[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?
Gus Lou
gugalou38 at gmail.com
Thu Aug 20 21:16:03 CEST 2020
Folks
I really appreciate the help of Lukas and other colleagues, I presented my
doubts on this forum because someone could have something similar.
Regards
Em qui., 20 de ago. de 2020 às 13:50, Radovan Semancik <
radovan.semancik at evolveum.com> escreveu:
> Hello Tomas,
>
> SAML client functionality *is* avilable as part of midPoint and as all the
> feature is *is* part of midPoint source code.
>
> However, as you certainly know, SAML is a complex protocol. There are
> variations and dialects, there are lot of configuration options. Not every
> client works with every identity provider. That may also be the case here.
> Maybe there is a need for special configuration. Maybe there is a bug in
> midPoint code. Maybe there is a bug or misconfiguration on the identity
> provider side. Maybe it is something entirely different. There are just too
> many options to consider in a short mail. Lukas has already shown good will
> and tried to help. As he indicated, the problem is not obvious and more
> time and effort is needed to analyze the issue. As Martina explained, Lukas
> does not have that time available for you as that time is reserved for
> midPoint subscribers.
>
> MidPoint is open and free software. You can go ahead and do pretty much
> anything that you want with midPoint. MidPoint is free, but our services
> are not. If you want to dedicate a time of one of our engineers to focus on
> your specific problem then you have to pay for that time.
>
> --
> Radovan Semancik
> Software Architectevolveum.com
>
> On 20. 8. 2020 18:27, tomas.husar at ibask.eu wrote:
>
> Hallo Martina,
>
> can I understand to your post in this way, that this feature* (midPoint
> is recognising and processing SAML response from external IDM system) * is
> not actually available on midpoint git-repository and it needs analytic
> and development effort which goes beyond support covered in this mailing
> list?
>
> Tomas
>
>
>
> From: "Martina Benckova" <mbenckova at evolveum.com>
> <mbenckova at evolveum.com>
> To: midpoint at lists.evolveum.com
> Date: 20. 08. 2020 13:22
> Subject: Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?
> Sent by: "midPoint" <midpoint-bounces at lists.evolveum.com>
> <midpoint-bounces at lists.evolveum.com>
> ------------------------------
>
>
>
> Hi Gus,
>
> Let me join the communication.
>
> Lukas tried to help you within limited time that he could dedicate to the
> community. His main responsibilities are development activities to make
> midPoint even better for the whole community. Based on this he mainly
> follows Jira tickets of platform subscribers and customers with active
> product support.
>
> On the other hand, if you would like to engage our team with the issue,
> and provide detailed analysis with possible solution, you might be
> interested in our commercial services. In case of activated a services, we
> dedicate available techie to help our customer with their issues.
> We provide different services for different purposes.
> Would you be interested?
>
> Best regards,
> *Martina Benckova* | Sales Manager
> <https://evolveum.com/>
> mbenckova at evolveum.com | www.evolveum.com
> tel: +421 948 940 888
> <https://www.facebook.com/evolveum/>
> <https://www.linkedin.com/company/evolveum> <https://twitter.com/Evolveum>
>
> Disclaimer:
>
> The contents of this e-mail and attachment(s) thereto are confidential and
> intended for the named recipient(s) only. It shall not attach any liability
> on the originator or Evolveum s.r.o. or its affiliates. Any views or
> opinions presented in this email are solely those of the author and may not
> necessarily reflect the opinions of Evolveum s.r.o. or its affiliates. Any
> form of reproduction, dissemination, copying, disclosure, modification,
> distribution and / or publication of this message without the prior written
> consent of the author of this e-mail is strictly prohibited. If you have
> received this email in error please delete it and notify the sender
> immediately.
>
>
> ------------------------------
>
> *From: *"Lukas Skublik" <lukas.skublik at evolveum.com>
> <lukas.skublik at evolveum.com>
> * To: *midpoint at lists.evolveum.com
> * Sent: *Thursday, August 20, 2020 9:37:04 AM
> * Subject: *Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?
>
> Hello Gus,
> I analysed log file, but I found nothing relevant.
>
> Regards,
> Lukas Skublik.
> On 19. 8. 2020 15:10, Gus Lou wrote:
> Hi Lukas
>
> I activated the debug level in the midpoint log, but found nothing
> relevant.
