<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Gus,<br>
can you send me your log file. Maybe you see wrong error message.</p>
<p>Regards<br>
Lukas Skublik<br>
</p>
<div class="moz-cite-prefix">On 18. 8. 2020 23:35, Gus Lou wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+XZjGT7bR+GZwUpvdDrsBAVBKr8HQay9v2Ff--pq46ZF3DoMQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Alexandre</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Thank you very much
<div><br>
</div>
<div>
<div>I made the modifications suggested by you and
Lukas.</div>
<div>Something is still wrong, after authenticating
with the IdP and returning to the midpoint I get the
message:</div>
<div>Midpoint saml module doesn't receive response
from Identity Provider server ..</div>
<div>The strange thing is that through the Saml Tracer
tool, I can verify that there was a request and a
response.</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Saml Request:</div>
<div><br>
</div>
<div><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:AuthnRequest</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">AssertionConsumerServiceURL</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Destination</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml" moz-do-not-send="true">https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml</a>"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ForceAuthn</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"false"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ID</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IsPassive</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"false"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IssueInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:01.266Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ProtocolBinding</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Version</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">sp_midpoint</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:NameIDPolicy</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">AllowCreate</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"true"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"</span>
/></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:AuthnRequest</span>></span><br>
</div>
<div><br>
</div>
<div>Saml Response:</div>
<div><br>
</div>
<div><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Response</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Destination</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ID</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"id369598233453735443745710"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">InResponseTo</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IssueInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Version</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="http://www.okta.com/xxxxxxxxxxx4x6" moz-do-not-send="true">http://www.okta.com/xxxxxxxxxxx4x6</a></span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:ds</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#</a>"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:CanonicalizationMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" moz-do-not-send="true">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">URI</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"#id369598233453735443745710"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmlenc#sha256" moz-do-not-send="true">http://www.w3.org/2001/04/xmlenc#sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Status</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:StatusCode</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Value</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:status:Success"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Status</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Assertion</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">ID</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"id3695982334609027802744130"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">IssueInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Version</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="http://www.okta.com/xxxxxxxxx4x6" moz-do-not-send="true">http://www.okta.com/xxxxxxxxx4x6</a></span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:ds</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#</a>"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:CanonicalizationMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" moz-do-not-send="true">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">URI</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"#id3695982334609027802744130"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transform</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestMethod</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Algorithm</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmlenc#sha256" moz-do-not-send="true">http://www.w3.org/2001/04/xmlenc#sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Reference</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">ds:Signature</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Subject</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:NameID</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Format</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="mailto:john.doe@xyz.net" moz-do-not-send="true">john.doe@xyz.net</a></span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:NameID</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:SubjectConfirmation</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Method</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:cm:bearer"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:SubjectConfirmationData</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">InResponseTo</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">NotOnOrAfter</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:19:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">Recipient</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
/></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:SubjectConfirmation</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Subject</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Conditions</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">NotBefore</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:09:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">NotOnOrAfter</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:19:02.181Z"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AudienceRestriction</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Audience</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">okta</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Audience</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AudienceRestriction</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Conditions</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnStatement</span> <span class="gmail-hljs-attr" style="color:rgb(221,0,169)">xmlns:saml2</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">AuthnInstant</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span class="gmail-hljs-attr" style="color:rgb(221,0,169)">SessionIndex</span>=<span class="gmail-hljs-string" style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContext</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContextClassRef</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContextClassRef</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnContext</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:AuthnStatement</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2:Assertion</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span class="gmail-hljs-tag" style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span class="gmail-hljs-name" style="color:rgb(0,116,232)">saml2p:Response</span>></span></div>
<div><br>
</div>
<div>---------------------------------------------------------------------------------------------</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>Gus</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em ter., 18 de ago. de 2020 às
02:28, Alexandre Zia <<a
href="mailto:alexandre.zia@ifood.com.br"
moz-do-not-send="true">alexandre.zia@ifood.com.br</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>I've just changed a few things, based on your config, <br>
</div>
<div><br>
</div>
<saml2><br>
<name>oktaidp</name><br>
<description>Enterprise SAML-based SSO
system</description><br>
<network><br>
<readTimeout>10000</readTimeout><br>
<connectTimeout>5000</connectTimeout><br>
</network><br>
<serviceProvider><br>
<entityId>sp_midpoint</entityId><br>
<aliasForPath>okta</aliasForPath><br>
<signRequests>false</signRequests><br>
<wantAssertionsSigned>true</wantAssertionsSigned><br>
<singleLogoutEnabled>true</singleLogoutEnabled><br>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId><br>
<provider><br>
<entityId><a
href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank"
moz-do-not-send="true">http://www.okta.com/xxxxxxxxxxxx4x6</a></entityId><br>
<alias>SSO-Okta</alias><br>
<metadata><br>
<xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml><br>
</metadata><br>
<skipSslValidation>false</skipSslValidation><br>
<linkText>Okta</linkText><br>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute><br>
</provider><br>
</serviceProvider><br>
</saml2><br>
<br>
<br>
And your ACS url will be something like this: <a
href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta"
target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a><br>
<div><br>
</div>
<br>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Aug 17, 2020 at
2:24 PM Gus Lou <<a href="mailto:gugalou38@gmail.com"
target="_blank" moz-do-not-send="true">gugalou38@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Luca</div>
<div dir="ltr">Thank you very much for your
help. I had not configured this option
yet.
