[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?

Martina Benckova mbenckova at evolveum.com
Thu Aug 20 13:18:04 CEST 2020


Hi Gus, 

Let me join the communication. 

Lukas tried to help you within limited time that he could dedicate to the community. His main responsibilities are development activities to make midPoint even better for the whole community. Based on this he mainly follows Jira tickets of platform subscribers and customers with active product support. 

On the other hand, if you would like to engage our team with the issue, and provide detailed analysis with possible solution, you might be interested in our commercial services. In case of activated a services, we dedicate available techie to help our customer with their issues. 
We provide different services for different purposes. 
Would you be interested? 

Best regards, 
Martina Benckova | Sales Manager 
[ https://evolveum.com/ ] 
mbenckova at evolveum.com | www.evolveum.com 
tel: +421 948 940 888 
[ https://www.facebook.com/evolveum/ ] [ https://www.linkedin.com/company/evolveum ] [ https://twitter.com/Evolveum ] 


Disclaimer : 

The contents of this e-mail and attachment(s) thereto are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or Evolveum s.r.o. or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of Evolveum s.r.o. or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. 


From: "Lukas Skublik" <lukas.skublik at evolveum.com> 
To: midpoint at lists.evolveum.com 
Sent: Thursday, August 20, 2020 9:37:04 AM 
Subject: Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth? 



Hello Gus, 
I analysed log file, but I found nothing relevant. 

Regards, 
Lukas Skublik. 
On 19. 8. 2020 15:10, Gus Lou wrote: 



Hi Lukas 

I activated the debug level in the midpoint log, but found nothing relevant. 
I attached the log for analysis 
Thank you very much 

Em qua., 19 de ago. de 2020 às 02:54, Lukas Skublik < [ mailto:lukas.skublik at evolveum.com | lukas.skublik at evolveum.com ] > escreveu: 

BQ_BEGIN



Hello Gus, 
can you send me your log file. Maybe you see wrong error message. 

Regards 
Lukas Skublik 
On 18. 8. 2020 23:35, Gus Lou wrote: 

BQ_BEGIN

Hi Alexandre 

Thank you very much 

I made the modifications suggested by you and Lukas. 
Something is still wrong, after authenticating with the IdP and returning to the midpoint I get the message: 
Midpoint saml module doesn't receive response from Identity Provider server .. 
The strange thing is that through the Saml Tracer tool, I can verify that there was a request and a response. 



Saml Request: 

< saml2p:AuthnRequest xmlns:saml2p = "urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL = " [ http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta | http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta ] " Destination = " [ https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml | https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml ] " ForceAuthn = "false" ID = "ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" IsPassive = "false" IssueInstant = "2020-08-18T21:14:01.266Z" ProtocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version = "2.0" > < saml2:Issuer xmlns:saml2 = "urn:oasis:names:tc:SAML:2.0:assertion" > sp_midpoint </ saml2:Issuer > < saml2p:NameIDPolicy AllowCreate = "true" Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> </ saml2p:AuthnRequest > 

Saml Response: 

