Getting Started with Mendix (inc. OIDC setup)

Modified on Tue, 19 Nov at 2:50 PM

This guide is still WIP

Follow this guide to build a new Mendix application which will allow you to explore your Altium 365 workspaces and modify the lifecycle status of your library components.

If you haven't checked out our Altium 365 Platform Mendix App, you can find it on the Mendix Marketplace.

TABLE OF CONTENTS

Creating an Application
Setting up Authentication and Authorization
Installing Altium365 Platform Module
- Using the A365 Module
  - Primary Workspace Navigation Button
  - (Optional) Workspace Selector
Troubleshooting

Creating an Application

Install Mendix Studio Pro 10.15.0 or higher.
Create the App in the Mendix Home online portal, and open it with Mendix Studio Pro.

Setting up Authentication and Authorization

Install the OIDC SSO V3.1.0 Module from the Marketplace into the app along with all the dependencies listed in https://docs.mendix.com/appstore/modules/oidc/#dependencies.

There will be some errors after this step.
CE463 - right click on one of the errors in the Error list and select, 'Update All Widgets'
CE6087 - Right click on the error in the Error list and select, 'Update all renamed design properties in project'
You might also get a bug about Timer Microflow. Check that you have downloaded the correct version of the OIDC SSO Module (V3.1.0). Alternatively, you can delete their existence from OIDC login to solve this bug.

Set the Encryption/Private - String en/de-cryption/Apis/EncryptionKey constant in your settings 32-character string that you generate, for example you can use a randomly generated GUID (https://wasteaguid.info/, remove the dashes). You’ll need to set one for each of your App Settings Configuration. Shared is fine.
(See Step 4.4 for more on setting the Encryption Key)

Example GUID:

Configuring Roles

Set the Security level of the app to Prototype/demo by double clicking on App > Security
Add the Anonymous role, by clicking ‘User Roles’ > New

Edit each Role to have the Module Roles associated with it, to match the table in: https://docs.mendix.com/appstore/modules/oidc/#configuring-roles Section 4.1.

You may need to add a Module Role to a module to do this. You can do this by going to: The module > Security > Module roles > New.

User Role	Module Name	Status
Administrator	Administration.Administrator	Already associated with role
	System.Administrator	Already associated with role
	MxModelReflection.ModelAdministrator	Need to add to role
	UserCommons.Administrator	Already associated with role
	OIDC.Administrator	Need to add to role
	MyFirstModule.Admin	Need to create, not strictly necessary to be added as a role
Anonymous	System.User	Need to add to role
	OIDC.Anonymous	Need to add to role
User	Administration.User	Already associated with role
	System.User	Already associated with role
	MyFirstModule.User	Need to add to role
	OIDC.User	Need to add to role

Ensure Anonymous Users is allowed

And set an Administrator Password:
Install the Mx Model Reflection module: (Section 3.a Installing MX Model Reflection)
Once the Mx Model Reflection module has been imported into your app, you need to configure it.
In the App Explorer, add the page MxObjects_Overview from the MxModelReflection folder to the Navigation menu.
Run the app and click the newly-added navigation link to use Mx Model Reflection. Make sure to click, Save and Continue. Allow access from your Windows Defender Firewall.
Click, View App to see the appEnsure you have selected the demo_administrator user by clicking on the Select user icon on the right hand side of the screen:You will now see the icon for your MxModelReflection page. Click on the + icon to enter the Module Reflection pageEnsure the Administration, MxModelReflection, OIDC and System modules are selected, and click both ‘Click To Refresh' buttons
To enable the use of app constants to configure the OIDC SSO module, configure your app to run the Startup microflow in the OIDC module (OIDC.Startup.ASU_OIDC_Startup) as (part of ) the after startup microflow. You can do this by going to your app > Settings > Runtime > After Startup > Select > Marketplace modules/OIDC/Startup/ASU_OIDC_Startup
(4.3 Navigation Configuration) The OIDC SSO module works without a specified sign-in page. Therefore, in the navigation section of your app, set Sign-in page (in the Authentication section) to none.
Set a Role-based home page for role Anonymous to OIDC/Implementation/Login_Web_Button.

[ In addition, administrators will need to have access to configure OIDC and also manage end-users. You can do this by including the pages Administration.Account_Overview and OIDC.OIDC_Client_Overview into the app navigation, or a separate administration page. ]

Navigation → New Menu Item Action → Sign out

Add User-Agent

Some IdS providers, such as Altium Identity, require a User-Agent field in the header. To add this, double click on the handleAuthorizationCode microflow in the OIDC module (OIDC/Implementation/2. Login Flow/2b. Callback/shared/handleAuthorizationCode).

Look for a call REST (POST) action, which returns an OAuthTokenResponse variable named TokenResponse_1. Double-click the action. Under HTTP Headers, in Custom HTTP Headers, add a new header with key User-Agent and set the value to 'Mendix/10.15.0'.

Add Altium Identity as OIDC Provider

Add the OIDC/Implementation/OIDC_Client_Overviewpage to the navigation
Re-run the application and log in as an Administrator.
Under IdPs for SSO and API security, click New. In the form, add these details:

Alias	Altium Identity (UAT)
Client ID	20C490ED-58EF-11EF-9194-02A5C34CA889
Client authentication method	client_secret_basic
Client Secret	dummy
Active	Yes
Automatic Configuration URL	https://auth.uat1.altium.com/.well-known/openid-configuration

Add the following scopes:

Click, Import Configuration.

Add a placeholder OIDC Provider (Optional, but recommended)

Alias	Nexar Identity (UAT)
Client ID	<PLACEHOLDER>
Client Secret	<PLACEHOLDER>
Automatic Configuration URL	https://identity.nexaruat.com/.well-known/openid-configuration

Note: If you only have the one OIDC provider such as Altium, upon logging out, the Mendix Application will automatically redirect to the splash page of Altium Identity. This can be avoided by adding another OIDC provider placeholder, or by deleting the microflow Timer from login

Testing OIDC workflow

Log out, then try and log back in using Altium Identity.

Installing Altium365 Platform Module

Right click on the root node with your App name and select, Import module package….

Locate your MPK file, and import the module

You will see the new module at the bottom of the App Explorer panel:

Assign User module role to your app User role. You can do that by going to your app > Security > User Roles > User > Module Roles > Edit > Select Module Roles >Altium365 > User

Set the Altium365/_USE ME/GlobalPlatformUrl depending on where your workspace is. This can be one of the following based on your location:
- Asia-pacific: https://asp.365.altium.com/napi/gateway/graphql
- Europe: https://eur.365.altium.com/napi/gateway/graphql
- GovCloud: https://use.365-gov.altium.com/napi/gateway/graphql
- US-East: https://use.365.altium.com/napi/gateway/graphql
- US-West: https://usw.365.altium.com/napi/gateway/graphql

You can do this by going into your app > Settings > Configurations > Default > Edit > Constants > New > Marketplace Modules > Altium365 > GlobalPlatformUrl

Set the constant value, choosing from a-e of the locations above. For example:

Using the A365 Module

Add your primary workspace to the navigation bar by clicking Add a New Item > On Click > Call a Nanoflow

Call the Nanoflow /A365/_USE_ME/ACT_Workspaces_FirstWorkspace

(Optional) Workspace Selector

If you have multiple workspaces. Add Workspace Overview to Navigation bar by clicking Add a New Item > On Click > Show A Page and add the Alium365 >_USE ME > Workspace_Overview page.

Troubleshooting