[midPoint] SAML2 and Red Hat SSO

[Frédéric Lohier]

Hello,

It looks like your "anonymous user" does not has any GUI authorization. Did
you make sure that your anonymous user already exists in Midpoint and has a
role with some GUI authorizations?

By the way, if you manage to make the SAML SP signing work, please let me
know, this is still a blocker for me.

-Frederic

On Tue, May 25, 2021, 20:43 Tomáš via midPoint <midpoint at lists.evolveum.com>
wrote:

> Hallo I would like to inform if somebody did not strugle with simmilar
> trouble.
>
> I am trying toi work with midPoint as Service Procider and RH SSo as
> Identity provider,
>
> I succesfuly did folowing:
>
>    1.
>    2. apply saml2 modul and sequence
>       1. json.securityPolicy.authentication.sequence[0].module.name = "
>       *rhSamlSso300*";
>       2. json.securityPolicy.authentication.modules.saml2[1].name =*
>       "rhSamlSso300";*
>    3. exchanged metadata between midPoint and Rh SSO
>    4. midPoint sent request to Rh SSO
>    5. RH SSO displayed loginForm,
>    6. RH sent response to midPoint
>       1. with expected username *(**AttributeStatement: * username = thus*
>       *)*
>       2.
>
> But midpoint is unable to to make authorisation decison with following
> stack.
>
> *com.evolveum.midpoint.web.security.MidPointGuiAuthorizationEvaluator.decide*
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210525/56fb229c/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noname
Type: image/gif
Size: 73094 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210525/56fb229c/attachment-0001.gif>