[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?
Radovan Semancik
radovan.semancik at evolveum.com
Thu Aug 20 18:49:49 CEST 2020
Hello Tomas,
SAML client functionality *is* avilable as part of midPoint and as all
the feature is *is* part of midPoint source code.
However, as you certainly know, SAML is a complex protocol. There are
variations and dialects, there are lot of configuration options. Not
every client works with every identity provider. That may also be the
case here. Maybe there is a need for special configuration. Maybe there
is a bug in midPoint code. Maybe there is a bug or misconfiguration on
the identity provider side. Maybe it is something entirely different.
There are just too many options to consider in a short mail. Lukas has
already shown good will and tried to help. As he indicated, the problem
is not obvious and more time and effort is needed to analyze the issue.
As Martina explained, Lukas does not have that time available for you as
that time is reserved for midPoint subscribers.
MidPoint is open and free software. You can go ahead and do pretty much
anything that you want with midPoint. MidPoint is free, but our services
are not. If you want to dedicate a time of one of our engineers to focus
on your specific problem then you have to pay for that time.
--
Radovan Semancik
Software Architect
evolveum.com
On 20. 8. 2020 18:27, tomas.husar at ibask.eu wrote:
> Hallo Martina,
>
> can I understand to your post in this way, that this feature/(midPoint
> is recognising and processing SAML response from external IDM system)
> / is not actually available on midpoint git-repository and it needs
> analytic and development effort which goes beyond support covered in
> this mailing list?
>
> Tomas
>
>
>
> From: "Martina Benckova" <mbenckova at evolveum.com>
> To: midpoint at lists.evolveum.com
> Date: 20. 08. 2020 13:22
> Subject: Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?
> Sent by: "midPoint" <midpoint-bounces at lists.evolveum.com>
> ------------------------------------------------------------------------
>
>
>
> Hi Gus,
>
> Let me join the communication.
>
> Lukas tried to help you within limited time that he could dedicate to
> the community. His main responsibilities are development activities to
> make midPoint even better for the whole community. Based on this he
> mainly follows Jira tickets of platform subscribers and customers with
> active product support.
>
> On the other hand, if you would like to engage our team with the
> issue, and provide detailed analysis with possible solution, you might
> be interested in our commercial services. In case of activated a
> services, we dedicate available techie to help our customer with their
> issues.
> We provide different services for different purposes.
> Would you be interested?
>
> Best regards,
> *Martina Benckova* | Sales Manager
> <https://evolveum.com/>
> mbenckova at evolveum.com | www.evolveum.com
> tel: +421 948 940 888
> <https://www.facebook.com/evolveum/><https://www.linkedin.com/company/evolveum><https://twitter.com/Evolveum>
>
>
> Disclaimer:
>
> The contents of this e-mail and attachment(s) thereto are confidential
> and intended for the named recipient(s) only. It shall not attach any
> liability on the originator or Evolveum s.r.o. or its affiliates. Any
> views or opinions presented in this email are solely those of the
> author and may not necessarily reflect the opinions of Evolveum s.r.o.
> or its affiliates. Any form of reproduction, dissemination, copying,
> disclosure, modification, distribution and / or publication of this
> message without the prior written consent of the author of this e-mail
> is strictly prohibited. If you have received this email in error
> please delete it and notify the sender immediately.
>
>
>
> ------------------------------------------------------------------------
>
> *From: *"Lukas Skublik" <lukas.skublik at evolveum.com>*
> To: *midpoint at lists.evolveum.com*
> Sent: *Thursday, August 20, 2020 9:37:04 AM*
> Subject: *Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?
>
> Hello Gus,
> I analysed log file, but I found nothing relevant.
>
> Regards,
> Lukas Skublik.
> On 19. 8. 2020 15:10, Gus Lou wrote:
> Hi Lukas
>
> I activated the debug level in the midpoint log, but found nothing
> relevant.
> I attached the log for analysis
> Thank you very much
>
> Em qua., 19 de ago. de 2020 às 02:54, Lukas Skublik
> <_lukas.skublik at evolveum.com_ <mailto:lukas.skublik at evolveum.com>>
> escreveu:
> Hello Gus,
> can you send me your log file. Maybe you see wrong error message.
> Regards
> Lukas Skublik
> On 18. 8. 2020 23:35, Gus Lou wrote:
> Hi Alexandre
>
> Thank you very much
>
> I made the modifications suggested by you and Lukas.
> Something is still wrong, after authenticating with the IdP and
> returning to the midpoint I get the message:
> Midpoint saml module doesn't receive response from Identity Provider
> server ..
> The strange thing is that through the Saml Tracer tool, I can verify
> that there was a request and a response.
