[midPoint] [EXTERNAL] Re: Flexible Authentication SAML2 - Azure Active Directory

Sanudo Martinez, Santiago Santiago.SanudoMartinez at ingrammicro.com
Mon Jul 26 09:40:06 CEST 2021


Hi,

Have you ensure you have any existing User inside midpoint platform with the name matching the mail that you are trying to retrieve?

Regards,

Santiago Sañudo Martínez
Cloud Security Operations
Plaza de Manuel Llano, Santander, Spain, 39011

[cid:image001.jpg at 01D78202.35B181D0]
Twitter<http://bit.ly/IngramTwitter> | LinkedIn<http://bit.ly/IngramLinkedIN> | Facebook<http://bit.ly/IngramFacebook> | YouTube<http://bit.ly/IngramYouTube>

This email may contain material that is confidential, and proprietary to Ingram Micro and subsidiaries, for the sole use of the intended recipient. Any review, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.

From: Gus Lou <gugalou38 at gmail.com>
Sent: Saturday, July 24, 2021 9:44 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com>
Cc: Pálos Gustáv <gustav.palos at gmail.com>; Sanudo Martinez, Santiago <Santiago.SanudoMartinez at ingrammicro.com>
Subject: Re: [midPoint] [EXTERNAL] Re: Flexible Authentication SAML2 - Azure Active Directory

Hi Guys

Sending (metadata SP and IdP) attachments as they were dropped in the previous message.

I'm investigating whether the information is correct:

<nameOfUsernameAttribute>uid</nameOfUsernameAttribute>

I've already tried other settings for example:

<nameOfUsernameAttribute>mail</nameOfUsernameAttribute>
<nameOfUsernameAttribute>username</nameOfUsernameAttribute>
<nameOfUsernameAttribute>email</nameOfUsernameAttribute>
<nameOfUsernameAttribute>emailAdress</nameOfUsernameAttribute>

But after Midpoint's request and IdP's response, it keeps showing error: username/password invalid.

Regards

Gus

Em sex., 23 de jul. de 2021 às 15:16, Gus Lou <gugalou38 at gmail.com<mailto:gugalou38 at gmail.com>> escreveu:
Hi Santiago

Did your SAML 2.0 Midpont and AzureAD authentication test work completely?
I'm trying to do Midpoint integration with IdP Okta, but I get an error where it says the username or password is incorrect.
I've already made several configurations and checked the Midpoint (SP) and Okta (IdP) metadata (attached), in both the emailAddress is configured as login.
But I have not been successful so far.

Regards
Gus

Em qui., 22 de jul. de 2021 às 13:07, Sanudo Martinez, Santiago via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> escreveu:
Hi,

It works great. Thanks a lot.

Get Outlook for Android<https://urldefense.proofpoint.com/v2/url?u=https-3A__aka.ms_AAb9ysg&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=ClKq7o94Dox3tyHgnpq_A5GkIMyPwCfRTBF8CJTWjPs&s=TTJRhjcHri9rj3yNqvTPC7UkDeTMZhochzHWhLRb0Ys&e=>
________________________________
From: Pálos Gustáv <gustav.palos at gmail.com<mailto:gustav.palos at gmail.com>>
Sent: Thursday, July 22, 2021 2:05:22 PM
To: midPoint General Discussion <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>>
Cc: Sanudo Martinez, Santiago <Santiago.SanudoMartinez at ingrammicro.com<mailto:Santiago.SanudoMartinez at ingrammicro.com>>
Subject: [EXTERNAL] Re: [midPoint] Flexible Authentication SAML2 - Azure Active Directory

Hi,

try to set up in systemConfiguration:
    <infrastructure>
        <publicHttpUrlPattern>https://host:port/midpoint</publicHttpUrlPattern<https://host:port/midpoint%3c/publicHttpUrlPattern>>
    </infrastructure>
best regards

Gustav

št 22. 7. 2021 o 14:01 Sanudo Martinez, Santiago via midPoint <midpoint at lists.evolveum.com<mailto:midpoint at lists.evolveum.com>> napísal(a):

Hi,

We are encountering a problem where we aren’t able to establish login using SAML authentication via Azure AD. We have a midpoint instance running in a VM with a Nginx proxy which currently redirects everything from http to https:


# If the user access through the 80 port (default HTTP port), NGINX will redirect him to the 443 (HTTPS)

server {

    listen 80;

    listen [::]:80;

    return 301 https://10.19.5.4<https://urldefense.proofpoint.com/v2/url?u=https-3A__10.19.5.4&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=dQ4Zm5nfHPLnJWmYMW1UOBS6DTkLMSCqoNa8BTcVMck&e=>;

