<div dir="ltr"><div dir="ltr"><div>Folks</div><div>I really appreciate the help of Lukas and other colleagues, I presented my doubts on this forum because someone could have something similar.</div><div><br></div><div>Regards</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em qui., 20 de ago. de 2020 às 13:50, Radovan Semancik <<a href="mailto:radovan.semancik@evolveum.com">radovan.semancik@evolveum.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Tomas,</p>
<p>SAML client functionality *is* avilable as part of midPoint and
as all the feature is *is* part of midPoint source code.</p>
<p>However, as you certainly know, SAML is a complex protocol. There
are variations and dialects, there are lot of configuration
options. Not every client works with every identity provider. That
may also be the case here. Maybe there is a need for special
configuration. Maybe there is a bug in midPoint code. Maybe there
is a bug or misconfiguration on the identity provider side. Maybe
it is something entirely different. There are just too many
options to consider in a short mail. Lukas has already shown good
will and tried to help. As he indicated, the problem is not
obvious and more time and effort is needed to analyze the issue.
As Martina explained, Lukas does not have that time available for
you as that time is reserved for midPoint subscribers.<br>
</p>
<p>MidPoint is open and free software. You can go ahead and do
pretty much anything that you want with midPoint. MidPoint is
free, but our services are not. If you want to dedicate a time of
one of our engineers to focus on your specific problem then you
have to pay for that time.</p>
<pre cols="72">--
Radovan Semancik
Software Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
<div>On 20. 8. 2020 18:27,
<a href="mailto:tomas.husar@ibask.eu" target="_blank">tomas.husar@ibask.eu</a> wrote:<br>
</div>
<blockquote type="cite">
<span style="font-size:10pt;font-family:sans-serif">Hallo
Martina,<br>
<br>
can I understand to your post in this way, that this feature<i>
(midPoint
is recognising and processing SAML response from external IDM
system) </i> is
not actually available on midpoint git-repository and it needs
analytic
and development effort which goes beyond support covered in this
mailing
list?<br>
<br>
Tomas</span>
<br>
<br>
<br>
<br>
<span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">From:
</span><span style="font-size:9pt;font-family:sans-serif">"Martina
Benckova" <a href="mailto:mbenckova@evolveum.com" target="_blank"><mbenckova@evolveum.com></a></span>
<br>
<span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">To:
</span><span style="font-size:9pt;font-family:sans-serif"><a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a></span>
<br>
<span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">Date:
</span><span style="font-size:9pt;font-family:sans-serif">20.
08. 2020 13:22</span>
<br>
<span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">Subject:
</span><span style="font-size:9pt;font-family:sans-serif">Re:
[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?</span>
<br>
<span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">Sent
by: </span><span style="font-size:9pt;font-family:sans-serif">"midPoint"
<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank"><midpoint-bounces@lists.evolveum.com></a></span>
<br>
<hr noshade>
<br>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Hi Gus,</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Let me join the
communication.</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Lukas tried to
help
you within limited time that he could dedicate to the community.
