Issue with single sign-on via SAML and custom domain
I have a Mendix app deployed to the Mendix Cloud. The app is configured with the SAML module version 3.1.3. Okta is configured as Identity Provider in the app on the SAML configuration page. Single sign-on via Okta was working fine, until we changed the custom domain for the app. The app can be accessed in the Mendix Cloud via the new custom domain URL, but when the users try to sign in via Okta, they receive an error message as soon as they are redirected from Okta back to Mendix. It seems the SAML authentication request is posted with a wrong AssertionConsumerServiceURL containing the original app URL ending with mendixcloud.com instead of the custom domain URL. I already tried to change the ApplicationRootUrl in the custom runtime settings in the Mendix Cloud, to match the custom domain URL, but after restarting the application the issue is still present. I noticed that the application root URL that is displayed in the SP configuration in the Mendix app is still the original URL. The app URL being displayed cannot be changed on the configuration page. What can I do to modify the application URL for the SP configuration?
Steven Samuels Brusse
After some trial and error I solved the issue myself. It appears the application root url in the custom runtime settings must end with a trailing slash ("/"). Without the trailing slash the custom setting is not being used by the SAML module.