[midPoint] SAML integration with midpoint
Peter Holes
pholes at gmail.com
Thu Feb 24 12:13:46 CET 2022
Hi,
Does anybody use midpoint Flexible authentication with saml2 protocol with
midpoint 4.4?
What I've done:
- take the sample for flexible authentication from github
(midpoint-sample/policy/security/...)
- enrich sample with my own certificates for signing
- change the IdP metadata + update the entityId based on my environment
- change the default login sequence to use only saml
--snip --
<sequence>
<name>admin-gui-default</name>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
</channelId>
<default>true</default>
<urlSuffix>default</urlSuffix>
</channel>
<module>
<name>mySamlSso</name>
<order>30</order>
<necessity>sufficient</necessity>
</module>
</sequence>
--snip--
Hopefully this is everything that needs to be done. After trying to login
to midpoint, the redirect to my sso service was not done correctly and get
the error message in log file:
Is there something that I've missed in my midpoint configuration?
Also I tried to configure the oidc configuration, but in midpoint 4.4 there
is a missing schema for the <client> (maybe it will be available in the
next release?)
Can anybody help with that, or what does this error exactly mean?
Here is a snippet from the log file.
--snip--
2022-02-24 11:36:45,020 [MODEL] [http-nio-18081-exec-5] ERROR
(com.evolveum.midpoint.web.security.util.SecurityUtils): Couldn't build
filter for module moduleFactory
java.lang.IllegalArgumentException: registrations cannot be empty
at org.springframework.util.Assert.notEmpty(Assert.java:470)
at
org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository.<init>(InMemoryRelyingPartyRegistrationRepository.java:41)
at
com.evolveum.midpoint.web.security.module.configuration.SamlModuleWebSecurityConfiguration.buildInternal(SamlModuleWebSecurityConfiguration.java:118)
at
com.evolveum.midpoint.web.security.module.configuration.SamlModuleWebSecurityConfiguration.build(SamlModuleWebSecurityConfiguration.java:80)
at
com.evolveum.midpoint.web.security.factory.module.Saml2ModuleFactory.createModuleFilter(Saml2ModuleFactory.java:76)
at
com.evolveum.midpoint.web.security.util.SecurityUtils.lambda$buildModuleFilters$1(SecurityUtils.java:452)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
at
java.base/java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1083)
at
com.evolveum.midpoint.web.security.util.SecurityUtils.buildModuleFilters(SecurityUtils.java:448)
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.createAuthenticationModuleBySequence(MidpointAuthFilter.java:288)
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.doFilterInternal(MidpointAuthFilter.java:185)
at
com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.doFilter(MidpointAuthFilter.java:109)
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:169)
at
com.evolveum.midpoint.web.security.filter.TranslateExceptionFilter.doFilterInternal(TranslateExceptionFilter.java:32)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)
at
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:147)
at
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)
at
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy.doFilterInternal(MidpointFilterChainProxy.java:95)
at
com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy.doFilter(MidpointFilterChainProxy.java:60)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126)
at
org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64)
at
org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
com.evolveum.midpoint.web.boot.TrailingSlashRedirectingFilter.doFilterInternal(TrailingSlashRedirectingFilter.java:60)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
--snip--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20220224/5c38b6c0/attachment.htm>
More information about the midPoint
mailing list