<div dir="ltr">Hello,<div><br></div><div>I am also experiencing some unnecessary friction configuring SAML authentication.</div><div>The flexible authentication is a very complete and very well documented feature, but it is missing the process to generate the SAML SP Metadata. I opened the jira issue MID-7026 (<a href="https://jira.evolveum.com/browse/MID-7026">https://jira.evolveum.com/browse/MID-7026</a>) before I found the fix by myself with some guessing.</div><div><br></div><div>You can generate the SP Metadata using the following URL : https://<midpoint-host>/midpoint/auth/<authentication sequence urlSuffix>/<SAML2 module name>/metadata</div><div><br></div><div>-Frederic</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 21, 2020 at 11:46 AM <<a href="mailto:tomas.husar@ibask.eu">tomas.husar@ibask.eu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="font-size:10pt;font-family:sans-serif">Thank you Radovan
for response,<br>
<br>
I appreciated that midPoint is opensource and this SAML client functionality
is there.<br>
<br>
You are absolutely right that SAML is rather complex, first days when i
start to study it i just drawn archimate pictures because I tried to uderstand
which entityID belongs to IDP and which to SP, who is Issuer and
who consumer.<br>
Next thing was that our SAML authority uses mixured properties names and
sometimes i had to use old properties convention, and sometimes new one<br>
<br>
</span>
<br><span style="font-size:10pt;font-family:sans-serif">t<i>omas@4a9c4a32f364
: /etc/cas/saml$ cas.prop.exist idp.entity</i></span>
<br><span style="font-size:10pt;font-family:sans-serif"><i>cas.authn.saml-idp.<b>entity-id</b></i><i>=casEntityID</i></span>
<br><span style="font-size:10pt;font-family:sans-serif"><i>cas.authn.saml-idp.<b>entityId</b></i><i>=<a href="http://192.168.56.101/cassId2" target="_blank">192.168.56.101/cassId2</a></i></span>
<br><span style="font-size:10pt;font-family:sans-serif"><i>#cas.authn.<b>samlIdp</b></i><i>.entityId=</i></span><a href="http://192.168.56.101/midpoint" target="_blank"><span style="font-size:10pt;color:blue;font-family:sans-serif"><i>http://192.168.56.101/midpoint</i></span></a>
<br><span style="font-size:10pt;font-family:sans-serif"><i>cas.authn.samlIdp.entityId=<a href="http://192.168.56.101/cassId3" target="_blank">192.168.56.101/cassId3</a></i></span>
<br>
<br><span style="font-size:10pt;font-family:sans-serif"><i>tomas@4a9c4a32f364
: /etc/cas/saml$ cas.prop.exist issuer</i></span>
<br><span style="font-size:10pt;font-family:sans-serif"><i>cas.<b>saml-core</b></i><i>.issuer=casEntityID</i></span>
<br><span style="font-size:10pt;font-family:sans-serif"><i>cas.<b>samlCore</b></i><i>.issuer=<a href="http://192.168.56.101/cassI3" target="_blank">192.168.56.101/cassI3</a></i></span>
<br><span style="font-size:10pt;font-family:sans-serif"><i>cas.<b>samlResponse</b></i><i>.issuer=<a href="http://192.168.56.101/cassI4" target="_blank">192.168.56.101/cassI4</a></i></span>
<br><span style="font-size:10pt;font-family:sans-serif"><i>cas.s<b>aml.response</b></i><i>.issuer=casEntityID</i></span>
<br>
<br>
<br><span style="font-size:10pt;font-family:sans-serif">Finally the communication
was established and now I have to manage the process of receiving the response
on the side of midPoint. And what is for me couriouse, is that IDP EntityId
which was well known for midpoint during generating "</span><span style="font-size:12pt;color:rgb(47,47,47);font-family:"Segoe UI"">PageSamlSelect</span><span style="font-size:10pt;font-family:sans-serif">"
is unknown in process of filtering the response.<br>
<br>
Now I am reading your open sources I am hoping will find why it happened.