> I attached the log for analysis
> Thank you very much
>
> Em qua., 19 de ago. de 2020 às 02:54, Lukas Skublik <
> *lukas.skublik at evolveum.com* <lukas.skublik at evolveum.com>> escreveu:
> Hello Gus,
> can you send me your log file. Maybe you see wrong error message.
> Regards
> Lukas Skublik
> On 18. 8. 2020 23:35, Gus Lou wrote:
> Hi Alexandre
>
> Thank you very much
>
> I made the modifications suggested by you and Lukas.
> Something is still wrong, after authenticating with the IdP and returning
> to the midpoint I get the message:
> Midpoint saml module doesn't receive response from Identity Provider
> server ..
> The strange thing is that through the Saml Tracer tool, I can verify that
> there was a request and a response.
>
>
>
> Saml Request:
>
> <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
> AssertionConsumerServiceURL="
> *http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta*
> <http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta>"
> Destination="
> *https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml*
> <https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml>
> " ForceAuthn="false" ID="ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" IsPassive
> ="false" IssueInstant="2020-08-18T21:14:01.266Z" ProtocolBinding=
> "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Version="2.0" > <
> saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
> sp_midpoint</saml2:Issuer> <saml2p:NameIDPolicy AllowCreate="true" Format=
> "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" /> </
> saml2p:AuthnRequest>
>
> Saml Response:
>
> <saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
> Destination="
> *http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta*
> <http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta>"
> ID="id369598233453735443745710" InResponseTo=
> "ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" IssueInstant=
> "2020-08-18T21:14:02.181Z" Version="2.0" > <saml2:Issuer xmlns:saml2=
> "urn:oasis:names:tc:SAML:2.0:assertion" Format=
> "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >
> *http://www.okta.com/xxxxxxxxxxx4x6* <http://www.okta.com/xxxxxxxxxxx4x6>
> </saml2:Issuer> <ds:Signature xmlns:ds="
> *http://www.w3.org/2000/09/xmldsig#* <http://www.w3.org/2000/09/xmldsig#>"
> > <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="
> *http://www.w3.org/2001/10/xml-exc-c14n#*
> <http://www.w3.org/2001/10/xml-exc-c14n#>" /> <ds:SignatureMethod
> Algorithm="*http://www.w3.org/2001/04/xmldsig-more#rsa-sha256*
> <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>" /> <ds:Reference URI=
> "#id369598233453735443745710"> <ds:Transforms> <ds:Transform Algorithm="
> *http://www.w3.org/2000/09/xmldsig#enveloped-signature*
> <http://www.w3.org/2000/09/xmldsig#enveloped-signature>" /> <ds:Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*
> <http://www.w3.org/2001/10/xml-exc-c14n#>" /> </ds:Transforms> <
> ds:DigestMethod Algorithm="*http://www.w3.org/2001/04/xmlenc#sha256*
> <http://www.w3.org/2001/04/xmlenc#sha256>" /> <ds:DigestValue>
> eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</ds:DigestValue> </
> ds:Reference> </ds:SignedInfo> <ds:SignatureValue>
> Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj
> </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
> A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
> 9u92XgEJLCIVs0onGbhUfoI5r702fcEM</ds:X509Certificate> </ds:X509Data> </
> ds:KeyInfo> </ds:Signature> <saml2p:Status xmlns:saml2p=
> "urn:oasis:names:tc:SAML:2.0:protocol"> <saml2p:StatusCode Value=
> "urn:oasis:names:tc:SAML:2.0:status:Success" /> </saml2p:Status> <
> saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID=
> "id3695982334609027802744130" IssueInstant="2020-08-18T21:14:02.181Z"
> Version="2.0" > <saml2:Issuer xmlns:saml2=
> "urn:oasis:names:tc:SAML:2.0:assertion" Format=
> "urn:oasis:names:tc:SAML:2.0:nameid-format:entity" >
> *http://www.okta.com/xxxxxxxxx4x6* <http://www.okta.com/xxxxxxxxx4x6></
> saml2:Issuer> <ds:Signature xmlns:ds="*http://www.w3.org/2000/09/xmldsig#*
> <http://www.w3.org/2000/09/xmldsig#>"> <ds:SignedInfo> <
> ds:CanonicalizationMethod Algorithm="
> *http://www.w3.org/2001/10/xml-exc-c14n#*
> <http://www.w3.org/2001/10/xml-exc-c14n#>" /> <ds:SignatureMethod
> Algorithm="*http://www.w3.org/2001/04/xmldsig-more#rsa-sha256*
> <http://www.w3.org/2001/04/xmldsig-more#rsa-sha256>" /> <ds:Reference URI=
