
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<meta name="Generator" content="Microsoft Word 15 (filtered medium)">


<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}


o\:* {behavior:url(#default#VML);}


w\:* {behavior:url(#default#VML);}


.shape {behavior:url(#default#VML);}


</style><![endif]--><style><!--


/* Font Definitions */


@font-face


        {font-family:"Cambria Math";


        panose-1:2 4 5 3 5 4 6 3 2 4;}


@font-face


        {font-family:Calibri;


        panose-1:2 15 5 2 2 2 4 3 2 4;}


@font-face


        {font-family:Tahoma;


        panose-1:2 11 6 4 3 5 4 4 2 4;}


@font-face


        {font-family:"Segoe UI";


        panose-1:2 11 5 2 4 2 4 2 2 3;}


/* Style Definitions */


p.MsoNormal, li.MsoNormal, div.MsoNormal


        {margin:0in;


        margin-bottom:.0001pt;


        font-size:11.0pt;


        font-family:"Calibri",sans-serif;}


a:link, span.MsoHyperlink


        {mso-style-priority:99;


        color:blue;


        text-decoration:underline;}


span.apple-converted-space


        {mso-style-name:apple-converted-space;}


.MsoChpDefault


        {mso-style-type:export-only;


        font-size:10.0pt;}


@page WordSection1


        {size:8.5in 11.0in;


        margin:56.7pt 42.5pt 56.7pt 85.05pt;}


div.WordSection1


        {page:WordSection1;}


--></style><!--[if gte mso 9]><xml>


<o:shapedefaults v:ext="edit" spidmax="1026" />


</xml><![endif]--><!--[if gte mso 9]><xml>


<o:shapelayout v:ext="edit">


<o:idmap v:ext="edit" data="1" />


</o:shapelayout></xml><![endif]-->


</head>


<body lang="EN-US" link="blue" vlink="purple">


<div class="WordSection1">


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Hi Katarina.<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Unfortunately we didn’t manage to configure Flexible Authentication for Active Directory. Our engineers always get “User not found” error. In addition, I see in the document


 in the Limitations section<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration#FlexibleAuthenticationConfiguration-Limitations">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration#FlexibleAuthenticationConfiguration-Limitations</a><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">the following “</span><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#172B4D;background:white">Flexible authentication is currently supported only for


 midPoint administration GUI. Only internal password authentication and SAML2 is officially supported. The rest of the functionality is considered to be </span><a href="https://wiki.evolveum.com/display/midPoint/Experimental+Functionality"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#0052CC;background:white;text-decoration:none">experimental.</span></a>”<o:p></o:p></p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal">So it looks LDAP isn’t supported in Flexible Authentication.<o:p></o:p></p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal">We also tried to configure SAML and it doesn’t work too. I<span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#172B4D;background:white">nfo about metadata URL and endpoints missed in documentation.<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#172B4D;background:white"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#172B4D;background:white">Hi Paolo.</span><o:p></o:p></p>


<p class="MsoNormal"><o:p> </o:p></p>


<p class="MsoNormal">Could you please let me know what midPoint version where AD auth works you use?<o:p></o:p></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><o:p> </o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif">Thanks.<o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><o:p> </o:p></span></p>


<div>


<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS">--<o:p></o:p></span></b></p>


<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS">Best Regards,<o:p></o:p></span></p>


<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS"><o:p> </o:p></span></b></p>


<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS">Konstantin.</span></b><span style="mso-fareast-language:RU"><o:p></o:p></span></p>


</div>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif"><o:p> </o:p></span></p>


<div>


<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">


<p class="MsoNormal"><b>From:</b> midPoint <midpoint-bounces@lists.evolveum.com> <b>


On Behalf Of </b>Katka Valalikova<br>


<b>Sent:</b> Thursday, April 9, 2020 10:59 AM<br>


<b>To:</b> midPoint General Discussion <midpoint@lists.evolveum.com><br>


<b>Subject:</b> Re: [midPoint] Active Directory Authentication in midPoint<o:p></o:p></p>


</div>


</div>


<p class="MsoNormal"><o:p> </o:p></p>


<div>


<div>


<div>


<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Hi guys,<o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">have you tried also new flexible authentication configuration? This is the recommended and supported way for LDAP Authentication : </span><span style="color:black"><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration#FlexibleAuthenticationConfiguration-Moduleldap"><span style="font-size:12.0pt;font-family:"Arial",sans-serif">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration#FlexibleAuthenticationConfiguration-Moduleldap</span></a></span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>


