<span style=" font-size:10pt;font-family:sans-serif">Hallo Martina,<br>
<br>
can I understand to your post in this way, that this feature<i> (midPoint
is recognising and processing SAML response from external IDM system) </i> is
not actually available on midpoint git-repository and it needs analytic
and development effort which goes beyond support covered in this mailing
list?<br>
<br>
Tomas</span>
<br>
<br>
<br>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:
</span><span style=" font-size:9pt;font-family:sans-serif">"Martina
Benckova" <mbenckova@evolveum.com></span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:
</span><span style=" font-size:9pt;font-family:sans-serif">midpoint@lists.evolveum.com</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:
</span><span style=" font-size:9pt;font-family:sans-serif">20.
08. 2020 13:22</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:
</span><span style=" font-size:9pt;font-family:sans-serif">Re:
[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent
by: </span><span style=" font-size:9pt;font-family:sans-serif">"midPoint"
<midpoint-bounces@lists.evolveum.com></span>
<br>
<hr noshade>
<br>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Hi Gus,</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Let me join the communication.</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Lukas tried to help
you within limited time that he could dedicate to the community. His main
responsibilities are development activities to make midPoint even better
for the whole community. Based on this he mainly follows Jira tickets of
platform subscribers and customers with active product support.</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">On the other hand,
if you would like to engage our team with the issue, and provide detailed
analysis with possible solution, you might be interested in our commercial
services. In case of activated a services, we dedicate available techie
to help our customer with their issues.</span>
<br><span style=" font-size:12pt;font-family:Arial">We provide different
services for different purposes.</span>
<br><span style=" font-size:12pt;font-family:Arial">Would you be interested?</span>
<br>
<br><span style=" font-size:10pt;font-family:Times New Roman">Best regards,</span>
<br><span style=" font-size:10pt;font-family:Times New Roman"><b>Martina
Benckova</b> | Sales Manager</span>
<br><a href=https://evolveum.com/ target=_blank><img src=cid:_4_0C7460A00C745D30005A66F8C12585CA width=201 height=49 style="border:0px solid;"></a>
<br><span style=" font-size:8pt;font-family:Times New Roman">mbenckova@evolveum.com
| </span><a href=www.evolveum.com><span style=" font-size:8pt;font-family:Times New Roman">www.evolveum.com</span></a><span style=" font-size:8pt;font-family:Times New Roman">
</span>
<br><span style=" font-size:8pt;font-family:Times New Roman">tel: +421
948 940 888</span>
<br><a href=https://www.facebook.com/evolveum/ target=_blank><img src=cid:_4_0C7470A80C746D38005A66F8C12585CA width=35 height=34 style="border:0px solid;"></a><span style=" font-size:8pt;font-family:Arial"> </span><a href=https://www.linkedin.com/company/evolveum target=_blank><img src=cid:_4_0C7475100C746D38005A66F8C12585CA width=33 height=33 style="border:0px solid;"></a><span style=" font-size:8pt;font-family:Arial">
</span><a href=https://twitter.com/Evolveum target=_blank><img src=cid:_4_0C7303080C746D38005A66F8C12585CA width=34 height=33 style="border:0px solid;"></a>
<p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:8pt;font-family:Times New Roman">Disclaimer:</span></p>
<p style="margin-top:0px;margin-Bottom:0px"><span style=" font-size:8pt;font-family:Times New Roman">The
contents of this e-mail and attachment(s) thereto are confidential and
intended for the named recipient(s) only. It shall not attach any liability
on the originator or Evolveum s.r.o. or its affiliates. Any views or opinions
presented in this email are solely those of the author and may not necessarily
reflect the opinions of Evolveum s.r.o. or its affiliates. Any form of
reproduction, dissemination, copying, disclosure, modification, distribution
and / or publication of this message without the prior written consent
of the author of this e-mail is strictly prohibited. If you have received
this email in error please delete it and notify the sender immediately.</span></p>
<br>
<br>
<hr>
<br><span style=" font-size:12pt;font-family:Arial"><b>From: </b>"Lukas
Skublik" <lukas.skublik@evolveum.com><b><br>
To: </b>midpoint@lists.evolveum.com<b><br>
Sent: </b>Thursday, August 20, 2020 9:37:04 AM<b><br>
Subject: </b>Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Hello Gus,<br>
I analysed log file, but I found nothing relevant. <br>
<br>
Regards,<br>
Lukas Skublik.</span>
<br><span style=" font-size:12pt;font-family:Arial">On 19. 8. 2020 15:10,
Gus Lou wrote:</span>
<br><span style=" font-size:12pt;font-family:Arial">Hi Lukas</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">I activated the debug
level in the midpoint log, but found nothing relevant.</span>
<br><span style=" font-size:12pt;font-family:Arial">I attached the log
for analysis</span>
<br><span style=" font-size:12pt;font-family:Arial">Thank you very much</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Em qua., 19 de ago.