> "#id3695982334609027802744130"> <ds:Transforms> <ds:Transform Algorithm="
> *http://www.w3.org/2000/09/xmldsig#enveloped-signature*
> <http://www.w3.org/2000/09/xmldsig#enveloped-signature>" /> <ds:Transform
> Algorithm="*http://www.w3.org/2001/10/xml-exc-c14n#*
> <http://www.w3.org/2001/10/xml-exc-c14n#>" /> </ds:Transforms> <
> ds:DigestMethod Algorithm="*http://www.w3.org/2001/04/xmlenc#sha256*
> <http://www.w3.org/2001/04/xmlenc#sha256>" /> <ds:DigestValue>
> g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</ds:DigestValue> </
> ds:Reference> </ds:SignedInfo> <ds:SignatureValue>
> nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH
> </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
> A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
> DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
> 9u92XgEJLCIVs0onGbhUfoI5r702fcEM</ds:X509Certificate> </ds:X509Data> </
> ds:KeyInfo> </ds:Signature> <saml2:Subject xmlns:saml2=
> "urn:oasis:names:tc:SAML:2.0:assertion"> <saml2:NameID Format=
> "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">*john.doe at xyz.net*
> <john.doe at xyz.net></saml2:NameID> <saml2:SubjectConfirmation Method=
> "urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData
> InResponseTo="ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" NotOnOrAfter=
> "2020-08-18T21:19:02.181Z" Recipient="
> *http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta*
> <http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta>"
> /> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" NotBefore=
> "2020-08-18T21:09:02.181Z" NotOnOrAfter="2020-08-18T21:19:02.181Z" > <
> saml2:AudienceRestriction> <saml2:Audience>okta</saml2:Audience> </
> saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement
> xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" AuthnInstant=
> "2020-08-18T21:14:02.181Z" SessionIndex=
> "ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b" > <saml2:AuthnContext> <
> saml2:AuthnContextClassRef>
> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</
> saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement>
> </saml2:Assertion> </saml2p:Response>
>
>
> ---------------------------------------------------------------------------------------------
>
>
> Regards
>
> Gus
>
> Em ter., 18 de ago. de 2020 às 02:28, Alexandre Zia <
> *alexandre.zia at ifood.com.br* <alexandre.zia at ifood.com.br>> escreveu:
> I've just changed a few things, based on your config,
>
> <saml2>
> <name>oktaidp</name>
> <description>Enterprise SAML-based SSO system</description>
> <network>
> <readTimeout>10000</readTimeout>
> <connectTimeout>5000</connectTimeout>
> </network>
> <serviceProvider>
> <entityId>sp_midpoint</entityId>
> <aliasForPath>okta</aliasForPath>
> <signRequests>false</signRequests>
> <wantAssertionsSigned>true</wantAssertionsSigned>
> <singleLogoutEnabled>true</singleLogoutEnabled>
>
> <nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId>
> <provider>
> <entityId>*http://www.okta.com/xxxxxxxxxxxx4x6*
> <http://www.okta.com/xxxxxxxxxxxx4x6></entityId>
> <alias>SSO-Okta</alias>
> <metadata>
> <xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml>
> </metadata>
> <skipSslValidation>false</skipSslValidation>
> <linkText>Okta</linkText>
>
> <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
> <nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
> </provider>
> </serviceProvider>
> </saml2>
>
>
> And your ACS url will be something like this:
> *http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta*
> <http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta>
>
>
>
>
>
> On Mon, Aug 17, 2020 at 2:24 PM Gus Lou <*gugalou38 at gmail.com*
> <gugalou38 at gmail.com>> wrote:
> Hi Luca
> Thank you very much for your help. I had not configured this option yet.
> I did the suggested configuration, now the link to the IdP in the midpoint
> interface is correct.
> But when I click on the link to the IdP and do the authentication and get
> the reply back to the midpoint I get an error:
> *Midpoint saml module doesn't receive response from Identity Provider
> server.*
> *Authentication failed, and as a consequence was restarted authentication
> flow*
> (probably due to the fact that the midpoint ACS url in the IdP is not
> correct.)
>
> I need to find out what the Midpoint Assertion Consumer Service (ACS) URL
> is to report on the IdP.
