[midPoint] Flexible Authentication - List of Identity Providers is empty
Gus Lou
gugalou38 at gmail.com
Mon Jul 12 22:08:20 CEST 2021
Hi Guys
I configured Midpoint to use Flex Authentication.
In my configuration, I used the SAML2 module, when I try to authenticate to
Midpoint I get the information
*"List of Identity Providers is empty"*
*"Select an Identity Provider"*
I enabled debug to try to understand what might be wrong but I couldn't
identify relevant information.
*Midpoint Version:* 4.3.1
*My Default Security Policy:*
<securityPolicy
xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:icfs="
http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3
"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"
xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"
oid="00000000-0000-0000-0000-000000000120" version="36">
<name>Default Security Policy</name>
<authentication>
<modules>
<loginForm id="20">
<name>internalLoginForm</name>
<description>Internal username/password authentication,
default user password, login form</description>
</loginForm>
<saml2 id="21">
<name>mysamlsso</name>
<description>My internal enterprise SAML-based SSO
system.</description>
<serviceProvider>
<entityId>sp_midpoint</entityId>
<signRequests>false</signRequests>
<wantAssertionsSigned>false</wantAssertionsSigned>
<singleLogoutEnabled>true</singleLogoutEnabled>
<provider id="22">
<entityId>https://www.okta.com/d721K5vASKoJ4x6exko4
</entityId>
<alias>okta</alias>
<metadata>
<metadataUrl>
https://dev-99301.okta.com/app/d721K5vASKoJ4x6exko4/sso/saml/metadata
</metadataUrl>
</metadata>
<skipSslValidation>false</skipSslValidation>
<linkText>oktapreview</linkText>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
</provider>
</serviceProvider>
</saml2>
</modules>
<sequence id="23">
<name>admin-gui-default</name>
<description>
Default GUI authentication sequence.
We want to try company SSO, federation and internal. In
that order.
Just one of then need to be successful to let user in.
</description>
<channel>
<channelId>
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
</channelId>
<default>true</default>
<urlSuffix>default</urlSuffix>
</channel>
<module id="25">
<name>mysamlsso</name>
<order>30</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence id="24">
<name>admin-gui-emergency</name>
<description>
Special GUI authentication sequence that is using just the
internal user password.
It is used only in emergency. It allows to skip SAML
authentication cycles, e.g. in case
that the SAML authentication is redirecting the browser
incorrectly.
</description>
<channel>
<channelId>
http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
</channelId>
<default>false</default>
<urlSuffix>emergency</urlSuffix>
</channel>
<requireAssignmentTarget
oid="00000000-0000-0000-0000-000000000004" relation="org:default"
type="c:RoleType">
<!-- Superuser -->
</requireAssignmentTarget>
<module id="27">
<name>internalLoginForm</name>
<order>10</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<ignoredLocalPath>/actuator</ignoredLocalPath>
<ignoredLocalPath>/actuator/health</ignoredLocalPath>
</authentication>
<credentials>
<password>
<minOccurs>0</minOccurs>
<lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
<lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
<lockoutDuration>PT15M</lockoutDuration>
<valuePolicyRef xmlns:tns="
http://midpoint.evolveum.com/xml/ns/public/common/common-3"
oid="00000000-0000-0000-0000-000000000003" relation="org:default"
type="tns:ValuePolicyType">
<!-- Default Password Policy -->
</valuePolicyRef>
</password>
</credentials>
</securityPolicy>
*Midpoint.log:*
2021-07-11 23:01:27,323 [] [http-nio-8080-exec-10] INFO
(org.opensaml.core.config.InitializationService): Initializing OpenSAML
using the Java Services API
2021-07-11 23:01:27,323 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.soap.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,340 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.JavaCryptoValidationInitializer
2021-07-11 23:01:27,340 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,349 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.ApacheXMLSecurityInitializer
2021-07-11 23:01:27,349 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.GlobalSecurityConfigurationInitializer
2021-07-11 23:01:27,349 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.security.config.ClientTLSValidationConfiguratonInitializer
2021-07-11 23:01:27,350 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xacml.profile.saml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,360 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.core.xml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,365 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.core.xml.config.GlobalParserPoolInitializer
2021-07-11 23:01:27,367 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.core.metrics.impl.MetricRegistryInitializer
2021-07-11 23:01:27,367 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xacml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,380 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.saml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,416 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.saml.config.SAMLConfigurationInitializer
2021-07-11 23:01:27,416 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer
2021-07-11 23:01:27,427 [] [http-nio-8080-exec-10] INFO
(org.opensaml.core.config.InitializationService): Initializing OpenSAML
using the Java Services API
2021-07-11 23:01:27,427 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.soap.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,442 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.JavaCryptoValidationInitializer
2021-07-11 23:01:27,442 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.ApacheXMLSecurityInitializer
2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.GlobalSecurityConfigurationInitializer
2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.security.config.ClientTLSValidationConfiguratonInitializer
2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xacml.profile.saml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,462 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.core.xml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,468 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.core.xml.config.GlobalParserPoolInitializer
2021-07-11 23:01:27,469 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.core.metrics.impl.MetricRegistryInitializer
2021-07-11 23:01:27,469 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xacml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,480 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.saml.config.XMLObjectProviderInitializer
2021-07-11 23:01:27,513 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.saml.config.SAMLConfigurationInitializer
2021-07-11 23:01:27,513 [] [http-nio-8080-exec-10] DEBUG
(org.opensaml.core.config.InitializationService): Initializing module
initializer implementation:
org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer
Regards
Gus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210712/be9dc178/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: midpoint_flex_auth_error.png
Type: image/png
Size: 18388 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210712/be9dc178/attachment-0001.png>
More information about the midPoint
mailing list