Yours code is very well structured and I am able to understand to it much
more better then to code of Appereo CAS. You know I am not coder, i just
read the code and in this case I apreciate that you developers use all
best practices in structuring and naming classes.<br>
<br>
I hope I will find the fine solution for combo Midpoint with Apereo CAS
as IDP<br>
<br>
Tomas</span>
<br>
<br>
<br>
<br><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">From:
</span><span style="font-size:9pt;font-family:sans-serif">"Radovan
Semancik" <<a href="mailto:radovan.semancik@evolveum.com" target="_blank">radovan.semancik@evolveum.com</a>></span>
<br><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">To:
</span><span style="font-size:9pt;font-family:sans-serif"><a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a></span>
<br><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">Date:
</span><span style="font-size:9pt;font-family:sans-serif">20.
08. 2020 18:50</span>
<br><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">Subject:
</span><span style="font-size:9pt;font-family:sans-serif">Re:
[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?</span>
<br><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif">Sent
by: </span><span style="font-size:9pt;font-family:sans-serif">"midPoint"
<<a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank">midpoint-bounces@lists.evolveum.com</a>></span>
<br>
<hr noshade>
<br>
<br>
<br><span style="font-size:12pt">Hello Tomas,</span>
<br><span style="font-size:12pt">SAML client functionality *is* avilable
as part of midPoint and as all the feature is *is* part of midPoint source
code.</span>
<br><span style="font-size:12pt">However, as you certainly know, SAML
is a complex protocol. There are variations and dialects, there are lot
of configuration options. Not every client works with every identity provider.
That may also be the case here. Maybe there is a need for special configuration.
Maybe there is a bug in midPoint code. Maybe there is a bug or misconfiguration
on the identity provider side. Maybe it is something entirely different.
There are just too many options to consider in a short mail. Lukas has
already shown good will and tried to help. As he indicated, the problem
is not obvious and more time and effort is needed to analyze the issue.
As Martina explained, Lukas does not have that time available for you as
that time is reserved for midPoint subscribers.</span>
<br><span style="font-size:12pt">MidPoint is open and free software. You
can go ahead and do pretty much anything that you want with midPoint. MidPoint
is free, but our services are not. If you want to dedicate a time of one
of our engineers to focus on your specific problem then you have to pay
for that time.</span>
<br><tt><span style="font-size:12pt">-- <br>
Radovan Semancik<br>
Software Architect<br>
<a href="http://evolveum.com" target="_blank">evolveum.com</a><br>
<br>
</span></tt>
<br><span style="font-size:12pt">On 20. 8. 2020 18:27, </span><a href="mailto:tomas.husar@ibask.eu" target="_blank"><span style="font-size:12pt;color:blue"><u>tomas.husar@ibask.eu</u></span></a><span style="font-size:12pt">
wrote:</span>
<br><span style="font-size:10pt;font-family:sans-serif">Hallo Martina,<br>
<br>
can I understand to your post in this way, that this feature<i> (midPoint
is recognising and processing SAML response from external IDM system) </i> is
not actually available on midpoint git-repository and it needs analytic
and development effort which goes beyond support covered in this mailing
list?<br>
<br>
Tomas</span><span style="font-size:12pt"> <br>
<br>
<br>
</span><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif"><br>
From: </span><span style="font-size:9pt;font-family:sans-serif">"Martina
Benckova" </span><a href="mailto:mbenckova@evolveum.com" target="_blank"><span style="font-size:9pt;color:blue;font-family:sans-serif"><u><mbenckova@evolveum.com></u></span></a><span style="font-size:12pt">
</span><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif"><br>
To: </span><a href="mailto:midpoint@lists.evolveum.com" target="_blank"><span style="font-size:9pt;color:blue;font-family:sans-serif"><u>midpoint@lists.evolveum.com</u></span></a><span style="font-size:12pt">
</span><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif"><br>
Date: </span><span style="font-size:9pt;font-family:sans-serif">20.
