<-- Back

DOCGEN_NAVIGATION_ERROR when using PDF Document Generation module with SSO

Issue

When attempting to use the PDF Document Generation module in a Mendix application that has SSO (Single Sign-On) configuration with redirects in the index.html file, the document generation fails with the following error:

DOCGEN_NAVIGATION_ERROR: Failed to generate document due to an external redirect to: "https://login.microsoftonline.com/[guid]/saml2"

This occurs because the PDF Document Generation module attempts to access the application page, but the redirect logic in the index.html file sends it to an external SSO login page instead. The external redirect blocks the document generation process from completing successfully.

Environment

  • PDF Document Generation (all versions)
  • MendixSSO (all versions)

Cause

The issue occurs because the redirect script in the application's index.html file redirects all incoming requests to the SSO login page. When the PDF Document Generation module's external service attempts to access the application to generate the document, it gets redirected to the external SSO authentication URL (e.g., login.microsoftonline.com). This external redirect is not allowed by the document generation process, causing it to fail with a DOCGEN_NAVIGATION_ERROR.

Solution / Workaround

To resolve this issue, modify the redirect logic in your index.html file to bypass the SSO redirect when the PDF Document Generation module is accessing the application. Add a condition that checks if the URL contains generate-document before executing the SSO redirect.

To achieve this, follow the implementation steps below:

  1. Open your application's index.html file.
  2. Locate the existing SSO redirect script.
  3. Wrap the redirect logic in a conditional check that excludes document generation requests.

An example of the implementation would be to change the redirect script from:

<script>
if(window.location.href.includes("mymedia")){
    if (!document.cookie || !document.cookie.match(/(^|;) *originURI=/gi)) {
        document.cookie = "originURI=index.html" + (window.location.protocol === "https:" ? ";SameSite=None;Secure" : "");
        const returnURL = encodeURIComponent(window.location.search+window.location.hash);
        self.location = '/SSO/login?cont='+returnURL;
    }
}
</script>

To:

<script>
if(window.location.href.includes("generate-document")){
    // Do nothing - allow document generation to proceed
} else {
    if(window.location.href.includes("mymedia")){
        if (!document.cookie || !document.cookie.match(/(^|;) *originURI=/gi)) {
            document.cookie = "originURI=index.html" + (window.location.protocol === "https:" ? ";SameSite=None;Secure" : "");
            const returnURL = encodeURIComponent(window.location.search+window.location.hash);
            self.location = '/SSO/login?cont='+returnURL;
        }
    }
}
</script>

This modification allows the PDF Document Generation module's external service to access the application without being redirected to the SSO login page, while maintaining the SSO redirect functionality for regular user access. There is no need to change SSOLandingPage configuration.

Internal information related

  • 273169

Additional information

Have more questions? Submit a request

0 Comments

Article is closed for comments.

To provide feedback, please open a ticket here. Don't forget to include the article's URL along with the feedback you would like to provide.