[midPoint] Flexible Authentication - SAML Error
Yakov Revyakin
yrevyakin at gmail.com
Fri Mar 10 10:38:01 CET 2023
Hi Ujjwal,
The best way to solve all problems of SAML-configuration is Java-debugger.
I spent last week trying to set up SAML and believe me - debugger was the
only way to solve problems.
On Thu, 9 Mar 2023 at 10:15, JOSHI Ujjwal via midPoint <
midpoint at lists.evolveum.com> wrote:
> Hi Team,
>
>
>
> I’m trying to update default Security Policy to enable Single-Sign-On.
> Below is the updated Security Policy.
>
>
>
> <securityPolicy xmlns="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="
> http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"
> xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3"
> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="
> http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="
> http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance"
> oid="00000000-0000-0000-0000-000000000120" version="1">
>
> <name>Default Security Policy</name>
>
> <metadata>
>
> <requestTimestamp>2023-02-15T12:51:37.349+05:30</requestTimestamp>
>
> <createTimestamp>2023-02-15T12:51:37.359+05:30</createTimestamp>
>
> <createChannel>
> http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init
> </createChannel>
>
> </metadata>
>
> <operationExecution id="1">
>
> <recordType>simple</recordType>
>
> <timestamp>2023-02-15T12:51:37.382+05:30</timestamp>
>
> <operation>
>
> <objectDelta>
>
> <t:changeType>add</t:changeType>
>
> <t:objectType>c:SecurityPolicyType</t:objectType>
>
> </objectDelta>
>
> <executionResult>
>
>
> <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
>
> <status>success</status>
>
> <importance>normal</importance>
>
> <token>1000000000000000015</token>
>
> </executionResult>
>
> <objectName>Default Security Policy</objectName>
>
> </operation>
>
> <status>success</status>
>
> <channel>
> http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init
> </channel>
>
> </operationExecution>
>
> <iteration>0</iteration>
>
> <iterationToken/>
>
> <authentication>
>
> <!-- Definition of
> AUTHENTICATION methods that midPoint supports.
>
> Credentials in
> this section are considered to be read-only. -->
>
> <modules>
>
> <!--
> Definition and configuration of all authentication modules that can be used
> in the system -->
>
> <saml2>
>
>
> <name>mySamlSso</name>
>
>
> <description>My internal enterprise SAML-based SSO system.</description>
>
>
> <serviceProvider>
>
>
> <entityId>midpoint</entityId>
>
>
> <signRequests>false</signRequests>
>
>
> <identityProvider>
>
>
> <entityId>
> https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA</entityId>
>
>
> <metadata>
>
>
> <metadataUrl>
> https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA/protocol/saml/descriptor
> </metadataUrl>
>
>
> </metadata>
>
>
> <linkText>STA</linkText>
>
>
>
> <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
>
>
> <nameOfUsernameAttribute>email</nameOfUsernameAttribute>
>
>
> </identityProvider>
>
>
> </serviceProvider>
>
>
> <!-- ... other SAML configuration that the module needs -->
>
> </saml2>
>
> </modules>
>
> <sequence>
>
>
> <name>admin-gui-default-test1111</name>
>
> <description>
>
>
> Default GUI authentication sequence.
>
>
> We want to try company SSO, federation and internal. In that order.
>
>
> Just one of then need to be successful to let user in.
>
> </description>
>
> <channel>
>
>
> <channelId>
> http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
> </channelId>
>
>
> <default>true</default>
>
>
> <urlSuffix>default</urlSuffix>
>
> </channel>
>
> <nodeGroup
> oid="05b6933a-b7fc-4543-b8fa-fd8b278ff9ee" relation="org:default"
> type="c:ArchetypeType"/>
>
> <module>
>
>
> <name>mySamlSso</name>
>
>
> <order>30</order>
>
>
> <necessity>sufficient</necessity>
>
> </module>
>
> </sequence>
>
> </authentication>
>
> <credentials>
>
> <password>
>
> <minOccurs>0</minOccurs>
>
> <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
>
>
> <lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
>
> <lockoutDuration>PT15M</lockoutDuration>
>
> <valuePolicyRef xmlns:tns="
> http://midpoint.evolveum.com/xml/ns/public/common/common-3"
> oid="00000000-0000-0000-0000-000000000003" relation="org:default"
> type="tns:ValuePolicyType">
>
> <!-- Default Password Policy -->
>
> </valuePolicyRef>
>
> </password>
>
> </credentials>
>
> </securityPolicy>
>
>
>
> But I’m getting below error in *midpoint.log*
>
> *Error: Couldn't find filters for sequence admin-gui-default*
>
>
>
> Can you please suggest what could be the possible reason for this error.
>
>
>
> Thanks!
>
> Best Regards,
>
> Ujjwal
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20230310/869e1016/attachment-0001.htm>
More information about the midPoint
mailing list