This guide is still WIP
Follow this guide to build a new Mendix application which will allow you to explore your Altium 365 workspaces and modify the lifecycle status of your library components.
If you haven't checked out our Altium 365 Platform Mendix App, you can find it on the Mendix Marketplace.
TABLE OF CONTENTS
- Creating an Application
- Setting up Authentication and Authorization
- Installing Altium365 Platform Module
- Troubleshooting
- Error code CE0463 "Could not find widget 'Microflow Timer' in the 'widgets' directory
- Altium Identity 'Something Went Wrong'
- Upon Logout, there is no option for, 'Log in via Altium Identity', instead the user is redirected to the Altium Identity splash page
- Error after entering credentials to Altium Identity Splash page, 'This XML file does not appear to have any style information associated with it...'
Creating an Application
Install Mendix Studio Pro 10.15.0 or higher.
Create the App in the Mendix Home online portal, and open it with Mendix Studio Pro.
Download and install the following versions of the Marketplace modules into your app:
Events
v1.0.1
Encryption
v10.0.3
Community Commons
v10.0.7
Nanoflow Commons
v4.0.4
Mx Model Reflection
v8.0.3
UserCommons
v1.0.2
OIDC SSO
v3.1.0
Setting up Authentication and Authorization
Ensure the OIDC SSO v3.1.0 Module is installed from the Marketplace into the app along with all the dependencies listed in https://docs.mendix.com/appstore/modules/oidc/#dependencies.
There will be some errors after this step.
CE463 - right click on one of the errors in the Error list and select, 'Update All Widgets'
CE6087 - Right click on the error in the Error list and select, 'Update all renamed design properties in project'
You might also get a bug about Timer Microflow. Check that you have downloaded the correct version of the OIDC SSO Module (V3.1.0). Alternatively, you can delete their existence from OIDC login to solve this bug.
Set the Encryption/Private - String en/de-cryption/Apis/EncryptionKey constant in your settings 32-character string that you generate, for example you can use a randomly generated GUID (https://wasteaguid.info/, remove the dashes). You’ll need to set one for each of your App Settings Configuration. Shared is fine.
(See Step 4.4 for more on setting the Encryption Key)
Example GUID:
Configuring Roles
Set the Security level of the app to Prototype/demo by double clicking on App > Security
Add the Anonymous role, by clicking ‘User Roles’ > New
Edit each Role to have the Module Roles associated with it, to match the table in: https://docs.mendix.com/appstore/modules/oidc/#configuring-roles Section 4.1.
You may need to add a Module Role to a module to do this. You can do this by going to: The module > Security > Module roles > New.User Role
Module Name
Status
Administrator
Administration.Administrator
Already associated with role
System.Administrator
Already associated with role
MxModelReflection.ModelAdministrator
Need to add to role
UserCommons.Administrator
Already associated with role
OIDC.Administrator
Need to add to role
MyFirstModule.Admin
Need to create, not strictly necessary to be added as a role
Anonymous
System.User
Need to add to role
OIDC.Anonymous
Need to add to role
Altium365.Anonymous Need to add to role
User
Administration.User
Already associated with role
System.User
Already associated with role
MyFirstModule.User
Need to add to role
OIDC.User
Need to add to role
Altium365.User Need to add to role
- Ensure Altium365.Anonymous and Altium365.User roles are also assigned according to the table above.
- Ensure Anonymous Users is allowed
And set an Administrator Password: - Install the Mx Model Reflection module: (Section 3.a Installing MX Model Reflection)
- Once the Mx Model Reflection module has been imported into your app, you need to configure it.
In the App Explorer, add the page MxObjects_Overview from the MxModelReflection folder to the Navigation menu.
Run the app and click the newly-added navigation link to use Mx Model Reflection. Make sure to click, Save and Continue. Allow access from your Windows Defender Firewall.
Click, View App to see the appEnsure you have selected the demo_administrator user by clicking on the Select user icon on the right hand side of the screen:You will now see the icon for your MxModelReflection page. Click on the + icon to enter the Module Reflection pageEnsure the Administration, MxModelReflection, OIDC and System modules are selected, and click both ‘Click To Refresh' buttons- To enable the use of app constants to configure the OIDC SSO module, configure your app to run the Startup microflow in the OIDC module (OIDC.Startup.ASU_OIDC_Startup) as (part of ) the after startup microflow. You can do this by going to your app > Settings > Runtime > After Startup > Select > Marketplace modules/OIDC/Startup/ASU_OIDC_Startup
- (4.3 Navigation Configuration) The OIDC SSO module works without a specified sign-in page. Therefore, in the navigation section of your app, set Sign-in page (in the Authentication section) to none.
- Set a Role-based home page for role Anonymous to OIDC/Implementation/Login_Web_Button.
[ In addition, administrators will need to have access to configure OIDC and also manage end-users. You can do this by including the pages Administration.Account_Overview and OIDC.OIDC_Client_Overview into the app navigation, or a separate administration page. ]
Add Logout to Navigation
Navigation → New Menu Item Action → Sign out
Add User-Agent
Some IdS providers, such as Altium Identity, require a User-Agent field in the header. To add this, double click on the handleAuthorizationCode microflow in the OIDC module (OIDC/Implementation/2. Login Flow/2b. Callback/shared/handleAuthorizationCode).