< saml2p:Response xmlns:saml2p = "urn:oasis:names:tc:SAML:2.0:protocol" Destination = " [ http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta | http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta ] " ID = "id369598233453735443745710" InResponseTo = "ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" IssueInstant = "2020-08-18T21:14:02.181Z" Version = "2.0" > < saml2:Issuer xmlns:saml2 = "urn:oasis:names:tc:SAML:2.0:assertion" Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" > [ http://www.okta.com/xxxxxxxxxxx4x6 | http://www.okta.com/xxxxxxxxxxx4x6 ] </ saml2:Issuer > < ds:Signature xmlns:ds = " [ http://www.w3.org/2000/09/xmldsig# | http://www.w3.org/2000/09/xmldsig# ] " > < ds:SignedInfo > < ds:CanonicalizationMethod Algorithm = " [ http://www.w3.org/2001/10/xml-exc-c14n# | http://www.w3.org/2001/10/xml-exc-c14n# ] " /> < ds:SignatureMethod Algorithm = " [ http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 ] " /> < ds:Reference URI = "#id369598233453735443745710" > < ds:Transforms > < ds:Transform Algorithm = " [ http://www.w3.org/2000/09/xmldsig#enveloped-signature | http://www.w3.org/2000/09/xmldsig#enveloped-signature ] " /> < ds:Transform Algorithm = " [ http://www.w3.org/2001/10/xml-exc-c14n# | http://www.w3.org/2001/10/xml-exc-c14n# ] " /> </ ds:Transforms > < ds:DigestMethod Algorithm = " [ http://www.w3.org/2001/04/xmlenc#sha256 | http://www.w3.org/2001/04/xmlenc#sha256 ] " /> < ds:DigestValue > eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4= </ ds:DigestValue > </ ds:Reference > </ ds:SignedInfo > < ds:SignatureValue > Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj </ ds:SignatureValue > < ds:KeyInfo > < ds:X509Data > < ds:X509Certificate > MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU 9u92XgEJLCIVs0onGbhUfoI5r702fcEM </ ds:X509Certificate > </ ds:X509Data > </ ds:KeyInfo > </ ds:Signature > < saml2p:Status xmlns:saml2p = "urn:oasis:names:tc:SAML:2.0:protocol" > < saml2p:StatusCode Value = "urn:oasis:names:tc:SAML:2.0:status:Success" /> </ saml2p:Status > < saml2:Assertion xmlns:saml2 = "urn:oasis:names:tc:SAML:2.0:assertion" ID = "id3695982334609027802744130" IssueInstant = "2020-08-18T21:14:02.181Z" Version = "2.0" > < saml2:Issuer xmlns:saml2 = "urn:oasis:names:tc:SAML:2.0:assertion" Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" > [ http://www.okta.com/xxxxxxxxx4x6 | http://www.okta.com/xxxxxxxxx4x6 ] </ saml2:Issuer > < ds:Signature xmlns:ds = " [ http://www.w3.org/2000/09/xmldsig# | http://www.w3.org/2000/09/xmldsig# ] " > < ds:SignedInfo > < ds:CanonicalizationMethod Algorithm = " [ http://www.w3.org/2001/10/xml-exc-c14n# | http://www.w3.org/2001/10/xml-exc-c14n# ] " /> < ds:SignatureMethod Algorithm = " [ http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 | http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 ] " /> < ds:Reference URI = "#id3695982334609027802744130" > < ds:Transforms > < ds:Transform Algorithm = " [ http://www.w3.org/2000/09/xmldsig#enveloped-signature | http://www.w3.org/2000/09/xmldsig#enveloped-signature ] " /> < ds:Transform Algorithm = " [ http://www.w3.org/2001/10/xml-exc-c14n# | http://www.w3.org/2001/10/xml-exc-c14n# ] " /> </ ds:Transforms > < ds:DigestMethod Algorithm = " [ http://www.w3.org/2001/04/xmlenc#sha256 | http://www.w3.org/2001/04/xmlenc#sha256 ] " /> < ds:DigestValue > g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk= </ ds:DigestValue > </ ds:Reference > </ ds:SignedInfo > < ds:SignatureValue > nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH </ ds:SignatureValue > < ds:KeyInfo > < ds:X509Data > < ds:X509Certificate > MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A 9u92XgEJLCIVs0onGbhUfoI5r702fcEM </ ds:X509Certificate > </ ds:X509Data > </ ds:KeyInfo > </ ds:Signature > < saml2:Subject xmlns:saml2 = "urn:oasis:names:tc:SAML:2.0:assertion" > < saml2:NameID Format = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" > [ mailto:john.doe at xyz.net | john.doe at xyz.net ] </ saml2:NameID > < saml2:SubjectConfirmation Method = "urn:oasis:names:tc:SAML:2.0:cm:bearer" > < saml2:SubjectConfirmationData InResponseTo = "ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" NotOnOrAfter = "2020-08-18T21:19:02.181Z" Recipient = " [ http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta | http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta ] " /> </ saml2:SubjectConfirmation > </ saml2:Subject > < saml2:Conditions xmlns:saml2 = "urn:oasis:names:tc:SAML:2.0:assertion" NotBefore = "2020-08-18T21:09:02.181Z" NotOnOrAfter = "2020-08-18T21:19:02.181Z" > < saml2:AudienceRestriction > < saml2:Audience > okta </ saml2:Audience > </ saml2:AudienceRestriction > </ saml2:Conditions > < saml2:AuthnStatement xmlns:saml2 = "urn:oasis:names:tc:SAML:2.0:assertion" AuthnInstant = "2020-08-18T21:14:02.181Z" SessionIndex = "ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" > < saml2:AuthnContext > < saml2:AuthnContextClassRef > urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </ saml2:AuthnContextClassRef > </ saml2:AuthnContext > </ saml2:AuthnStatement > </ saml2:Assertion > </ saml2p:Response > 

--------------------------------------------------------------------------------------------- 


Regards 

Gus 

Em ter., 18 de ago. de 2020 às 02:28, Alexandre Zia < [ mailto:alexandre.zia at ifood.com.br | alexandre.zia at ifood.com.br ] > escreveu: 