08. 2020 13:22</span><span style="font-size:12pt"> </span><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif"><br>
Subject: </span><span style="font-size:9pt;font-family:sans-serif">Re:
[midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?</span><span style="font-size:12pt">
</span><span style="font-size:9pt;color:rgb(95,95,95);font-family:sans-serif"><br>
Sent by: </span><span style="font-size:9pt;font-family:sans-serif">"midPoint"
</span><a href="mailto:midpoint-bounces@lists.evolveum.com" target="_blank"><span style="font-size:9pt;color:blue;font-family:sans-serif"><u><midpoint-bounces@lists.evolveum.com></u></span></a><span style="font-size:12pt">
<br>
</span>
<hr noshade><span style="font-size:12pt"><br>
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Hi Gus,</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Let me join the communication.</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Lukas tried to help you within limited time that he could dedicate to the
community. His main responsibilities are development activities to make
midPoint even better for the whole community. Based on this he mainly follows
Jira tickets of platform subscribers and customers with active product
support.</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
On the other hand, if you would like to engage our team with the issue,
and provide detailed analysis with possible solution, you might be interested
in our commercial services. In case of activated a services, we dedicate
available techie to help our customer with their issues.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
We provide different services for different purposes.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Would you be interested?</span><span style="font-size:12pt"> <br>
</span><span style="font-size:10pt;font-family:"Times New Roman""><br>
Best regards,</span><span style="font-size:12pt"> </span><span style="font-size:10pt;font-family:"Times New Roman""><b><br>
Martina Benckova</b> | Sales Manager</span><span style="font-size:12pt">
</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://evolveum.com/" target="_blank"><img src="cid:179322abf80c204bfcc1" width="201" height="49" style="border: 0px solid;"></a><span style="font-size:8pt;color:blue;font-family:"Times New Roman""><u><br>
</u></span><a href="mailto:mbenckova@evolveum.com" target="_blank"><span style="font-size:8pt;color:blue;font-family:"Times New Roman""><u>mbenckova@evolveum.com</u></span></a><span style="font-size:8pt;font-family:"Times New Roman"">
| </span><a href="http://www.evolveum.com" target="_blank"><span style="font-size:8pt;color:blue;font-family:"Times New Roman""><u>www.evolveum.com</u></span></a><span style="font-size:8pt;font-family:"Times New Roman"">
<br>
tel: +421 948 940 888</span><span style="font-size:12pt"> </span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://www.facebook.com/evolveum/" target="_blank"><img src="cid:179322abf81c204bfcc2" width="35" height="34" style="border: 0px solid;"></a><span style="font-size:8pt;font-family:Arial"> </span><a href="https://www.linkedin.com/company/evolveum" target="_blank"><img src="cid:179322abf81c204bfcc3" width="33" height="33" style="border: 0px solid;"></a><span style="font-size:8pt;font-family:Arial">
</span><a href="https://twitter.com/Evolveum" target="_blank"><img src="cid:179322abf81c204bfcc4" width="34" height="33" style="border: 0px solid;"></a>
<p style="margin-top:0px;margin-bottom:0px"><span style="font-size:8pt;font-family:"Times New Roman"">Disclaimer:</span></p>
<p style="margin-top:0px;margin-bottom:0px"><span style="font-size:8pt;font-family:"Times New Roman"">The
contents of this e-mail and attachment(s) thereto are confidential and
intended for the named recipient(s) only. It shall not attach any liability
on the originator or Evolveum s.r.o. or its affiliates. Any views or opinions
presented in this email are solely those of the author and may not necessarily
reflect the opinions of Evolveum s.r.o. or its affiliates. Any form of
reproduction, dissemination, copying, disclosure, modification, distribution
and / or publication of this message without the prior written consent
of the author of this e-mail is strictly prohibited. If you have received
this email in error please delete it and notify the sender immediately.</span></p>
<br><span style="font-size:12pt"><br>
<br>
</span>
<hr><span style="font-size:12pt;font-family:Arial"><b><br>
From: </b>"Lukas Skublik" </span><a href="mailto:lukas.skublik@evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u><lukas.skublik@evolveum.com></u></span></a><span style="font-size:12pt;font-family:Arial"><b><br>
To: </b></span><a href="mailto:midpoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midpoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial"><b><br>
Sent: </b>Thursday, August 20, 2020 9:37:04 AM<b><br>
Subject: </b>Re: [midPoint] Midpoint - SAML 2.0 - Okta IdP - Flex-Auth?</span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Hello Gus,<br>
I analysed log file, but I found nothing relevant. <br>
<br>
Regards,<br>
Lukas Skublik.</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
On 19. 8. 2020 15:10, Gus Lou wrote:</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Hi Lukas</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
I activated the debug level in the midpoint log, but found nothing relevant.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
I attached the log for analysis</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
Thank you very much</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Em qua., 19 de ago. de 2020 às 02:54, Lukas Skublik <</span><a href="mailto:lukas.skublik@evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>lukas.skublik@evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial">>
escreveu:</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
Hello Gus,<br>
can you send me your log file. Maybe you see wrong error message.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Regards<br>
Lukas Skublik</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
