0

Hi everyone, I am trying to configure SAML SSO with one of our apps and I just cannot get it working.  At the moment, I get caught in a loop which looks like it is loading my app but then I geet a ‘Unable to validate the SAML message!’ error.  We are using ADFS on premise as our provider.  We are also using a custom domain.  We think we have set up the ADFS correctly.  I have tried putting our custom domain in the Custom Runtime Settings page under ApplicationRootUrl but when I do this, I just get a generic ADFS error message that really doesn’t help. When I don’t have this, I visit the domain,  lets say appname.mydomain.com, I see the page change to appname.mendixcloud.com/SSO, this then flashes up the front page of my application (so I know it has logged on ok) I think get a URL of fs.mydomain.com/adfs/ls and it then lands on appname.mendixcloud.com/SSO/assertion and I get the ‘Unable to validate the SAML message!’. I’ve read a few articles about adding the ApplicationRootUrl but this doesn’t help.  I haven’t changed any of the default settings in the modeller such as DefaultLogonPage or SSOLandingPage. The main problem I have now is that I can’t log on to the application at all using MxAdmin to check the SAML configuration (I think I may need to add a Claim?).  If I go to app.mydoming.com/logon.html, I get prompted for credentials, but then I get stuck in the loop again.   Im assuming that I may have to deply another version of the app to break the SAML config but then I may have to go back to our ADFS provider contact to recreate the settings and I’d rather not.   Any help or advice would be much appreciated.  I know my description is a bit messy.  Do I definetly need the ApplicationRootUrl setting?

asked 2020-02-26

3 answers