BQ_BEGIN

I've just changed a few things, based on your config, 

<saml2> 
<name>oktaidp</name> 
<description>Enterprise SAML-based SSO system</description> 
<network> 
<readTimeout>10000</readTimeout> 
<connectTimeout>5000</connectTimeout> 
</network> 
<serviceProvider> 
<entityId>sp_midpoint</entityId> 
<aliasForPath>okta</aliasForPath> 
<signRequests>false</signRequests> 
<wantAssertionsSigned>true</wantAssertionsSigned> 
<singleLogoutEnabled>true</singleLogoutEnabled> 
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId> 
<provider> 
<entityId> [ http://www.okta.com/xxxxxxxxxxxx4x6 | http://www.okta.com/xxxxxxxxxxxx4x6 ] </entityId> 
<alias>SSO-Okta</alias> 
<metadata> 
<xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml> 
</metadata> 
<skipSslValidation>false</skipSslValidation> 
<linkText>Okta</linkText> 
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding> 
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute> 
</provider> 
</serviceProvider> 
</saml2> 


And your ACS url will be something like this: [ http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta | http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta ] 





On Mon, Aug 17, 2020 at 2:24 PM Gus Lou < [ mailto:gugalou38 at gmail.com | gugalou38 at gmail.com ] > wrote: 

BQ_BEGIN

Hi Luca 
Thank you very much for your help. I had not configured this option yet. 
I did the suggested configuration, now the link to the IdP in the midpoint interface is correct. 
But when I click on the link to the IdP and do the authentication and get the reply back to the midpoint I get an error: 
Midpoint saml module doesn't receive response from Identity Provider server. 
Authentication failed, and as a consequence was restarted authentication flow 
(probably due to the fact that the midpoint ACS url in the IdP is not correct.) 

I need to find out what the Midpoint Assertion Consumer Service (ACS) URL is to report on the IdP. 

Print Screen after IdP Authentication failed 


Regards 

Gus 

Em seg., 17 de ago. de 2020 às 03:18, Lukas Skublik < [ mailto:lukas.skublik at evolveum.com | lukas.skublik at evolveum.com ] > escreveu: 

BQ_BEGIN



Hello Gus, 

you try configure attribute systemConfiguration/infrastructure/publicHttpUrlPattern to ' [ http://midpoint-02.xyz.net/midpoint | http://midpoint-02.xyz.net/midpoint ] '. 

Regards, 
Lukas Skublik 
On 6. 8. 2020 0:00, Gus Lou wrote: 

BQ_BEGIN

Hi Guys 
Anyone here already integrated Midpoint with Okta's solution to provide Midpoint authentication through the SAML 2.0 protocol? 
I created a free developer account on Okta and I am trying to make the SAML settings following the guidelines below: 

Midpoint Wiki: 
[ https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration | https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration ] 

Git Example Security-policy-flexible-authentication: 
[ https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml | https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml ] 

Okta Example - SAML Spring Security: 
[ https://developer.okta.com/code/java/spring_security_saml/ | https://developer.okta.com/code/java/spring_security_saml/ ] 
[ https://github.com/oktadeveloper/okta-spring-boot-saml-example | https://github.com/oktadeveloper/okta-spring-boot-saml-example ] 

I understand that Okta is the Identity Provider IdP and Midpoint is the Service Provider SP. 
After trying to make the settings I had some doubts: 

What is the Midpoint uri that receives the IdP response? 
What is the Midpoint url that I should use to perform the authentication of the IdP (Okta). Because when I try to inform an existing user in the IdP an error appears and a screen with the link of the IdP (in this part there is another error that I couldn't solve the midpoint displays the internal address [ https://127.0.0.1/ | https://127.0.0.1/ ] 

Some Informations from my Lab: 

Print-01 Midpoint - Authentatication GUI (the user john.doe, does not exist at midpoint but exists at IdP) 


Print-02 
After I try to authenticate, I get the error message: 
Couldn't authenticate user, reason: couldn't encode password. 


Print-03 
The link to the idp Okta is displaying the midpoint's internal address: 
[ http://127.0.0.1:8080/ | http://127.0.0.1:8080/ ] midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F% [ http://2fwww.okta.com/ | 2Fwww.okta.com ] %2Fexko4d721K5vASKoJ4x6 

Instead of the hostname address: 
[ http://midpoint-02.xyz.net/ | http://midpoint-02.xyz.net ] /midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F% [ http://2fwww.okta.com/ | 2Fwww.okta.com ] %2Fexko4d721K5vASKoJ4x6 

I believe it is some incorrect configuration on my reverse proxy - nginx 


Print-04: Okta IdP SAML Configuration 
Here is my main question, because in the fields: 


    1. Single sign on URL 
    2. Audience URI (SP Entity ID) 
I need to report existing data in Midpoint, but I'm not sure where to get this information. 




