Framework Version: 9.24.18
Release Notes: This version contains the following fixes/improvements: -Fixed Module Preferred Name Id Bug Library upgrade: -We upgraded the Bouncy Castle version to 1.78.1(Ticket #217944). Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version. Note: SAML module is no longer supporting Mx9 apps using Atlas UI v2. Mendix is not planning to release a # v.3.6.10 version of the SAML module for Mx9 apps still using Atlas UI v2 (e.g. Mx8 apps upgraded to Mx9).
Version: 3.6.9
Framework Version: 9.24.1
Release Notes: This version contains the following fixes/improvements: -Removed static nonce and inline scripts in SAML Custom Login page(Ticket #207361) -Fixed Vulnerability - "Cleartext Transmission of Sensitive Information"(Ticket #204774) Library upgrade: -Upgraded xmlsec library to its latest version Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version.
Version: 3.6.8
Framework Version: 9.24.1
Release Notes: This version contains the following fixes/improvements: -Removed static nonce and inline scripts in SAML Custom Login page(Ticket #207361) -Fixed Vulnerability - "Cleartext Transmission of Sensitive Information"(Ticket #204774) Library upgrade: -Upgraded xmlsec library to its latest version Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version.
Version: 3.6.7
Framework Version: 9.24.1
Release Notes: This version contains the following fixes/improvements: - SAML decrypt encryptedAssertion Issue resolved(Ticket #199987)
Version: 3.6.6
Framework Version: 9.24.1
Release Notes: This version contains the following fixes/improvements: - SAML decrypt encryptedAssertion Issue resolved(Ticket #199987)
Version: 3.6.5
Framework Version: 9.24.1
Release Notes: This version contains the following fixes/improvements: -Improvement to index file to work with CSP headers(Ticket#184978) -Fixed NullPointer exception when login process is cancelled(Ticket#192232) Library upgrades: (Ticket#194306) - Upgraded few libraries to its latest versions - Removed un-used libraries Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version.
Version: 3.6.4
Framework Version: 9.24.1
Release Notes: This version contains the following fixes/improvements: -Improvement to index file to work with CSP headers(Ticket#184978) -Fixed NullPointer exception when login process is cancelled(Ticket#192232) Library upgrades: (Ticket#194306) - Upgraded few libraries to its latest versions - Removed un-used libraries Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version.