Give us feedback
Web icon


Stable version 5.0.4 (Compatible with OutSystems 11)
Other versions available for 10 and Older
Uploaded on 22 Jun by 
João Barata
 (48 ratings)


IdP Connector is a generic federated identity provider (IdP) connector, using the SAML protocol to connect to external identity providers. IdP allows your OutSystems applications to integrate with single sign-on (SSO) provided by most of the commercial Identity Provider companies. Also supports SSO from OutSystems mobile apps, alongside with IdP Mobile connector. Tested with Okta, Azure, ADFS, PingOne, OneLogin and ForgeRock OpenAM.
Read more

How to use IdP connector

After download, you will need to configure your application to use the IdP connector and also to configure the IdP connector with settings from your Identity Provider.

You can learn how to configure the IdP connector.

Feature List

  • SAML Response validation
  • SAML decrypt assertion
  • Create SAML Request
  • The browser interacts with the user's SAML 2.0-compliant Identity Provider, validates the user credentials, creates the SAML assertion, and sends the assertion to OutSystems applications.
  • SSO lets users sign in once and remain authenticated as they access services in the circle of trust.
  • SAML Single-Logout flow (SLO initiated by IdP Connector or initiated by IdP Server)
  • Import/Export SAML metadata
  • Mobile Support (with IdP Mobile connector)

What’s new (5.0.4)


  • Added some missing descriptions and added more comments on some of the longer actions.


  • Updated to dependencies to the latest version of ArdoHTTP
  • Changed the SAML authentication flow to also include the redirect URL in the RelayState Parameter
    • When performing an IdP Initiated login, make sure you include a query parameter with the name IdpAppName with the value of the Saml APp configuration to use.
    • Examples: 
      • https://yourdomain/yourmodulename/yourscreen?someparameter=somevalue&IdpAppName=yoursamlappname
      • https://yourdomain/yourmodulename/yourscreen?IdpAppName=yoursamlappname
      • /ModuleName/Screen?IdpAppName=yoursamlappname
  • Changed the retention period for the UserSession records from 3 months to 2 days to reduce table size.


  • Removed unnecessary loading screens when performing the login using the Redirect bidding.
    • Screens will still be visible in POST bindings.


  • Fixed an "Invalid Provider Type Specified" error when signing the SAML requests ( mainly when performing the Logout Flow)
  • Fixed a Database exception error when deleting a configuration after it had been used in the last 2 days.
    • The error only occurred when trying to delete a configuration that had a login in the last 2 days.
  • Added missing LastLogin date when creating a new user as part of the AutoProvision logic
  • Fixed an issue that would cause an error when the user performed a logout on an Identity provider where he was authenticated with 2 different accounts (e.g: AzureAD)
Reviews (2)
in version 4.2.6
The configuration would be much easier if it was documented how the fields map to fields in the Users table
in version 4.2.0
Easy to set and use with corporate AD FS and as a general component too.