SAML assertion and Google setup

0
We have the SAML setup working between Mendix and Google G Suite. It seems however that Google advises that when going to the assertion URL a check should be made if an assertion is available and otherwise redirect to the login page. So going to https://someURL.mendixcloud.com/SSO/assertion should when empty redirect to https://someURL.mendixcloud.com/SSO/login. To my knowledge the current SAML module does not support this. Or am I mistaken and did I do something wrong with the request handlers? Regards, Ronald [EDIT 11-10-2017] Note that the SAML does work, only sometimes the user has to click again on the SSO link.  
asked
1 answers
0

Your assumption is correct, that is indeed not how the module is implemented. The module expects an assertion and if no assertion can be found the user gets an error message. The only way to change the behavior is to alter the code (there are no hidden settings to realize this)

 

I can't remember exactly why I made that decision back when building this. That was before google supported SAML, this decision was based on the complexity of doing this, and also the standard specs from SAML. I need to go through my dev notes to find the exact reasons. 

This might be something that could be built in the module, please enter a ticket for this and we can see if we can add it.  Or if somebody is interested in building this, let us know and we can share an invite to the project. (The module probably won't go to Github, because a large part is in modeler and git doesn't play nice with the modeler merges).

answered