<div>
<div>I did the suggested configuration,
now the link to the IdP in the
midpoint interface is correct.</div>
<div>But when I click on the link to the
IdP and do the authentication and get
the reply back to the midpoint I get
an error:</div>
<div><span
style="background-color:rgb(255,255,255)"><font
color="#000000"><span
style="box-sizing:border-box;display:inline-block;font-size:14px;margin:0px;line-height:1;font-family:"Source
Sans Pro","Helvetica
Neue",Helvetica,Arial,sans-serif"><i>Midpoint
saml module doesn't receive
response from Identity
Provider server.</i></span><br>
</font></span></div>
<div><span
style="background-color:rgb(255,255,255)"><font
color="#000000"><span
style="box-sizing:border-box;display:inline-block;margin:0px;line-height:1"><i><font
face="Source Sans Pro,
Helvetica Neue, Helvetica,
Arial, sans-serif"><span
style="font-size:14px">Authentication
failed, and as a
consequence was restarted
authentication flow</span></font></i></span></font></span></div>
<div>(probably due to the fact that the
midpoint ACS url in the IdP is not
correct.)</div>
<div><br>
</div>
<div>I need to find out what the
Midpoint Assertion Consumer Service
(ACS) URL is to report on the IdP.</div>
</div>
<div><br>
</div>
<div>Print Screen after IdP Authentication
failed</div>
<div>
<div><img
src="cid:part24.28D0210F.981C1BD8@evolveum.com"
alt="image.png" class="" width="541"
height="226"><br>
</div>
</div>
<div><br>
</div>
<div>Regards<br>
</div>
<div><br>
</div>
<div>Gus</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em seg., 17 de ago. de
2020 às 03:18, Lukas Skublik <<a
href="mailto:lukas.skublik@evolveum.com"
target="_blank" moz-do-not-send="true">lukas.skublik@evolveum.com</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Gus,<br>
<br>
you try configure attribute
systemConfiguration/infrastructure/publicHttpUrlPattern
to '<a href="http://midpoint-02.xyz.net/midpoint"
target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint</a>'.<br>
<br>
Regards,<br>
Lukas Skublik<br>
</p>
<div>On 6. 8. 2020 0:00, Gus Lou wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Guys
<div>
<div>Anyone here already
integrated Midpoint with
Okta's solution to provide
Midpoint authentication
through the SAML 2.0
protocol?</div>
<div>I created a free
developer account on Okta
and I am trying to make
the SAML settings
following the guidelines
below:</div>
<div><br>
</div>
<div><b>Midpoint Wiki:</b> </div>
<div><a
href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration"
target="_blank"
moz-do-not-send="true">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</a></div>
<div><br>
</div>
<div><b>Git Example
Security-policy-flexible-authentication:</b> </div>
<div><a
href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml"
target="_blank"
moz-do-not-send="true">https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml</a></div>
<div><br>
</div>
<div><b>Okta Example - SAML
Spring Security:</b></div>
<div><a
href="https://developer.okta.com/code/java/spring_security_saml/"
target="_blank"
moz-do-not-send="true">https://developer.okta.com/code/java/spring_security_saml/</a></div>
<div><a
href="https://github.com/oktadeveloper/okta-spring-boot-saml-example"
target="_blank"
moz-do-not-send="true">https://github.com/oktadeveloper/okta-spring-boot-saml-example</a></div>
<div><br>
</div>
<div>I understand that Okta
is the Identity Provider
IdP and Midpoint is the
Service Provider SP.</div>
<div>After trying to make
the settings I had some
doubts:</div>
<div><br>
</div>
<div>What is the Midpoint
uri that receives the IdP
response?</div>
<div>What is the Midpoint
url that I should use to
perform the authentication
of the IdP (Okta). Because
when I try to inform an
existing user in the IdP
an error appears and a
screen with the link of
the IdP (in this part
there is another error
that I couldn't solve the
midpoint displays the
internal address <a
href="https://127.0.0.1/"
target="_blank"
moz-do-not-send="true">https://127.0.0.1/</a></div>
</div>
<div><br>
</div>
<div>Some Informations from my
Lab:</div>
<div><br>
</div>
<div><b>Print-01 Midpoint -
Authentatication GUI</b>
(the user john.doe, does not
