Getting Started with Mendix (inc. OIDC setup)

Modified on Fri, 20 Dec at 3:22 PM

This guide is still WIP

Follow this guide to build a new Mendix application which will allow you to explore your Altium 365 workspaces and modify the lifecycle status of your library components.


If you haven't checked out our Altium 365 Platform Mendix App, you can find it on the Mendix Marketplace.

TABLE OF CONTENTS

Creating an Application

  1. Install Mendix Studio Pro 10.15.0 or higher.

  2. Create the App in the Mendix Home online portal, and open it with Mendix Studio Pro.

  3. Download and install the following versions of the Marketplace modules into your app:

Setting up Authentication and Authorization

  1. Ensure the OIDC SSO v3.1.0 Module is installed from the Marketplace into the app along with all the dependencies listed in https://docs.mendix.com/appstore/modules/oidc/#dependencies.



There will be some errors after this step.
CE463 - right click on one of the errors in the Error list and select, 'Update All Widgets'
CE6087 - Right click on the error in the Error list and select, 'Update all renamed design properties in project'
You might also get a bug about Timer Microflow. Check that you have downloaded the correct version of the OIDC SSO Module (V3.1.0). Alternatively, you can delete their existence from OIDC login to solve this bug.


  1. Set the Encryption/Private - String en/de-cryption/Apis/EncryptionKey constant in your settings 32-character string that you generate, for example you can use a randomly generated GUID (https://wasteaguid.info/, remove the dashes). You’ll need to set one for each of your App Settings Configuration. Shared is fine.
    (See Step 4.4 for more on setting the Encryption Key)


Example GUID:


Configuring Roles

  1. Set the Security level of the app to Prototype/demo by double clicking on App > Security

  2. Add the Anonymous role, by clicking ‘User Roles’ > New

  3. Edit each Role to have the Module Roles associated with it, to match the table in: https://docs.mendix.com/appstore/modules/oidc/#configuring-roles Section 4.1.

    You may need to add a Module Role to a module to do this. You can do this by going to: The module > Security > Module roles > New.

     

    User Role

    Module Name

    Status

    Administrator

    Administration.Administrator

     Already associated with role

     

    System.Administrator

    Already associated with role

     

    MxModelReflection.ModelAdministrator

    Need to add to role

     

    UserCommons.Administrator

    Already associated with role

     

    OIDC.Administrator

    Need to add to role

     

    MyFirstModule.Admin

    Need to create, not strictly necessary to be added as a role

    Anonymous

    System.User

    Need to add to role

     

    OIDC.Anonymous

    Need to add to role


    Altium365.Anonymous

    Need to add to role

    User

    Administration.User

    Already associated with role

     

    System.User

    Already associated with role

     

    MyFirstModule.User

    Need to add to role

     

    OIDC.User

    Need to add to role


    Altium365.User

    Need to add to role


  4. Ensure Altium365.Anonymous and Altium365.User roles are also assigned according to the table above.

  5. Ensure Anonymous Users is allowed

    And set an Administrator Password:
  6. Install the Mx Model Reflection module: (Section 3.a Installing MX Model Reflection)
  7. Once the Mx Model Reflection module has been imported into your app, you need to configure it.
    In the App Explorer, add the page MxObjects_Overview from the MxModelReflection folder to the Navigation menu.

  8. Run the app and click the newly-added navigation link to use Mx Model Reflection. Make sure to click, Save and Continue. Allow access from your Windows Defender Firewall.
    Click, View App to see the appEnsure you have selected the demo_administrator user by clicking on the Select user icon on the right hand side of the screen:You will now see the icon for your MxModelReflection page. Click on the + icon to enter the Module Reflection pageEnsure the Administration, MxModelReflection, OIDC and System modules are selected, and click both ‘Click To Refresh' buttons
  9. To enable the use of app constants to configure the OIDC SSO module, configure your app to run the Startup microflow in the OIDC module (OIDC.Startup.ASU_OIDC_Startup) as (part of ) the after startup microflow. You can do  this by going to your app > Settings > Runtime > After Startup > Select > Marketplace modules/OIDC/Startup/ASU_OIDC_Startup

  10. (4.3 Navigation Configuration) The OIDC SSO module works without a specified sign-in page. Therefore, in the navigation section of your app, set Sign-in page (in the Authentication section) to none.
  11. Set a Role-based home page for role Anonymous to OIDC/Implementation/Login_Web_Button.


[ In addition, administrators will need to have access to configure OIDC and also manage end-users. You can do this by including the pages Administration.Account_Overview and OIDC.OIDC_Client_Overview into the app navigation, or a separate administration page. ]


Add Logout to Navigation

Navigation → New Menu Item Action → Sign out


Add User-Agent

  1. Some IdS providers, such as Altium Identity, require a User-Agent field in the header. To add this, double click on the handleAuthorizationCode microflow in the OIDC module (OIDC/Implementation/2. Login Flow/2b. Callback/shared/handleAuthorizationCode).