>
> Print Screen after IdP Authentication failed
> [image: image.png]
>
> Regards
>
> Gus
>
> Em seg., 17 de ago. de 2020 às 03:18, Lukas Skublik <
> *lukas.skublik at evolveum.com* <lukas.skublik at evolveum.com>> escreveu:
> Hello Gus,
>
> you try configure attribute
> systemConfiguration/infrastructure/publicHttpUrlPattern to '
> *http://midpoint-02.xyz.net/midpoint*
> <http://midpoint-02.xyz.net/midpoint>'.
>
> Regards,
> Lukas Skublik
> On 6. 8. 2020 0:00, Gus Lou wrote:
> Hi Guys
> Anyone here already integrated Midpoint with Okta's solution to provide
> Midpoint authentication through the SAML 2.0 protocol?
> I created a free developer account on Okta and I am trying to make the
> SAML settings following the guidelines below:
>
> *Midpoint Wiki:*
>
> *https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration*
> <https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration>
>
> *Git Example Security-policy-flexible-authentication:*
>
> *https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml*
> <https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml>
>
> *Okta Example - SAML Spring Security:*
> *https://developer.okta.com/code/java/spring_security_saml/*
> <https://developer.okta.com/code/java/spring_security_saml/>
> *https://github.com/oktadeveloper/okta-spring-boot-saml-example*
> <https://github.com/oktadeveloper/okta-spring-boot-saml-example>
>
> I understand that Okta is the Identity Provider IdP and Midpoint is the
> Service Provider SP.
> After trying to make the settings I had some doubts:
>
> What is the Midpoint uri that receives the IdP response?
> What is the Midpoint url that I should use to perform the authentication
> of the IdP (Okta). Because when I try to inform an existing user in the IdP
> an error appears and a screen with the link of the IdP (in this part there
> is another error that I couldn't solve the midpoint displays the internal
> address *https://127.0.0.1/* <https://127.0.0.1/>
>
> Some Informations from my Lab:
>
> *Print-01 Midpoint - Authentatication GUI* (the user john.doe, does not
> exist at midpoint but exists at IdP)
> [image: image.png]
>
> *Print-02 *
> After I try to authenticate, I get the error message:
> *Couldn't authenticate user, reason: couldn't encode password.*
> [image: image.png]
>
> *Print-03*
> The link to the idp Okta is displaying the midpoint's internal address:
> *http://127.0.0.1:8080/* <http://127.0.0.1:8080/>
> midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%*2Fwww.okta.com*
> <http://2fwww.okta.com/>%2Fexko4d721K5vASKoJ4x6
>
> Instead of the hostname address:
> *http://midpoint-02.xyz.net* <http://midpoint-02.xyz.net/>
> /midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%*2Fwww.okta.com*
> <http://2fwww.okta.com/>%2Fexko4d721K5vASKoJ4x6
>
> I believe it is some incorrect configuration on my reverse proxy - nginx
> [image: image.png]
>
> *Print-04: Okta IdP SAML Configuration*
> Here is my main question, because in the fields:
>
> 1. Single sign on URL
> 2. Audience URI (SP Entity ID)
>
> I need to report existing data in Midpoint, but I'm not sure where to get
> this information.
> [image: image.png]
>
>
>
> *My Security Policy Config:*
> I made the settings in the IdP, generated the metadata, encoded it in base
> 64 and put it in the Midpoint settings.
>
> <authentication>
> <modules>
> <loginForm id="15">
> <name>internalLoginForm</name>
> <description>Internal username/password authentication,
> default user password, login form</description>
> </loginForm>
> <saml2 id="16">
> <name>oktaidp</name>
> <description>My SAML-based SSO system.</description>
> <network>
> �� <readTimeout>10000</readTimeout>
> <connectTimeout>5000</connectTimeout>
> </network>
> <serviceProvider>
> <entityId>sp_midpoint</entityId>
> <signRequests>true</signRequests>
> <wantAssertionsSigned>true</wantAssertionsSigned>
> <singleLogoutEnabled>true</singleLogoutEnabled>
>
> <nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId>
> <keys/>
> <provider id="17">
> <entityId>*http://www.okta.com/xxxxxxxxxxxx4x6*
> <http://www.okta.com/xxxxxxxxxxxx4x6></entityId>
> <alias>SSO-Okta</alias>
> <metadata>
>
> <xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml>
> </metadata>
> <skipSslValidation>true</skipSslValidation>
> <linkText>Okta</linkText>
>
> <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
>
> <nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
> </provider>
> </serviceProvider>
> </saml2>
> </modules>
> <sequence id="8">
> <name>admin-gui-default</name>
> <description>
> Default GUI authentication sequence.
