<span style=" font-size:10pt;font-family:sans-serif">Hallo colleagues,<br>
<br>
I am pretty sure I have almost similar trouble.in following case:</span>
<ul>
<li><span style=" font-size:10pt;font-family:sans-serif">MidPoint is SP
and </span>
<li><span style=" font-size:10pt;font-family:sans-serif">Apero CAS acts
like IPD.<br>
<br>
</span></ul><span style=" font-size:10pt;font-family:sans-serif">And my
idea where is trouble is following:<br>
</span>
<ol>
<li value=1><span style=" font-size:10pt;font-family:sans-serif">midpoint
on very beggining of comunication is preparing web-lage with list of existing
providers: (<b>PageSamlSelect</b>)</span>
<ol>
<li value=1><span style=" font-size:10pt;font-family:sans-serif">here is
red from Security Context list of exiting IDP</span>
<li value=2><span style=" font-size:9pt;color:#2f2f2f;font-family:Consolas">Authentication
authentication </span><span style=" font-size:9pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:9pt;color:#2f2f2f;font-family:Consolas">
SecurityContextHolder</span><span style=" font-size:9pt;color:#e01f25;font-family:Consolas">.</span><span style=" font-size:9pt;color:#2f2f2f;font-family:Consolas">getContext()</span><span style=" font-size:9pt;color:#e01f25;font-family:Consolas">.</span><span style=" font-size:9pt;color:#2f2f2f;font-family:Consolas">getAuthentication();</span><span style=" font-size:12pt">
</span></ol>
<li value=2><span style=" font-size:10pt;font-family:sans-serif">then midpoint
prepare request for IDP</span>
<li value=3><span style=" font-size:10pt;font-family:sans-serif">IDP </span>
<ol>
<li value=1><span style=" font-size:10pt;font-family:sans-serif">get request,
process it and fire response for Midpoint</span>
<li value=2><span style=" font-size:10pt;font-family:sans-serif">inside
response is IDP entityID (</span><a href=http://www.okta.com/xxxxxxxxx4x6><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://www.okta.com/xxxxxxxxx4x6</span></a><span style=" font-size:10pt;font-family:sans-serif">
in your case)</span></ol>
<li value=4><span style=" font-size:10pt;font-family:sans-serif">midpoint
parse entityID (</span><a href=http://www.okta.com/xxxxxxxxx4x6><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://www.okta.com/xxxxxxxxx4x6</span></a><span style=" font-size:10pt;font-family:sans-serif">
in your case)</span>
<li value=5><span style=" font-size:10pt;font-family:sans-serif">midpoint
do a code inside <b>MidpointAuthFilter, MidpointSamlAuthenticationResponseFilte
</b>and seek the IPD with </span><a href=http://www.okta.com/xxxxxxxxx4x6><span style=" font-size:10pt;color:blue;font-family:sans-serif">http://www.okta.com/xxxxxxxxx4x6</span></a><span style=" font-size:10pt;font-family:sans-serif">,
but unsuccesfully </span>
<li value=6><span style=" font-size:10pt;font-family:sans-serif">midpoint
write to log:</span>
<ol>
<li value=1></ol></ol>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>2020-08-20
08:54:51,777 [] [http-nio-8080-exec-1] DEBUG (com.evolveum.midpoint.web.security.filter.MidpointAuthFilter):
/auth/emergency/mySamlSso2/SSO/alias/cas_simplesam20 at position 6 of 14
in additional filter chain; firing Filter: 'MidpointSamlAuthenticationRequestFilter'</i></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>2020-08-20
08:54:51,779 [] [http-nio-8080-exec-1] DEBUG (com.evolveum.midpoint.web.security.filter.<b>MidpointAuthFilter</i></b><i>):
/auth/emergency/mySamlSso2/SSO/alias/cas_simplesam20 at position 7 of 14
in additional filter chain; firing Filter: 'MidpointSamlAuthenticationResponseFilter'</i></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>2020-08-20
08:54:51,784 [] [http-nio-8080-exec-1] DEBUG (com.evolveum.midpoint.web.security.filter.<b>MidpointSamlAuthenticationResponseFilte</i></b><i>r):
Request is to process authentication</i></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>2020-08-20
08:54:55,049 [] [http-nio-8080-exec-1] ERROR (com.evolveum.midpoint.web.security.filter.TranslateExeptionFilter):<b>
Provider for key 'remote provider entityId' with value 'casEntityID' not
found.</i></b></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>org.springframework.security.saml.SamlProviderNotFoundException:
<b>Provider for key 'remote provider entityId' with value 'casEntityID'
not found.</i></b></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>
at org.springframework.security.saml.provider.AbstractHostedProviderService.throwIfNull(AbstractHostedProviderService.java:115)</i></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>
at org.springframework.security.saml.provider.AbstractHostedProviderService.getRemoteProvider(AbstractHostedProviderService.java:207)</i></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>
at org.springframework.security.saml.provider.service.HostedServiceProviderService.getRemoteProvider(HostedServiceProviderService.java:131)</i></span>
<br><span style=" font-size:10pt;font-family:sans-serif"><i>