Look for a call REST (POST) action, which returns an OAuthTokenResponse variable named TokenResponse_1. Double-click the action. Under HTTP Headers, in Custom HTTP Headers, add a new header with key User-Agent and set the value to 'Mendix/10.15.0'.
Change Open URL Action
Altium Identity, which is needed to connect to the Altium 365 Platform API uses a specially modified Auth Code flow for it’s unique security requirements. We will need to make a small modification to the OIDC/_USE ME/2. Login/a. Web/ACT_StartWebSignIn nanoflow. Open this nanoflow:
Right-click on the Open URL action and select the Set type of action… context menu item. And change the type to Call nanoflow.
In the Call Nanoflow dialog under the Action section, select the Altium365/_USE ME/ACT_AltiumIdentity_OpenUrlHook nanoflow from the Altium 365 Platform Connector marketplace module.
Keep the URL parameter setting the same and select OK to close the Call Nanoflow dialog.
Add Altium Identity as OIDC Provider
- Add the OIDC/Implementation/OIDC_Client_Overviewpage to the navigation
- Re-run the application and log in as an Administrator.
Under IdPs for SSO and API security, click New. In the form, add these details: Alias
Altium Identity
Client ID
20C490ED-58EF-11EF-9194-02A5C34CA889
Client authentication method
client_secret_basic
Client Secret
dummy
Active
Yes
Automatic Configuration URL
Custom callback URL https://auth.altium.com/api/AuthComplete
Add the following scopes:
Click, Import Configuration.
Add a placeholder OIDC Provider (Optional, but recommended)
Alias | Nexar Identity (UAT) |
Client ID | <PLACEHOLDER> |
Client Secret | <PLACEHOLDER> |
Automatic Configuration URL | https://identity.nexaruat.com/.well-known/openid-configuration |
Note: If you only have the one OIDC provider such as Altium, upon logging out, the Mendix Application will automatically redirect to the splash page of Altium Identity. This can be avoided by adding another OIDC provider placeholder, or by deleting the microflow Timer from login
Testing OIDC workflow
Log out, then try and log back in using Altium Identity.
Installing Altium365 Platform Module
Locate your MPK file, and import the module
You will see the new module at the bottom of the App Explorer panel:
Assign User module role to your app User role. You can do that by going to your app > Security > User Roles > User > Module Roles > Edit > Select Module Roles >Altium365 > User
Set the Altium365/_USE ME/GlobalPlatformUrl depending on where your workspace is. This can be one of the following based on your location:
You can do this by going into your app > Settings > Configurations > Default > Edit > Constants > New > Marketplace Modules > Altium365 > GlobalPlatformUrl
Set the constant value, choosing from a-e of the locations above. For example:
Using the A365 Module
Primary Workspace Navigation Button
Add your primary workspace to the navigation bar by clicking Add a New Item > On Click > Call a Nanoflow
Call the Nanoflow /A365/_USE_ME/ACT_Workspaces_FirstWorkspace
(Optional) Workspace Selector
If you have multiple workspaces. Add Workspace Overview to Navigation bar by clicking Add a New Item > On Click > Show A Page and add the Alium365 >_USE ME > Workspace_Overview page.
Troubleshooting
TABLE OF CONTENTS
- Error code CE0463 "Could not find widget 'Microflow Timer' in the 'widgets' directory
- Altium Identity 'Something Went Wrong'
- Upon Logout, there is no option for, 'Log in via Altium Identity', instead the user is redirected to the Altium Identity splash page
- Error after entering credentials to Altium Identity Splash page, 'This XML file does not appear to have any style information associated with it...'
Error code CE0463 "Could not find widget 'Microflow Timer' in the 'widgets' directory
- Check that the version of the OIDC SSO module you have downloaded is V3.1.0. This error seems to occur with the newest version of the OIDC SSO module (V3.2.0).
- To download the correct version of the OIDC SSO module, you can go to the OIDC SSO module in the Marketplace and select Releases > V3.1.0 > Download
- Alternatively, you can right click on the error, and select 'Go to Microflow Timer 'microflowTimer1'. Right click on the Microflow Timer element, and select Delete:
Altium Identity 'Something Went Wrong'
- Check that you have set up your scopes correctly when setting up Altium Identity as an OIDC provider
Upon Logout, there is no option for, 'Log in via Altium Identity', instead the user is redirected to the Altium Identity splash page
- Ensure that you have at least one other OIDC provider set up, for example the Identity Demo. Alternatively, you can delete the Microflow Timer from OIDC > _USE ME > 2. Login > a. Web > Snip_Login_Button:
Error after entering credentials to Altium Identity Splash page, 'This XML file does not appear to have any style information associated with it...'
- Check that your 32 character encryption key has been entered correctly, with no dashes.
- For example:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article