}







# If the user access through the 443 port, NGINX will redirect him to https://localhost:<https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=1u3KlJNdYBRcKfKkYEm4UNFmmbyRwCtvjE92_LAjmtc&e=>8080 where Kibana is running

server {

    listen 443 default_server;

    listen            [::]:443;

    ssl on;

    ssl_certificate /etc/pki/tls/certs/midpoint.pem;

    ssl_certificate_key /etc/pki/tls/private/midpoint.key;

    access_log            /var/log/nginx/nginx.access.log;

    error_log            /var/log/nginx/nginx.error.log;

    location / {

        proxy_pass http://localhost:8080/<https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=EZj1wIuc0WtF3lg5gL1JIywEuRd3PNnpmB6Ae-49U6U&e=>;

    }

}



The Midpoint application is deployed at localhost as described in application.yml:

spring:

  application:

    name: MidPoint

  main:

    # needed to override springSecurityFilterChain from Spring Security

    allow-bean-definition-overriding: true

  servlet:

    multipart:

      max-file-size: 100MB

      max-request-size: 100MB

      file-size-threshold: 256KB

  thymeleaf:

    cache: false

server:

  address: localhost

  port: 8080

  tomcat:

    basedir: ${midpoint.home}

    max-http-post-size: 104857600 # in bytes


With this, all the communication done to the Midpoint environment is done with port 443(HTTPS). We have created an app Enterpise at Azure Active Directory and we are configuring the SAML in order to login. To do so we have also establish the following securityPolicy:

<securityPolicy xmlns=http://midpoint.evolveum.com/xml/ns/public/common/common-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_common-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=pKCiD3roafM1o6Z24y5lXNst9GrPlGgFExTNk4oJ140&e=> xmlns:c=http://midpoint.evolveum.com/xml/ns/public/common/common-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_common-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=pKCiD3roafM1o6Z24y5lXNst9GrPlGgFExTNk4oJ140&e=> xmlns:icfs=http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_connector_icf-2D1_resource-2Dschema-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=9vsQyAOprOQ7x1gXIMNF8yL_rdrhOFsO4pOqtBXsHPo&e=> xmlns:org=http://midpoint.evolveum.com/xml/ns/public/common/org-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_org-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=0azoD7_FWtExRkcsW7xdXOhaXFMQsVD2LVCrZL_69yo&e=> xmlns:q=http://prism.evolveum.com/xml/ns/public/query-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__prism.evolveum.com_xml_ns_public_query-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=TtGgGgXn8I-d0wiDPUsOvL61VrhEH_bdM0t_TIjAcSk&e=> xmlns:ri=http://midpoint.evolveum.com/xml/ns/public/resource/instance-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_resource_instance-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=c-NcpWqKsyaRYhTafumQZOSp43gyYnY_ocr6YasDcas&e=> xmlns:t=http://prism.evolveum.com/xml/ns/public/types-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__prism.evolveum.com_xml_ns_public_types-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=Vqet4MGMIEOxjZVQZa2da5hpExcxZZdkK0OReNV1wMw&e=> oid="00000000-0000-0000-0000-000000000120" version="18">
    <name>Default Security Policy</name>
    <metadata>
        <requestTimestamp>2020-12-01T12:00:15.108Z</requestTimestamp>
        <createTimestamp>2020-12-01T12:00:15.137Z</createTimestamp>
        <createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</createChannel<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23init-253C_createChannel&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=7qKrVHD_DRAdtT327mzxDaDF6DO6RFkIUz-QvryaCZs&e=>>
    </metadata>
    <operationExecution id="1">
        <timestamp>2020-12-01T12:00:15.179Z</timestamp>
        <operation>
            <objectDelta>
                <t:changeType>add</t:changeType>
                <t:objectType>c:SecurityPolicyType</t:objectType>
            </objectDelta>
            <executionResult>
                <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
                <status>success</status>
                <importance>normal</importance>
                <token>1000000000000000015</token>
            </executionResult>
            <objectName>Default Security Policy</objectName>
        </operation>
        <status>success</status>
        <channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</channel<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23init-253C_channel&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=nnVR8BlwATkGJ8kHbXODbKcgV3ycXZiwl92nnNS1xwQ&e=>>
    </operationExecution>
    <iteration>0</iteration>
    <iterationToken/>
    <authentication>
        <modules>
            <loginForm >
                <name>internalLoginForm</name>
                <description>Internal username/password authentication, default user password, login form</description>
            </loginForm>
            <httpBasic >
                <name>internalBasic</name>
                <description>Internal username/password authentication, using HTTP basic auth</description>
            </httpBasic>