His main
responsibilities are development activities to make midPoint
even better
for the whole community. Based on this he mainly follows Jira
tickets of
platform subscribers and customers with active product support.</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">On the other hand,
if you would like to engage our team with the issue, and provide
detailed
analysis with possible solution, you might be interested in our
commercial
services. In case of activated a services, we dedicate available
techie
to help our customer with their issues.</span>
<br>
<span style="font-size:12pt;font-family:Arial">We provide
different
services for different purposes.</span>
<br>
<span style="font-size:12pt;font-family:Arial">Would you be
interested?</span>
<br>
<br>
<span style="font-size:10pt;font-family:"Times New Roman"">Best
regards,</span>
<br>
<span style="font-size:10pt;font-family:"Times New Roman""><b>Martina
Benckova</b> | Sales Manager</span>
<br>
<a href="https://evolveum.com/" target="_blank"><img src="cid:1740d456e2c2d1c501e1" style="border: 0px solid;" width="201" height="49"></a>
<br>
<span style="font-size:8pt;font-family:"Times New Roman""><a href="mailto:mbenckova@evolveum.com" target="_blank">mbenckova@evolveum.com</a>
| </span><a href="http://www.evolveum.com" target="_blank"><span style="font-size:8pt;font-family:"Times New Roman"">www.evolveum.com</span></a><span style="font-size:8pt;font-family:"Times New Roman"">
</span>
<br>
<span style="font-size:8pt;font-family:"Times New Roman"">tel: +421
948 940 888</span>
<br>
<a href="https://www.facebook.com/evolveum/" target="_blank"><img src="cid:1740d456e2ce5e29b332" style="border: 0px solid;" width="35" height="34"></a><span style="font-size:8pt;font-family:Arial"> </span><a href="https://www.linkedin.com/company/evolveum" target="_blank"><img src="cid:1740d456e2c11cb006e3" style="border: 0px solid;" width="33" height="33"></a><span style="font-size:8pt;font-family:Arial">
</span><a href="https://twitter.com/Evolveum" target="_blank"><img src="cid:1740d456e2cf15058be4" style="border: 0px solid;" width="34" height="33"></a>
<p style="margin-top:0px;margin-bottom:0px"><span style="font-size:8pt;font-family:"Times New Roman"">Disclaimer:</span></p>
<p style="margin-top:0px;margin-bottom:0px"><span style="font-size:8pt;font-family:"Times New Roman"">The
contents of this e-mail and attachment(s) thereto are
confidential and
intended for the named recipient(s) only. It shall not attach
any liability
on the originator or Evolveum s.r.o. or its affiliates. Any
views or opinions
presented in this email are solely those of the author and may
not necessarily
reflect the opinions of Evolveum s.r.o. or its affiliates. Any
form of
reproduction, dissemination, copying, disclosure,
modification, distribution
and / or publication of this message without the prior written
consent
of the author of this e-mail is strictly prohibited. If you
have received
this email in error please delete it and notify the sender
immediately.</span></p>
<br>
<br>
<hr>
<br>
<span style="font-size:12pt;font-family:Arial"><b>From: </b>"Lukas
Skublik" <a href="mailto:lukas.skublik@evolveum.com" target="_blank"><lukas.skublik@evolveum.com></a><b><br>
To: </b><a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a><b><br>
Sent: </b>Thursday, August 20, 2020 9:37:04 AM<b><br>
Subject: </b>Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP -
Flex-Auth?</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Hello Gus,<br>
I analysed log file, but I found nothing relevant. <br>
<br>
Regards,<br>
Lukas Skublik.</span>
<br>
<span style="font-size:12pt;font-family:Arial">On 19. 8. 2020
15:10,
Gus Lou wrote:</span>
<br>
<span style="font-size:12pt;font-family:Arial">Hi Lukas</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">I activated the
debug
level in the midpoint log, but found nothing relevant.</span>
<br>
<span style="font-size:12pt;font-family:Arial">I attached the log
for analysis</span>
<br>
<span style="font-size:12pt;font-family:Arial">Thank you very
much</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Em qua., 19 de
ago.
