<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello Gus,<br>
I analysed log file, but I found nothing relevant. <br>
<br>
Regards,<br>
Lukas Skublik.<br>
</p>
<div class="moz-cite-prefix">On 19. 8. 2020 15:10, Gus Lou wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+XZjGTboaG-bGzK1WTLLYoyv1c2zLf51X6d78q-1pQFB4ZC9Q@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">Hi Lukas<br>
<div><br>
</div>
<div>
<div>I activated the debug level in the midpoint log, but
found nothing relevant.</div>
<div>I attached the log for analysis</div>
<div>Thank you very much</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em qua., 19 de ago. de 2020 às
02:54, Lukas Skublik <<a
href="mailto:lukas.skublik@evolveum.com"
moz-do-not-send="true">lukas.skublik@evolveum.com</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Gus,<br>
can you send me your log file. Maybe you see wrong error
message.</p>
<p>Regards<br>
Lukas Skublik<br>
</p>
<div>On 18. 8. 2020 23:35, Gus Lou wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Alexandre</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Thank you very much
<div><br>
</div>
<div>
<div>I made the modifications suggested by you
and Lukas.</div>
<div>Something is still wrong, after
authenticating with the IdP and returning to
the midpoint I get the message:</div>
<div>Midpoint saml module doesn't receive
response from Identity Provider server ..</div>
<div>The strange thing is that through the
Saml Tracer tool, I can verify that there
was a request and a response.</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Saml Request:</div>
<div><br>
</div>
<div><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2p:AuthnRequest</span> <span style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>
<span style="color:rgb(221,0,169)">AssertionConsumerServiceURL</span>=<span style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
<span style="color:rgb(221,0,169)">Destination</span>=<span style="color:rgb(0,62,170)">"<a href="https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml" target="_blank" moz-do-not-send="true">https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml</a>"</span>
<span style="color:rgb(221,0,169)">ForceAuthn</span>=<span style="color:rgb(0,62,170)">"false"</span>
<span style="color:rgb(221,0,169)">ID</span>=<span style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span style="color:rgb(221,0,169)">IsPassive</span>=<span style="color:rgb(0,62,170)">"false"</span>
<span style="color:rgb(221,0,169)">IssueInstant</span>=<span style="color:rgb(0,62,170)">"2020-08-18T21:14:01.266Z"</span>
<span style="color:rgb(221,0,169)">ProtocolBinding</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span>
<span style="color:rgb(221,0,169)">Version</span>=<span style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:Issuer</span> <span style="color:rgb(221,0,169)">xmlns:saml2</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">sp_midpoint</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2p:NameIDPolicy</span> <span style="color:rgb(221,0,169)">AllowCreate</span>=<span style="color:rgb(0,62,170)">"true"</span>
<span style="color:rgb(221,0,169)">Format</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"</span>
/></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2p:AuthnRequest</span>></span><br>
</div>
<div><br>
</div>
<div>Saml Response:</div>
<div><br>
</div>
<div><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2p:Response</span> <span style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>
<span style="color:rgb(221,0,169)">Destination</span>=<span style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
<span style="color:rgb(221,0,169)">ID</span>=<span style="color:rgb(0,62,170)">"id369598233453735443745710"</span>
<span style="color:rgb(221,0,169)">InResponseTo</span>=<span style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span style="color:rgb(221,0,169)">IssueInstant</span>=<span style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span style="color:rgb(221,0,169)">Version</span>=<span style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:Issuer</span> <span style="color:rgb(221,0,169)">xmlns:saml2</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span style="color:rgb(221,0,169)">Format</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="http://www.okta.com/xxxxxxxxxxx4x6" target="_blank" moz-do-not-send="true">http://www.okta.com/xxxxxxxxxxx4x6</a></span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Signature</span> <span