de 2020 às 02:54, Lukas Skublik <</span><a href=mailto:lukas.skublik@evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>lukas.skublik@evolveum.com</u></span></a><span style=" font-size:12pt;font-family:Arial">>
escreveu:</span>
<br><span style=" font-size:12pt;font-family:Arial">Hello Gus,<br>
can you send me your log file. Maybe you see wrong error message.</span>
<br><span style=" font-size:12pt;font-family:Arial">Regards<br>
Lukas Skublik</span>
<br><span style=" font-size:12pt;font-family:Arial">On 18. 8. 2020 23:35,
Gus Lou wrote:</span>
<br><span style=" font-size:12pt;font-family:Arial">Hi Alexandre</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Thank you very much
</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">I made the modifications
suggested by you and Lukas.</span>
<br><span style=" font-size:12pt;font-family:Arial">Something is still
wrong, after authenticating with the IdP and returning to the midpoint
I get the message:</span>
<br><span style=" font-size:12pt;font-family:Arial">Midpoint saml module
doesn't receive response from Identity Provider server ..</span>
<br><span style=" font-size:12pt;font-family:Arial">The strange thing is
that through the Saml Tracer tool, I can verify that there was a request
and a response.</span>
<br>
<br>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Saml Request:</span>
<br>
<br><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:AuthnRequest</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2p</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">AssertionConsumerServiceURL</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Destination</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ForceAuthn</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"false"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IsPassive</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"false"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IssueInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:01.266Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ProtocolBinding</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Version</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2.0"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">sp_midpoint</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:NameIDPolicy</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">AllowCreate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"true"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:AuthnRequest</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Saml Response:</span>
<br>
<br><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Response</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2p</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Destination</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"id369598233453735443745710"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">InResponseTo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IssueInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Version</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2.0"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><a href=http://www.okta.com/xxxxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxxxx4x6</u></span></a><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:ds</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2000/09/xmldsig# target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:CanonicalizationMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">URI</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"#id369598233453735443745710"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2001/04/xmlenc#sha256 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Status</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2p</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:StatusCode</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Value</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:status:Success"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Status</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Assertion</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"id3695982334609027802744130"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IssueInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Version</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2.0"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><a href=http://www.okta.com/xxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxx4x6</u></span></a><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:ds</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2000/09/xmldsig# target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:CanonicalizationMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">URI</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"#id3695982334609027802744130"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2001/04/xmlenc#sha256 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Subject</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:NameID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><a href=mailto:john.doe@xyz.net target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>john.doe@xyz.net</u></span></a><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:NameID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:SubjectConfirmation</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Method</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:cm:bearer"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:SubjectConfirmationData</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">InResponseTo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">NotOnOrAfter</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Recipient</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:SubjectConfirmation</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Subject</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Conditions</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">NotBefore</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:09:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">NotOnOrAfter</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AudienceRestriction</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Audience</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">okta</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Audience</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AudienceRestriction</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Conditions</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnStatement</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">AuthnInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">SessionIndex</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContext</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContextClassRef</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContextClassRef</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContext</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnStatement</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Assertion</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Response</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">---------------------------------------------------------------------------------------------</span>
<br>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Regards</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Gus</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Em ter., 18 de ago.
