MX 9.5: Deep Link with SAML SSO vicious circle

2
I configured SAML module with Azure SSO. In order to make it work I changed index.html and replaced "originURI=/login.html" with "originURI=/sign-in.html" where the code for sign-in.html is below. <!doctype html> <html>     <head>         <meta http-equiv="refresh" content="0;URL=/sso/" />     </head> </html> My SSO works perfectly fine. When I try accessing any of my deep link URL I end up with a vicious circle between https://login.microsoftonline.com/ and https://<myhost>/SSO/login?f=true&cont=link/oat Interestingly enough, when I stop the circle and key in a deep link URL in the browser, it works perfectly fine. It looks like the sessions is established, but I cannot get out of circular redirect between SSO/login and Azure site. How can I break the vicious circle. My SAML and DeepLink constants are below.
asked
2 answers
5

The problem seems to be that in Mendix 9 the SameSite cookie defaults to “Strict” and thus the browser does not forward the session cookie issued by the /SSO/ handler if the login page of your IdP has popped up before (and for the same reason the deeplink also works if you have already logged in via your IdP before and its login page is therefore not opened).

So, setting com.mendix.core.SameSiteCookies (in the custom runtime settings, see https://docs.mendix.com/refguide/custom-settings) to “None” or “Lax” will break the circle. 

answered
0

What did you set in this part?
 

IndexPage – In special cases—for example, when you want to load a specific theme or bypass a certain single sign-on page—you can modify this constant to redirect to another index page like index3.html or index-mytheme.html.

Because now after login it will go the index.html but you changed that to point to the SSO. So you need to have a index3.html or something like that and that must contain what was in your old index.html without the redirect part.

Regards,

Ronald

 

answered