exist at midpoint but exists
at IdP)</div>
<div>
<div><img
src="cid:part32.226C598A.93ECB4B6@evolveum.com"
alt="image.png" class=""
width="541" height="190"><br>
</div>
</div>
<div><br>
</div>
<div><b>Print-02 </b></div>
<div>
<div>After I try to
authenticate, I get the
error message:</div>
<div><i><u><font
style="background-color:rgb(243,243,243)"
color="#ff0000">Couldn't
authenticate user,
reason: couldn't
encode password.</font></u></i></div>
</div>
<div>
<div><img
src="cid:part33.F8915C21.FDFFEA58@evolveum.com"
alt="image.png" class=""
width="541" height="207"><br>
</div>
</div>
<div><br>
</div>
<div><b>Print-03</b></div>
<div>
<div>The link to the idp
Okta is displaying the
midpoint's internal
address:</div>
<div><b><font
color="#ff0000"><a
href="http://127.0.0.1:8080/"
target="_blank"
moz-do-not-send="true">http://127.0.0.1:8080/</a></font></b>midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%<a
href="http://2Fwww.okta.com" target="_blank" moz-do-not-send="true">2Fwww.okta.com</a>%2Fexko4d721K5vASKoJ4x6</div>
<div><br>
</div>
<div>Instead of the hostname
address:</div>
<div><b><font
color="#0000ff"><a
href="http://midpoint-02.xyz.net"
target="_blank"
moz-do-not-send="true">http://midpoint-02.xyz.net</a></font></b>/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%<a
href="http://2Fwww.okta.com" target="_blank" moz-do-not-send="true">2Fwww.okta.com</a>%2Fexko4d721K5vASKoJ4x6</div>
<div><br>
</div>
<div>I believe it is some
incorrect configuration on
my reverse proxy - nginx</div>
</div>
<div>
<div>
<div><img
src="cid:part38.5B15AFB6.CA11B7CB@evolveum.com"
alt="image.png"
class="" width="541"
height="178"><br>
</div>
</div>
</div>
<div><br>
</div>
<div><b>Print-04: Okta IdP
SAML Configuration</b></div>
<div>
<div>Here is my main
question, because in the
fields:</div>
<div>
<ol>
<li>Single sign on URL</li>
<li>Audience URI (SP
Entity ID)</li>
</ol>
</div>
<div>I need to report
existing data in Midpoint,
but I'm not sure where to
get this information.</div>
</div>
<div>
<div><img
src="cid:part39.0C571611.84C62CC2@evolveum.com"
alt="image.png" class=""
width="541" height="357"><br>
</div>
</div>
<div>
<div><br>
</div>
</div>
<div>
<div><br>
</div>
</div>
<div><br>
</div>
<div><b>My Security Policy
Config:</b></div>
<div>I made the settings in
the IdP, generated the
metadata, encoded it in base
64 and put it in the
Midpoint settings.<br>
</div>
<div><b><br>
</b></div>
<div>
<div><authentication></div>
<div> <modules></div>
<div>
<loginForm id="15"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<description>Internal
username/password
authentication, default
user password, login
form</description></div>
<div>
</loginForm></div>
<div> <saml2
id="16"></div>
<div>
<name>oktaidp</name></div>
<div>
<description>My
SAML-based SSO
system.</description></div>
<div>
<network></div>
<div>
<readTimeout>10000</readTimeout></div>
<div>
<connectTimeout>5000</connectTimeout></div>
<div>
</network></div>
<div>
<serviceProvider></div>
<div>
<entityId>sp_midpoint</entityId></div>
<div>
<signRequests>true</signRequests></div>
<div>
<wantAssertionsSigned>true</wantAssertionsSigned></div>
<div>
<singleLogoutEnabled>true</singleLogoutEnabled></div>
<div>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId></div>
<div>
<keys/></div>
<div>
<provider id="17"></div>
<div>
<entityId><a
href="http://www.okta.com/xxxxxxxxxxxx4x6"
target="_blank"
moz-do-not-send="true">http://www.okta.com/xxxxxxxxxxxx4x6</a></entityId></div>
<div>
<alias>SSO-Okta</alias></div>
<div>
<metadata></div>
<div>
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml></div>
<div>
</metadata></div>
<div>
<skipSslValidation>true</skipSslValidation></div>
<div>
<linkText>Okta</linkText></div>
<div>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding></div>
<div>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute></div>
<div>
</provider></div>
<div>
</serviceProvider></div>
<div>
</saml2></div>
<div>
</modules></div>
<div> <sequence
id="8"></div>
<div>
<name>admin-gui-default</name></div>
<div>
<description></div>
<div> Default
GUI authentication
sequence.</div>
<div> We want
to try company SSO,
federation and internal.
