<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">I’d like to add that when Midpoint is configured with Gluu SSO, upon accessing the page /midpoint/forgotpassword, the following error
is produced in the log, where “email_verified” is the scope that is currently being sent from Gluu to be mapped with Midpoint’s “name” attribute.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none">
<span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none">
<b><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">2017-05-31 09:46:31,408 [] [ajp-nio-8009-exec-4] ERROR (com.evolveum.midpoint.web.util.MidPointProfilingServletFilter): Encountered exception: org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException:
USERINFO_email_verified header not found in request.</span><o:p></o:p></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none">
<b><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException: USERINFO_email_verified header not found in request.<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none">
<b><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">As I mentioned in my first e-mail, normally, this page is blocked for unauthenticated users unless it is specified as an exception in tomcat.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">Let me know.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">Thanks again,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:black">Alex<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="ES-AR" style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="ES-AR" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b>From:</b> midPoint [mailto:midpoint-bounces@lists.evolveum.com]
<b>On Behalf Of </b>Katka Valalikova<br>
<b>Sent:</b> miércoles, 31 de mayo de 2017 4:19 a. m.<br>
<b>To:</b> midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Subject:</b> Re: [midPoint] Password reset with Gluu SSO<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="color:black">Hi Alex,</span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">which version of midPoint do you use? It seems to me that you are facing
</span><a href="https://jira.evolveum.com/browse/MID-3877" target="_blank">this problem</a><span style="color:black"> that was already fixed. If so, you need to upgrade midPoint to the latest master. <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black">Best regards,<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="color:black">Katarina Valalikova<br>
Java Developer<br>
evolveum.com<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="color:black"><o:p> </o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="color:black">
<hr size="2" width="100%" align="center">
</span></div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Helvetica",sans-serif;color:black">From:
</span></b><span style="font-family:"Helvetica",sans-serif;color:black">"Alexander Earl Doler (LATCO - Buenos Aires)" <</span><a href="mailto:adoler@deloitte.com"><span style="font-family:"Helvetica",sans-serif">adoler@deloitte.com</span></a><span style="font-family:"Helvetica",sans-serif;color:black">><br>
<b>To: </b>"midPoint General Discussion" <</span><a href="mailto:midpoint@lists.evolveum.com"><span style="font-family:"Helvetica",sans-serif">midpoint@lists.evolveum.com</span></a><span style="font-family:"Helvetica",sans-serif;color:black">><br>
<b>Sent: </b>Tuesday, May 30, 2017 10:40:04 PM<br>
<b>Subject: </b>[midPoint] Password reset with Gluu SSO<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span lang="ES-AR" style="color:black">Hello,</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="ES-AR" style="color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">We recently configured Midpoint with Gluu SSO using OpenID following the instructions provided here:
</span><a href="https://wiki.evolveum.com/display/midPoint/Midpoint+and+SSO+using+Gluu+HOWTO" target="_blank">https://wiki.evolveum.com/display/midPoint/Midpoint+and+SSO+using+Gluu+HOWTO</a><span style="color:black">. User authentication and redirect works
well, but we are unable to reset user passwords through Midpoint (it worked prior to configuring Midpoint with Gluu). In order to be able to access the forgot password page without the user being authenticated already through the SSO page, we added the forgot
password page as an exception in the file ctx-web-security.xml by adding the following line: <http pattern="/forgotpassword**" security="none"/>. This allows the page to be accessed, however, even so, when a user enters their e-mail address to reset their
password, an error message is displayed stating that the user is not found. In the idm.log file, it indicates that a null value is being received for the e-mail field.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">It seems that something to do with the SSO integration is blocking the reset password feature. Has anyone dealt with this or have any ideas as to what could be going on and how to fix it?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Thank you,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Alex<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="ES-AR" style="color:black"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><br>
_______________________________________________<br>
midPoint mailing list<br>
</span><a href="mailto:midPoint@lists.evolveum.com"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif">midPoint@lists.evolveum.com</span></a><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><br>
</span><a href="http://lists.evolveum.com/mailman/listinfo/midpoint"><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif">http://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span style="font-size:12.0pt;font-family:"Helvetica",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black"><o:p> </o:p></span></p>
</div>
</div>
</div>
</body>
</html>