On 18. 8. 2020 23:35, Gus Lou wrote:</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Hi Alexandre</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Thank you very much </span><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><br>
I made the modifications suggested by you and Lukas.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Something is still wrong, after authenticating with the IdP and returning
to the midpoint I get the message:</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Midpoint saml module doesn't receive response from Identity Provider server
..</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
The strange thing is that through the Saml Tracer tool, I can verify that
there was a request and a response.</span><span style="font-size:12pt">
<br>
<br>
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Saml Request:</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><br>
<</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:AuthnRequest</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2p</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">AssertionConsumerServiceURL</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Destination</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>https://dev-601301.okta.com/app/xyzdev601301_midpoint_1/xxxxxx4x6/sso/saml</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ForceAuthn</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"false"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IsPassive</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"false"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IssueInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:01.266Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ProtocolBinding</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Version</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2.0"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">sp_midpoint</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:NameIDPolicy</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">AllowCreate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"true"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:AuthnRequest</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Saml Response:</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><br>
<</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Response</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2p</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Destination</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"id369598233453735443745710"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">InResponseTo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IssueInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Version</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2.0"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><a href="http://www.okta.com/xxxxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxxxx4x6</u></span></a><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:ds</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:CanonicalizationMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">URI</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"#id369598233453735443745710"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">eOe03vp5gwQQ/4RERzhnfkVpxbxfb8Ek0OQHbyNXcL4=</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">Opuurv0kgPnDHbxXpe2wzDhDJs6tGoRrHLc+XwIUpxtyLxwh+/4QBPmanZUWepBygLOM223ql7vfpD6e37Zr1iWNAA7Dub9Dc2HIo8igDB1i7wRSvJGWaX+BZLc8mF+CQ9jLT3vinalejcfGicVOS06CygG3ztb7QlBZJmj</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Status</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2p</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:protocol"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:StatusCode</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Value</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:status:Success"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Status</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Assertion</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">ID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"id3695982334609027802744130"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">IssueInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Version</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2.0"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:entity"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><a href="http://www.okta.com/xxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.okta.com/xxxxxxxxx4x6</u></span></a><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Issuer</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:ds</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:CanonicalizationMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">URI</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"#id3695982334609027802744130"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2000/09/xmldsig#enveloped-signature</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transform</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/10/xml-exc-c14n#</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Transforms</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestMethod</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Algorithm</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://www.w3.org/2001/04/xmlenc#sha256</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">g8vVhT6anU1xJOXQH9IrsOIpWG1YZN9GVIWFXVd9zFk=</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:DigestValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Reference</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignedInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">nFK/0DyI7SpavUD3FPdr7BU1wSMIJl3NR4efPDKfZeZMhPGOX3lurD5lHSceulzGLcZbsOmPnEn1pLsFCOefihVC/SmkNNBHB/uCbKdrgmcQ4Q+xuBEuoUXopG80Xx3sMWZa0lSRAgAcM0sJb6EynmyifxBJ4n0/P9/ANIH</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:SignatureValue</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">MIIDpDCCAoygAwIBAgIGAXOn7be0MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
