SAML

Category: Modules
Subcategory: Authentication

Overview

Use this module to implement single sign-on to your Mendix app using a SAML 2.0 compliant identity provider (IDP).  Also the Shibboleth protocol is supported.

Tested against AzureAD and used by customers with a range of SAML IdP’s, this module manages the end-to-end SSO workflow when working with a SAML IDP. The IDP will relieve your app from logging in your end-users and optionally will also decide which roles the user gets assigned in your app, using mechanism from the SAML protocol.

Mendix also offers an “OIDC SSO”  module to authenticate your end-users using the OAuth / OpenID Connect protocol. 

Documentation

Please see SAML in the Mendix documentation for details.

Please follow the below version compatibility guidance:
# v.1.17.2 version for Mx7 apps
# v.2.3.5 version for Mx8 apps
# v.3.3.10 version for Mx9 Upgrade track (Mx8 apps upgraded to Mx9)
# v.3.3.11 version for Mx9 New track (for apps newly built on Mx9)

Releases

Version: 3.3.11
Framework Version: 9.12.5
Release Notes: This version contains the following fixes/improvements: - Fixed Active/Inactive Toggle not working as expected (Ticket #173465) - Fixed logout issue in Studio Pro 9.20 version (Ticket #173282, #174725) Library Upgrades: (Ticket #172523, #173264, #175781) - org.bouncycastle: bcpkix-jdk15on-1.69 to jdk15to18-1.70 - org.bouncycastle: bcrov-jdk15on-1.69 to jdk15to18-1.70 - org.bouncycastle: bcutil-jdk15on-1.69 to jdk15to18-1.70 Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version.
Version: 3.3.10
Framework Version: 9.12.5
Release Notes: This version contains the following fixes/improvements: - Fixed Active/Inactive Toggle not working as expected (Ticket #173465) - Fixed logout issue in Studio Pro 9.20 version (Ticket #173282, #174725) Library Upgrades: (Ticket #172523, #173264, #175781) - org.bouncycastle: bcpkix-jdk15on-1.69 to jdk15to18-1.70 - org.bouncycastle: bcrov-jdk15on-1.69 to jdk15to18-1.70 - org.bouncycastle: bcutil-jdk15on-1.69 to jdk15to18-1.70 Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version.
Version: 3.3.9
Framework Version: 9.12.5
Release Notes: This version contains the following fixes/improvements: - Fixed security vulnerability (9.3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C), only apps using one of the following versions of the SAML module are affected: from v3.3.0 to v3.3.7 - Fixed login issue in Studio Pro 9.20 version (Ticket #172541, #173036, #173282, #173691)
Version: 3.3.8
Framework Version: 9.12.5
Release Notes: This version contains the following fixes/improvements: - Fixed security vulnerability (9.3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C), only apps using one of the following versions of the SAML module are affected: from v3.3.0 to v3.3.7 - Fixed login issue in Studio Pro 9.20 version (Ticket #172541, #173036, #173282, #173691)
Version: 3.3.7
Framework Version: 9.12.5
Release Notes: This version contains the following fixes/improvements: - Added “Force Authentication” as a configurable option in the “Request Authn context” tab - Moved Authentication related configuration options from “Provisioning” tab to “Request Authn context” tab - Fixed issues related to In-Session Authentication (Ticket #171541) - Fixed Missing Dutch translations - Fixed Missing content-type in SSO/Metadata (Ticket # #171506) Library Upgrades: (Ticket #167757) - org.slf4j: slf4j-api to 2.0.3 - org.slf4j: slf4j- simple to 2.0.3 Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old SAML module from the userlib folder of the project before upgrading to the latest version.