</div>


<div>


<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black;background:white">As stated on wiki, the old way for<span class="apple-converted-space"> </span></span><a href="https://wiki.evolveum.com/pages/viewpage.action?pageId=23167000" target="_blank"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black;background:white;text-decoration:none">LDAP


 authentication</span></a><span class="apple-converted-space"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black;background:white"> </span></span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black;background:white">has


 never been officially supported by Evolveum (unless the support is explicitly negotiated in subscription).</span><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Regards,<o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal" style="background:white"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Katarina Valalikova<o:p></o:p></span></p>


</div>


</div>


<div>


<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>


</div>


<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">


<hr size="2" width="100%" align="center">


</span></div>


<div>


<p class="MsoNormal"><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">From:


</span></b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">"Konstantin Tikhonov" <</span><a href="mailto:Konstantin.Tikhonov@veeam.com"><span style="font-size:12.0pt;font-family:"Arial",sans-serif">Konstantin.Tikhonov@veeam.com</span></a><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">><br>


<b>To: </b>"midPoint General Discussion" <</span><a href="mailto:midpoint@lists.evolveum.com"><span style="font-size:12.0pt;font-family:"Arial",sans-serif">midpoint@lists.evolveum.com</span></a><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">><br>


<b>Sent: </b>Wednesday, April 8, 2020 4:25:01 PM<br>


<b>Subject: </b>Re: [midPoint] Active Directory Authentication in midPoint<o:p></o:p></span></p>


</div>


<div>


<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p> </o:p></span></p>


</div>


<div>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Hi Paolo.</span><span style="color:black"><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">Is it possible to synchronize AD groups with midPoint roles? And anyways we have to create local users in midPoint manually.</span><span style="color:black"><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">And I don’t also quite understand what we will do if we’d like to update nidPoint, the vendor stop supporting AD/LDAP authentication in further releases and it looks


 strange for IDM solution.</span><span style="color:black"><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>


<div>


<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS">--</span></b><span style="color:black"><o:p></o:p></span></p>


<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS">Best Regards,</span><span style="color:black"><o:p></o:p></span></p>


<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS"> </span></b><span style="color:black"><o:p></o:p></span></p>


<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Tahoma",sans-serif;color:black;mso-fareast-language:CS">Konstantin.</span></b><span style="color:black"><o:p></o:p></span></p>


</div>


<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black"> </span><span style="color:black"><o:p></o:p></span></p>


<div>


<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">


<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> midPoint <</span><a href="mailto:midpoint-bounces@lists.evolveum.com">midpoint-bounces@lists.evolveum.com</a><span style="color:black">>


<b>On Behalf Of </b>Paulo Fernandes de Souza Junior<br>


<b>Sent:</b> Wednesday, April 8, 2020 4:34 PM<br>


<b>To:</b> midPoint General Discussion <</span><a href="mailto:midpoint@lists.evolveum.com">midpoint@lists.evolveum.com</a><span style="color:black">><br>


<b>Subject:</b> Re: [midPoint] Active Directory Authentication in midPoint<o:p></o:p></span></p>


</div>


</div>


<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>


<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">Hi, <o:p></o:p></span></p>


<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"> <o:p></o:p></span></p>


<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black">I think you will need to synchronize this AD Groups and membership with Midpoint Roles, then you can associate manage authorizations to this roles.<o:p></o:p></span></p>


<p><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"> <o:p></o:p></span></p>


<div id="Signature">


<div>


<div>


<div>


<div>


<div>


<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Times New Roman",serif;color:#1F497D">Paulo Fernandes de Souza Júnior</span></b><span style="font-size:12.0pt;font-family:"Times New Roman",serif;color:black">


<br>


</span><b><span style="font-size:8.0pt;font-family:"Times New Roman",serif;color:#1F497D">NQPPPS<br>


</span></b><span style="font-size:8.0pt;font-family:"Times New Roman",serif;color:#17365D">Senado Federal -


</span><span style="font-size:8.0pt;font-family:"Times New Roman",serif;color:#1F497D">PRODASEN<br>


</span><span style="font-size:8.0pt;font-family:"Times New Roman",serif;color:#17365D">Fone: 61 3303.3924</span><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black">


</span><span style="color:black"><o:p></o:p></span></p>


</div>


</div>


</div>


</div>


</div>


</div>


<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><br>


_______________________________________________<br>


midPoint mailing list<br>


</span><a href="mailto:midPoint@lists.evolveum.com"><span style="font-size:12.0pt;font-family:"Arial",sans-serif">midPoint@lists.evolveum.com</span></a><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><br>


</span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint"><span style="font-size:12.0pt;font-family:"Arial",sans-serif">https://lists.evolveum.com/mailman/listinfo/midpoint</span></a><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:black"><o:p></o:p></span></p>


</div>


</div>


</div>


</body>


</html>