de 2020 às 02:54, Lukas Skublik <</span><a href="mailto:lukas.skublik@evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>lukas.skublik@evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial">>
escreveu:</span>
<br>
<span style="font-size:12pt;font-family:Arial">Hello Gus,<br>
can you send me your log file. Maybe you see wrong error
message.</span>
<br>
<span style="font-size:12pt;font-family:Arial">Regards<br>
Lukas Skublik</span>
<br>
<span style="font-size:12pt;font-family:Arial">On 18. 8. 2020
23:35,
Gus Lou wrote:</span>
<br>
<span style="font-size:12pt;font-family:Arial">Hi Alexandre</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Thank you very
much
</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">I made the
modifications
suggested by you and Lukas.</span>
<br>
<span style="font-size:12pt;font-family:Arial">Something is still
wrong, after authenticating with the IdP and returning to the
midpoint
I get the message:</span>
<br>
<span style="font-size:12pt;font-family:Arial">Midpoint saml
module
doesn't receive response from Identity Provider server ..</span>
<br>
<span style="font-size:12pt;font-family:Arial">The strange thing
is
that through the Saml Tracer tool, I can verify that there was a
request
and a response.</span>
<br>
<br>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Saml Request:</span>
<br>
<br>
<span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:AuthnRequest</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2p</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">AssertionConsumerServiceURL</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Destination</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ForceAuthn</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"false"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IsPassive</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"false"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IssueInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:01.266Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ProtocolBinding</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Version</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2.0"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">sp_midpoint</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:NameIDPolicy</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">AllowCreate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"true"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:AuthnRequest</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Saml Response:</span>
<br>
<br>
<span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Response</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2p</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Destination</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"id369598233453735443745710"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">InResponseTo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IssueInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Version</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2.0"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><a href="http://www.okta.com/xxxxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxxxx4x6</u></span></a><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:ds</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:CanonicalizationMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">URI</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"#id369598233453735443745710"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Status</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2p</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:StatusCode</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Value</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:status:Success"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Status</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Assertion</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"id3695982334609027802744130"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IssueInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Version</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2.0"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><a href="http://www.okta.com/xxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxx4x6</u></span></a><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:ds</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:CanonicalizationMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">URI</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"#id3695982334609027802744130"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Subject</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:NameID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><a href="mailto:john.doe@xyz.net" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>john.doe@xyz.net</u></span></a><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:NameID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:SubjectConfirmation</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Method</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:cm:bearer"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:SubjectConfirmationData</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">InResponseTo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">NotOnOrAfter</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Recipient</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:SubjectConfirmation</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Subject</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Conditions</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">NotBefore</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:09:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">NotOnOrAfter</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AudienceRestriction</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Audience</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">okta</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Audience</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AudienceRestriction</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Conditions</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnStatement</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">AuthnInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">SessionIndex</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContext</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContextClassRef</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContextClassRef</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContext</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnStatement</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Assertion</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Response</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">---------------------------------------------------------------------------------------------</span>
<br>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Regards</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Gus</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Em ter., 18 de
ago.
de 2020 às 02:28, Alexandre Zia <</span><a href="mailto:alexandre.zia@ifood.com.br" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>alexandre.zia@ifood.com.br</u></span></a><span style="font-size:12pt;font-family:Arial">>
escreveu:</span>
<br>
<span style="font-size:12pt;font-family:Arial">I've just changed
a
few things, based on your config, </span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><saml2><br>
<name>oktaidp</name><br>
<description>Enterprise SAML-based SSO
system</description><br>
<network><br>
<readTimeout>10000</readTimeout><br>
<connectTimeout>5000</connectTimeout><br>
</network><br>
<serviceProvider><br>
<entityId>sp_midpoint</entityId><br>
<aliasForPath>okta</aliasForPath><br>
<signRequests>false</signRequests><br>
<wantAssertionsSigned>true</wantAssertionsSigned><br>
<singleLogoutEnabled>true</singleLogoutEnabled><br>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId><br>
<provider><br>
<entityId></span><a href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style="font-size:12pt;font-family:Arial"></entityId><br>
<alias>SSO-Okta</alias><br>
<metadata><br>
<xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml><br>
</metadata><br>
<skipSslValidation>false</skipSslValidation><br>
<linkText>Okta</linkText><br>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute><br>
</provider><br>
</serviceProvider><br>
</saml2><br>
<br>
<br>
And your ACS url will be something like this: </span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a>
<br>
<br>
<br>
<br>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">On Mon, Aug 17,
2020
at 2:24 PM Gus Lou <</span><a href="mailto:gugalou38@gmail.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>gugalou38@gmail.com</u></span></a><span style="font-size:12pt;font-family:Arial">>
wrote:</span>
<br>
<span style="font-size:12pt;font-family:Arial">Hi Luca</span>
<br>
<span style="font-size:12pt;font-family:Arial">Thank you very
much
for your help. I had not configured this option yet. </span>
<br>
<span style="font-size:12pt;font-family:Arial">I did the
suggested
configuration, now the link to the IdP in the midpoint interface
is correct.</span>
<br>
<span style="font-size:12pt;font-family:Arial">But when I click
on
the link to the IdP and do the authentication and get the reply
back to
the midpoint I get an error:</span>
<br>
<span style="font-size:12pt;font-family:Arial"><i>Midpoint saml
module
doesn't receive response from Identity Provider server.</i></span>
<br>
<span style="font-size:11pt;font-family:Arial"><i>Authentication
failed,
and as a consequence was restarted authentication flow</i></span>
<br>
<span style="font-size:12pt;font-family:Arial">(probably due to
the
fact that the midpoint ACS url in the IdP is not correct.)</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">I need to find out
what the Midpoint Assertion Consumer Service (ACS) URL is to
report on
the IdP.</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Print Screen after
IdP Authentication failed</span>
<br>
<img src="cid:1740d456e2c699eae05" alt="image.png" style="border: 0px solid;" width="541" height="226">
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Regards</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Gus</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Em seg., 17 de
ago.