at org.springframework.security.saml.provider.service.HostedServiceProviderService.getRemoteProvider(HostedServiceProviderService.java:105)</i></span>
<ol>
<li value=1></ol><span style=" font-size:10pt;font-family:sans-serif"> </span>
<br>
<br>
<br>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">From:
</span><span style=" font-size:9pt;font-family:sans-serif">"Lukas
Skublik" <lukas.skublik@evolveum.com></span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">To:
</span><span style=" font-size:9pt;font-family:sans-serif">midpoint@lists.evolveum.com</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Date:
</span><span style=" font-size:9pt;font-family:sans-serif">20.
08. 2020 09:38</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Subject:
</span><span style=" font-size:9pt;font-family:sans-serif">Re:
[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?</span>
<br><span style=" font-size:9pt;color:#5f5f5f;font-family:sans-serif">Sent
by: </span><span style=" font-size:9pt;font-family:sans-serif">"midPoint"
<midpoint-bounces@lists.evolveum.com></span>
<br>
<hr noshade>
<br>
<br>
<br><span style=" font-size:12pt">Hello Gus,<br>
I analysed log file, but I found nothing relevant. <br>
<br>
Regards,<br>
Lukas Skublik.</span>
<br><span style=" font-size:12pt">On 19. 8. 2020 15:10, Gus Lou wrote:</span>
<br><span style=" font-size:12pt">Hi Lukas</span>
<br>
<br><span style=" font-size:12pt">I activated the debug level in the midpoint
log, but found nothing relevant.</span>
<br><span style=" font-size:12pt">I attached the log for analysis</span>
<br><span style=" font-size:12pt">Thank you very much</span>
<br>
<br><span style=" font-size:12pt">Em qua., 19 de ago. de 2020 às 02:54,
Lukas Skublik <</span><a href=mailto:lukas.skublik@evolveum.com><span style=" font-size:12pt;color:blue"><u>lukas.skublik@evolveum.com</u></span></a><span style=" font-size:12pt">>
escreveu:</span>
<br><span style=" font-size:12pt">Hello Gus,<br>
can you send me your log file. Maybe you see wrong error message.</span>
<br><span style=" font-size:12pt">Regards<br>
Lukas Skublik</span>
<br><span style=" font-size:12pt">On 18. 8. 2020 23:35, Gus Lou wrote:</span>
<br><span style=" font-size:12pt">Hi Alexandre</span>
<br>
<br><span style=" font-size:12pt">Thank you very much </span>
<br>
<br><span style=" font-size:12pt">I made the modifications suggested by
you and Lukas.</span>
<br><span style=" font-size:12pt">Something is still wrong, after authenticating
with the IdP and returning to the midpoint I get the message:</span>
<br><span style=" font-size:12pt">Midpoint saml module doesn't receive
response from Identity Provider server ..</span>
<br><span style=" font-size:12pt">The strange thing is that through the
Saml Tracer tool, I can verify that there was a request and a response.</span>
<br>
<br>
<br>
<br><span style=" font-size:12pt">Saml Request:</span>
<br>
<br><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:AuthnRequest</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2p</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">AssertionConsumerServiceURL</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Destination</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ForceAuthn</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"false"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IsPassive</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"false"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IssueInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:01.266Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ProtocolBinding</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Version</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2.0"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">sp_midpoint</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:NameIDPolicy</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">AllowCreate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"true"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:AuthnRequest</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span>
<br>
<br><span style=" font-size:12pt">Saml Response:</span>
<br>
<br><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Response</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2p</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Destination</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"id369598233453735443745710"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">InResponseTo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IssueInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Version</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2.0"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><a href=http://www.okta.com/xxxxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxxxx4x6</u></span></a><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:ds</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2000/09/xmldsig# target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:CanonicalizationMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">URI</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"#id369598233453735443745710"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2001/04/xmlenc#sha256 