>
>
>
> Saml Request:
>
> <saml2p:AuthnRequestxmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"AssertionConsumerServiceURL="_http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta_"Destination="_https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml_"ForceAuthn="false"ID="ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"IsPassive="false"IssueInstant="2020-08-18T21:14:01.266Z"ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"Version="2.0"><saml2:Issuerxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">sp_midpoint</saml2:Issuer><saml2p:NameIDPolicyAllowCreate="true"Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></saml2p:AuthnRequest>
>
>
> Saml Response:
>
> <saml2p:Responsexmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"Destination="_http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta_"ID="id369598233453735443745710"InResponseTo="ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"IssueInstant="2020-08-18T21:14:02.181Z"Version="2.0"><saml2:Issuerxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">_http://www.okta.com/xxxxxxxxxxx4x6_</saml2:Issuer><ds:Signaturexmlns:ds="_http://www.w3.org/2000/09/xmldsig#_"><ds:SignedInfo><ds:CanonicalizationMethodAlgorithm="_http://www.w3.org/2001/10/xml-exc-c14n#_"/><ds:SignatureMethodAlgorithm="_http://www.w3.org/2001/04/xmldsig-more#rsa-sha256_"/><ds:ReferenceURI="#id369598233453735443745710"><ds:Transforms><ds:TransformAlgorithm="_http://www.w3.org/2000/09/xmldsig#enveloped-signature_"/><ds:TransformAlgorithm="_http://www.w3.org/2001/10/xml-exc-c14n#_"/></ds:Transforms><ds:DigestMethodAlgorithm="_http://www.w3.org/2001/04/xmlenc#sha256_"/><ds:DigestValue>eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
> A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
> 9u92XgEJLCIVs0onGbhUfoI5r702fcEM</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2p:Statusxmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"><saml2p:StatusCodeValue="urn:oasis:names:tc:SAML:2.0:status:Success"/></saml2p:Status><saml2:Assertionxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"ID="id3695982334609027802744130"IssueInstant="2020-08-18T21:14:02.181Z"Version="2.0"><saml2:Issuerxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">_http://www.okta.com/xxxxxxxxx4x6_</saml2:Issuer><ds:Signaturexmlns:ds="_http://www.w3.org/2000/09/xmldsig#_"><ds:SignedInfo><ds:CanonicalizationMethodAlgorithm="_http://www.w3.org/2001/10/xml-exc-c14n#_"/><ds:SignatureMethodAlgorithm="_http://www.w3.org/2001/04/xmldsig-more#rsa-sha256_"/><ds:ReferenceURI="#id3695982334609027802744130"><ds:Transforms><ds:TransformAlgorithm="_http://www.w3.org/2000/09/xmldsig#enveloped-signature_"/><ds:TransformAlgorithm="_http://www.w3.org/2001/10/xml-exc-c14n#_"/></ds:Transforms><ds:DigestMethodAlgorithm="_http://www.w3.org/2001/04/xmlenc#sha256_"/><ds:DigestValue>g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
> A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
> DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
> 9u92XgEJLCIVs0onGbhUfoI5r702fcEM</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml2:Subjectxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><saml2:NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">_john.doe at xyz.net_
> <mailto:john.doe at xyz.net></saml2:NameID><saml2:SubjectConfirmationMethod="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml2:SubjectConfirmationDataInResponseTo="ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"NotOnOrAfter="2020-08-18T21:19:02.181Z"Recipient="_http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta_"/></saml2:SubjectConfirmation></saml2:Subject><saml2:Conditionsxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"NotBefore="2020-08-18T21:09:02.181Z"NotOnOrAfter="2020-08-18T21:19:02.181Z"><saml2:AudienceRestriction><saml2:Audience>okta</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><saml2:AuthnStatementxmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"AuthnInstant="2020-08-18T21:14:02.181Z"SessionIndex="ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"><saml2:AuthnContext><saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2:AuthnContext></saml2:AuthnStatement></saml2:Assertion></saml2p:Response>
>
>
> ---------------------------------------------------------------------------------------------
>
>
>
> Regards
>
> Gus
>
> Em ter., 18 de ago. de 2020 às 02:28, Alexandre Zia
> <_alexandre.zia at ifood.com.br_ <mailto:alexandre.zia at ifood.com.br>>
> escreveu:
> I've just changed a few things, based on your config,
>
> <saml2>
> <name>oktaidp</name>
> <description>Enterprise SAML-based SSO system</description>
> <network>
> <readTimeout>10000</readTimeout>
> <connectTimeout>5000</connectTimeout>
> </network>
> <serviceProvider>
> <entityId>sp_midpoint</entityId>
> <aliasForPath>okta</aliasForPath>
> <signRequests>false</signRequests>
> <wantAssertionsSigned>true</wantAssertionsSigned>
> <singleLogoutEnabled>true</singleLogoutEnabled>
> <nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId>
> <provider>
> <entityId>_http://www.okta.com/xxxxxxxxxxxx4x6_</entityId>
> <alias>SSO-Okta</alias>
> <metadata>
> <xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml>
> </metadata>
> <skipSslValidation>false</skipSslValidation>
> <linkText>Okta</linkText>
> <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
> <nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
> </provider>
> </serviceProvider>
> </saml2>
>
>
> And your ACS url will be something like this:
> _http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta_
>
>
>
>
>
> On Mon, Aug 17, 2020 at 2:24 PM Gus Lou <_gugalou38 at gmail.com_
> <mailto:gugalou38 at gmail.com>> wrote:
> Hi Luca
> Thank you very much for your help. I had not configured this option yet.