DY2IxhhuxGPHLqFT/YfO/RmJd9keXfM9lIiJl1+9N8eFskiMwUlV0RriPU9GEGt2fJRZxZqw/c7A
9u92XgEJLCIVs0onGbhUfoI5r702fcEM</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Certificate</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:X509Data</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:KeyInfo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">ds:Signature</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Subject</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:NameID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Format</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><a href="mailto:john.doe@xyz.net" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>john.doe@xyz.net</u></span></a><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:NameID</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:SubjectConfirmation</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Method</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:cm:bearer"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:SubjectConfirmationData</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">InResponseTo</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">NotOnOrAfter</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">Recipient</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Consolas"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
/></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:SubjectConfirmation</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Subject</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Conditions</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">NotBefore</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:09:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">NotOnOrAfter</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:19:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AudienceRestriction</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Audience</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">okta</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Audience</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AudienceRestriction</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Conditions</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnStatement</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">xmlns:saml2</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"urn:oasis:names:tc:SAML:2.0:assertion"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">AuthnInstant</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"2020-08-18T21:14:02.181Z"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(223,0,127);font-family:Consolas">SessionIndex</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">=</span><span style="font-size:12pt;color:rgb(0,65,194);font-family:Consolas">"ARQ271eea6-dbee-4ff2-9bc7-d119aa71b00b"</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">
></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContext</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"><</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContextClassRef</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContextClassRef</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnContext</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:AuthnStatement</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2:Assertion</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt;color:rgb(79,79,79);font-family:Consolas">
</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas"></</span><span style="font-size:12pt;color:rgb(0,98,225);font-family:Consolas">saml2p:Response</span><span style="font-size:12pt;color:rgb(224,31,37);font-family:Consolas">></span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
---------------------------------------------------------------------------------------------</span><span style="font-size:12pt">
<br>
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Regards</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Gus</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Em ter., 18 de ago. de 2020 às 02:28, Alexandre Zia <</span><a href="mailto:alexandre.zia@ifood.com.br" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>alexandre.zia@ifood.com.br</u></span></a><span style="font-size:12pt;font-family:Arial">>
escreveu:</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
I've just changed a few things, based on your config, </span><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><br>
<saml2><br>
<name>oktaidp</name><br>
<description>Enterprise SAML-based SSO system</description><br>
<network><br>
<readTimeout>10000</readTimeout><br>
<connectTimeout>5000</connectTimeout><br>
</network><br>
<serviceProvider><br>
<entityId>sp_midpoint</entityId><br>
<aliasForPath>okta</aliasForPath><br>
<signRequests>false</signRequests><br>
<wantAssertionsSigned>true</wantAssertionsSigned><br>
<singleLogoutEnabled>true</singleLogoutEnabled><br>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</nameId><br>
<provider><br>
<entityId></span><a href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style="font-size:12pt;font-family:Arial"></entityId><br>
<alias>SSO-Okta</alias><br>
<metadata><br>
<xml>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</xml><br>
</metadata><br>
<skipSslValidation>false</skipSslValidation><br>
<linkText>Okta</linkText><br>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute><br>
</provider><br>
</serviceProvider><br>
</saml2><br>
<br>
<br>
And your ACS url will be something like this: </span><a href="http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint-02.xyz.net/midpoint/auth/default/oktaidp/SSO/alias/okta</u></span></a><span style="font-size:12pt">
<br>
<br>
<br>
<br>
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
On Mon, Aug 17, 2020 at 2:24 PM Gus Lou <</span><a href="mailto:gugalou38@gmail.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>gugalou38@gmail.com</u></span></a><span style="font-size:12pt;font-family:Arial">>
wrote:</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
Hi Luca</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
Thank you very much for your help. I had not configured this option yet.