In that order.</div>
<div> Just
one of then need to be
successful to let user in.</div>
<div>
</description></div>
<div>
<channel></div>
<div>
<channelId><a
href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user"
target="_blank"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></div>
<div>
<default>true</default></div>
<div>
<urlSuffix>default</urlSuffix></div>
<div>
</channel></div>
<div> <module
id="12"></div>
<div>
<name>oktaidp</name></div>
<div>
<order>30</order></div>
<div>
<necessity>sufficient</necessity></div>
<div>
</module></div>
<div> <module
id="13"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<order>20</order></div>
<div>
<necessity>sufficient</necessity></div>
<div>
</module></div>
<div>
</sequence></div>
<div> <sequence
id="9"></div>
<div>
<name>admin-gui-emergency</name></div>
<div>
<description></div>
<div> Special
GUI authentication
sequence that is using
just the internal user
password.</div>
<div> It is
used only in emergency. It
allows to skip SAML
authentication cycles,
e.g. in case</div>
<div> that
the SAML authentication is
redirecting the browser
incorrectly.</div>
<div>
</description></div>
<div>
<channel></div>
<div>
<channelId><a
href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user"
target="_blank"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></div>
<div>
<default>false</default></div>
<div>
<urlSuffix>emergency</urlSuffix></div>
<div>
</channel></div>
<div>
<requireAssignmentTarget
oid="00000000-0000-0000-0000-000000000004" relation="org:default"
type="c:RoleType"></div>
<div> <!--
Superuser --></div>
<div>
</requireAssignmentTarget></div>
<div> <module
id="14"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<order>30</order></div>
<div>
<necessity>sufficient</necessity></div>
<div>
</module></div>
<div>
</sequence></div>
<div>
</authentication></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>If anyone has any
suggestions for solving the
problem I would appreciate
it.<br>
</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>Gus</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<table
style="font-family:arial,sans-serif;font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);color:rgb(0,0,0);font-size:medium"
width="450" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td rowspan="6"
style="font-family:arial,sans-serif;margin:0px"
width="105" valign="top" height="120"
align="right"><a
href="https://www.ifood.com.br/"
style="color:rgb(17,85,204)" target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/iFood_assinatura3.gif"
alt="" moz-do-not-send="true" width="105"
height="110"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px"
height="22">
<div
style="line-height:18px;font-family:Montserrat,"Trebuchet
MS","Lucida
Grande","Lucida Sans
Unicode","Lucida
Sans",Tahoma,sans-serif;color:rgb(85,85,85)">
<p style="margin:0px;line-height:18px"><span
style="font-size:14px">Alexandre R Zia<br>
</span></p>
</div>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px">
<div
style="font-size:12px;line-height:14px;font-family:Montserrat,"Trebuchet
MS","Lucida
Grande","Lucida Sans
Unicode","Lucida
Sans",Tahoma,sans-serif;color:rgb(228,0,43)">
<p style="margin:0px;line-height:15px"><span
style="line-height:15px"><b>Security</b></span></p>
</div>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18" height="10"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px"
height="10"><br>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px"><br>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px">
<div
style="font-size:11px;line-height:16px;font-family:Montserrat,"Trebuchet
MS","Lucida
Grande","Lucida Sans
Unicode","Lucida
Sans",Tahoma,sans-serif"><a
href="https://www.ifood.com.br/"
style="color:rgb(119,119,119);line-height:16px"
target="_blank" moz-do-not-send="true">www.ifood.com.br</a></div>
</td>
</tr>
<tr>
<td colspan="2"
style="font-family:arial,sans-serif;margin:0px"
height="35">
<table width="190" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="12"> </td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://www.facebook.com/iFood?fref=ts"
style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/facebook_2x.png"
alt="" moz-do-not-send="true"
width="32" height="32"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://twitter.com/iFood"
style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/twitter_2x.png"
alt="" moz-do-not-send="true"
width="32" height="32"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://www.instagram.com/iFoodBrasil/"
style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/instagram_2x.png"
alt="" moz-do-not-send="true"
width="32" height="32"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://www.youtube.com/ifood"
style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/youtube_2x.png"
alt="" moz-do-not-send="true"
width="32" height="32"></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table
style="color:rgb(34,34,34);font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);font-size:13px;line-height:normal;font-family:tahoma,geneva,sans-serif"
width="630" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px">
<table width="100%" cellspacing="0"
cellpadding="0" border="0">
</table>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>