de 2020 às 02:28, Alexandre Zia <</span><a href=mailto:alexandre.zia@ifood.com.br target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>alexandre.zia@ifood.com.br</u></span></a><span style=" font-size:12pt;font-family:Arial">>
escreveu:</span>
<br><span style=" font-size:12pt;font-family:Arial">I've just changed a
few things, based on your config, </span>
<br>
<br><span style=" font-size:12pt;font-family:Arial"><saml2><br>
<name>oktaidp</name><br>
<description>Enterprise SAML-based SSO system</description><br>
<network><br>
<readTimeout>10000</readTimeout><br>
<connectTimeout>5000</connectTimeout><br>
</network><br>
<serviceProvider><br>
<entityId>sp_midpoint</entityId><br>
<aliasForPath>okta</aliasForPath><br>
<signRequests>false</signRequests><br>
<wantAssertionsSigned>true</wantAssertionsSigned><br>
<singleLogoutEnabled>true</singleLogoutEnabled><br>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId><br>
<provider><br>
<entityId></span><a href=http://www.okta.com/xxxxxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style=" font-size:12pt;font-family:Arial"></entityId><br>
<alias>SSO-Okta</alias><br>
<metadata><br>
<xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml><br>
</metadata><br>
<skipSslValidation>false</skipSslValidation><br>
<linkText>Okta</linkText><br>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute><br>
</provider><br>
</serviceProvider><br>
</saml2><br>
<br>
<br>
And your ACS url will be something like this: </span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a>
<br>
<br>
<br>
<br>
<br>
<br><span style=" font-size:12pt;font-family:Arial">On Mon, Aug 17, 2020
at 2:24 PM Gus Lou <</span><a href=mailto:gugalou38@gmail.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>gugalou38@gmail.com</u></span></a><span style=" font-size:12pt;font-family:Arial">>
wrote:</span>
<br><span style=" font-size:12pt;font-family:Arial">Hi Luca</span>
<br><span style=" font-size:12pt;font-family:Arial">Thank you very much
for your help. I had not configured this option yet. </span>
<br><span style=" font-size:12pt;font-family:Arial">I did the suggested
configuration, now the link to the IdP in the midpoint interface is correct.</span>
<br><span style=" font-size:12pt;font-family:Arial">But when I click on
the link to the IdP and do the authentication and get the reply back to
the midpoint I get an error:</span>
<br><span style=" font-size:12pt;font-family:Arial"><i>Midpoint saml module
doesn't receive response from Identity Provider server.</i></span>
<br><span style=" font-size:11pt;font-family:Arial"><i>Authentication failed,
and as a consequence was restarted authentication flow</i></span>
<br><span style=" font-size:12pt;font-family:Arial">(probably due to the
fact that the midpoint ACS url in the IdP is not correct.)</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">I need to find out
what the Midpoint Assertion Consumer Service (ACS) URL is to report on
the IdP.</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Print Screen after
IdP Authentication failed</span>
<br><img src=cid:_4_0C79FFD80C79FD64005A66F9C12585CA width=541 height=226 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt;font-family:Arial">Regards</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Gus</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Em seg., 17 de ago.
de 2020 às 03:18, Lukas Skublik <</span><a href=mailto:lukas.skublik@evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>lukas.skublik@evolveum.com</u></span></a><span style=" font-size:12pt;font-family:Arial">>
escreveu:</span>
<br><span style=" font-size:12pt;font-family:Arial">Hello Gus,<br>
<br>
you try configure attribute systemConfiguration/infrastructure/publicHttpUrlPattern
to '</span><a href="http://midpoint-02.xyz.net/midpoint" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint-02.xyz.net/midpoint</u></span></a><span style=" font-size:12pt;font-family:Arial">'.<br>
<br>
Regards,<br>
Lukas Skublik</span>
<br><span style=" font-size:12pt;font-family:Arial">On 6. 8. 2020 0:00,
Gus Lou wrote:</span>
<br><span style=" font-size:12pt;font-family:Arial">Hi Guys </span>
<br><span style=" font-size:12pt;font-family:Arial">Anyone here already
integrated Midpoint with Okta's solution to provide Midpoint authentication
through the SAML 2.0 protocol?</span>
<br><span style=" font-size:12pt;font-family:Arial">I created a free developer
account on Okta and I am trying to make the SAML settings following the
guidelines below:</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>Midpoint Wiki:</b>
</span>
<br><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</u></span></a>
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>Git Example Security-policy-flexible-authentication:</b>
</span>
<br><a href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml</u></span></a>
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>Okta Example - SAML
Spring Security:</b></span>
<br><a href=https://developer.okta.com/code/java/spring_security_saml/ target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://developer.okta.com/code/java/spring_security_saml/</u></span></a>
<br><a href="https://github.com/oktadeveloper/okta-spring-boot-saml-example" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://github.com/oktadeveloper/okta-spring-boot-saml-example</u></span></a>
<br>
<br><span style=" font-size:12pt;font-family:Arial">I understand that Okta
is the Identity Provider IdP and Midpoint is the Service Provider SP.</span>
<br><span style=" font-size:12pt;font-family:Arial">After trying to make
the settings I had some doubts:</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">What is the Midpoint
uri that receives the IdP response?</span>
<br><span style=" font-size:12pt;font-family:Arial">What is the Midpoint
url that I should use to perform the authentication of the IdP (Okta).