            <saml2 >
                <name>azureSsoSaml</name>
                <description>My internal enterprise SAML-based SSO system.</description>
                <network>
                    <readTimeout>10000</readTimeout>
                    <connectTimeout>5000</connectTimeout>
                </network>

                <serviceProvider>
                    <entityId>sp_midpoint</entityId>
                    <aliasForPath>sp_midpoint</aliasForPath>

                    <provider>
                        <entityId>https://sts.windows.net/484fa682-02f6-4ffa-8cea-f72692457936/</entityId<https://urldefense.proofpoint.com/v2/url?u=https-3A__sts.windows.net_484fa682-2D02f6-2D4ffa-2D8cea-2Df72692457936_-253c_entityId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=-PcY9PmvgaaVT-1PYbR84LBQb_tahv5hX4YNrkvxwvA&e=>>
                        <linkText>ssoazure</linkText>
                        <alias>ssoazure</alias>
                        <metadata>
                            <metadataUrl>https://login.microsoftonline.com/484fa682-02f6-4ffa-8cea-f72692457936/federationmetadata/2007-06/federationmetadata.xml?appid=c1bacfd5-5041-4b02-aac3-fa76e0a3560e</metadataUrl<https://urldefense.proofpoint.com/v2/url?u=https-3A__login.microsoftonline.com_484fa682-2D02f6-2D4ffa-2D8cea-2Df72692457936_federationmetadata_2007-2D06_federationmetadata.xml-3Fappid-3Dc1bacfd5-2D5041-2D4b02-2Daac3-2Dfa76e0a3560e-253c_metadataUrl&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=4_TOIfHvsl30m6gL1oODBhLdwPMpNVuE2qSxOeRQH7A&e=>>
                        </metadata>
                        <skipSslValidation>true</skipSslValidation>
                        <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
                        <nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
                    </provider>
                </serviceProvider>
            </saml2>
        </modules>
        <sequence id="8">
            <name>admin-gui-default</name>
            <description>
                Default GUI authentication sequence.
                We want to try company SSO, federation and internal. In that order.
                Just one of then need to be successful to let user in.
            </description>
            <channel>
                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23user-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=wXlujTt8k1qD0npPFbvW5kc8FRG19gIhj3l9PVKgp4I&e=>>
                <default>true</default>
                <urlSuffix>default</urlSuffix>
            </channel>
            <module>
                <name>azureSsoSaml</name>
                <order>30</order>
                <necessity>sufficient</necessity>
            </module>


        </sequence>
        <sequence id="9">
            <name>admin-gui-emergency</name>
            <description>
                Special GUI authentication sequence that is using just the internal user password.
                It is used only in emergency. It allows to skip SAML authentication cycles, e.g. in case
                that the SAML authentication is redirecting the browser incorrectly.
            </description>
            <channel>
                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23user-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=wXlujTt8k1qD0npPFbvW5kc8FRG19gIhj3l9PVKgp4I&e=>>
                <default>false</default>
                <urlSuffix>emergency</urlSuffix>
            </channel>
            <requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType"/>
            <module id="14">
                <name>internalLoginForm</name>
                <order>30</order>
                <necessity>sufficient</necessity>
            </module>
        </sequence>
        <sequence id="16">
            <name>rest</name>
            <description>
                Authentication sequence for REST service.
            </description>
            <channel>
                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23rest-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=KvSgCH-OU7gkTStlJ86pRViHie1Md8XUuQgPfr9tpFM&e=>>
                <default>true</default>
                <urlSuffix>rest-default</urlSuffix>
            </channel>
            <module id="18">
                <name>internalBasic</name>
                <order>10</order>
                <necessity>sufficient</necessity>
            </module>
        </sequence>
        <sequence id="17">
            <name>actuator</name>
            <description>
                Authentication sequence for actuator.
            </description>
            <channel>
                <channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23actuator-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=KlXh3Dbt_WQcv5Bm9__qXj5rv_-TdbZfGkgmObsguJo&e=>>
                <default>true</default>
                <urlSuffix>actuator-default</urlSuffix>
            </channel>
            <module id="19">
                <name>internalBasic</name>
                <order>10</order>
                <necessity>sufficient</necessity>
            </module>
        </sequence>
        <ignoredLocalPath>/actuator</ignoredLocalPath>
        <ignoredLocalPath>/actuator/health</ignoredLocalPath>
    </authentication>
    <credentials>
        <password>
            <minOccurs>0</minOccurs>
            <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
            <lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
            <lockoutDuration>PT15M</lockoutDuration>
            <valuePolicyRef xmlns:tns=http://midpoint.evolveum.com/xml/ns/public/common/common-3<https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_common-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=pKCiD3roafM1o6Z24y5lXNst9GrPlGgFExTNk4oJ140&e=> oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType"/>
        </password>
    </credentials>
</securityPolicy>