<br>
I did the suggested configuration, now the link to the IdP in the midpoint
interface is correct.</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
But when I click on the link to the IdP and do the authentication and get
the reply back to the midpoint I get an error:</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><i><br>
Midpoint saml module doesn't receive response from Identity Provider server.</i></span><span style="font-size:12pt">
</span><span style="font-size:11pt;font-family:Arial"><i><br>
Authentication failed, and as a consequence was restarted authentication
flow</i></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
(probably due to the fact that the midpoint ACS url in the IdP is not correct.)</span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
I need to find out what the Midpoint Assertion Consumer Service (ACS) URL
is to report on the IdP.</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Print Screen after IdP Authentication failed</span><span style="font-size:12pt">
<br>
</span><img src="cid:179322abf81c204bfcc5" width="541" height="226" alt="image.png" style="border: 0px solid;"><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Regards</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Gus</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Em seg., 17 de ago. de 2020 às 03:18, Lukas Skublik <</span><a href="mailto:lukas.skublik@evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>lukas.skublik@evolveum.com</u></span></a><span style="font-size:12pt;font-family:Arial">>
escreveu:</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
Hello Gus,<br>
<br>
you try configure attribute systemConfiguration/infrastructure/publicHttpUrlPattern
to '</span><a href="http://midpoint-02.xyz.net/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint-02.xyz.net/midpoint</u></span></a><span style="font-size:12pt;font-family:Arial">'.<br>
<br>
Regards,<br>
Lukas Skublik</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
On 6. 8. 2020 0:00, Gus Lou wrote:</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Hi Guys <br>
Anyone here already integrated Midpoint with Okta's solution to provide
Midpoint authentication through the SAML 2.0 protocol?</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
I created a free developer account on Okta and I am trying to make the
SAML settings following the guidelines below:</span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
Midpoint Wiki:</b> </span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://wiki.evolveum.com/display/midPoint/Flexible+Authentication+Configuration</u></span></a><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
Git Example Security-policy-flexible-authentication:</b> </span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://github.com/Evolveum/midpoint-samples/blob/master/samples/policy/security/security-policy-flexible-authentication.xml</u></span></a><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
Okta Example - SAML Spring Security:</b></span><span style="font-size:12pt">
</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://developer.okta.com/code/java/spring_security_saml/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://developer.okta.com/code/java/spring_security_saml/</u></span></a><span style="font-size:12pt">
</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://github.com/oktadeveloper/okta-spring-boot-saml-example" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://github.com/oktadeveloper/okta-spring-boot-saml-example</u></span></a><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
I understand that Okta is the Identity Provider IdP and Midpoint is the
Service Provider SP.</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
After trying to make the settings I had some doubts:</span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
What is the Midpoint uri that receives the IdP response?</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
What is the Midpoint url that I should use to perform the authentication
of the IdP (Okta). Because when I try to inform an existing user in the
IdP an error appears and a screen with the link of the IdP (in this part
there is another error that I couldn't solve the midpoint displays the
internal address </span><a href="https://127.0.0.1/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://127.0.0.1/</u></span></a><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Some Informations from my Lab:</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
Print-01 Midpoint - Authentatication GUI</b> (the user john.doe, does not
exist at midpoint but exists at IdP)</span><span style="font-size:12pt">
<br>
</span><img src="cid:179322abf81c204bfcc6" width="541" height="190" alt="image.png" style="border: 0px solid;"><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
Print-02 </b><br>
After I try to authenticate, I get the error message:</span><span style="font-size:12pt">
</span><span style="font-size:12pt;color:red;font-family:Arial"><i><u><br>
Couldn't authenticate user, reason: couldn't encode password.</u></i></span><span style="font-size:12pt">
<br>
</span><img src="cid:179322abf81c204bfcc7" width="541" height="207" alt="image.png" style="border: 0px solid;"><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
Print-03</b></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
The link to the idp Okta is displaying the midpoint's internal address:</span><span style="font-size:12pt">
</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="http://127.0.0.1:8080/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><b><u>http://127.0.0.1:8080/</u></b></span></a><span style="font-size:12pt;font-family:Arial">midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href="http://2fwww.okta.com/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>2Fwww.okta.com</u></span></a><span style="font-size:12pt;font-family:Arial">%2Fexko4d721K5vASKoJ4x6</span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Instead of the hostname address:</span><span style="font-size:12pt"> </span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="http://midpoint-02.xyz.net/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><b><u>http://midpoint-02.xyz.net</u></b></span></a><span style="font-size:12pt;font-family:Arial">/midpoint/auth/default/oktaidp/discovery?idp=http%3A%2F%</span><a href="http://2fwww.okta.com/" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>2Fwww.okta.com</u></span></a><span style="font-size:12pt;font-family:Arial">%2Fexko4d721K5vASKoJ4x6</span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
