<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Alexandre</div><div dir="ltr"><br></div><div dir="ltr">Thank you very much <div><br></div><div><div>I made the modifications suggested by you and Lukas.</div><div>Something is still wrong, after authenticating with the IdP and returning to the midpoint I get the message:</div><div>Midpoint saml module doesn't receive response from Identity Provider server ..</div><div>The strange thing is that through the Saml Tracer tool, I can verify that there was a request and a response.</div></div><div><br></div><div><br></div><div><br></div><div>Saml Request:</div><div><br></div><div><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:AuthnRequest</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">AssertionConsumerServiceURL</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Destination</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml">https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml</a>"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ForceAuthn</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"false"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ID</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IsPassive</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"false"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IssueInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:01.266Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ProtocolBinding</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Version</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">sp_midpoint</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:NameIDPolicy</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">AllowCreate</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"true"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"</span>
/></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:AuthnRequest</span>></span><br></div><div><br></div><div>Saml Response:</div><div><br></div><div><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Response</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Destination</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ID</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"id369598233453735443745710"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">InResponseTo</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IssueInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Version</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="http://www.okta.com/xxxxxxxxxxx4x6">http://www.okta.com/xxxxxxxxxxx4x6</a></span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:ds</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:CanonicalizationMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">URI</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"#id369598233453735443745710"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmlenc#sha256">http://www.w3.org/2001/04/xmlenc#sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Status</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:StatusCode</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Value</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:status:Success"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Status</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Assertion</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ID</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"id3695982334609027802744130"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IssueInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Version</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="http://www.okta.com/xxxxxxxxx4x6">http://www.okta.com/xxxxxxxxx4x6</a></span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:ds</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:CanonicalizationMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">URI</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"#id3695982334609027802744130"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmlenc#sha256">http://www.w3.org/2001/04/xmlenc#sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Subject</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:NameID</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="mailto:john.doe@xyz.net">john.doe@xyz.net</a></span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:NameID</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:SubjectConfirmation</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Method</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:cm:bearer"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:SubjectConfirmationData</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">InResponseTo</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">NotOnOrAfter</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:19:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Recipient</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
