Each website/application will maintain the individual database of the user’s credentials, like username & password, etc.
The website always will check the authentication has been done or not. If we won’t store the password’s to the site, then the application will redirect to the login page, to enter the credentials.
Then checks the entered username & password against the data in the corresponding database.
SSO is a session and an authentication process that allows end-users to access multiple applications/systems with one set of login credentials, this feature meant to be as ‘Single Sign-On’ (SSO).
This reduces the risks by minimizing the wrong password hits by end-users, in order to access multiple applications.
And avoids the deals with the user management or password reset flows.
One of the popular examples, as we all are familiar that once we logged into Gmail account, which automatically obtains access to Google Drive, Google Photos, Google Analytics, Google Maps, and few other Google products.
And once we logout from any of the Google apps, automatically logged out from all the apps, which is meant to be as ‘Single Logout’.
Mendix SSO module allows users to sign in with the Mendix account when the Mendix application is deployed to the MX cloud.
Using MX accounts it’s pretty easy to create multiple applications which all use the same sign-on mechanism.
In addition, to adding the SSO mechanism to the existing Mendix application, to enable this we can add the SSO module from the Mendix AppStore directly.
Refer here for Mendix SSO Module => https://appstore.home.mendix.com/link/app/111349/Mendix/MendixSSO
And then turn on the project security to production and update the user roles (Administrator/User) in the required modules like MendixSSO.
Rename the original login.html file to login-without-sso & login-with-sso.html file to login.html in the theme folder of Mendix application.
After re-running the application, this adds the SSO button in sign in screen. Can find the theme folder path in the ‘Show Project Directory in Explorer’ in Project tab of Mendix application.
Mendix has provided an ability to deactivate the SSO.
1. Can be done by renaming the following files:
2. Remove the following microflow “MendixSSO_AfterStartup” accordingly in the After Startup of Project runtime settings.
So that SSO will get deactivated when the next time deployment has been done after updating to these.
After deactivating the SSO mechanism, delete the MendixSSO module from the Mendix application from the Appstore modules folder of Project Explorer panel.
In case if errors related to SSO, just remove them accordingly from the application. So that SSO mechanism will get removed successfully from the Mx application.
Here I have created the Mendix profile and try to create the Mendix application with SSO mechanism, so if I logout from my Mendix profile (https://sprintr.home.mendix.com/index.html), then Mendix SSO application will look for Authentication, if not directly it will navigate to the respected page.
Mendix supports a wide range of SSO technologies as follows:
These integrations can be accomplished using Mendix appstore modules. Let’s see how SAML integration can be done in Mendix platform.
SAML is a Markup language based framework for authentication & authorization between Service and Identity provider entities.
Here is the SSO mechanism process flow:
One after importing the SAML & Mx Model Reflection modules from the app store in the application, configure the Startup microflow in the runtime project settings as follows:
Then create the menu item In the project navigation in order to call the SAML Configuration microflow ‘OpenConfiguration’ as follows:
After creating the menu, re-run the application, then click on the View button. Click on the Configuration from the left-hand side menu. It will open Configuration as follows, with different configurations as IDP, SP, Log and SAML requests.
Fill out the SP Configuration details. Copy the URL Application and paste it in the Organization URL and fill the remaining details of Org and contact person.
After filling the SP Configuration details, Click on Save. Then it will generate the Key Store alias, Last Changed on as below
Incase if SAML request fails then logs will be added under log tab of configuration, by filtering Success/failure of logon result.
From the lists of logs, we can select one and view the log information as well.
And SAML configuration module by default provides an option to view the list of SAML requests and can able to view, and able to export to csv file as well, by using ‘Export to CSV’ button.
Mendix SSO will not support in Native mobiles, it supports only in web applications.
We can enable the Single Sign-On (SSO) mechanism with the Mx account is now managed from the Mendix SSO module by the Mendix app store instead of creating the logic from scratch.
And SSO integration process is pretty simple and easier to understand.
By Uma Raj
By Uma Raj
By Abishek Balakumar