Because when I try to inform an existing user in the IdP an error appears
and a screen with the link of the IdP (in this part there is another error
that I couldn't solve the midpoint displays the internal address </span><a href=https://127.0.0.1/ target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://127.0.0.1/</u></span></a>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Some Informations from
my Lab:</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>Print-01 Midpoint
- Authentatication GUI</b> (the user john.doe, does not exist at midpoint
but exists at IdP)</span>
<br><img src=cid:_4_0CCA7E9C0CCA7C28005A66F9C12585CA width=541 height=190 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>Print-02 </b></span>
<br><span style=" font-size:12pt;font-family:Arial">After I try to authenticate,
I get the error message:</span>
<br><span style=" font-size:12pt;color:red;font-family:Arial"><i><u>Couldn't
authenticate user, reason: couldn't encode password.</u></i></span>
<br><img src=cid:_4_0CCA8DCC0CCA8B58005A66F9C12585CA width=541 height=207 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>Print-03</b></span>
<br><span style=" font-size:12pt;font-family:Arial">The link to the idp
Okta is displaying the midpoint's internal address:</span>
<br><a href=http://127.0.0.1:8080/ target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><b><u>http://127.0.0.1:8080/</u></b></span></a><span style=" font-size:12pt;font-family:Arial">midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href=http://2fwww.okta.com/ target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>2Fwww.okta.com</u></span></a><span style=" font-size:12pt;font-family:Arial">%2Fexko4d721K5vASKoJ4x6</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Instead of the hostname
address:</span>
<br><a href="http://midpoint-02.xyz.net/" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><b><u>http://midpoint-02.xyz.net</u></b></span></a><span style=" font-size:12pt;font-family:Arial">/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href=http://2fwww.okta.com/ target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>2Fwww.okta.com</u></span></a><span style=" font-size:12pt;font-family:Arial">%2Fexko4d721K5vASKoJ4x6</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">I believe it is some
incorrect configuration on my reverse proxy - nginx</span>
<br><img src=cid:_4_0CCDE2180CCAB090005A66F9C12585CA width=541 height=178 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>Print-04: Okta IdP
SAML Configuration</b></span>
<br><span style=" font-size:12pt;font-family:Arial">Here is my main question,
because in the fields:</span>
<ol>
<li value=1><span style=" font-size:12pt;font-family:Arial">Single sign
on URL</span>
<li value=2><span style=" font-size:12pt;font-family:Arial">Audience URI
(SP Entity ID)</span></ol><span style=" font-size:12pt;font-family:Arial">I
need to report existing data in Midpoint, but I'm not sure where to get
this information.</span>
<br><img src=cid:_4_0CCDF7E80CCDF574005A66F9C12585CA width=541 height=357 alt=image.png style="border:0px solid;">
<br>
<br>
<br>
<br><span style=" font-size:12pt;font-family:Arial"><b>My Security Policy
Config:</b></span>
<br><span style=" font-size:12pt;font-family:Arial">I made the settings
in the IdP, generated the metadata, encoded it in base 64 and put it in
the Midpoint settings.</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial"><authentication></span>
<br><span style=" font-size:12pt;font-family:Arial">
<modules></span>
<br><span style=" font-size:12pt;font-family:Arial">
<loginForm id="15"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<name>internalLoginForm</name></span>
<br><span style=" font-size:12pt;font-family:Arial">
<description>Internal username/password
authentication, default user password, login form</description></span>
<br><span style=" font-size:12pt;font-family:Arial">
</loginForm></span>
<br><span style=" font-size:12pt;font-family:Arial">
<saml2 id="16"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<name>oktaidp</name></span>
<br><span style=" font-size:12pt;font-family:Arial">
<description>My SAML-based SSO
system.</description></span>
<br><span style=" font-size:12pt;font-family:Arial">
<network></span>
<br><span style=" font-size:12pt;font-family:Arial">��
<readTimeout>10000</readTimeout></span>
<br><span style=" font-size:12pt;font-family:Arial">
<connectTimeout>5000</connectTimeout></span>
<br><span style=" font-size:12pt;font-family:Arial">
</network></span>
<br><span style=" font-size:12pt;font-family:Arial">
<serviceProvider></span>
<br><span style=" font-size:12pt;font-family:Arial">
<entityId>sp_midpoint</entityId></span>
<br><span style=" font-size:12pt;font-family:Arial">
<signRequests>true</signRequests></span>
<br><span style=" font-size:12pt;font-family:Arial">