/></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:SubjectConfirmation</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Subject</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Conditions</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">NotBefore</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:09:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">NotOnOrAfter</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:19:02.181Z"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AudienceRestriction</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Audience</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">okta</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Audience</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AudienceRestriction</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Conditions</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnStatement</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">AuthnInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">SessionIndex</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContext</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContextClassRef</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContextClassRef</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContext</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnStatement</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Assertion</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Response</span>></span></div><div><br></div><div>---------------------------------------------------------------------------------------------</div><div><br></div><div><br></div><div>Regards</div><div><br></div><div>Gus</div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em ter., 18 de ago. de 2020 às 02:28, Alexandre Zia <<a href="mailto:alexandre.zia@ifood.com.br">alexandre.zia@ifood.com.br</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I've just changed a few things, based on your config, <br></div><div><br></div><saml2><br> <name>oktaidp</name><br> <description>Enterprise SAML-based SSO system</description><br> <network><br> <readTimeout>10000</readTimeout><br> <connectTimeout>5000</connectTimeout><br> </network><br> <serviceProvider><br> <entityId>sp_midpoint</entityId><br> <aliasForPath>okta</aliasForPath><br> <signRequests>false</signRequests><br> <wantAssertionsSigned>true</wantAssertionsSigned><br> <singleLogoutEnabled>true</singleLogoutEnabled><br> <nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId><br> <provider><br> <entityId><a href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank">http://www.okta.com/xxxxxxxxxxxx4x6</a></entityId><br> <alias>SSO-Okta</alias><br> <metadata><br> <xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml><br> </metadata><br> <skipSslValidation>false</skipSslValidation><br> <linkText>Okta</linkText><br> <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br> <nameOfUsernameAttribute>uid</nameOfUsernameAttribute><br> </provider><br> </serviceProvider><br></saml2><br><br><br>And your ACS url will be something like this: <a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a><br><div><br></div><br><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 17, 2020 at 2:24 PM Gus Lou <<a href="mailto:gugalou38@gmail.com" target="_blank">gugalou38@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Luca</div><div dir="ltr">Thank you very much for your help. I had not configured this option yet.<div><div>I did the suggested configuration, now the link to the IdP in the midpoint interface is correct.</div><div>But when I click on the link to the IdP and do the authentication and get the reply back to the midpoint I get an error:</div><div><span style="background-color:rgb(255,255,255)"><font color="#000000"><span style="box-sizing:border-box;display:inline-block;font-size:14px;margin:0px;line-height:1;font-family:"Source Sans Pro","Helvetica Neue",Helvetica,Arial,sans-serif"><i>Midpoint saml module doesn't receive response from Identity Provider server.</i></span><br></font></span></div><div><span style="background-color:rgb(255,255,255)"><font color="#000000"><span style="box-sizing:border-box;display:inline-block;margin:0px;line-height:1"><i><font face="Source Sans Pro, Helvetica Neue, Helvetica, Arial, sans-serif"><span style="font-size:14px">Authentication failed, and as a consequence was restarted authentication flow</span></font></i></span></font></span></div><div>(probably due to the fact that the midpoint ACS url in the IdP is not correct.)</div><div><br></div><div>I need to find out what the Midpoint Assertion Consumer Service (ACS) URL is to report on the IdP.</div></div><div><br></div><div>Print Screen after IdP Authentication failed</div><div><div><img src="cid:ii_kdyl6p2k4" alt="image.png" width="541" height="226"><br></div></div><div><br></div><div>Regards<br></div><div><br></div><div>Gus</div></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em seg., 17 de ago. de 2020 às 03:18, Lukas Skublik <<a href="mailto:lukas.skublik@evolveum.com" target="_blank">lukas.skublik@evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Gus,<br>
<br>
you try configure attribute
systemConfiguration/infrastructure/publicHttpUrlPattern to
'<a href="http://midpoint-02.xyz.net/midpoint" target="_blank">http://midpoint-02.xyz.net/midpoint</a>'.<br>
<br>
Regards,<br>
Lukas Skublik<br>
</p>
<div>On 6. 8. 2020 0:00, Gus Lou wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Guys
<div>
<div>Anyone here already integrated Midpoint
with Okta's solution to provide Midpoint
authentication through the SAML 2.0
protocol?</div>
<div>I created a free developer account on
Okta and I am trying to make the SAML
settings following the guidelines below:</div>
<div><br>
</div>
<div><b>Midpoint Wiki:</b> </div>
<div><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration" target="_blank">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</a></div>
<div><br>
</div>
<div><b>Git Example