style="color:rgb(221,0,169)">xmlns:ds</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#</a>"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:CanonicalizationMethod</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:SignatureMethod</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Reference</span> <span style="color:rgb(221,0,169)">URI</span>=<span style="color:rgb(0,62,170)">"#id369598233453735443745710"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Transform</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Transform</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:DigestMethod</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/04/xmlenc#sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:Reference</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:Signature</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2p:Status</span> <span style="color:rgb(221,0,169)">xmlns:saml2p</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:protocol"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2p:StatusCode</span> <span style="color:rgb(221,0,169)">Value</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:status:Success"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2p:Status</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:Assertion</span> <span style="color:rgb(221,0,169)">xmlns:saml2</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span style="color:rgb(221,0,169)">ID</span>=<span style="color:rgb(0,62,170)">"id3695982334609027802744130"</span>
<span style="color:rgb(221,0,169)">IssueInstant</span>=<span style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span style="color:rgb(221,0,169)">Version</span>=<span style="color:rgb(0,62,170)">"2.0"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:Issuer</span> <span style="color:rgb(221,0,169)">xmlns:saml2</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span style="color:rgb(221,0,169)">Format</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="http://www.okta.com/xxxxxxxxx4x6" target="_blank" moz-do-not-send="true">http://www.okta.com/xxxxxxxxx4x6</a></span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:Issuer</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Signature</span> <span style="color:rgb(221,0,169)">xmlns:ds</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#</a>"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:CanonicalizationMethod</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:SignatureMethod</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Reference</span> <span style="color:rgb(221,0,169)">URI</span>=<span style="color:rgb(0,62,170)">"#id3695982334609027802744130"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Transform</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank" moz-do-not-send="true">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:Transform</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/10/xml-exc-c14n#</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:Transforms</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:DigestMethod</span> <span style="color:rgb(221,0,169)">Algorithm</span>=<span style="color:rgb(0,62,170)">"<a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank" moz-do-not-send="true">http://www.w3.org/2001/04/xmlenc#sha256</a>"</span> /></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:DigestValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:Reference</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:SignedInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:SignatureValue</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:X509Certificate</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:X509Data</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:KeyInfo</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">ds:Signature</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:Subject</span> <span style="color:rgb(221,0,169)">xmlns:saml2</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:NameID</span> <span style="color:rgb(221,0,169)">Format</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><a href="mailto:john.doe@xyz.net" target="_blank" moz-do-not-send="true">john.doe@xyz.net</a></span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:NameID</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:SubjectConfirmation</span> <span style="color:rgb(221,0,169)">Method</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:cm:bearer"</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:SubjectConfirmationData</span> <span style="color:rgb(221,0,169)">InResponseTo</span>=<span style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