  1. Look for a call REST (POST) action, which returns an OAuthTokenResponse variable named TokenResponse_1. Double-click the action. Under HTTP Headers, in Custom HTTP Headers, add a new header with key User-Agent and set the value to 'Mendix/10.15.0'.

Change Open URL Action

Altium Identity, which is needed to connect to the Altium 365 Platform API uses a specially modified Auth Code flow for it’s unique security requirements. We will need to make a small modification to the OIDC/_USE ME/2. Login/a. Web/ACT_StartWebSignIn nanoflow. Open this nanoflow:


Right-click on the Open URL action and select the Set type of action… context menu item. And change the type to Call nanoflow.



In the Call Nanoflow dialog under the Action section, select the Altium365/_USE ME/ACT_AltiumIdentity_OpenUrlHook nanoflow from the Altium 365 Platform Connector marketplace module.



Keep the URL parameter setting the same and select OK to close the Call Nanoflow dialog.


Add Altium Identity as OIDC Provider

  1. Add the OIDC/Implementation/OIDC_Client_Overviewpage to the navigation
  2.  Re-run the application and log in as an Administrator.
    Under IdPs for SSO and API security, click New. In the form, add these details:


  3. Alias

    Altium Identity

    Client ID

    20C490ED-58EF-11EF-9194-02A5C34CA889

    Client authentication method

    client_secret_basic

    Client Secret

    dummy

    Active

    Yes

    Automatic Configuration URL

    https://auth.altium.com/.well-known/openid-configuration

    Custom callback URL
    https://auth.altium.com/api/AuthComplete

    Add the following scopes:

    Click, Import Configuration.


Add a placeholder OIDC Provider (Optional, but recommended)


Alias

Nexar Identity (UAT)

Client ID

<PLACEHOLDER>

Client Secret

<PLACEHOLDER>

Automatic Configuration URL

https://identity.nexaruat.com/.well-known/openid-configuration


Note: If you only have the one OIDC provider such as Altium, upon logging out, the Mendix Application will automatically redirect to the splash page of Altium Identity. This can be avoided by adding another OIDC provider placeholder, or by deleting the microflow Timer from login


Testing OIDC workflow

Log out, then try and log back in using Altium Identity.


Installing Altium365 Platform Module

Right click on the root node with your App name and select, Import module package….

Locate your MPK file, and import the module


You will see the new module at the bottom of the App Explorer panel:

  1. Assign User module role to your app User role. You can do that by going to your app > Security > User Roles > User > Module Roles > Edit > Select Module Roles >Altium365 > User

  1. Set the Altium365/_USE ME/GlobalPlatformUrl depending on where your workspace is. This can be one of the following based on your location:

You can do this by going into your app > Settings > Configurations > Default > Edit > Constants > New > Marketplace Modules > Altium365 > GlobalPlatformUrl

Set the constant value, choosing from a-e of the locations above. For example:


Using the A365 Module

Primary Workspace Navigation Button


Add your primary workspace to the navigation bar by clicking Add a New Item > On Click > Call a Nanoflow 

Call the Nanoflow /A365/_USE_ME/ACT_Workspaces_FirstWorkspace

(Optional) Workspace Selector

If you have multiple workspaces. Add Workspace Overview to Navigation bar by clicking Add a New Item > On Click > Show A Page and add the Alium365 >_USE ME > Workspace_Overview page.



Troubleshooting

TABLE OF CONTENTS

 

Error code CE0463 "Could not find widget 'Microflow Timer' in the 'widgets' directory


  • Check that the version of the OIDC SSO module you have downloaded is V3.1.0. This error seems to occur with the newest version of the OIDC SSO module (V3.2.0).
  • To download the correct version of the OIDC SSO module, you can go to the OIDC SSO module in the Marketplace and select Releases > V3.1.0 > Download


  • Alternatively, you can right click on the error, and select 'Go to Microflow Timer 'microflowTimer1'. Right click on the Microflow Timer element, and select Delete:



Altium Identity 'Something Went Wrong'


Upon Logout, there is no option for, 'Log in via Altium Identity', instead the user is redirected to the Altium Identity splash page

  • Ensure that you have at least one other OIDC provider set up, for example the Identity Demo. Alternatively, you can delete the Microflow Timer from OIDC > _USE ME > 2. Login > a. Web > Snip_Login_Button:


Error after entering credentials to Altium Identity Splash page, 'This XML file does not appear to have any style information associated with it...'

  • Check that your 32 character encryption key has been entered correctly, with no dashes.
  • For example:


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article