de 2020 às 03:18, Lukas Skublik <</span><a href="mailto:lukas.skublik@evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>lukas.skublik@evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial">>
escreveu:</span>
<br>
<span style="font-size:12pt;font-family:Arial">Hello Gus,<br>
<br>
you try configure attribute
systemConfiguration/infrastructure/publicHttpUrlPattern
to '</span><a href="http://midpoint-02.xyz.net/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint-02.xyz.net/midpoint</u></span></a><span style="font-size:12pt;font-family:Arial">'.<br>
<br>
Regards,<br>
Lukas Skublik</span>
<br>
<span style="font-size:12pt;font-family:Arial">On 6. 8. 2020
0:00,
Gus Lou wrote:</span>
<br>
<span style="font-size:12pt;font-family:Arial">Hi Guys </span>
<br>
<span style="font-size:12pt;font-family:Arial">Anyone here
already
integrated Midpoint with Okta's solution to provide Midpoint
authentication
through the SAML 2.0 protocol?</span>
<br>
<span style="font-size:12pt;font-family:Arial">I created a free
developer
account on Okta and I am trying to make the SAML settings
following the
guidelines below:</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>Midpoint Wiki:</b>
</span>
<br>
<a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</u></span></a>
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>Git Example
Security-policy-flexible-authentication:</b>
</span>
<br>
<a href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml</u></span></a>
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>Okta Example -
SAML
Spring Security:</b></span>
<br>
<a href="https://developer.okta.com/code/java/spring_security_saml/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://developer.okta.com/code/java/spring_security_saml/</u></span></a>
<br>
<a href="https://github.com/oktadeveloper/okta-spring-boot-saml-example" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://github.com/oktadeveloper/okta-spring-boot-saml-example</u></span></a>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">I understand that
Okta
is the Identity Provider IdP and Midpoint is the Service
Provider SP.</span>
<br>
<span style="font-size:12pt;font-family:Arial">After trying to
make
the settings I had some doubts:</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">What is the
Midpoint
uri that receives the IdP response?</span>
<br>
<span style="font-size:12pt;font-family:Arial">What is the
Midpoint
url that I should use to perform the authentication of the IdP
(Okta).
