We are trying to implement SAML/SSO with DeepLink. We installed and configured SAML and it appears to be working as needed. When we navigate to oursite.com/sso/login we get the Active Directory user’s home page as expected. We also set up a deeplink so that the AD user can hyperlink to a specific item on a specific page. The deeplink is set to Allow guests = true. When I navigate to the deeplink at ‘oursite.com/SSO/login?f=true&cont=link/ourlink?id=99999999’, the deeplink microflow runs as expected. However, at this point I would expect $currentUser to be the AD user’s account with the microflow running under that account’s role. Instead, $currentUser/IsAnonymous=true and $currentUser/Name=’Anonymous_85e…’ But the Mendix log shows the message “SAML_SSO: Success: Successful sign on: email@example.com”. How do I get a deeplink to microflow to run under the SSO/AD user’s role? Edited to add: I set the role based home page to a microflow that runs DeepLinkHome. When I navigate to the deeplink URL I am first shown page login.html. After logging in I finally get the expected deeplink page. I need to bypass this unnecessary login page. Is there a configuration constant in either DeepLink or SAML that need to be set up? These are my current settings: This is my role based microflow:
We resolved this with the help of Mendix Support. They recommended a couple of config changes:
1) Set the value of the DeepLink.LoginLocation to /sso/login?f=true&cont=, so you get redirected to the correct login handler
2) Set the com.mendix.core.SameSiteCookies custom runtime setting to Lax, so the session cookie is sent to the Mendix runtime after a successful sign in with the IdP.
That got it working for us. Your mileage may vary.