Security-policy-flexible-authentication:</b> </div>
<div><a href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml" target="_blank">https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml</a></div>
<div><br>
</div>
<div><b>Okta Example - SAML Spring Security:</b></div>
<div><a href="https://developer.okta.com/code/java/spring_security_saml/" target="_blank">https://developer.okta.com/code/java/spring_security_saml/</a></div>
<div><a href="https://github.com/oktadeveloper/okta-spring-boot-saml-example" target="_blank">https://github.com/oktadeveloper/okta-spring-boot-saml-example</a></div>
<div><br>
</div>
<div>I understand that Okta is the Identity
Provider IdP and Midpoint is the Service
Provider SP.</div>
<div>After trying to make the settings I had
some doubts:</div>
<div><br>
</div>
<div>What is the Midpoint uri that receives
the IdP response?</div>
<div>What is the Midpoint url that I should
use to perform the authentication of the
IdP (Okta). Because when I try to inform
an existing user in the IdP an error
appears and a screen with the link of the
IdP (in this part there is another error
that I couldn't solve the midpoint
displays the internal address <a href="https://127.0.0.1/" target="_blank">https://127.0.0.1/</a></div>
</div>
<div><br>
</div>
<div>Some Informations from my Lab:</div>
<div><br>
</div>
<div><b>Print-01 Midpoint - Authentatication
GUI</b> (the user john.doe, does not exist
at midpoint but exists at IdP)</div>
<div>
<div><img src="cid:173fca052abcb971f161" alt="image.png" width="541" height="190"><br>
</div>
</div>
<div><br>
</div>
<div><b>Print-02 </b></div>
<div>
<div>After I try to authenticate, I get the
error message:</div>
<div><i><u><font style="background-color:rgb(243,243,243)" color="#ff0000">Couldn't
authenticate user, reason: couldn't
encode password.</font></u></i></div>
</div>
<div>
<div><img src="cid:173fca052accb971f162" alt="image.png" width="541" height="207"><br>
</div>
</div>
<div><br>
</div>
<div><b>Print-03</b></div>
<div>
<div>The link to the idp Okta is displaying
the midpoint's internal address:</div>
<div><b><font color="#ff0000"><a href="http://127.0.0.1:8080/" target="_blank">http://127.0.0.1:8080/</a></font></b>midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%<a href="http://2Fwww.okta.com" target="_blank">2Fwww.okta.com</a>%2Fexko4d721K5vASKoJ4x6</div>
<div><br>
</div>
<div>Instead of the hostname address:</div>
<div><b><font color="#0000ff"><a href="http://midpoint-02.xyz.net" target="_blank">http://midpoint-02.xyz.net</a></font></b>/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%<a href="http://2Fwww.okta.com" target="_blank">2Fwww.okta.com</a>%2Fexko4d721K5vASKoJ4x6</div>
<div><br>
</div>
<div>I believe it is some incorrect
configuration on my reverse proxy - nginx</div>
</div>
<div>
<div>
<div><img src="cid:173fca052accb971f163" alt="image.png" width="541" height="178"><br>
</div>
</div>
</div>
<div><br>
</div>
<div><b>Print-04: Okta IdP SAML Configuration</b></div>
<div>
<div>Here is my main question, because in
the fields:</div>
<div>
<ol>
<li>Single sign on URL</li>
<li>Audience URI (SP Entity ID)</li>
</ol>
</div>
<div>I need to report existing data in
Midpoint, but I'm not sure where to get
this information.</div>
</div>
<div>
<div><img src="cid:173fca052accb971f164" alt="image.png" width="541" height="357"><br>
</div>
</div>
<div>
<div><br>
</div>
</div>
<div>
<div><br>
</div>
</div>
<div><br>
</div>
<div><b>My Security Policy Config:</b></div>
<div>I made the settings in the IdP, generated
the metadata, encoded it in base 64 and put
it in the Midpoint settings.<br>
</div>
<div><b><br>
</b></div>
<div>
<div><authentication></div>
<div> <modules></div>
<div> <loginForm id="15"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<description>Internal
username/password authentication, default
user password, login
form</description></div>
<div> </loginForm></div>
<div> <saml2 id="16"></div>
<div>
<name>oktaidp</name></div>
<div> <description>My
SAML-based SSO system.</description></div>
<div> <network></div>
<div>
<readTimeout>10000</readTimeout></div>
<div>
<connectTimeout>5000</connectTimeout></div>
<div> </network></div>
<div> <serviceProvider></div>
<div>
<entityId>sp_midpoint</entityId></div>
<div>
<signRequests>true</signRequests></div>
<div>
<wantAssertionsSigned>true</wantAssertionsSigned></div>
<div>
<singleLogoutEnabled>true</singleLogoutEnabled></div>
<div>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId></div>
<div> <keys/></div>
<div> <provider
id="17"></div>
<div>
<entityId><a href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank">http://www.okta.com/xxxxxxxxxxxx4x6</a></entityId></div>
<div>
<alias>SSO-Okta</alias></div>
<div>
<metadata></div>
<div>
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml></div>
<div>
</metadata></div>
<div>
<skipSslValidation>true</skipSslValidation></div>
<div>
<linkText>Okta</linkText></div>
<div>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding></div>
<div>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute></div>
<div> </provider></div>
<div>
</serviceProvider></div>
<div> </saml2></div>
<div> </modules></div>
<div> <sequence id="8"></div>
<div>
<name>admin-gui-default</name></div>
<div> <description></div>
<div> Default GUI
authentication sequence.</div>
<div> We want to try company
SSO, federation and internal. In that
order.</div>
<div> Just one of then need
to be successful to let user in.</div>
<div> </description></div>
<div> <channel></div>