Regarding the Azure enterprise application saml config:

[cid:image002.png at 01D78202.35B181D0]
Being the midpoint resource IP: 10.19.5.4.

After I start I get the following error display:

[cid:image003.png at 01D78202.35B181D0]

And if I select the identity provider it redirects me to:

[cid:image004.png at 01D78202.35B181D0]

Any ideas?

Regards,



Santiago Sañudo Martínez

La información contenida en este mensaje es confidencial. En caso de que reciba este mensaje por error le rogamos lo comunique a la mayor brevedad al emisor y proceda a su eliminación definitiva, absteniéndose de copiar, almacenar o difundir su contenido. De acuerdo con lo establecido en la Ley Orgánica 15/1999, de Protección de Datos de Carácter Personal y en el Reglamento de Desarrollo 1720/2007, los datos personales que facilite a través de la dirección de correo indicada serán incorporados a un fichero titularidad de INGRAM MICRO, S.L.U., con domicilio en C/ Antonio Machado, 78-80 1ª y 2ª pl. Business Park ( 08840-Viladecans). Mediante el envío de sus datos, Ud. otorga su consentimiento expreso a INGRAM MICRO, S.L.U, para el tratamiento de sus datos, con la finalidad de atender a su consulta y/o mantener la relación profesional, comercial, y/o contractual que en su caso establezca con INGRAM MICRO, S.L.U. Puede ejercitar sus derechos de acceso, rectificación, cancelación y oposición notificándolo por escrito a la dirección del remitente, o a la siguiente dirección de correo nuevascuentas at ingrammicro.es<mailto:nuevascuentas at ingrammicro.es>. De acuerdo con la Ley 34/2002, de Servicios de la Sociedad de la Información y de Comercio Electrónico, Vd. podrá oponerse en cualquier momento al tratamiento de sus datos con fines promocionales notificándonoslo por escrito a la dirección de correo mencionada.
.................................................................................................................................................................................................................................................
The information contained in this message is confidential. If you receive this message by error please notify it as soon as possible to the sender and proceed to their final elimination by not copy, store or distribute its content. In accordance of what is stated in the Law 15/1999, of Data Personal Protection and Regulation Rule 1720/2007, the personal data provided through the email address you entered will be included in a file owned by INGRAM MICRO, SLU, located at C/ Antonio Machado, 78-80 1ª y 2ª pl. Business Park ( 08840-Viladecans). By submitting your data, you expressly give your consent to INGRAM MICRO, SLU, to the treatment of your data, in order to answer to your questions and / or keep the professional, commercial relationship  and / or contractual set with INGRAM MICRO, SLU You can exercise your rights of access, rectification, cancellation and opposition by giving written notification to the sender address or to  the following email:  nuevascuentas at ingrammicro.es<mailto:nuevascuentas at ingrammicro.es>. According to Law 34/2002, of the Information Society and Electronic Commerce, you may object at any time to your data treatment for promotional purposes by notifying us in writing to the email address above.
[Ingram_2818e5de]
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=TRHFEc2tHt69L3kWUx8OBHrO6AxZt-o7vygCffCRdPk&e=>


--
s pozdravom

Gustáv Pálos
_______________________________________________
midPoint mailing list
midPoint at lists.evolveum.com<mailto:midPoint at lists.evolveum.com>
https://lists.evolveum.com/mailman/listinfo/midpoint<https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=ClKq7o94Dox3tyHgnpq_A5GkIMyPwCfRTBF8CJTWjPs&s=4ZachGRGBwmpy3BkEe4Gi6kPYCFWODa9eg-LZqOWzj8&e=>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210726/f762034a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2057 bytes
Desc: image001.jpg
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210726/f762034a/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 23721 bytes
Desc: image002.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210726/f762034a/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 26443 bytes
Desc: image003.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210726/f762034a/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 7651 bytes
Desc: image004.png
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210726/f762034a/attachment-0005.png>


More information about the midPoint mailing list