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Status</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2p</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:StatusCode</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Value</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:status:Success"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Status</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Assertion</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">ID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"id3695982334609027802744130"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">IssueInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Version</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2.0"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><a href=http://www.okta.com/xxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxx4x6</u></span></a><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Issuer</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:ds</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2000/09/xmldsig# target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:CanonicalizationMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">URI</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"#id3695982334609027802744130"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transform</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Transforms</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestMethod</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Algorithm</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href=http://www.w3.org/2001/04/xmlenc#sha256 target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:DigestValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Reference</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignedInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:SignatureValue</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Certificate</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:X509Data</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:KeyInfo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">ds:Signature</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Subject</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:NameID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Format</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><a href=mailto:john.doe@xyz.net target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>john.doe@xyz.net</u></span></a><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:NameID</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:SubjectConfirmation</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Method</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:cm:bearer"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:SubjectConfirmationData</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">InResponseTo</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">NotOnOrAfter</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">Recipient</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
/></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:SubjectConfirmation</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Subject</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Conditions</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">NotBefore</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:09:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">NotOnOrAfter</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AudienceRestriction</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Audience</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">okta</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Audience</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AudienceRestriction</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Conditions</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnStatement</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">xmlns:saml2</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">AuthnInstant</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
</span><span style=" font-size:12pt;color:#df007f;font-family:Consolas">SessionIndex</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">=</span><span style=" font-size:12pt;color:#0041c2;font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">
></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContext</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"><</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContextClassRef</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContextClassRef</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnContext</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:AuthnStatement</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2:Assertion</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span><span style=" font-size:12pt;color:#4f4f4f;font-family:Consolas">
