[midPoint] Flexible Authentication - SAML Error
JOSHI Ujjwal
ujjwal.joshi at thalesgroup.com
Thu Mar 9 06:29:01 CET 2023
Hi Team,
I'm trying to update default Security Policy to enable Single-Sign-On. Below is the updated Security Policy.
<securityPolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="00000000-0000-0000-0000-000000000120" version="1">
<name>Default Security Policy</name>
<metadata>
<requestTimestamp>2023-02-15T12:51:37.349+05:30</requestTimestamp>
<createTimestamp>2023-02-15T12:51:37.359+05:30</createTimestamp>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</createChannel>
</metadata>
<operationExecution id="1">
<recordType>simple</recordType>
<timestamp>2023-02-15T12:51:37.382+05:30</timestamp>
<operation>
<objectDelta>
<t:changeType>add</t:changeType>
<t:objectType>c:SecurityPolicyType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<importance>normal</importance>
<token>1000000000000000015</token>
</executionResult>
<objectName>Default Security Policy</objectName>
</operation>
<status>success</status>
<channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</channel>
</operationExecution>
<iteration>0</iteration>
<iterationToken/>
<authentication>
<!-- Definition of AUTHENTICATION methods that midPoint supports.
Credentials in this section are considered to be read-only. -->
<modules>
<!-- Definition and configuration of all authentication modules that can be used in the system -->
<saml2>
<name>mySamlSso</name>
<description>My internal enterprise SAML-based SSO system.</description>
<serviceProvider>
<entityId>midpoint</entityId>
<signRequests>false</signRequests>
<identityProvider>
<entityId>https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA</entityId>
<metadata>
<metadataUrl>https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA/protocol/saml/descriptor</metadataUrl>
</metadata>
<linkText>STA</linkText>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
<nameOfUsernameAttribute>email</nameOfUsernameAttribute>
</identityProvider>
</serviceProvider>
<!-- ... other SAML configuration that the module needs -->
</saml2>
</modules>
<sequence>
<name>admin-gui-default-test1111</name>
<description>
Default GUI authentication sequence.
We want to try company SSO, federation and internal. In that order.
Just one of then need to be successful to let user in.
</description>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
<default>true</default>
<urlSuffix>default</urlSuffix>
</channel>
<nodeGroup oid="05b6933a-b7fc-4543-b8fa-fd8b278ff9ee" relation="org:default" type="c:ArchetypeType"/>
<module>
<name>mySamlSso</name>
<order>30</order>
<necessity>sufficient</necessity>
</module>
</sequence>
</authentication>
<credentials>
<password>
<minOccurs>0</minOccurs>
<lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
<lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
<lockoutDuration>PT15M</lockoutDuration>
<valuePolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType">
<!-- Default Password Policy -->
</valuePolicyRef>
</password>
</credentials>
</securityPolicy>
But I'm getting below error in midpoint.log
Error: Couldn't find filters for sequence admin-gui-default
Can you please suggest what could be the possible reason for this error.
Thanks!
Best Regards,
Ujjwal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230309/8f681589/attachment-0001.htm>
More information about the midPoint
mailing list