Mendix Community
Published in

Mendix Community

How to use the SAML module with IDP Okta.

An Identity Provider is a system entity that creates, maintains, and manages identity information, normally for user authentication. People try to use IDP’s more often since the technology is helpful for external users with no dependencies on LDAP authentication.

There are many open-source IDPs that you can try such as Shibboleth, Keycloak, and more. However, I would decided to use the Okta developer environment because it is easy to use and we do not need to configure as many settings to use it.

Let’s take a look at the SAML protocol in an overview picture below.

I start with Mendix 8.15, using a blank web application template. Next, I install 2 modules: MxModelReflection and SAML2.0

Next I set security the security level to production mode.

Also I give the Administrator user role access to the SAML module’s administrator role.

Now I configure my first module with 2 user roles.

And set the app constant DefaultLoginPage in the SAML module to be login.html.

In the navigation menu, I give the Administrator access to the MxModelReflection and SAML module overview pages. Also giving the admin access to manage user accounts.

Now I have to run my app locally and sync the reflection data for all modules.

Back to the SAML page, I configure it as shown below.

After completing the settings for SAML, I click “Download SP Metadata” to get the XML file, which also contains your SP ID.

The SSO information below is important to keep with IDP okta.

At this point, I have the SP ID and the SSO assertion URL.

Let’s go to OKTA for the configuration. Make sure that OKTA developer UI is set to Classic UI mode.

Now I am able to create a new web application with the SAML protocol in OKTA.

Your SP ID should be required in this section below.

This section below is the assertion data that will allow IDP to create a user account inside your app’s $Account or $User entity after a successful login.

When the setting is finished, I’m navigated to this page. From this page, I am able to see the identity provider’s metadata for SSO.

The format would be like this.

We need to use this URL inside the Mendix application to set up an IDP Configuration within the SAML module.

Now let’s move on to the Mendix application.

The alias name is important and should be unique. There is no validation in this field, just remember that it should not be duplicated.

For “Request Authn Context” tab, I configure it like below.

At the “Provisioning” tab, the setting should look like this.

For the mapping tab, you should create a field that able to match with the OKTA IDP attributes.

This is all for the IDP configuration in Mendix.

Go back to the OKTA application and assign the application for groups or users.

Now let’s test the application.

My Mendix app has no user login’s yet

Login to the okta dashboard via the user which you have assigned in the previous step.

Click on the PoC app.

This error occurs because of missing ids. Press on try again

You are in

Now back to okta web, we need to solve an id missing.

You need to add the alias name to the default SSO login in the okta application, the format should be like this /SSO/login/{aliasname}

Then try again.

From the publisher -

If you enjoyed this article you can find more like it at our medium page or at our own community blog site.

For the makers looking to get started, you can sign up for a Free account, and get instant access to learning with our academy.

Interested in getting more involved with our community? You can join us in our slack community channel or for those who want to be more involved, look into joining one of our meet-ups.

--

--

--

The community-sourced publication for low-code

Recommended from Medium

DOM Manipulation in A Nutshell

How to think in an advanced Binary Search problem

Why use Node.js? 9 examples of successful Node.js apps

Learn Cypress.io the hard way: How to organize test cases

Commence Phase 2!

setState in React js

6 Things to Avoid When Learning How to Code

Userprofile checkout — How to build an Ecommerce website using Django 3 and Vue.js — Part 22

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
QUANG NHAT TRAN

QUANG NHAT TRAN

Certified Mendix Expert MVP, Data Scientist, and Technical Practitioner @ TBN Software

More from Medium

Transient attributes and access rights -be careful — Mendix and Me

Transient attributes and access rights -be careful — Mendix and Me

Is your website cross browser accessible?

CodeHS Game Design in Unity Course — Unity Collaborate Update

Building a debugging keyboard for Mendix Studio Pro

Building a debugging keyboard for Mendix Studio Pro