</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas"></</span><span style=" font-size:12pt;color:#0062e1;font-family:Consolas">saml2p:Response</span><span style=" font-size:12pt;color:#e01f25;font-family:Consolas">></span>
<br>
<br><span style=" font-size:12pt">---------------------------------------------------------------------------------------------</span>
<br>
<br>
<br><span style=" font-size:12pt">Regards</span>
<br>
<br><span style=" font-size:12pt">Gus</span>
<br>
<br><span style=" font-size:12pt">Em ter., 18 de ago. de 2020 às 02:28,
Alexandre Zia <</span><a href=mailto:alexandre.zia@ifood.com.br target=_blank><span style=" font-size:12pt;color:blue"><u>alexandre.zia@ifood.com.br</u></span></a><span style=" font-size:12pt">>
escreveu:</span>
<br><span style=" font-size:12pt">I've just changed a few things, based
on your config, </span>
<br>
<br><span style=" font-size:12pt"><saml2><br>
<name>oktaidp</name><br>
<description>Enterprise SAML-based SSO system</description><br>
<network><br>
<readTimeout>10000</readTimeout><br>
<connectTimeout>5000</connectTimeout><br>
</network><br>
<serviceProvider><br>
<entityId>sp_midpoint</entityId><br>
<aliasForPath>okta</aliasForPath><br>
<signRequests>false</signRequests><br>
<wantAssertionsSigned>true</wantAssertionsSigned><br>
<singleLogoutEnabled>true</singleLogoutEnabled><br>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId><br>
<provider><br>
<entityId></span><a href=http://www.okta.com/xxxxxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style=" font-size:12pt"></entityId><br>
<alias>SSO-Okta</alias><br>
<metadata><br>
<xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml><br>
</metadata><br>
<skipSslValidation>false</skipSslValidation><br>
<linkText>Okta</linkText><br>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute><br>
</provider><br>
</serviceProvider><br>
</saml2><br>
<br>
<br>
And your ACS url will be something like this: </span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target=_blank><span style=" font-size:12pt;color:blue"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a>
<br>
<br>
<br>
<br>
<br>
<br><span style=" font-size:12pt">On Mon, Aug 17, 2020 at 2:24 PM Gus Lou
<</span><a href=mailto:gugalou38@gmail.com target=_blank><span style=" font-size:12pt;color:blue"><u>gugalou38@gmail.com</u></span></a><span style=" font-size:12pt">>
wrote:</span>
<br><span style=" font-size:12pt">Hi Luca</span>
<br><span style=" font-size:12pt">Thank you very much for your help. I
had not configured this option yet. </span>
<br><span style=" font-size:12pt">I did the suggested configuration, now
the link to the IdP in the midpoint interface is correct.</span>
<br><span style=" font-size:12pt">But when I click on the link to the IdP
and do the authentication and get the reply back to the midpoint I get
an error:</span>
<br><span style=" font-size:12pt"><i>Midpoint saml module doesn't receive
response from Identity Provider server.</i></span>
<br><span style=" font-size:11pt;font-family:Arial"><i>Authentication failed,
and as a consequence was restarted authentication flow</i></span>
<br><span style=" font-size:12pt">(probably due to the fact that the midpoint
ACS url in the IdP is not correct.)</span>
<br>
<br><span style=" font-size:12pt">I need to find out what the Midpoint
Assertion Consumer Service (ACS) URL is to report on the IdP.</span>
<br>
<br><span style=" font-size:12pt">Print Screen after IdP Authentication
failed</span>
<br><img src=cid:_4_0BFBBAEC0BFBB878003DA8A8C12585CA width=541 height=226 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt">Regards</span>
<br>
<br><span style=" font-size:12pt">Gus</span>
<br>
<br><span style=" font-size:12pt">Em seg., 17 de ago. de 2020 às 03:18,
Lukas Skublik <</span><a href=mailto:lukas.skublik@evolveum.com target=_blank><span style=" font-size:12pt;color:blue"><u>lukas.skublik@evolveum.com</u></span></a><span style=" font-size:12pt">>
escreveu:</span>
<br><span style=" font-size:12pt">Hello Gus,<br>
<br>
you try configure attribute systemConfiguration/infrastructure/publicHttpUrlPattern
to '</span><a href="http://midpoint-02.xyz.net/midpoint" target=_blank><span style=" font-size:12pt;color:blue"><u>http://midpoint-02.xyz.net/midpoint</u></span></a><span style=" font-size:12pt">'.<br>
<br>
Regards,<br>
Lukas Skublik</span>
<br><span style=" font-size:12pt">On 6. 8. 2020 0:00, Gus Lou wrote:</span>
<br><span style=" font-size:12pt">Hi Guys </span>
<br><span style=" font-size:12pt">Anyone here already integrated Midpoint
with Okta's solution to provide Midpoint authentication through the SAML
2.0 protocol?</span>
<br><span style=" font-size:12pt">I created a free developer account on
Okta and I am trying to make the SAML settings following the guidelines
below:</span>
<br>