<wantAssertionsSigned>true</wantAssertionsSigned></span>
<br><span style=" font-size:12pt;font-family:Arial">
<singleLogoutEnabled>true</singleLogoutEnabled></span>
<br><span style=" font-size:12pt;font-family:Arial">
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId></span>
<br><span style=" font-size:12pt;font-family:Arial">
<keys/></span>
<br><span style=" font-size:12pt;font-family:Arial">
<provider id="17"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<entityId></span><a href=http://www.okta.com/xxxxxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style=" font-size:12pt;font-family:Arial"></entityId></span>
<br><span style=" font-size:12pt;font-family:Arial">
<alias>SSO-Okta</alias></span>
<br><span style=" font-size:12pt;font-family:Arial">
<metadata></span>
<br><span style=" font-size:12pt;font-family:Arial">
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml></span>
<br><span style=" font-size:12pt;font-family:Arial">
</metadata></span>
<br><span style=" font-size:12pt;font-family:Arial">
<skipSslValidation>true</skipSslValidation></span>
<br><span style=" font-size:12pt;font-family:Arial">
<linkText>Okta</linkText></span>
<br><span style=" font-size:12pt;font-family:Arial">
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding></span>
<br><span style=" font-size:12pt;font-family:Arial">
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute></span>
<br><span style=" font-size:12pt;font-family:Arial">
</provider></span>
<br><span style=" font-size:12pt;font-family:Arial">
</serviceProvider></span>
<br><span style=" font-size:12pt;font-family:Arial">
</saml2></span>
<br><span style=" font-size:12pt;font-family:Arial">
</modules></span>
<br><span style=" font-size:12pt;font-family:Arial">
<sequence id="8"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<name>admin-gui-default</name></span>
<br><span style=" font-size:12pt;font-family:Arial">
<description></span>
<br><span style=" font-size:12pt;font-family:Arial">
Default GUI authentication sequence.</span>
<br><span style=" font-size:12pt;font-family:Arial">
We want to try company SSO, federation
and internal. In that order.</span>
<br><span style=" font-size:12pt;font-family:Arial">
Just one of then need to be successful
to let user in.</span>
<br><span style=" font-size:12pt;font-family:Arial">
</description></span>
<br><span style=" font-size:12pt;font-family:Arial">
<channel></span>
<br><span style=" font-size:12pt;font-family:Arial">
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style=" font-size:12pt;font-family:Arial"></channelId></span>
<br><span style=" font-size:12pt;font-family:Arial">
<default>true</default></span>
<br><span style=" font-size:12pt;font-family:Arial">
<urlSuffix>default</urlSuffix></span>
<br><span style=" font-size:12pt;font-family:Arial">
</channel></span>
<br><span style=" font-size:12pt;font-family:Arial">
<module id="12"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<name>oktaidp</name></span>
<br><span style=" font-size:12pt;font-family:Arial">
<order>30</order></span>
<br><span style=" font-size:12pt;font-family:Arial">
<necessity>sufficient</necessity></span>
<br><span style=" font-size:12pt;font-family:Arial">
</module></span>
<br><span style=" font-size:12pt;font-family:Arial">
<module id="13"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<name>internalLoginForm</name></span>
<br><span style=" font-size:12pt;font-family:Arial">
<order>20</order></span>
<br><span style=" font-size:12pt;font-family:Arial">
<necessity>sufficient</necessity></span>
<br><span style=" font-size:12pt;font-family:Arial">
</module></span>
<br><span style=" font-size:12pt;font-family:Arial">
</sequence></span>
<br><span style=" font-size:12pt;font-family:Arial">
<sequence id="9"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<name>admin-gui-emergency</name></span>
<br><span style=" font-size:12pt;font-family:Arial">
<description></span>
<br><span style=" font-size:12pt;font-family:Arial">
Special GUI authentication sequence
that is using just the internal user password.</span>
<br><span style=" font-size:12pt;font-family:Arial">
It is used only in emergency. It allows
to skip SAML authentication cycles, e.g. in case</span>
<br><span style=" font-size:12pt;font-family:Arial">
that the SAML authentication is redirecting
the browser incorrectly.</span>
<br><span style=" font-size:12pt;font-family:Arial">
</description></span>
<br><span style=" font-size:12pt;font-family:Arial">
<channel></span>
<br><span style=" font-size:12pt;font-family:Arial">
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style=" font-size:12pt;font-family:Arial"></channelId></span>
<br><span style=" font-size:12pt;font-family:Arial">
<default>false</default></span>
<br><span style=" font-size:12pt;font-family:Arial">
<urlSuffix>emergency</urlSuffix></span>