<span style="color:rgb(221,0,169)">NotOnOrAfter</span>=<span style="color:rgb(0,62,170)">"2020-08-18T21:19:02.181Z"</span>
<span style="color:rgb(221,0,169)">Recipient</span>=<span style="color:rgb(0,62,170)">"<a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a>"</span>
/></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:SubjectConfirmation</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:Subject</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:Conditions</span> <span style="color:rgb(221,0,169)">xmlns:saml2</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span style="color:rgb(221,0,169)">NotBefore</span>=<span style="color:rgb(0,62,170)">"2020-08-18T21:09:02.181Z"</span>
<span style="color:rgb(221,0,169)">NotOnOrAfter</span>=<span style="color:rgb(0,62,170)">"2020-08-18T21:19:02.181Z"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:AudienceRestriction</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:Audience</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">okta</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:Audience</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:AudienceRestriction</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:Conditions</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:AuthnStatement</span> <span style="color:rgb(221,0,169)">xmlns:saml2</span>=<span style="color:rgb(0,62,170)">"urn:oasis:names:tc:SAML:2.0:assertion"</span>
<span style="color:rgb(221,0,169)">AuthnInstant</span>=<span style="color:rgb(0,62,170)">"2020-08-18T21:14:02.181Z"</span>
<span style="color:rgb(221,0,169)">SessionIndex</span>=<span style="color:rgb(0,62,170)">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span>
></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:AuthnContext</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"><<span style="color:rgb(0,116,232)">saml2:AuthnContextClassRef</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:AuthnContextClassRef</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:AuthnContext</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:AuthnStatement</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2:Assertion</span>></span><span style="color:rgb(68,68,68);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap">
</span><span style="color:rgb(220,45,37);font-family:Consolas,"Lucida Console",Courier,monospace;font-size:10.6667px;white-space:pre-wrap"></<span style="color:rgb(0,116,232)">saml2p:Response</span>></span></div>
<div><br>
</div>
<div>---------------------------------------------------------------------------------------------</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>Gus</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em ter., 18 de ago. de
2020 às 02:28, Alexandre Zia <<a
href="mailto:alexandre.zia@ifood.com.br"
target="_blank" moz-do-not-send="true">alexandre.zia@ifood.com.br</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>I've just changed a few things, based on your
config, <br>
</div>
<div><br>
</div>
<saml2><br>
<name>oktaidp</name><br>
<description>Enterprise SAML-based SSO
system</description><br>
<network><br>
<readTimeout>10000</readTimeout><br>
<connectTimeout>5000</connectTimeout><br>
</network><br>
<serviceProvider><br>
<entityId>sp_midpoint</entityId><br>
<aliasForPath>okta</aliasForPath><br>
<signRequests>false</signRequests><br>
<wantAssertionsSigned>true</wantAssertionsSigned><br>
<singleLogoutEnabled>true</singleLogoutEnabled><br>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId><br>
<provider><br>
<entityId><a
href="http://www.okta.com/xxxxxxxxxxxx4x6"
target="_blank" moz-do-not-send="true">http://www.okta.com/xxxxxxxxxxxx4x6</a></entityId><br>
<alias>SSO-Okta</alias><br>
<metadata><br>
<xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml><br>
</metadata><br>
<skipSslValidation>false</skipSslValidation><br>
<linkText>Okta</linkText><br>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute><br>
</provider><br>
</serviceProvider><br>
</saml2><br>
<br>
<br>
And your ACS url will be something like this: <a
href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta"
target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</a><br>
<div><br>
</div>
<br>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Aug 17,
2020 at 2:24 PM Gus Lou <<a
href="mailto:gugalou38@gmail.com"
target="_blank" moz-do-not-send="true">gugalou38@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Luca</div>
<div dir="ltr">Thank you very much
for your help. I had not
