Single Sign On basics from any application to Mendix (universal method?)
Hi all, When it comes to integrating systems with Mendix there is usually a registering process where customers need to be registered in a Mendix application to gain access to other applications. My goal is to use single sign on: a user logs in once and gains access to all systems (e.g. a third party forum) without being prompted to log in again at each of them. However my general knowledge of integrating SSO is limited. Where to start? -What are the basics to integrate SSO from a third party application to Mendix? (possible solutions?) -What's the best universal way to do it regardless of any system? Thanks in advance! Looking forward to any useful suggestions and ideas. Pieter
In principle the solution depends on the question against what the SSO is performed.
An Active Directory server?
Some openID protocol
Your own protocol (build in Mendix for example, we did that with MxID)
Concerning Mendix, it does not constrain you in which protocol to use since you can override the authentication mechanism. We have an existing solution for Kerberos/ Active Directory.
For third party applications it hugely depends on the architecture of the third party application. We managed to extend our python written forum (this on) and the Confluence Wiki system.
Note: Be sure to not confuse Single Sign On with Centralized Authentication (most people do)
Single Sign On: Once logged in to one application, you can navigate to any application without encountering any login screen. All apps delegate their authentication mechanism to some central server.
Centralized authentication: You can use the same credentials among several applications (for example LDAP), but being logged in to one application does not mean that you are logged in to other applications automatically.
We use the SSO mechanisme with the SAML module from the appstore. It works in the standard and the putty cloud. SAML is used widely with a lot of other systems. Works like a charm.