I believe it is some incorrect configuration on my reverse proxy - nginx</span><span style="font-size:12pt">
<br>
</span><img src="cid:179322abf81c204bfcc8" width="541" height="178" alt="image.png" style="border: 0px solid;"><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
Print-04: Okta IdP SAML Configuration</b></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Here is my main question, because in the fields:</span><span style="font-size:12pt">
</span>
<ol>
<li value="1"><span style="font-size:12pt;font-family:Arial">Single sign
on URL</span><span style="font-size:12pt"> </span>
</li><li value="2"><span style="font-size:12pt;font-family:Arial">Audience URI
(SP Entity ID)</span></li></ol><span style="font-size:12pt;font-family:Arial">I
need to report existing data in Midpoint, but I'm not sure where to get
this information.</span><span style="font-size:12pt"> <br>
</span><img src="cid:179322abf81c204bfcc9" width="541" height="357" alt="image.png" style="border: 0px solid;"><span style="font-size:12pt"><br>
<br>
<br>
</span><span style="font-size:12pt;font-family:Arial"><b><br>
My Security Policy Config:</b></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
I made the settings in the IdP, generated the metadata, encoded it in base
64 and put it in the Midpoint settings.</span><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
<authentication></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
<modules></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<loginForm id="15"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<name>internalLoginForm</name></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<description>Internal
username/password authentication, default user password, login form</description></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</loginForm></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<saml2 id="16"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<name>oktaidp</name></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<description>My
SAML-based SSO system.</description></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<network></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
�� <readTimeout>10000</readTimeout></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<connectTimeout>5000</connectTimeout></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</network></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<serviceProvider></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<entityId>sp_midpoint</entityId></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<signRequests>true</signRequests></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<wantAssertionsSigned>true</wantAssertionsSigned></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<singleLogoutEnabled>true</singleLogoutEnabled></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId><br>
<keys/></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<provider
id="17"></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
<entityId></span><a href="http://www.okta.com/xxxxxxxxxxxx4x6" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://www.okta.com/xxxxxxxxxxxx4x6</u></span></a><span style="font-size:12pt;font-family:Arial"></entityId></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<alias>SSO-Okta</alias></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<metadata></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
<xml>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48bWQ6RW50aXR5RGVzY3JpcHRvciBlbnRpdHlJRD0iaHR0cDovL3d3dy5va3RhLmNvbS9leGtvNGQ3MjFLNXZBU0</xml></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</metadata></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
<skipSslValidation>true</skipSslValidation></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<linkText>Okta</linkText></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><br>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</provider></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</serviceProvider></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</saml2></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</modules></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<sequence id="8"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<name>admin-gui-default</name></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<description></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Default GUI authentication
sequence.</span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
We want to try
company SSO, federation and internal. In that order.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Just one of then
need to be successful to let user in.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</description></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<channel></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style="font-size:12pt;font-family:Arial"></channelId></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<default>true</default></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<urlSuffix>default</urlSuffix></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</channel></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<module id="12"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<name>oktaidp</name></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<order>30</order></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<necessity>sufficient</necessity></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</module></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<module id="13"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<name>internalLoginForm</name></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<order>20</order></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<necessity>sufficient</necessity></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</module></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</sequence></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<sequence id="9"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<name>admin-gui-emergency</name></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<description></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
Special GUI authentication
sequence that is using just the internal user password.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
It is used only
in emergency. It allows to skip SAML authentication cycles, e.g. in case</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
