[midPoint] SAML2 Module Configuration

Fri Jan 12 22:28:34 CET 2024

Hi Graham,

Wow, thank you so much for sharing this with all of us.
It is very helpful.
I will set up midPoint Studio to help with the configuration.

I will report back to everyone with my progress.

Best,

Nadim El-Khoury
Director of Networks, Systems, Infrastructure, and CISO
Springfield College
263 Alden Street
Springfield, MA 01109

On Fri, Jan 12, 2024 at 3:34 PM Graham Ballantyne <grahamb at sfu.ca> wrote:

> I just went through getting SAML working, after much trial and error.
> Here's my config:
> https://gist.github.com/grahamb/3b28efad1a2ca9dd8502d8061ada2f1e
>
> I use midPoint Studio, and I'm storing the keystore credentials as
> encrypted secrets.
>
> The config defines SAML as the default for the GUI, but also has an
> emergency "back door" login using internal accounts.
>
> The best resource I found for this was in an Internet2 demo project; my
> config was mostly cribbed from there.
> https://github.internet2.edu/docker/midPoint_container/tree/master/demo/shibboleth/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy
>
>
> –
> Graham Ballantyne (he/him)
> Identity & Access Management Architect —  IT Services
> Simon Fraser University — Strand Hall 1001
> 8888 University Dr., Burnaby, B.C. V5A 1S6
> grahamb at sfu.ca
>
>
>
>
> On Jan 12, 2024, at 12:02, Nadim El-Khoury via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
> Hi Martin, Everyone
>
> Thank you for the information. It is very helpful.
> I have the following questions.
> Is there a document that shows all of the XML entries that can be part of
> the security policy? I looked on the Evolveum site and could not find it.
> The other question: can I put the security policy XML file in
> /opt/midpoint/post-initial-objects/securityPolicy or is it best to modify
> the security policy directly using the GUI?
> Is there a working security SAML example that we can look at?
>
>
> Best,
>
> Nadim El-Khoury
> Director of Networks, Systems, Infrastructure, and CISO
> Springfield College
> 263 Alden Street
> Springfield, MA 01109
>
> On Fri, Jan 12, 2024 at 4:33 AM Martin Lízner via midPoint <
> midpoint at lists.evolveum.com> wrote:
>
>> Hi, it depends on your security policy. UrlSuffix could be e.g. "saml"
>>
>> <image.png>
>> ------------------------------
>> *Od:* midPoint <midpoint-bounces at lists.evolveum.com> za uživatele Nadim
>> El-Khoury via midPoint <midpoint at lists.evolveum.com>
>> *Odesláno:* úterý 9. ledna 2024 4:17
>> *Komu:* midPoint General Discussion <midpoint at lists.evolveum.com>
>> *Kopie:* Nadim El-Khoury <nel-khoury at springfield.edu>
>> *Předmět:* [midPoint] SAML2 Module Configuration
>>
>> Hi Everyone,
>>
>> We are working on configuring the SAML2 module in Midpoint.
>> What is the <authenticationSequenceUrlSuffic> that is mentioned in
>> section 2.1.10.7 (Generation of service provider metadata) of the flexible
>> authentication configuration
>> <https://docs.evolveum.com/midpoint/reference/support-4.8/security/authentication/flexible-authentication/configuration/#module-saml2>
>> ?
>>
>> I really appreciate your help.
>>
>> Best,
>>
>> Nadim El-Khoury
>> Director of Networks, Systems, Infrastructure, and CISO
>> Springfield College
>> 263 Alden Street
>> Springfield, MA 01109
>>
>> --
>> "I’ve learned that people will forget what you said, people will forget
>> what you did, but people will never forget how you made them feel." Maya
>> Angelou
>> _______________________________________________
>> midPoint mailing list
>> midPoint at lists.evolveum.com
>> https://lists.evolveum.com/mailman/listinfo/midpoint
>>
>
>
> --
> "I’ve learned that people will forget what you said, people will forget
> what you did, but people will never forget how you made them feel." Maya
> Angelou
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>

-- 
"I’ve learned that people will forget what you said, people will forget
what you did, but people will never forget how you made them feel." Maya
Angelou
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20240112/2d4f1d3b/attachment-0001.htm>