Because when I try to inform an existing user in the IdP an
error appears
and a screen with the link of the IdP (in this part there is
another error
that I couldn't solve the midpoint displays the internal address
</span><a href="https://127.0.0.1/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://127.0.0.1/</u></span></a>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Some Informations
from
my Lab:</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>Print-01
Midpoint
- Authentatication GUI</b> (the user john.doe, does not exist
at midpoint
but exists at IdP)</span>
<br>
<img src="cid:1740d456e2cdbaa880b6" alt="image.png" style="border: 0px solid;" width="541" height="190">
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>Print-02 </b></span>
<br>
<span style="font-size:12pt;font-family:Arial">After I try to
authenticate,
I get the error message:</span>
<br>
<span style="font-size:12pt;color:red;font-family:Arial"><i><u>Couldn't
authenticate user, reason: couldn't encode password.</u></i></span>
<br>
<img src="cid:1740d456e2cb464eee67" alt="image.png" style="border: 0px solid;" width="541" height="207">
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>Print-03</b></span>
<br>
<span style="font-size:12pt;font-family:Arial">The link to the
idp
Okta is displaying the midpoint's internal address:</span>
<br>
<a href="http://127.0.0.1:8080/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><b><u>http://127.0.0.1:8080/</u></b></span></a><span style="font-size:12pt;font-family:Arial">midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href="http://2fwww.okta.com/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>2Fwww.okta.com</u></span></a><span style="font-size:12pt;font-family:Arial">%2Fexko4d721K5vASKoJ4x6</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Instead of the
hostname
address:</span>
<br>
<a href="http://midpoint-02.xyz.net/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><b><u>http://midpoint-02.xyz.net</u></b></span></a><span style="font-size:12pt;font-family:Arial">/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href="http://2fwww.okta.com/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>2Fwww.okta.com</u></span></a><span style="font-size:12pt;font-family:Arial">%2Fexko4d721K5vASKoJ4x6</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">I believe it is
some
incorrect configuration on my reverse proxy - nginx</span>
<br>
<img src="cid:1740d456e2c50c3e8e58" alt="image.png" style="border: 0px solid;" width="541" height="178">
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>Print-04: Okta
IdP
SAML Configuration</b></span>
<br>
<span style="font-size:12pt;font-family:Arial">Here is my main
question,
because in the fields:</span>
<ol>
<li value="1"><span style="font-size:12pt;font-family:Arial">Single
sign
on URL</span>
</li>
<li value="2"><span style="font-size:12pt;font-family:Arial">Audience
URI
(SP Entity ID)</span></li>
</ol>
<span style="font-size:12pt;font-family:Arial">I
need to report existing data in Midpoint, but I'm not sure where
to get
this information.</span>
<br>
<img src="cid:1740d456e2c37b63ba69" alt="image.png" style="border: 0px solid;" width="541" height="357">
<br>
<br>
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><b>My Security
Policy
Config:</b></span>
<br>
<span style="font-size:12pt;font-family:Arial">I made the
settings
in the IdP, generated the metadata, encoded it in base 64 and
put it in
the Midpoint settings.</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial"><authentication></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<modules></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<loginForm id="15"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<name>internalLoginForm</name></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<description>Internal username/password
authentication, default user password, login
form</description></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</loginForm></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<saml2 id="16"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<name>oktaidp</name></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<description>My SAML-based SSO
system.</description></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<network></span>
<br>
<span style="font-size:12pt;font-family:Arial">��
<readTimeout>10000</readTimeout></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<connectTimeout>5000</connectTimeout></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</network></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<serviceProvider></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<entityId>sp_midpoint</entityId></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<signRequests>true</signRequests></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<wantAssertionsSigned>true</wantAssertionsSigned></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<singleLogoutEnabled>true</singleLogoutEnabled></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId></span><br>
<span style="font-size:12pt;font-family:Arial">
<keys/></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<provider id="17"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<entityId></span><a href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style="font-size:12pt;font-family:Arial"></entityId></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<alias>SSO-Okta</alias></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<metadata></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</metadata></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<skipSslValidation>true</skipSslValidation></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<linkText>Okta</linkText></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding></span><br>
<span style="font-size:12pt;font-family:Arial">
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</provider></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</serviceProvider></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</saml2></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</modules></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<sequence id="8"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<name>admin-gui-default</name></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<description></span>
<br>
<span style="font-size:12pt;font-family:Arial">
Default GUI authentication sequence.</span>
<br>
<span style="font-size:12pt;font-family:Arial">
We want to try company SSO, federation
and internal. In that order.</span>
<br>
<span style="font-size:12pt;font-family:Arial">
Just one of then need to be successful
to let user in.</span>
<br>
<span style="font-size:12pt;font-family:Arial">