<br><span style=" font-size:12pt"><b>Midpoint Wiki:</b> </span>
<br><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration" target=_blank><span style=" font-size:12pt;color:blue"><u>https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</u></span></a>
<br>
<br><span style=" font-size:12pt"><b>Git Example Security-policy-flexible-authentication:</b> </span>
<br><a href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml" target=_blank><span style=" font-size:12pt;color:blue"><u>https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml</u></span></a>
<br>
<br><span style=" font-size:12pt"><b>Okta Example - SAML Spring Security:</b></span>
<br><a href=https://developer.okta.com/code/java/spring_security_saml/ target=_blank><span style=" font-size:12pt;color:blue"><u>https://developer.okta.com/code/java/spring_security_saml/</u></span></a>
<br><a href="https://github.com/oktadeveloper/okta-spring-boot-saml-example" target=_blank><span style=" font-size:12pt;color:blue"><u>https://github.com/oktadeveloper/okta-spring-boot-saml-example</u></span></a>
<br>
<br><span style=" font-size:12pt">I understand that Okta is the Identity
Provider IdP and Midpoint is the Service Provider SP.</span>
<br><span style=" font-size:12pt">After trying to make the settings I had
some doubts:</span>
<br>
<br><span style=" font-size:12pt">What is the Midpoint uri that receives
the IdP response?</span>
<br><span style=" font-size:12pt">What is the Midpoint url that I should
use to perform the authentication of the IdP (Okta). Because when I try
to inform an existing user in the IdP an error appears and a screen with
the link of the IdP (in this part there is another error that I couldn't
solve the midpoint displays the internal address </span><a href=https://127.0.0.1/ target=_blank><span style=" font-size:12pt;color:blue"><u>https://127.0.0.1/</u></span></a>
<br>
<br><span style=" font-size:12pt">Some Informations from my Lab:</span>
<br>
<br><span style=" font-size:12pt"><b>Print-01 Midpoint - Authentatication
GUI</b> (the user john.doe, does not exist at midpoint but exists at IdP)</span>
<br><img src=cid:_4_0BFE131C0BFE10A8003DA8A8C12585CA width=541 height=190 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt"><b>Print-02 </b></span>
<br><span style=" font-size:12pt">After I try to authenticate, I get the
error message:</span>
<br><span style=" font-size:12pt;color:red"><i><u>Couldn't authenticate
user, reason: couldn't encode password.</u></i></span>
<br><img src=cid:_4_0BFE224C0BFE1FD8003DA8A8C12585CA width=541 height=207 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt"><b>Print-03</b></span>
<br><span style=" font-size:12pt">The link to the idp Okta is displaying
the midpoint's internal address:</span>
<br><a href=http://127.0.0.1:8080/ target=_blank><span style=" font-size:12pt;color:blue"><b><u>http://127.0.0.1:8080/</u></b></span></a><span style=" font-size:12pt">midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href=http://2fwww.okta.com/ target=_blank><span style=" font-size:12pt;color:blue"><u>2Fwww.okta.com</u></span></a><span style=" font-size:12pt">%2Fexko4d721K5vASKoJ4x6</span>
<br>
<br><span style=" font-size:12pt">Instead of the hostname address:</span>
<br><a href="http://midpoint-02.xyz.net/" target=_blank><span style=" font-size:12pt;color:blue"><b><u>http://midpoint-02.xyz.net</u></b></span></a><span style=" font-size:12pt">/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href=http://2fwww.okta.com/ target=_blank><span style=" font-size:12pt;color:blue"><u>2Fwww.okta.com</u></span></a><span style=" font-size:12pt">%2Fexko4d721K5vASKoJ4x6</span>
<br>
<br><span style=" font-size:12pt">I believe it is some incorrect configuration
on my reverse proxy - nginx</span>
<br><img src=cid:_4_0C20FB4C0C20F8D8003DA8A8C12585CA width=541 height=178 alt=image.png style="border:0px solid;">
<br>
<br><span style=" font-size:12pt"><b>Print-04: Okta IdP SAML Configuration</b></span>
<br><span style=" font-size:12pt">Here is my main question, because in
the fields:</span>
<ol>
<li value=1><span style=" font-size:12pt">Single sign on URL</span>
<li value=2><span style=" font-size:12pt">Audience URI (SP Entity ID)</span></ol><span style=" font-size:12pt">I
need to report existing data in Midpoint, but I'm not sure where to get
this information.</span>
<br><img src=cid:_4_0C2111840C210F10003DA8A8C12585CA width=541 height=357 alt=image.png style="border:0px solid;">
<br>
<br>
<br>
<br><span style=" font-size:12pt"><b>My Security Policy Config:</b></span>
<br><span style=" font-size:12pt">I made the settings in the IdP, generated
the metadata, encoded it in base 64 and put it in the Midpoint settings.</span>
<br>
<br><span style=" font-size:12pt"><authentication></span>
<br><span style=" font-size:12pt"> <modules></span>
<br><span style=" font-size:12pt">
<loginForm id="15"></span>
<br><span style=" font-size:12pt">
<name>internalLoginForm</name></span>
<br><span style=" font-size:12pt">
<description>Internal username/password authentication,
