OIDC SSO
Content Type: Module
Categories: Authentication
Overview
Use this module to implement single sign-on to your Mendix app using an OpenID Connect (OIDC) compliant identity provider (IDP). It supports ‘normal’ Mendix apps (i.e. responsive browser-based applications) and doesn’t yet support native or hybrid mobile apps. Tested against AWS Cognito, Google, Salesforce, Apple, Okta, Ping, and Microsoft, this module manages the end-to-end SSO workflow when working with an OIDC IDP. The IDP will relieve your app from logging in your end-users and optionally will also decide which roles the user gets assigned in your app, using mechanism from the OAuth protocol.
Simply provide configuration details, decide how you'd like to provision users, and log in!
You can use this module if your app is on Mendix 9 or later. If your app is using a previous Mendix version, you would have to upgrade your app or use the similar “OpenIDConnect Single Sign-on (OIDC, OAuth2, SSO)” module, which has community support. Both modules have similar but not the same features. Please look at release notes and documentation to make the best choice for your app.
Documentation
Please see
OIDC SSO in the Mendix documentation for details.
Releases
Version: 2.3.0
Framework Version: 9.24.2
Release Notes: This version contains the following enhancements:
- Allows for automation of SSO configuration via Application Constants set in your CI/CD pipeline, i.e. at deploytime.
- Influence authentication at your IDP using the ACR feature.
- Added an out-of-the-box microflow for standardized access token parsing, which can – for example - be used when your app is interacts with OIDC Provider module in another app.
- We included a migration file for the Java dependencies for Studio Pro 10 compatibility.
This version contains the following fixes/improvements:
- Enhanced the error handling messages for authorized API calls(Ticket#173297)
- Dependency on “Native Mobile Resources” module has been removed.
Version: 2.2.0
Framework Version: 9.24.2
Release Notes: This version contains the following fixes/improvements:
- Improvement for redirect URLs which may or may not have trailing slash ‘/’.
- Fixed Mendix 10 compatibility issue.(Ticket#190175)
- Upgraded to Studio pro v9.24.2
Library Upgrades:
- com.nimbusds:nimbus-jose-jwt to version 9.31
Recommendation:
After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version.
Hence it is recommended that you delete all Java libraries used by the old OIDC SSO module from the userlib folder of the project before upgrading to the latest version.
Version: 2.1.1
Framework Version: 9.22.0
Release Notes: This version contains the following:
Library Upgrades:
- org.json:json-20220924 to 20230227
Recommendation:
After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version.
Hence it is recommended that you delete all Java libraries used by the old OIDC SSO module from the userlib folder of the project before upgrading to the latest version.
Version: 2.1.0
Framework Version: 9.22.0
Release Notes: This version contains the following fixes/improvements:
- Upgraded to Mendix Studio Pro v9.22.0
Version: 2.0.0
Framework Version: 9.12.7
Release Notes: This version contains the following enhancements:
-Added support for authorizing access to a Mendix back-end app using access token
-Simplified the structure for access token parsing microflows('ACT_Token_CustomATPRetrieveRoles' and 'Default SAM processing') and web-callback microflow. This is a ‘breaking change’ for customers that have previously created a custom access token parsing microflow.
-Added introspection of Access Tokens and the introspection endpoint field on OIDC configuration screen
-Added two out-of-the-box microflows for access token parsing (i.e. PIB and AzureAD)
This version contains the following fixes/improvements:
-Improved the conditional check of the 'handleAuthorizationCode' microflow(Ticket#170579)
-Fixed issue related to cookies in Mendix studio pro-9.20(Ticket#173282)