<br><span style=" font-size:12pt;font-family:Arial">
</channel></span>
<br><span style=" font-size:12pt;font-family:Arial">
<requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004"
relation="org:default" type="c:RoleType"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<!-- Superuser --></span>
<br><span style=" font-size:12pt;font-family:Arial">
</requireAssignmentTarget></span>
<br><span style=" font-size:12pt;font-family:Arial">
<module id="14"></span>
<br><span style=" font-size:12pt;font-family:Arial">
<name>internalLoginForm</name></span>
<br><span style=" font-size:12pt;font-family:Arial">
<order>30</order></span>
<br><span style=" font-size:12pt;font-family:Arial">
<necessity>sufficient</necessity></span>
<br><span style=" font-size:12pt;font-family:Arial">
</module></span>
<br><span style=" font-size:12pt;font-family:Arial">
</sequence></span>
<br><span style=" font-size:12pt;font-family:Arial"> </authentication></span>
<br>
<br>
<br><span style=" font-size:12pt;font-family:Arial">If anyone has any suggestions
for solving the problem I would appreciate it.</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Regards</span>
<br>
<br><span style=" font-size:12pt;font-family:Arial">Gus</span>
<br>
<br>
<br>
<br><span style=" font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list<br>
</span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;font-family:Arial"><br>
</span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style=" font-size:12pt;font-family:Arial"><br>
</span>
<br><span style=" font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br><span style=" font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br><span style=" font-size:12pt;font-family:Arial"><br>
<br>
-- </span>
<table width=450 style="border-collapse:collapse;">
<tr height=8>
<td width=174 rowspan=6 bgcolor=white valign=top style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<div align=right><a href=https://www.ifood.com.br/ target=_blank></a></div>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><span style=" font-size:11pt;font-family:Arial">Alexandre
R Zia</span>
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><span style=" font-size:12pt;font-family:Arial"><b>Security</b></span>
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://www.ifood.com.br/ target=_blank><span style=" font-size:12pt;color:#808080;font-family:Arial"><u>www.ifood.com.br</u></span></a>
<tr height=8>
<td width=275 colspan=2 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<table width=190 style="border-collapse:collapse;">
<tr height=8>
<td width=16 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><span style=" font-size:12pt;font-family:Arial"> </span>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href="https://www.facebook.com/iFood?fref=ts" target=_blank></a>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://twitter.com/iFood target=_blank></a>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://www.instagram.com/iFoodBrasil/ target=_blank></a>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://www.youtube.com/ifood target=_blank></a></table>
<p style="margin-top:0px;margin-Bottom:0px"></p></table>
<br><span style=" font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<br><span style=" font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list<br>
</span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;font-family:Arial"><br>
</span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style=" font-size:12pt;font-family:Arial"><br>
</span>
<br><span style=" font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<br><span style=" font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list<br>
</span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;font-family:Arial"><br>
</span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style=" font-size:12pt;font-family:Arial"><br>
</span>
<br><span style=" font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list<br>
midPoint@lists.evolveum.com<br>
</span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint><span style=" font-size:12pt;font-family:Arial">https://lists.evolveum.com/mailman/listinfo/midpoint</span></a><tt><span style=" font-size:10pt">_______________________________________________<br>
midPoint mailing list<br>
midPoint@lists.evolveum.com<br>
</span></tt><a href=https://lists.evolveum.com/mailman/listinfo/midpoint><tt><span style=" font-size:10pt">https://lists.evolveum.com/mailman/listinfo/midpoint</span></tt></a><tt><span style=" font-size:10pt"><br>
</span></tt>
<br><span style=" font-size:10pt;font-family:sans-serif">[attachment "evolveum
logo.png" deleted by Tomas Husar/Ibacz/cz] [attachment "Facebook.png"
deleted by Tomas Husar/Ibacz/cz] [attachment "LinkedIn.png" deleted
by Tomas Husar/Ibacz/cz] [attachment "Twitter.png" deleted by
Tomas Husar/Ibacz/cz] </span>
<br>