[midPoint] SAML2 and Red Hat SSO
Frédéric Lohier
frederic at lohier.org
Tue May 25 23:09:11 CEST 2021
Hello,
It looks like your "anonymous user" does not has any GUI authorization. Did
you make sure that your anonymous user already exists in Midpoint and has a
role with some GUI authorizations?
By the way, if you manage to make the SAML SP signing work, please let me
know, this is still a blocker for me.
-Frederic
On Tue, May 25, 2021, 20:43 Tomáš via midPoint <midpoint at lists.evolveum.com>
wrote:
> Hallo I would like to inform if somebody did not strugle with simmilar
> trouble.
>
> I am trying toi work with midPoint as Service Procider and RH SSo as
> Identity provider,
>
> I succesfuly did folowing:
>
> 1.
> 2. apply saml2 modul and sequence
> 1. json.securityPolicy.authentication.sequence[0].module.name = "
> *rhSamlSso300*";
> 2. json.securityPolicy.authentication.modules.saml2[1].name =*
> "rhSamlSso300";*
> 3. exchanged metadata between midPoint and Rh SSO
> 4. midPoint sent request to Rh SSO
> 5. RH SSO displayed loginForm,
> 6. RH sent response to midPoint
> 1. with expected username *(**AttributeStatement: * username = thus*
> *)*
> 2.
>
> But midpoint is unable to to make authorisation decison with following
> stack.
>
> *com.evolveum.midpoint.web.security.MidPointGuiAuthorizationEvaluator.decide*
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210525/56fb229c/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: noname
Type: image/gif
Size: 73094 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20210525/56fb229c/attachment-0001.gif>
More information about the midPoint
mailing list