default user password, login form</description></span>
<br><span style=" font-size:12pt">
</loginForm></span>
<br><span style=" font-size:12pt">
<saml2 id="16"></span>
<br><span style=" font-size:12pt">
<name>oktaidp</name></span>
<br><span style=" font-size:12pt">
<description>My SAML-based SSO system.</description></span>
<br><span style=" font-size:12pt">
<network></span>
<br><span style=" font-size:12pt">��
<readTimeout>10000</readTimeout></span>
<br><span style=" font-size:12pt">
<connectTimeout>5000</connectTimeout></span>
<br><span style=" font-size:12pt">
</network></span>
<br><span style=" font-size:12pt">
<serviceProvider></span>
<br><span style=" font-size:12pt">
<entityId>sp_midpoint</entityId></span>
<br><span style=" font-size:12pt">
<signRequests>true</signRequests></span>
<br><span style=" font-size:12pt">
<wantAssertionsSigned>true</wantAssertionsSigned></span>
<br><span style=" font-size:12pt">
<singleLogoutEnabled>true</singleLogoutEnabled></span>
<br><span style=" font-size:12pt">
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId></span>
<br><span style=" font-size:12pt">
<keys/></span>
<br><span style=" font-size:12pt">
<provider id="17"></span>
<br><span style=" font-size:12pt">
<entityId></span><a href=http://www.okta.com/xxxxxxxxxxxx4x6 target=_blank><span style=" font-size:12pt;color:blue"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style=" font-size:12pt"></entityId></span>
<br><span style=" font-size:12pt">
<alias>SSO-Okta</alias></span>
<br><span style=" font-size:12pt">
<metadata></span>
<br><span style=" font-size:12pt">
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml></span>
<br><span style=" font-size:12pt">
</metadata></span>
<br><span style=" font-size:12pt">
<skipSslValidation>true</skipSslValidation></span>
<br><span style=" font-size:12pt">
<linkText>Okta</linkText></span>
<br><span style=" font-size:12pt">
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding></span>
<br><span style=" font-size:12pt">
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute></span>
<br><span style=" font-size:12pt">
</provider></span>
<br><span style=" font-size:12pt">
</serviceProvider></span>
<br><span style=" font-size:12pt">
</saml2></span>
<br><span style=" font-size:12pt"> </modules></span>
<br><span style=" font-size:12pt"> <sequence
id="8"></span>
<br><span style=" font-size:12pt">
<name>admin-gui-default</name></span>
<br><span style=" font-size:12pt">
<description></span>
<br><span style=" font-size:12pt">
Default GUI authentication sequence.</span>
<br><span style=" font-size:12pt">
We want to try company SSO, federation and internal. In that
order.</span>
<br><span style=" font-size:12pt">
Just one of then need to be successful to let user in.</span>
<br><span style=" font-size:12pt">
</description></span>
<br><span style=" font-size:12pt">
<channel></span>
<br><span style=" font-size:12pt">
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target=_blank><span style=" font-size:12pt;color:blue"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style=" font-size:12pt"></channelId></span>
<br><span style=" font-size:12pt">
<default>true</default></span>
<br><span style=" font-size:12pt">
<urlSuffix>default</urlSuffix></span>
<br><span style=" font-size:12pt">
</channel></span>
<br><span style=" font-size:12pt">
<module id="12"></span>
<br><span style=" font-size:12pt">
<name>oktaidp</name></span>
<br><span style=" font-size:12pt">
<order>30</order></span>
<br><span style=" font-size:12pt">
<necessity>sufficient</necessity></span>
<br><span style=" font-size:12pt">
</module></span>
<br><span style=" font-size:12pt">
<module id="13"></span>
<br><span style=" font-size:12pt">
<name>internalLoginForm</name></span>
<br><span style=" font-size:12pt">
<order>20</order></span>
<br><span style=" font-size:12pt">
<necessity>sufficient</necessity></span>
<br><span style=" font-size:12pt">
</module></span>
<br><span style=" font-size:12pt"> </sequence></span>
<br><span style=" font-size:12pt"> <sequence
id="9"></span>
<br><span style=" font-size:12pt">
<name>admin-gui-emergency</name></span>
<br><span style=" font-size:12pt">
<description></span>
<br><span style=" font-size:12pt">
Special GUI authentication sequence that is using just the
internal user password.</span>
<br><span style=" font-size:12pt">
It is used only in emergency. It allows to skip SAML authentication
cycles, e.g. in case</span>
<br><span style=" font-size:12pt">
that the SAML authentication is redirecting the browser incorrectly.</span>
<br><span style=" font-size:12pt">
</description></span>
<br><span style=" font-size:12pt">
<channel></span>
<br><span style=" font-size:12pt">
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target=_blank><span style=" font-size:12pt;color:blue"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style=" font-size:12pt"></channelId></span>
<br><span style=" font-size:12pt">
<default>false</default></span>
<br><span style=" font-size:12pt">
<urlSuffix>emergency</urlSuffix></span>