that the SAML authentication
is redirecting the browser incorrectly.</span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</description></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<channel></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<channelId></span><a href="http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#user</u></span></a><span style="font-size:12pt;font-family:Arial"></channelId></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<default>false</default></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<urlSuffix>emergency</urlSuffix></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</channel></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004"
relation="org:default" type="c:RoleType"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<!-- Superuser
--></span><span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:Arial"><br>
</requireAssignmentTarget></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<module id="14"></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<name>internalLoginForm</name></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<order>30</order></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<necessity>sufficient</necessity></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</module></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</sequence></span><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
</authentication></span><span style="font-size:12pt">
<br>
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
If anyone has any suggestions for solving the problem I would appreciate
it.</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Regards</span><span style="font-size:12pt"> <br>
</span><span style="font-size:12pt;font-family:Arial"><br>
Gus</span><span style="font-size:12pt"> <br>
<br>
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt">
</span><span style="font-size:12pt;font-family:Arial"><br>
<br>
<br>
-- </span>
<table width="450" style="border-collapse:collapse">
<tbody><tr height="8">
<td width="171" rowspan="6" bgcolor="white" valign="top" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="28" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="243" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px"><span style="font-size:11pt;font-family:Arial">Alexandre
R Zia</span><span style="font-size:12pt"> </span>
</td></tr><tr height="8">
<td width="28" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="243" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px"><span style="font-size:12pt;font-family:Arial"><b>Security</b></span><span style="font-size:12pt">
</span>
</td></tr><tr height="8">
<td width="28" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="243" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td></tr><tr height="8">
<td width="28" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="243" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td></tr><tr height="8">
<td width="28" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="243" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px"><a href="https://www.ifood.com.br/" target="_blank"><span style="font-size:12pt;color:rgb(128,128,128);font-family:Arial"><u>www.ifood.com.br</u></span></a><span style="font-size:12pt">
</span>
</td></tr><tr height="8">
<td width="274" colspan="2" bgcolor="white" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
<table width="190" style="border-collapse:collapse">
<tbody><tr height="8">
<td width="15" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px"><span style="font-size:12pt;font-family:Arial"> </span><span style="font-size:12pt">
</span>
</td><td width="41" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="41" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="41" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px">
</td><td width="41" style="border-style:none;border-color:rgb(0,0,0);border-width:0px;padding:1px"></td></tr></tbody></table>
<p style="margin-top:0px;margin-bottom:0px"></p></td></tr></tbody></table>
<br><span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt">
<br>
</span><span style="font-size:12pt;font-family:Arial"><br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><span style="font-size:12pt"><br>
</span><span style="font-size:12pt;font-family:Arial"><br>
<br>
_______________________________________________<br>
midPoint mailing list</span><span style="font-size:12pt;color:blue;font-family:Arial"><u><br>
</u></span><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>midPoint@lists.evolveum.com</u></span></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><span style="font-size:12pt;color:blue;font-family:Arial"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></a><tt><span style="font-size:10pt">_______________________________________________<br>
midPoint mailing list</span></tt><tt><span style="font-size:10pt;color:blue"><u><br>
</u></span></tt><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><tt><span style="font-size:10pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><span style="font-size:12pt;color:blue"><u><br>
</u></span><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><tt><span style="font-size:10pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><span style="font-size:12pt"><br>
</span><span style="font-size:10pt;font-family:sans-serif"><br>
[attachment "evolveum logo.png" deleted by Tomas Husar/Ibacz/cz]
[attachment "Facebook.png" deleted by Tomas Husar/Ibacz/cz] [attachment
"LinkedIn.png" deleted by Tomas Husar/Ibacz/cz] [attachment "Twitter.png"
deleted by Tomas Husar/Ibacz/cz] </span><span style="font-size:12pt"><br>
</span>
<br><tt><span style="font-size:12pt">_______________________________________________<br>
midPoint mailing list<br>
</span></tt><a href="mailto:midPoint@lists.evolveum.com" target="_blank"><tt><span style="font-size:12pt;color:blue"><u>midPoint@lists.evolveum.com</u></span></tt></a><tt><span style="font-size:12pt"><br>
</span></tt><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><tt><span style="font-size:12pt;color:blue"><u>https://lists.evolveum.com/mailman/listinfo/midpoint</u></span></tt></a><tt><span style="font-size:12pt"><br>
</span></tt><tt><span style="font-size:10pt">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
</span></tt><a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank"><tt><span style="font-size:10pt">https://lists.evolveum.com/mailman/listinfo/midpoint</span></tt></a><tt><span style="font-size:10pt"><br>
</span></tt>
<br>
<br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>