> I did the suggested configuration, now the link to the IdP in the
> midpoint interface is correct.
> But when I click on the link to the IdP and do the authentication and
> get the reply back to the midpoint I get an error:
> /Midpoint saml module doesn't receive response from Identity Provider
> server./
> /Authentication failed, and as a consequence was restarted
> authentication flow/
> (probably due to the fact that the midpoint ACS url in the IdP is not
> correct.)
>
> I need to find out what the Midpoint Assertion Consumer Service (ACS)
> URL is to report on the IdP.
>
> Print Screen after IdP Authentication failed
> image.png
>
> Regards
>
> Gus
>
> Em seg., 17 de ago. de 2020 às 03:18, Lukas Skublik
> <_lukas.skublik at evolveum.com_ <mailto:lukas.skublik at evolveum.com>>
> escreveu:
> Hello Gus,
>
> you try configure attribute
> systemConfiguration/infrastructure/publicHttpUrlPattern to
> '_http://midpoint-02.xyz.net/midpoint_'.
>
> Regards,
> Lukas Skublik
> On 6. 8. 2020 0:00, Gus Lou wrote:
> Hi Guys
> Anyone here already integrated Midpoint with Okta's solution to
> provide Midpoint authentication through the SAML 2.0 protocol?
> I created a free developer account on Okta and I am trying to make the
> SAML settings following the guidelines below:
>
> *Midpoint Wiki:*
> _https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration_
>
>
> *Git Example Security-policy-flexible-authentication:*
> _https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml_
>
>
> *Okta Example - SAML Spring Security:*
> _https://developer.okta.com/code/java/spring_security_saml/_
> _https://github.com/oktadeveloper/okta-spring-boot-saml-example_
>
> I understand that Okta is the Identity Provider IdP and Midpoint is
> the Service Provider SP.
> After trying to make the settings I had some doubts:
>
> What is the Midpoint uri that receives the IdP response?
> What is the Midpoint url that I should use to perform the
> authentication of the IdP (Okta). Because when I try to inform an
> existing user in the IdP an error appears and a screen with the link
> of the IdP (in this part there is another error that I couldn't solve
> the midpoint displays the internal address _https://127.0.0.1/_
>
> Some Informations from my Lab:
>
> *Print-01 Midpoint - Authentatication GUI* (the user john.doe, does
> not exist at midpoint but exists at IdP)
> image.png
>
> *Print-02 *
> After I try to authenticate, I get the error message:
> /_Couldn't authenticate user, reason: couldn't encode password._/
> image.png
>
> *Print-03*
> The link to the idp Okta is displaying the midpoint's internal address:
> *_http://127.0.0.1:8080/_*midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%_2Fwww.okta.com_
> <http://2fwww.okta.com/>%2Fexko4d721K5vASKoJ4x6
>
> Instead of the hostname address:
> *_http://midpoint-02.xyz.net_*
> <http://midpoint-02.xyz.net/>/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%_2Fwww.okta.com_
> <http://2fwww.okta.com/>%2Fexko4d721K5vASKoJ4x6
>
> I believe it is some incorrect configuration on my reverse proxy - nginx
> image.png
>
> *Print-04: Okta IdP SAML Configuration*
> Here is my main question, because in the fields:
>
> 1. Single sign on URL
> 2. Audience URI (SP Entity ID)
>
> I need to report existing data in Midpoint, but I'm not sure where to
> get this information.
> image.png
>
>
>
> *My Security Policy Config:*
> I made the settings in the IdP, generated the metadata, encoded it in
> base 64 and put it in the Midpoint settings.