configured this option yet.
<div>
<div>I did the suggested
configuration, now the link to
the IdP in the midpoint
interface is correct.</div>
<div>But when I click on the
link to the IdP and do the
authentication and get the
reply back to the midpoint I
get an error:</div>
<div><span
style="background-color:rgb(255,255,255)"><font
color="#000000"><span><i>Midpoint
saml module doesn't
receive response from
Identity Provider
server.</i></span><br>
</font></span></div>
<div><span
style="background-color:rgb(255,255,255)"><font
color="#000000"><span
style="box-sizing:border-box;display:inline-block;margin:0px;line-height:1"><i><font
face="Source Sans
Pro, Helvetica Neue,
Helvetica, Arial,
sans-serif"><span
style="font-size:14px">Authentication
failed, and as a
consequence was
restarted
authentication
flow</span></font></i></span></font></span></div>
<div>(probably due to the fact
that the midpoint ACS url in
the IdP is not correct.)</div>
<div><br>
</div>
<div>I need to find out what the
Midpoint Assertion Consumer
Service (ACS) URL is to report
on the IdP.</div>
</div>
<div><br>
</div>
<div>Print Screen after IdP
Authentication failed</div>
<div>
<div><img
src="cid:part25.21E17450.58F24629@evolveum.com"
alt="image.png" class=""
width="541" height="226"><br>
</div>
</div>
<div><br>
</div>
<div>Regards<br>
</div>
<div><br>
</div>
<div>Gus</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em seg., 17 de
ago. de 2020 às 03:18, Lukas Skublik <<a
href="mailto:lukas.skublik@evolveum.com"
target="_blank" moz-do-not-send="true">lukas.skublik@evolveum.com</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Gus,<br>
<br>
you try configure attribute
systemConfiguration/infrastructure/publicHttpUrlPattern
to '<a
href="http://midpoint-02.xyz.net/midpoint"
target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net/midpoint</a>'.<br>
<br>
Regards,<br>
Lukas Skublik<br>
</p>
<div>On 6. 8. 2020 0:00, Gus Lou wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Hi Guys
<div>
<div>Anyone here
already integrated
Midpoint with
Okta's solution to
provide Midpoint
authentication
through the SAML
2.0 protocol?</div>
<div>I created a
free developer
account on Okta
and I am trying to
make the SAML
settings following
the guidelines
below:</div>
<div><br>
</div>
<div><b>Midpoint
Wiki:</b> </div>
<div><a
href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration"
target="_blank"
moz-do-not-send="true">https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</a></div>
<div><br>
</div>
<div><b>Git Example
Security-policy-flexible-authentication:</b> </div>
<div><a
href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml"
target="_blank"
moz-do-not-send="true">https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml</a></div>
<div><br>
</div>
<div><b>Okta Example
- SAML Spring
Security:</b></div>
<div><a
href="https://developer.okta.com/code/java/spring_security_saml/"
target="_blank"
moz-do-not-send="true">https://developer.okta.com/code/java/spring_security_saml/</a></div>
<div><a
href="https://github.com/oktadeveloper/okta-spring-boot-saml-example"
target="_blank"
moz-do-not-send="true">https://github.com/oktadeveloper/okta-spring-boot-saml-example</a></div>
<div><br>
</div>
<div>I understand
that Okta is the
Identity Provider
IdP and Midpoint
is the Service
Provider SP.</div>
<div>After trying to
make the settings
I had some doubts:</div>
<div><br>
</div>
<div>What is the
Midpoint uri that
receives the IdP
response?</div>
<div>What is the
Midpoint url that
I should use to
perform the
authentication of
the IdP (Okta).
Because when I try
to inform an
existing user in
the IdP an error
appears and a
screen with the
link of the IdP
(in this part
there is another
error that I
couldn't solve the
midpoint displays
the internal
address <a
href="https://127.0.0.1/"
target="_blank"
moz-do-not-send="true">https://127.0.0.1/</a></div>
</div>
<div><br>
</div>
<div>Some Informations
from my Lab:</div>
<div><br>
</div>
<div><b>Print-01 Midpoint
- Authentatication
GUI</b> (the user
john.doe, does not
exist at midpoint
but exists at IdP)</div>
<div>
<div><img
src="cid:part33.EC41702E.930F4185@evolveum.com"
alt="image.png"
class=""
width="541"
height="190"><br>
</div>
</div>
<div><br>
</div>
<div><b>Print-02 </b></div>
<div>
<div>After I try to
authenticate, I
get the error
message:</div>
<div><i><u><font
style="background-color:rgb(243,243,243)"
color="#ff0000">Couldn't authenticate user, reason: couldn't encode
password.</font></u></i></div>
</div>
<div>
<div><img
src="cid:part34.D425EF71.62089C82@evolveum.com"
alt="image.png"
