Issue
When configuring multiple Identity Providers (IdPs) within the SAML module, some users may encounter a situation where only the most recently created IdP configuration appears in the discovery endpoint ({appURL}/sso/discovery). As a result, attempts to initiate SAML authentication using the IdP parameter fail to load the corresponding IdP metadata, because the system consistently defaults to the last-created configuration. This behavior prevents proper routing of SAML requests to the intended IdP and can disrupt multi‑IdP authentication flows.
Environment
SAML (all versions)
Cause
This issue occurs when multiple IdP configurations in the Mendix SAML module are created using the same metadata, specifically the same EntityID. Because the module identifies IdPs by their EntityID, it treats all configurations with matching metadata as a single IdP. As a result, only the most recently created configuration is recognized and displayed in the /sso/discovery endpoint.
Solution / Workaround
To ensure each IdP configuration is independently recognized, configure each IdP with unique metadata, including a distinct EntityID. Once each IdP has its own unique EntityID, the SAML module will correctly list all configurations in /sso/discovery and route SAML requests to the appropriate IdP.
Internal information related
- 271787
- C03HEV4LK1C/p1770981882005939
Additional information
- Mendix documentation: SAML
0 Comments