<br><span style=" font-size:12pt">
</channel></span>
<br><span style=" font-size:12pt">
<requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004"
relation="org:default" type="c:RoleType"></span>
<br><span style=" font-size:12pt">
<!-- Superuser --></span>
<br><span style=" font-size:12pt">
</requireAssignmentTarget></span>
<br><span style=" font-size:12pt">
<module id="14"></span>
<br><span style=" font-size:12pt">
<name>internalLoginForm</name></span>
<br><span style=" font-size:12pt">
<order>30</order></span>
<br><span style=" font-size:12pt">
<necessity>sufficient</necessity></span>
<br><span style=" font-size:12pt">
</module></span>
<br><span style=" font-size:12pt"> </sequence></span>
<br><span style=" font-size:12pt"> </authentication></span>
<br>
<br>
<br><span style=" font-size:12pt">If anyone has any suggestions for solving
the problem I would appreciate it.</span>
<br>
<br><span style=" font-size:12pt">Regards</span>
<br>
<br><span style=" font-size:12pt">Gus</span>
<br>
<br>
<br>
<br><tt><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list<br>
</span></tt><a href=mailto:midPoint@lists.evolveum.com target=_blank><tt><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><tt><span style=" font-size:12pt"><br>
</span></tt><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><tt><span style=" font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><tt><span style=" font-size:12pt"><br>
</span></tt>
<br><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br><span style=" font-size:12pt"><br>
<br>
-- </span>
<table width=450 style="border-collapse:collapse;">
<tr height=8>
<td width=174 rowspan=6 bgcolor=white valign=top style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<div align=right><a href=https://www.ifood.com.br/ target=_blank></a></div>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><span style=" font-size:11pt;font-family:Arial">Alexandre
R Zia</span>
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><span style=" font-size:12pt;font-family:Arial"><b>Security</b></span>
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<tr height=8>
<td width=29 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<td width=245 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://www.ifood.com.br/ target=_blank><span style=" font-size:12pt;color:#808080;font-family:Arial"><u>www.ifood.com.br</u></span></a>
<tr height=8>
<td width=275 colspan=2 bgcolor=white style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;">
<table width=190 style="border-collapse:collapse;">
<tr height=8>
<td width=16 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><span style=" font-size:12pt;font-family:Arial"> </span>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href="https://www.facebook.com/iFood?fref=ts" target=_blank></a>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://twitter.com/iFood target=_blank></a>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://www.instagram.com/iFoodBrasil/ target=_blank></a>
<td width=43 style="border-style:none none none none;border-color:#000000;border-width:0px 0px 0px 0px;padding:0px 0px;"><a href=https://www.youtube.com/ifood target=_blank></a></table>
<p style="margin-top:0px;margin-Bottom:0px"></p></table>
<br><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<br><tt><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list<br>
</span></tt><a href=mailto:midPoint@lists.evolveum.com target=_blank><tt><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><tt><span style=" font-size:12pt"><br>
</span></tt><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><tt><span style=" font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><tt><span style=" font-size:12pt"><br>
</span></tt>
<br><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list</span><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=mailto:midPoint@lists.evolveum.com target=_blank><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></a><span style=" font-size:12pt;color:blue"><u><br>
</u></span><a href=https://lists.evolveum.com/mailman/listinfo/midpoint target=_blank><span style=" font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<br><tt><span style=" font-size:12pt">_______________________________________________<br>
midPoint mailing list<br>
</span></tt><a href=mailto:midPoint@lists.evolveum.com><tt><span style=" font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><tt><span style=" font-size:12pt"><br>
</span></tt><a href=https://lists.evolveum.com/mailman/listinfo/midpoint><tt><span style=" font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><tt><span style=" font-size:12pt"><br>
</span></tt><tt><span style=" font-size:10pt">_______________________________________________<br>
midPoint mailing list<br>
midPoint@lists.evolveum.com<br>
</span></tt><a href=https://lists.evolveum.com/mailman/listinfo/midpoint><tt><span style=" font-size:10pt">https://lists.evolveum.com/mailman/listinfo/midpoint</span></tt></a><tt><span style=" font-size:10pt"><br>
</span></tt>
<br>
<br>