How to get user identity in a Mx App for user who is already logged in into Windows?
In our corporate environment, users are authenticated/logged-in to their Windows clients via standard AAD. And I’d like to use the user information/identity of so logged-in user within my Mx application. Not to bother the user to log in to my App again (nota bene, when the App authentication would be delegated to the same IdP anyway). I don’t need persistent user accounts created/stored in my App for those “broad-audience” users (from the point of view of my App, such a user is an “anonymous-like” one and I only want to personalize her/his user experience in the very session bc. I know who the particular user is). Only for a small specific user group, I’d let those users take the 2nd step of MFA to allow them to perform some specific actions in my App (those users would have persistent user accounts in my App; this would lead to “in-session authentication”, if I am not mistaken). I am ready to use either SAML or OIDC, no preference in this regards (well would like OIDC a tiny little bit more ;-). I mean, Outlook does inherit the user info, Edge browser does it as well and can forward it to sites … How can my App behave the same way (in fact inherit it from the browser in which it has been called)? I saw several questions on this topic in internet but no answer so far.
I have no experience with OIDC but with SAML you could do it. When the user goes to your app a SAML request will be sent to the IdP and if the user already has logged in it will give a response back. In the SAML response you can put all kind of information about that user. The IdP can define what information is being sent back to your Mendix app. And you can pick that information again up in the response and use it. See also the documentation here: https://docs.mendix.com/appstore/modules/saml/ and check out 3.2.4.