class=""
width="541"
height="207"><br>
</div>
</div>
<div><br>
</div>
<div><b>Print-03</b></div>
<div>
<div>The link to the
idp Okta is
displaying the
midpoint's
internal address:</div>
<div><b><font
color="#ff0000"><a
href="http://127.0.0.1:8080/" target="_blank" moz-do-not-send="true">http://127.0.0.1:8080/</a></font></b>midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%<a
href="http://2Fwww.okta.com" target="_blank" moz-do-not-send="true">2Fwww.okta.com</a>%2Fexko4d721K5vASKoJ4x6</div>
<div><br>
</div>
<div>Instead of the
hostname address:</div>
<div><b><font
color="#0000ff"><a
href="http://midpoint-02.xyz.net" target="_blank" moz-do-not-send="true">http://midpoint-02.xyz.net</a></font></b>/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%<a
href="http://2Fwww.okta.com" target="_blank" moz-do-not-send="true">2Fwww.okta.com</a>%2Fexko4d721K5vASKoJ4x6</div>
<div><br>
</div>
<div>I believe it is
some incorrect
configuration on
my reverse proxy -
nginx</div>
</div>
<div>
<div>
<div><img
src="cid:part39.1F31FD8E.A0A52247@evolveum.com"
alt="image.png" class="" width="541" height="178"><br>
</div>
</div>
</div>
<div><br>
</div>
<div><b>Print-04: Okta
IdP SAML
Configuration</b></div>
<div>
<div>Here is my main
question, because
in the fields:</div>
<div>
<ol>
<li>Single sign
on URL</li>
<li>Audience URI
(SP Entity ID)</li>
</ol>
</div>
<div>I need to
report existing
data in Midpoint,
but I'm not sure
where to get this
information.</div>
</div>
<div>
<div><img
src="cid:part40.6259F92F.14C27A40@evolveum.com"
alt="image.png"
class=""
width="541"
height="357"><br>
</div>
</div>
<div>
<div><br>
</div>
</div>
<div>
<div><br>
</div>
</div>
<div><br>
</div>
<div><b>My Security
Policy Config:</b></div>
<div>I made the
settings in the IdP,
generated the
metadata, encoded it
in base 64 and put
it in the Midpoint
settings.<br>
</div>
<div><b><br>
</b></div>
<div>
<div><authentication></div>
<div>
<modules></div>
<div>
<loginForm
id="15"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<description>Internal username/password authentication, default
user password,
login
form</description></div>
<div>
</loginForm></div>
<div>
<saml2
id="16"></div>
<div>
<name>oktaidp</name></div>
<div>
<description>My SAML-based SSO system.</description></div>
<div>
<network></div>
<div>��
<readTimeout>10000</readTimeout></div>
<div>
<connectTimeout>5000</connectTimeout></div>
<div>
</network></div>
<div>
<serviceProvider></div>
<div>
<entityId>sp_midpoint</entityId></div>
<div>
<signRequests>true</signRequests></div>
<div>
<wantAssertionsSigned>true</wantAssertionsSigned></div>
<div>
<singleLogoutEnabled>true</singleLogoutEnabled></div>
<div>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId></div>
<div>
<keys/></div>
<div>
<provider
id="17"></div>
<div>
<entityId><a
href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank"
moz-do-not-send="true">http://www.okta.com/xxxxxxxxxxxx4x6</a></entityId></div>
<div>
<alias>SSO-Okta</alias></div>
<div>
<metadata></div>
<div>
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml></div>
<div>
</metadata></div>
<div>
<skipSslValidation>true</skipSslValidation></div>
<div>
<linkText>Okta</linkText></div>
<div>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding></div>
<div>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute></div>
<div>
</provider></div>
<div>
</serviceProvider></div>
<div>
</saml2></div>
<div>
</modules></div>
<div>
<sequence
id="8"></div>
<div>
<name>admin-gui-default</name></div>
<div>
<description></div>
<div>
Default GUI
authentication
sequence.</div>
<div>
We want to try
company SSO,
federation and
internal. In that
order.</div>
<div>
Just one of then
need to be
successful to let
user in.</div>
<div>
</description></div>
<div>
<channel></div>
<div>
<channelId><a
href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user"
target="_blank"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></div>
<div>
<default>true</default></div>
<div>
<urlSuffix>default</urlSuffix></div>
<div>
</channel></div>
<div>
<module
id="12"></div>
<div>
<name>oktaidp</name></div>
<div>
<order>30</order></div>
<div>
<necessity>sufficient</necessity></div>
<div>
</module></div>
<div>
<module
id="13"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<order>20</order></div>
<div>
<necessity>sufficient</necessity></div>
<div>
</module></div>
<div>
</sequence></div>
<div>
<sequence
id="9"></div>
<div>
<name>admin-gui-emergency</name></div>
<div>
<description></div>
<div>
Special GUI
authentication
sequence that is
using just the
internal user
password.</div>
<div>