> We want to try company SSO, federation and internal. In
> that order.
> Just one of then need to be successful to let user in.
> </description>
> <channel>
> <channelId>
> *http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user*
> <http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user>
> </channelId>
> <default>true</default>
> <urlSuffix>default</urlSuffix>
> </channel>
> <module id="12">
> <name>oktaidp</name>
> <order>30</order>
> <necessity>sufficient</necessity>
> </module>
> <module id="13">
> <name>internalLoginForm</name>
> <order>20</order>
> <necessity>sufficient</necessity>
> </module>
> </sequence>
> <sequence id="9">
> <name>admin-gui-emergency</name>
> <description>
> Special GUI authentication sequence that is using just the
> internal user password.
> It is used only in emergency. It allows to skip SAML
> authentication cycles, e.g. in case
> that the SAML authentication is redirecting the browser
> incorrectly.
> </description>
> <channel>
> <channelId>
> *http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user*
> <http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user>
> </channelId>
> <default>false</default>
> <urlSuffix>emergency</urlSuffix>
> </channel>
> <requireAssignmentTarget
> oid="00000000-0000-0000-0000-000000000004" relation="org:default"
> type="c:RoleType">
> <!-- Superuser -->
> </requireAssignmentTarget>
> <module id="14">
> <name>internalLoginForm</name>
> <order>30</order>
> <necessity>sufficient</necessity>
> </module>
> </sequence>
> </authentication>
>
>
> If anyone has any suggestions for solving the problem I would appreciate
> it.
>
> Regards
>
> Gus
>
>
>
> _______________________________________________
> midPoint mailing list
> *midPoint at lists.evolveum.com* <midPoint at lists.evolveum.com>
> *https://lists.evolveum.com/mailman/listinfo/midpoint*
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> *midPoint at lists.evolveum.com* <midPoint at lists.evolveum.com>
> *https://lists.evolveum.com/mailman/listinfo/midpoint*
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
> _______________________________________________
> midPoint mailing list
> *midPoint at lists.evolveum.com* <midPoint at lists.evolveum.com>
> *https://lists.evolveum.com/mailman/listinfo/midpoint*
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
> --
>
>
> Alexandre R Zia
>
> *Security*
>
>
>
>
>
> *www.ifood.com.br* <https://www.ifood.com.br/>
>
>
>
>
>
> _______________________________________________
> midPoint mailing list
> *midPoint at lists.evolveum.com* <midPoint at lists.evolveum.com>
> *https://lists.evolveum.com/mailman/listinfo/midpoint*
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> *midPoint at lists.evolveum.com* <midPoint at lists.evolveum.com>
> *https://lists.evolveum.com/mailman/listinfo/midpoint*
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> *midPoint at lists.evolveum.com* <midPoint at lists.evolveum.com>
> *https://lists.evolveum.com/mailman/listinfo/midpoint*
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
> _______________________________________________
> midPoint mailing list
> *midPoint at lists.evolveum.com* <midPoint at lists.evolveum.com>
> *https://lists.evolveum.com/mailman/listinfo/midpoint*
> <https://lists.evolveum.com/mailman/listinfo/midpoint>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
> [attachment "evolveum logo.png" deleted by Tomas Husar/Ibacz/cz]
> [attachment "Facebook.png" deleted by Tomas Husar/Ibacz/cz] [attachment
> "LinkedIn.png" deleted by Tomas Husar/Ibacz/cz] [attachment "Twitter.png"
> deleted by Tomas Husar/Ibacz/cz]
>
> _______________________________________________
> midPoint mailing listmidPoint at lists.evolveum.comhttps://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pjodomambiolkpde.png
Type: image/png
Size: 15927 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mggpekkphmhefmab.png
Type: image/png
Size: 5939 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ojkdddppcloglmhe.png
Type: image/png
Size: 6733 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lbahgifpplcahhoo.png
Type: image/png
Size: 9973 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iegpokghpjcofcll.png
Type: image/png
Size: 44374 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jgbpjnjcjgijdoed.png
Type: image/png
Size: 40189 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gkpfflhoojcilddo.png
Type: image/png
Size: 36057 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aggkpekfamackkce.png
Type: image/png
Size: 44752 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oinfkpmoibfmndjf.png
Type: image/png
Size: 88974 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200820/8fc0e2af/attachment-0008.png>
More information about the midPoint
mailing list