<div> <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></div>
<div>
<default>true</default></div>
<div>
<urlSuffix>default</urlSuffix></div>
<div> </channel></div>
<div> <module id="12"></div>
<div>
<name>oktaidp</name></div>
<div>
<order>30</order></div>
<div>
<necessity>sufficient</necessity></div>
<div> </module></div>
<div> <module id="13"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<order>20</order></div>
<div>
<necessity>sufficient</necessity></div>
<div> </module></div>
<div> </sequence></div>
<div> <sequence id="9"></div>
<div>
<name>admin-gui-emergency</name></div>
<div> <description></div>
<div> Special GUI
authentication sequence that is using just
the internal user password.</div>
<div> It is used only in
emergency. It allows to skip SAML
authentication cycles, e.g. in case</div>
<div> that the SAML
authentication is redirecting the browser
incorrectly.</div>
<div> </description></div>
<div> <channel></div>
<div> <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></div>
<div>
<default>false</default></div>
<div>
<urlSuffix>emergency</urlSuffix></div>
<div> </channel></div>
<div> <requireAssignmentTarget
oid="00000000-0000-0000-0000-000000000004"
relation="org:default"
type="c:RoleType"></div>
<div> <!-- Superuser
--></div>
<div>
</requireAssignmentTarget></div>
<div> <module id="14"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<order>30</order></div>
<div>
<necessity>sufficient</necessity></div>
<div> </module></div>
<div> </sequence></div>
<div> </authentication></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>If anyone has any suggestions for solving
the problem I would appreciate it.<br>
</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>Gus</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><table style="font-family:arial,sans-serif;font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);color:rgb(0,0,0);font-size:medium" width="450" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td rowspan="6" style="font-family:arial,sans-serif;margin:0px" width="105" valign="top" height="120" align="right"><a href="https://www.ifood.com.br/" style="color:rgb(17,85,204)" target="_blank"><img src="https://www.ifood.com.br/nws/assinatura/iFood_assinatura3.gif" alt="" width="105" height="110"></a></td><td style="font-family:arial,sans-serif;margin:0px" width="18"><br></td><td style="font-family:arial,sans-serif;margin:0px" height="22"><div style="line-height:18px;font-family:Montserrat,"Trebuchet MS","Lucida Grande","Lucida Sans Unicode","Lucida Sans",Tahoma,sans-serif;color:rgb(85,85,85)"><p style="margin:0px;line-height:18px"><span style="font-size:14px">Alexandre R Zia<br></span></p></div></td></tr><tr><td style="font-family:arial,sans-serif;margin:0px" width="18"><br></td><td style="font-family:arial,sans-serif;margin:0px"><div style="font-size:12px;line-height:14px;font-family:Montserrat,"Trebuchet MS","Lucida Grande","Lucida Sans Unicode","Lucida Sans",Tahoma,sans-serif;color:rgb(228,0,43)"><p style="margin:0px;line-height:15px"><span style="line-height:15px"><b>Security</b></span></p></div></td></tr><tr><td style="font-family:arial,sans-serif;margin:0px" width="18" height="10"><br></td><td style="font-family:arial,sans-serif;margin:0px" height="10"><br></td></tr><tr><td style="font-family:arial,sans-serif;margin:0px" width="18"><br></td><td style="font-family:arial,sans-serif;margin:0px"><br></td></tr><tr><td style="font-family:arial,sans-serif;margin:0px" width="18"><br></td><td style="font-family:arial,sans-serif;margin:0px"><div style="font-size:11px;line-height:16px;font-family:Montserrat,"Trebuchet MS","Lucida Grande","Lucida Sans Unicode","Lucida Sans",Tahoma,sans-serif"><a href="https://www.ifood.com.br/" style="color:rgb(119,119,119);line-height:16px" target="_blank">www.ifood.com.br</a></div></td></tr><tr><td colspan="2" style="font-family:arial,sans-serif;margin:0px" height="35"><table width="190" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td style="font-family:arial,sans-serif;margin:0px" width="12"> </td><td style="font-family:arial,sans-serif;margin:0px"><a href="https://www.facebook.com/iFood?fref=ts" style="color:rgb(17,85,204)" target="_blank"><img src="https://www.ifood.com.br/nws/assinatura/facebook_2x.png" alt="" width="32" height="32"></a></td><td style="font-family:arial,sans-serif;margin:0px"><a href="https://twitter.com/iFood" style="color:rgb(17,85,204)" target="_blank"><img src="https://www.ifood.com.br/nws/assinatura/twitter_2x.png" alt="" width="32" height="32"></a></td><td style="font-family:arial,sans-serif;margin:0px"><a href="https://www.instagram.com/iFoodBrasil/" style="color:rgb(17,85,204)" target="_blank"><img src="https://www.ifood.com.br/nws/assinatura/instagram_2x.png" alt="" width="32" height="32"></a></td><td style="font-family:arial,sans-serif;margin:0px"><a href="https://www.youtube.com/ifood" style="color:rgb(17,85,204)" target="_blank"><img src="https://www.ifood.com.br/nws/assinatura/youtube_2x.png" alt="" width="32" height="32"></a></td></tr></tbody></table></td></tr></tbody></table><table style="color:rgb(34,34,34);font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);font-size:13px;line-height:normal;font-family:tahoma,geneva,sans-serif" width="630" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td style="font-family:arial,sans-serif;margin:0px"><table width="100%" cellspacing="0" cellpadding="0" border="0"></table></td></tr></tbody></table></div></div></div></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>