Suggestions Security implementation using external system login details

0
My app has to validate the user credentials by connecting to external system using login service provided. Login service returns a token on login success and this token can be used for services to be called by any action after login. I implemented my mendix app as follows Enable Anonymous user security setting Create a Module role with name as User Provide appropriate security setting for form, microflow,entity access. Most entities will have only read access for this Module role Created a custom login screen where user can enter external system configuration details   Any suggestions, whether I am following right approach or if there will be any security issues with above approach. 
asked
2 answers
0

Hi Mohan,

This sounds like the authentication of your app users should go via some other identity provider. (https://en.wikipedia.org/wiki/Identity_provider). You could check the Mendix app store for modules in the category Authentication. There are some modules there that do something similar as what you described. For instance, the SAML module: https://appstore.home.mendix.com/link/app/1174/Mendix/SAML. This module can replace your app's default login behaviour.

answered
0

See also this module: https://appstore.home.mendix.com/link/app/107925/Magnus-Consulting/AutoLogin

You could tweak this module and create another webservice that generates the token.

So one webservice that based on an account name returns a token. And then this module in combination with the deeplink module to login that user.

Good luck,

Ronald

 

answered