It is used only in
emergency. It
allows to skip
SAML
authentication
cycles, e.g. in
case</div>
<div>
that the SAML
authentication is
redirecting the
browser
incorrectly.</div>
<div>
</description></div>
<div>
<channel></div>
<div>
<channelId><a
href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user"
target="_blank"
moz-do-not-send="true">http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</a></channelId></div>
<div>
<default>false</default></div>
<div>
<urlSuffix>emergency</urlSuffix></div>
<div>
</channel></div>
<div>
<requireAssignmentTarget
oid="00000000-0000-0000-0000-000000000004" relation="org:default"
type="c:RoleType"></div>
<div>
<!-- Superuser
--></div>
<div>
</requireAssignmentTarget></div>
<div>
<module
id="14"></div>
<div>
<name>internalLoginForm</name></div>
<div>
<order>30</order></div>
<div>
<necessity>sufficient</necessity></div>
<div>
</module></div>
<div>
</sequence></div>
<div>
</authentication></div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>If anyone has any
suggestions for
solving the problem
I would appreciate
it.<br>
</div>
<div><br>
</div>
<div>Regards</div>
<div><br>
</div>
<div>Gus</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br clear="all">
<br>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<table
style="font-family:arial,sans-serif;font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);color:rgb(0,0,0);font-size:medium"
width="450" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td rowspan="6"
style="font-family:arial,sans-serif;margin:0px"
width="105" valign="top" height="120"
align="right"><a
href="https://www.ifood.com.br/"
style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/iFood_assinatura3.gif"
alt="" moz-do-not-send="true"
width="105" height="110"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px"
height="22">
<div>
<p
style="margin:0px;line-height:18px"><span
style="font-size:14px">Alexandre
R Zia<br>
</span></p>
</div>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px">
<div>
<p
style="margin:0px;line-height:15px"><span
style="line-height:15px"><b>Security</b></span></p>
</div>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18" height="10"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px"
height="10"><br>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px"><br>
</td>
</tr>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="18"><br>
</td>
<td
style="font-family:arial,sans-serif;margin:0px">
<div><a
href="https://www.ifood.com.br/"
style="color:rgb(119,119,119);line-height:16px"
target="_blank"
moz-do-not-send="true">www.ifood.com.br</a></div>
</td>
</tr>
<tr>
<td colspan="2"
style="font-family:arial,sans-serif;margin:0px"
height="35">
<table width="190" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px"
width="12"> </td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://www.facebook.com/iFood?fref=ts"
style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/facebook_2x.png" alt=""
moz-do-not-send="true"
width="32" height="32"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://twitter.com/iFood" style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/twitter_2x.png" alt=""
moz-do-not-send="true"
width="32" height="32"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://www.instagram.com/iFoodBrasil/"
style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/instagram_2x.png" alt=""
moz-do-not-send="true"
width="32" height="32"></a></td>
<td
style="font-family:arial,sans-serif;margin:0px"><a
href="https://www.youtube.com/ifood" style="color:rgb(17,85,204)"
target="_blank"
moz-do-not-send="true"><img
src="https://www.ifood.com.br/nws/assinatura/youtube_2x.png" alt=""
moz-do-not-send="true"
width="32" height="32"></a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table
style="color:rgb(34,34,34);font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);font-size:13px;line-height:normal;font-family:tahoma,geneva,sans-serif"
width="630" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td
style="font-family:arial,sans-serif;margin:0px">
<table width="100%" cellspacing="0"
cellpadding="0" border="0">
</table>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com"
target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a
href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank" moz-do-not-send="true">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank"
moz-do-not-send="true">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="https://lists.evolveum.com/mailman/listinfo/midpoint">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</body>
</html>