</description></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<channel></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style="font-size:12pt;font-family:Arial"></channelId></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<default>true</default></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<urlSuffix>default</urlSuffix></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</channel></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<module id="12"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<name>oktaidp</name></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<order>30</order></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<necessity>sufficient</necessity></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</module></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<module id="13"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<name>internalLoginForm</name></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<order>20</order></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<necessity>sufficient</necessity></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</module></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</sequence></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<sequence id="9"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<name>admin-gui-emergency</name></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<description></span>
<br>
<span style="font-size:12pt;font-family:Arial">
Special GUI authentication sequence
that is using just the internal user password.</span>
<br>
<span style="font-size:12pt;font-family:Arial">
It is used only in emergency. It allows
to skip SAML authentication cycles, e.g. in case</span>
<br>
<span style="font-size:12pt;font-family:Arial">
that the SAML authentication is redirecting
the browser incorrectly.</span>
<br>
<span style="font-size:12pt;font-family:Arial">
</description></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<channel></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style="font-size:12pt;font-family:Arial"></channelId></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<default>false</default></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<urlSuffix>emergency</urlSuffix></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</channel></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<requireAssignmentTarget
oid="00000000-0000-0000-0000-000000000004"
relation="org:default" type="c:RoleType"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<!-- Superuser --></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</requireAssignmentTarget></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<module id="14"></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<name>internalLoginForm</name></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<order>30</order></span>
<br>
<span style="font-size:12pt;font-family:Arial">
<necessity>sufficient</necessity></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</module></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</sequence></span>
<br>
<span style="font-size:12pt;font-family:Arial">
</authentication></span>
<br>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">If anyone has any
suggestions
for solving the problem I would appreciate it.</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Regards</span>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">Gus</span>
<br>
<br>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list<br>
</span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial"><br>
</span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt;font-family:Arial"><br>
</span>
<br>
<span style="font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<span style="font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<span style="font-size:12pt;font-family:Arial"><br>
<br>
-- </span>
<table style="border-collapse:collapse" width="450">
<tbody>
<tr height="8">
<td rowspan="6" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="174" valign="top" bgcolor="white">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="29" bgcolor="white">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="245" bgcolor="white"><span style="font-size:11pt;font-family:Arial">Alexandre
R Zia</span>
</td>
</tr>
<tr height="8">
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="29" bgcolor="white">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="245" bgcolor="white"><span style="font-size:12pt;font-family:Arial"><b>Security</b></span>
</td>
</tr>
<tr height="8">
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="29" bgcolor="white">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="245" bgcolor="white">
<br>
</td>
</tr>
<tr height="8">
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="29" bgcolor="white">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="245" bgcolor="white">
<br>
</td>
</tr>
<tr height="8">
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="29" bgcolor="white">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="245" bgcolor="white"><a href="https://www.ifood.com.br/" target="_blank"><span style="font-size:12pt;color:rgb(128,128,128);font-family:Arial"><u>www.ifood.com.br</u></span></a>
</td>
</tr>
<tr height="8">
<td colspan="2" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="275" bgcolor="white">
<table style="border-collapse:collapse" width="190">
<tbody>
<tr height="8">
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="16"><span style="font-size:12pt;font-family:Arial"> </span>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="43">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="43">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="43">
<br>
</td>
<td style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:0px" width="43"><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<br>
<span style="font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list<br>
</span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial"><br>
</span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt;font-family:Arial"><br>
</span>
<br>
<span style="font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a>
<br>
<br>
<span style="font-size:12pt;font-family:Arial">_______________________________________________<br>
midPoint mailing list<br>
</span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial"><br>
</span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt;font-family:Arial"><br>
</span>
<br>
<span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
</span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;font-family:Arial">https://lists.evolveum.com/mailman/listinfo/midpoint</span></a><tt><span style="font-size:10pt">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
</span></tt><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><tt><span style="font-size:10pt">https://lists.evolveum.com/mailman/listinfo/midpoint</span></tt></a><tt><span style="font-size:10pt"><br>
</span></tt>
<br>
<span style="font-size:10pt;font-family:sans-serif">[attachment
"evolveum
logo.png" deleted by Tomas Husar/Ibacz/cz] [attachment
"Facebook.png"
deleted by Tomas Husar/Ibacz/cz] [attachment "LinkedIn.png"
deleted
by Tomas Husar/Ibacz/cz] [attachment "Twitter.png" deleted by
Tomas Husar/Ibacz/cz] </span>
<br>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>