My Security Policy Config: 
I made the settings in the IdP, generated the metadata, encoded it in base 64 and put it in the Midpoint settings. 

<authentication> 
<modules> 
<loginForm id="15"> 
<name>internalLoginForm</name> 
<description>Internal username/password authentication, default user password, login form</description> 
</loginForm> 
<saml2 id="16"> 
<name>oktaidp</name> 
<description>My SAML-based SSO system.</description> 
<network> 
�� <readTimeout>10000</readTimeout> 
<connectTimeout>5000</connectTimeout> 
</network> 
<serviceProvider> 
<entityId>sp_midpoint</entityId> 
<signRequests>true</signRequests> 
<wantAssertionsSigned>true</wantAssertionsSigned> 
<singleLogoutEnabled>true</singleLogoutEnabled> 
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId> 
<keys/> 
<provider id="17"> 
<entityId> [ http://www.okta.com/xxxxxxxxxxxx4x6 | http://www.okta.com/xxxxxxxxxxxx4x6 ] </entityId> 
<alias>SSO-Okta</alias> 
<metadata> 
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml> 
</metadata> 
<skipSslValidation>true</skipSslValidation> 
<linkText>Okta</linkText> 
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding> 
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute> 
</provider> 
</serviceProvider> 
</saml2> 
</modules> 
<sequence id="8"> 
<name>admin-gui-default</name> 
<description> 
Default GUI authentication sequence. 
We want to try company SSO, federation and internal. In that order. 
Just one of then need to be successful to let user in. 
</description> 
<channel> 
<channelId> [ http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user | http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user ] </channelId> 
<default>true</default> 
<urlSuffix>default</urlSuffix> 
</channel> 
<module id="12"> 
<name>oktaidp</name> 
<order>30</order> 
<necessity>sufficient</necessity> 
</module> 
<module id="13"> 
<name>internalLoginForm</name> 
<order>20</order> 
<necessity>sufficient</necessity> 
</module> 
</sequence> 
<sequence id="9"> 
<name>admin-gui-emergency</name> 
<description> 
Special GUI authentication sequence that is using just the internal user password. 
It is used only in emergency. It allows to skip SAML authentication cycles, e.g. in case 
that the SAML authentication is redirecting the browser incorrectly. 
</description> 
<channel> 
<channelId> [ http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user | http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user ] </channelId> 
<default>false</default> 
<urlSuffix>emergency</urlSuffix> 
</channel> 
<requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType"> 
<!-- Superuser --> 
</requireAssignmentTarget> 
<module id="14"> 
<name>internalLoginForm</name> 
<order>30</order> 
<necessity>sufficient</necessity> 
</module> 
</sequence> 
</authentication> 


If anyone has any suggestions for solving the problem I would appreciate it. 

Regards 

Gus 



_______________________________________________
midPoint mailing list [ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ] [ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ] 



_______________________________________________ 
midPoint mailing list 
[ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ] 
[ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ] 

BQ_END

_______________________________________________ 
midPoint mailing list 
[ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ] 
[ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ] 

BQ_END



-- 
[ https://www.ifood.com.br/ ] 	
	


Alexandre R Zia 


	


Security 


	


	


	
[ https://www.ifood.com.br/ | www.ifood.com.br ] 

	[ https://www.facebook.com/iFood?fref=ts ] 	[ https://twitter.com/iFood ] 	[ https://www.instagram.com/iFoodBrasil/ ] 	[ https://www.youtube.com/ifood ] 
_______________________________________________ 
midPoint mailing list 
[ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ] 
[ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ] 

BQ_END


_______________________________________________
midPoint mailing list [ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ] [ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ] 

BQ_END

_______________________________________________ 
midPoint mailing list 
[ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ] 
[ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ] 

BQ_END


_______________________________________________
midPoint mailing list [ mailto:midPoint at lists.evolveum.com | midPoint at lists.evolveum.com ] [ https://lists.evolveum.com/mailman/listinfo/midpoint | https://lists.evolveum.com/mailman/listinfo/midpoint ] 

BQ_END

_______________________________________________ 
midPoint mailing list 
midPoint at lists.evolveum.com 
https://lists.evolveum.com/mailman/listinfo/midpoint 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 44374 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 40189 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 36057 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 44752 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 88974 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: evolveum logo.png
Type: image/png
Size: 15927 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Facebook.png
Type: image/png
Size: 5939 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: LinkedIn.png
Type: image/png
Size: 6733 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Twitter.png
Type: image/png
Size: 9973 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/de1f140e/attachment-0008.png>


More information about the midPoint mailing list