>
> <authentication>
> <modules>
> <loginForm id="15">
> <name>internalLoginForm</name>
> <description>Internal username/password authentication,
> default user password, login form</description>
> </loginForm>
> <saml2 id="16">
> <name>oktaidp</name>
> <description>My SAML-based SSO system.</description>
> <network>
> �� <readTimeout>10000</readTimeout>
> <connectTimeout>5000</connectTimeout>
> </network>
> <serviceProvider>
> <entityId>sp_midpoint</entityId>
> <signRequests>true</signRequests>
> <wantAssertionsSigned>true</wantAssertionsSigned>
> <singleLogoutEnabled>true</singleLogoutEnabled>
> <nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId>
> <keys/>
> <provider id="17">
>
> <entityId>_http://www.okta.com/xxxxxxxxxxxx4x6_</entityId>
> <alias>SSO-Okta</alias>
> <metadata>
> <xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml>
>
> </metadata>
> <skipSslValidation>true</skipSslValidation>
> <linkText>Okta</linkText>
> <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
> <nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
> </provider>
> </serviceProvider>
> </saml2>
> </modules>
> <sequence id="8">
> <name>admin-gui-default</name>
> <description>
> Default GUI authentication sequence.
> We want to try company SSO, federation and internal. In that
> order.
> Just one of then need to be successful to let user in.
> </description>
> <channel>
>
> <channelId>_http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user_</channelId>
>
> <default>true</default>
> <urlSuffix>default</urlSuffix>
> </channel>
> <module id="12">
> <name>oktaidp</name>
> <order>30</order>
> <necessity>sufficient</necessity>
> </module>
> <module id="13">
> <name>internalLoginForm</name>
> <order>20</order>
> <necessity>sufficient</necessity>
> </module>
> </sequence>
> <sequence id="9">
> <name>admin-gui-emergency</name>
> <description>
> Special GUI authentication sequence that is using just the
> internal user password.
> It is used only in emergency. It allows to skip SAML
> authentication cycles, e.g. in case
> that the SAML authentication is redirecting the browser
> incorrectly.
> </description>
> <channel>
>
> <channelId>_http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user_</channelId>
>
> <default>false</default>
> <urlSuffix>emergency</urlSuffix>
> </channel>
> <requireAssignmentTarget
> oid="00000000-0000-0000-0000-000000000004" relation="org:default"
> type="c:RoleType">
> <!-- Superuser -->
> </requireAssignmentTarget>
> <module id="14">
> <name>internalLoginForm</name>
> <order>30</order>
> <necessity>sufficient</necessity>
> </module>
> </sequence>
> </authentication>
>
>
> If anyone has any suggestions for solving the problem I would
> appreciate it.
>
> Regards
>
> Gus
>
>
>
> _______________________________________________
> midPoint mailing list
> _midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>
> _https://lists.evolveum.com/mailman/listinfo/midpoint_
>
> _______________________________________________
> midPoint mailing list_
> __midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>_
> __https://lists.evolveum.com/mailman/listinfo/midpoint_
> _______________________________________________
> midPoint mailing list_
> __midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>_
> __https://lists.evolveum.com/mailman/listinfo/midpoint_
>
>
> --
>
>
> Alexandre R Zia
>
> *Security*
>
>
>
>
>
> _www.ifood.com.br_ <https://www.ifood.com.br/>
>
>
>
>
>
>
> _______________________________________________
> midPoint mailing list_
> __midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>_
> __https://lists.evolveum.com/mailman/listinfo/midpoint_
>
> _______________________________________________
> midPoint mailing list
> _midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>
> _https://lists.evolveum.com/mailman/listinfo/midpoint_
>
> _______________________________________________
> midPoint mailing list_
> __midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>_
> __https://lists.evolveum.com/mailman/listinfo/midpoint_
>
> _______________________________________________
> midPoint mailing list
> _midPoint at lists.evolveum.com_ <mailto:midPoint at lists.evolveum.com>
> _https://lists.evolveum.com/mailman/listinfo/midpoint_
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint_______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> [attachment "evolveum logo.png" deleted by Tomas Husar/Ibacz/cz]
> [attachment "Facebook.png" deleted by Tomas Husar/Ibacz/cz]
> [attachment "LinkedIn.png" deleted by Tomas Husar/Ibacz/cz]
> [attachment "Twitter.png" deleted by Tomas Husar/Ibacz/cz]
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pjodomambiolkpde.png
Type: image/png
Size: 15927 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mggpekkphmhefmab.png
Type: image/png
Size: 5939 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ojkdddppcloglmhe.png
Type: image/png
Size: 6733 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lbahgifpplcahhoo.png
Type: image/png
Size: 9973 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iegpokghpjcofcll.png
Type: image/png
Size: 44374 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jgbpjnjcjgijdoed.png
Type: image/png
Size: 40189 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gkpfflhoojcilddo.png
Type: image/png
Size: 36057 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aggkpekfamackkce.png
Type: image/png
Size: 44752 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oinfkpmoibfmndjf.png
Type: image/png
Size: 88974 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/434920ec/attachment-0008.png>
More information about the midPoint
mailing list